Papers by Miss Laiha Mat Kiah
IEEE Access
Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge... more Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge construction is based on an iterated permutation or transformation that can be used to implement hashing, and AE schemes, among others. Sponge-based AE schemes offer desirable characteristics like parallelizability and incrementality. In addition, they provide security features such as protection against Chosen Plaintext Attacks, Chosen-Ciphertext Attacks, and Side-Channel Attacks (SCAs). Traditionally AE schemes assume the tag length, also called the stretch, as a fixed parameter per key, and the security is proved according to that assumption. However, the variable tag length per key could happen due to misconfiguration or misuse. In that case, the security would be violated, so it is vital to accommodate variable tag length without sacrificing other desirable features. Reyhanitabar et al. proposed Key Equivalent Separation by Stretch feature and concretized it for protection against tag length misuse attacks in block cipher-based AE schemes. However, the problem remains unresolved for sponge-based constructions, where current spongebased schemes are vulnerable to tag length variation under the same key attacks. This work aims to bridge this gap by proposing a parallel, sponge-based AE scheme with a variable tag length per key that protects against SCAs and suggesting a lower bound for the recommended tag length. Finally, the security of the proposed scheme is discussed, and its performance is analyzed after implementing the proposed AE scheme in the C programming language.
A Review of Smart Contract Blockchain Based on Multi-Criteria Analysis: Challenges and Motivations
Computers, Materials & Continua
arXiv (Cornell University), Jan 12, 2023
A smart contract is a digital program of transaction protocol (rules of contract) based on the co... more A smart contract is a digital program of transaction protocol (rules of contract) based on the consensus architecture of blockchain. Smart contracts with Blockchain are modern technologies that have gained enormous attention in scientific and practical applications. A smart contract is the central aspect of a blockchain that facilitates blockchain as a platform outside the cryptocurrency spectrum. The development of blockchain technology, with a focus on smart contracts, has advanced significantly in recent years. However, research on the smart contract idea has weaknesses in the implementation sectors based on a decentralized network that shares an identical state. This paper extensively reviews smart contracts based on multi-criteria analysis, challenges, and motivations. Therefore, implementing blockchain in multi-criteria research is required to increase the efficiency of interaction between users via supporting information exchange with high trust. Implementing blockchain in the multi-criteria analysis is necessary to increase the efficiency of interaction between users via supporting information exchange and with high confidence, detecting malfunctioning, helping users with performance issues, reaching a consensus, deploying distributed solutions and allocating plans, tasks and joint missions. The smart contract with decision-making performance, planning and execution improves the implementation based on efficiency, sustainability and management. Furthermore, the uncertainty and supply chain performance lead to improved users' confidence in offering new solutions in exchange for problems in smart contacts. Evaluation includes code analysis and performance, while development performance can be under development.
Systematic Literature Review of Security Control Assessment Challenges
2022 IEEE 12th International Conference on Control System, Computing and Engineering (ICCSCE)
The expeditious growth of the wearable and implantable body sensors and wireless communication te... more The expeditious growth of the wearable and implantable body sensors and wireless communication technologies have provided both inspiration and motivation for increasingly development of m-healthcare information systems as a promising next generation e-health system. In m-healthcare systems, the authorized mobile patients with the same disease symptoms can constitute a social group to share their health condition and medical experience. The privacy of social communication transferred over open wireless channels is an essential system requirement. Furthermore, the m-healthcare system on contrary to the traditional e-Health system allows mobile patients to move across distinguished location domains during different time periods. The mobility of patients considerably increases the cost of key management in terms of communication overhead if it is addressed with a naïve solution such as treating as a leave in the old location and a new join in the visited location. This paper proposes a ...
Information System Audit for Mobile Device Security Assessment
2021 3rd International Cyber Resilience Conference (CRC)
The competency to use mobile devices for work-related tasks gives advantages to the company produ... more The competency to use mobile devices for work-related tasks gives advantages to the company productiveness and expedites business processes. Thus Bring Your Own Device (BYOD) setting emerge to enable work flexibility and technological compatibility. For management, employees’ productivity is important, but they could not jeopardise the security of information and data stored in the corporate network. Securing data and network becomes more complex tasks as it deals with foreign devices, i.e., devices that do not belong to the organisation. With much research focused on pre-implementation and the technical aspects of mobile device usage, post-implementation advancement is receiving less attention. IS audit as one of the post-implementation mechanisms provides performance evaluation of existing IS assets, business operations and process implementation, thus helping management formulating the best strategies in optimising IS practices. This paper discusses the feasibility of IS audit in assessing mobile device security by exploring the risks and vulnerabilities of mobile devices for organisational IS security as well as the perception of Information system management in mobile device security. By analysing related literature, authors pointed out how the references used in the current IS audit research address the mobile device security. This work serves a significant foundation in the future development in mobile device audit.
IEEE Access
Since its birth in 2000, authenticated encryption (AE) has been a hot research topic, and many ne... more Since its birth in 2000, authenticated encryption (AE) has been a hot research topic, and many new features have been proposed to boost its security or performance. The Block cipher was the dominant primitive in constructing AE schemes, followed by stream ciphers and compression functions until the sponge construction emerged in 2011. Sponge-based AE schemes provide functional characteristics such as parallelizability, incrementality, and being online. They also offer security features for protection against active or passive adversaries. Currently, there exist parallel sponge-based AE schemes, but they are not protected against simple power analysis (SPA) and differential power analysis (DPA). On the other hand, sponge-based AE schemes that protect against such attacks are serial and cannot be parallelized. Furthermore, sponge-based AE schemes handle the nonces in a way that could allow misuse. So, spongebased AE schemes that hide the nonce from adversaries are also an open problem. This work aims to bridge these gaps by proposing a parallel sponge-based AE with side-channel protection and adversary-invisible nonces (PSASPIN), using parallel fresh rekeying and the duplex mode of the sponge construction. A leveled implementation is used to implement the key generation part using a pseudorandom function (PRF) based on the Galois field multiplication. The data processing (the rekeyed) part is implemented using the spongebased duplex mode. Finally, the security proof of the proposed scheme is provided using game-based theory according to the PRP/PRF switching lemma, and its performance is analyzed.
International Journal of Physical Sciences, Jul 1, 2010
This paper discusses a secure novel approach of high rate data hidden using mosaic image and bitm... more This paper discusses a secure novel approach of high rate data hidden using mosaic image and bitmap (bmp) cryptosystem. The mosaic image used in this approach together with the neural cryptosystem that have been implemented for the first time and has been successful, this new method of hiding data is based on LSB in mosaic images. A mosaic is an image that is comprised of hundreds or thousands of other images to create one common image. The proposed approach is named "StegoMos". Once the mosaic cover is chosen, then data is secured by the crypto-system which is used to encrypt the data before hiding. The crypto-system is based on BAM neural network. The importance of neural networks in this work is that they offer a very powerful and a very general framework for representing non-linear mapping from several input variables to several output variables. Merging high rate data hiding in mosaic images as well as making the data secure arises from the requirements of the problem of increasing the amount of data hidden and at the same time maintains the quality of image. The second requirement is the security of data. Experimental results show the effectiveness of using the mosaic image cover over the normal image.
Mobile Information Systems, 2022
Motivation. Standardization in smart city applications is restricted by the competitive pressures... more Motivation. Standardization in smart city applications is restricted by the competitive pressures of proprietary innovation and technological compartmentalization. Interoperability across networks, databases, and APIs is essential to achieving the smart objectives of technology-supported urban environments. Methodology. The issues that smart cities face, as well as the usage of blockchain in Internet of Things (IoT) applications, are discussed in this research paper. Problem Statement. The study shows the obstacles to the establishment of an IoT-driven smart city agenda, including system security, dispersed node interoperability, data resource management, and scalability of a diverse IoT network. Results. To resolve these challenges, this research proposes a working infinite loop model for establishing a standardized, intermediary cloud-based blockchain for IoT networking within smart cities. The blockchain intermediary function will resolve critical gaps in the existing, distribute...
Scientific Research and Essays, Jul 1, 2010
Mosaic image approaches have been successfully proposed to solve different problems in the image ... more Mosaic image approaches have been successfully proposed to solve different problems in the image processing such as image segmentation. As it becomes a well known art, there are thousands of mosaic images available in the internet galleries. In addition, there is quite a big number of free mosaic creation software available in the markets. In this paper we will study the features of the mosaic images which can help to implement undetectable data hidden approach (that is steganography approach). Through the research, we found that mosaic image texture is capable to hide up to five LSB layers. Furthermore, there are several papers stated clearly "secure steganography application should be engaged with cryptography". Thus, AES/Rijndael algorithm has been proposed together with the five LSB steganography to ensure the highest rate of data hidden side by side with high level of security. The evaluation of steganography approaches required either objective test (that is passing the SNR, PSNR, MSE or RMSE exam) or subjective test (that is using survey). Many researches conducted to approve the failure of the objective exam. Therefore, we evaluated our approach using the subjective test. Our survey shown the approximate of 99% is the success rate for the mosaic cover, comparing with approximately 50% the success of normal images.
Scientific Research and Essays, Jul 1, 2010
Short message service (SMS) is a very popular and easy to use communications technology for mobil... more Short message service (SMS) is a very popular and easy to use communications technology for mobile phone devices. Originally, this service was not designed to transmit secured data, so the security was not an important issue during its design. Yet today, it is sometimes used to exchange sensitive information between communicating parties. This paper proposes an alternative solution that provides a peer-to-peer SMS security that guarantees provision of confidentiality, authentication, integrity and non-repudiation security services. A hybrid cryptographic scheme has been used which combines the NTRU and AES-Rijndael algorithms to achieve more robust functionality. For implementation, a mobile information device application (MIDlet) has been developed in J2ME to introduce a required security services for SMS. The developed application is tested on real equipment such as a Nokia N70. It is able to achieve all the required cryptographic operations completely on the users' mobile phone in less than one second for each operation, and thus the mobile phone performance still remains effective.
Machine learning-based offline signature verification systems: A systematic review
Signal Processing: Image Communication, 2021
IEEE Access, 2021
By and large, authentication systems employed for web-based applications primarily utilize conven... more By and large, authentication systems employed for web-based applications primarily utilize conventional username and password-based schemes, which can be compromised easily. Currently, there is an evolution of various complex user authentication schemes based on the sophisticated encryption methodology. However, many of these schemes suffer from either low impact full consequences or offer security at higher resource dependence. Furthermore, most of these schemes don't consider dynamic threat and attack strategies when the clients are exposed to unidentified attack environments. Hence, this paper proposes a secure user authentication mechanism for web applications with a frictionless experience. An automated authentication scheme is designed based on user behavior login events. The uniqueness of user identity is validated in the proposed system at the login interface, followed by implying an appropriate user authentication process. The authentication process is executed under four different login mechanisms, which depend on the profiler and the authenticator function. The profiler uses user behavioral data, including login session time, device location, browser, and details of accessed web services. The system processes these data and generates a user profile via a profiler using the authenticator function. The authenticator provides a login mechanism to the user to perform the authentication process. After successful login attempts, the proposed system updates database for future evaluation in the authentication process. The study outcome shows that the proposed system excels to other authentication schemes for an existing web-based application. The proposed method, when comparatively examined, is found to offer approximately a 10% reduction in delay, 7% faster response time, and 11% minimized memory usage compared with existing authentication schemes for premium web-based applications.
IEEE Access, 2020
Financial Technology (FinTech) has attracted a wide range of attention and is rapidly proliferati... more Financial Technology (FinTech) has attracted a wide range of attention and is rapidly proliferating. As a result of its consistent growth new terms have been introduced in this domain. The term 'FinTech' is one such terminology. This term is used for describing various operations that are being frequently employed in the financial technology sector. These operations are usually practiced in enterprises or organizations and provide requested services by using Information Technology based applications. The term does take into account various other sensitive issues, like, security, privacy, threats, cyber-attacks, etc. This is important to note that the development of FinTech is indebted to the mutual integration of different state of the art technologies, for example, technologies related to a mobile embedded system, mobile networks, mobile cloud computing, big data, data analytics techniques, and cloud computing etc. However, this technology is facing several security and privacy issues that are much needed to be addressed in order to improve the acceptability of this new technology among its users. In an effort to secure FinTech, this article provides a comprehensive survey of FinTech by reviewing the most recent as well as anticipated financial industry privacy and security issues. It provides a comprehensive analysis of current security issues, detection mechanisms and security solutions proposed for FinTech. Finally, it discusses future challenges to ensure the security and privacy of financial technology applications.
A dynamic threshold calculation for congestion notification in IEEE 802.1Qbb
IEEE Communications Letters, 2020
Ethernet has been a backbone of data centers since inception of cloud computing. The reason is it... more Ethernet has been a backbone of data centers since inception of cloud computing. The reason is its simplicity, cost effectiveness, wide existing base, and maturity. However, Ethernet is unreliable when it comes to providing guaranteed transmission. Consequently, IEEE 802.1Qbb standard has been introduced to provide reliability based on congestion notification (CN) mechanism of IEEE 802.3x. However, IEEE 802.1Qbb has some issues and limitations, such as higher buffer space reservation, lack of support for heterogeneous switching devices, and low throughput and efficiency of the network. This letter proposes a novel approach for modified CN mechanism that provides 44 percent less space reservation for CN mechanism, support for heterogeneity, higher throughput, and efficiency.
Telecommunication Systems, 2019
The new and disruptive technologies for ensuring smartphone security are very limited and largely... more The new and disruptive technologies for ensuring smartphone security are very limited and largely scattered. The available options and gaps in this research area must be analysed to provide valuable insights about the present technological environment. This work illustrates the research landscape by mapping the existing literature to a comprehensive taxonomy with four categories. The first category includes review and survey articles related to smartphone security. The second category includes papers on smartphone security solutions. The third category includes smartphone malware studies that examine the security aspects of smartphones and the threats posed by malware. The fourth category includes ranking, clustering and classification studies that classify malware based on their families or security risk levels. Several smartphone security apps have also been analysed and compared based on their mechanisms to identify their contents and distinguishing features by using several evaluation metrics and parameters. Two malware detection techniques, namely, machine-learning-based and non-machine-learning-based malware detection, are drawn from the review. The basic characteristics of this emerging field of research are discussed in the following aspects: (1) motivation behind the development of security measures for different smartphone operating system (Oss), (2) open challenges that compromise the usability and personal information of users and (3) recommendations for enhancing smartphone security. This work also reviews the functionalities and services of several anti-malware companies to fully reveal their security mechanisms, features and strategies. This work also highlights the open challenges and issues related to the evaluation and benchmarking of malware detection techniques to identify the best malware detection apps for smartphones.
Symmetry, 2019
The Internet of Things has gained substantial attention over the last few years, because of conne... more The Internet of Things has gained substantial attention over the last few years, because of connecting daily things in a wide range of application and domains. A large number of sensors require bandwidth and network resources to give-and-take queries among a heterogeneous IoT network. Network flooding is a key questioning strategy for successful exchange of queries. However, the risk of the original flooding is prone to unwanted and redundant network queries which may lead to heavy network traffic. Redundant, unwanted, and flooded queries are major causes of inefficient utilization of resources. IoT devices consume more energy and high computational time. More queries leads to consumption of more bandwidth, cost, and miserable QoS. Current existing approaches focused primarily on how to speed up the basic routing for IoT devices. However, solutions for flooding are not being addressed. In this paper, we propose a cluster-based flooding (CBF) as an interoperable solution for network ...
Computers & Security, 2018
, where he has obtained the Master of Communications and Computer Engineering degree in 2010. His... more , where he has obtained the Master of Communications and Computer Engineering degree in 2010. His current research interests are the smartphone-in particular, Android-security, sensors threats, and sensor programming. Previously he had some research in network security, and before many years, he used to be a database developer.
International Journal on Advanced Science, Engineering and Information Technology, 2018
The Internet today lacks an identity protocol for identifying people and organizations. As a resu... more The Internet today lacks an identity protocol for identifying people and organizations. As a result, service providers needed to build and maintain their own databases of user information. This solution is costly to the service providers, inefficient as much of the information is duplicated across different providers, difficult to secure as evidenced by recent large-scale personal data breaches around the world, and cumbersome to the users who need to remember different sets of credentials for different services. Furthermore, personal information could be collected for data mining, profiling and exploitation without users' knowledge or consent. The ideal solution would be self-sovereign identity, a new form of identity management that is owned and controlled entirely by each individual user. This solution would include the individual's consolidated digital identity as well as their set of verified attributes that have been cryptographically signed by various trusted issuers. The individual provides proof of identity and membership by sharing relevant parts of their identity with the service providers. Consent for access may also be revoked hence giving the individual full control over its own data. This survey critically investigates different blockchain based identity management and authentication frameworks. A summary of the state-of-the-art blockchain based identity management and authentication solutions from year 2014 to 2018 is presented. The paper concludes with the open issues, main challenges and directions highlighted for future work in this area. In a nutshell, the discovery of this new mechanism disrupted the existing identity management and authentication solutions and by providing a more promising secure platform.
Journal of Biomedical Informatics, 2017
Nationwide health information exchange (NHIE) continues to be a persistent concern for government... more Nationwide health information exchange (NHIE) continues to be a persistent concern for government agencies, despite the many efforts and the conceived benefits of sharing patient data among healthcare providers. Difficulties in ensuring global connectivity, interoperability, and concerns on security have always hampered the government from successfully deploying NHIE. By looking at NHIE from a fresh perspective and bearing in mind the pervasiveness and power of modern mobile platforms, this paper proposes a new approach to NHIE that builds on the notion of consumer-mediated HIE, albeit without the focus on central health record banks. With the growing acceptance of smartphones as reliable, indispensable, and most personal devices, we suggest to leverage the concept of mobile personal health records (PHRs installed on smartphones) to the next level. We envision mPHRs that take the form of distributed storage units for health information, under the full control and direct possession of patients, who can have ready access to their personal data whenever needed. However, for the actual exchange of data with health information systems managed by healthcare providers, the latter have to be interoperable with patient-carried mPHRs. Computer industry has long ago solved a similar problem of interoperability between peripheral devices and operating systems. We borrow from that solution the idea of providing special interfaces between mPHRs and provider systems. This interface enables the two entities to communicate with no change to either end. The design and operation of the proposed approach is explained. Additional pointers on potential implementations are provided, and issues that pertain to any solution to implement NHIE are discussed. Highlights The introduction of an alternative approach for HIE. The new idea as a framework with overall architecture and individual components. The complete design specifications of the proposed framework. Proof-of-concept prototype to validate the idea and show possible implementation.
Uploads
Papers by Miss Laiha Mat Kiah