Our work “CACROS: A Context-Aware Cloud Content Roaming Service” got accepted for publication in the IEEE International Conference on Smart Cloud (SmartCloud 2016), New York, USA, Nov 2016.
Congratulations Md. Mahmud Hossain, Shahid Al Noor, Dibya Mukhopadhyay, Ragib Hasan, and Lei Li.
Title: Verifiable Data Redundancy in the Cloud
Authors: Mohammad Kamrul Islam and Ragib Hasan
Abstract: Data redundancy is critical for the assurance of service continuity in fault tolerant systems. Researchers have proposed several efficient data replication strategies to secure users’ sensitive information from a single point of failure. Although the cloud service providers (CSP) assure users regarding data safety by following some of those replication strategies, the opaque operational model of the cloud does not allow the users to verify the replications. This, in turn, introduces lack of trust in clouds. The challenge of verifiable data redundancy is two-fold: to verify that the server indeed possesses multiple copies, and to verify that those copies are not located in the same physical system. Current research mainly focuses on verification by access time of multiple requests which is highly system dependent. Hence, we propose a novel storage-as-a-service protocol that provides verifiable data redundancy in the semi or untrusted server. Our proposed model is completely oblivious of the physical system and the allocation protocol of the cloud. It does not include the server in the verification process which eliminates the risk of manipulation by a dishonest service provider. Our model uses distinct copies to store in the server as replicas, and provides deterministic verification of having data redundancies in the server. For generating unique copies of data, we use different random numbers in ElGamal encryption system. After proposing the storage, access, and verification processes, we implemented a prototype system to analyze the performance of our proposed model. Our experimental results show that our system can successfully verify the redundancy of the data in the remote server and detect any service level agreement anomalies.
Title: SASCloud: Ad hoc Cloud as Secure Storage
Authors: Shahid Al Noor, Md. Mahmud Hossain and Ragib Hasan
Abstract: With the emergence of high-speed 4G networks along with reachable Wifi system, cloud computing frameworks can greatly leverage in mobile domain. However, receiving a temporary storage service in a communication challenged area is challenging due to the unavailability of any secure third party cloud system. Although the existing ad hoc cloud architectures facilitate distributed computation and sensing operations, such systems fail to deliver secure ad hoc storage as a service when client requests for secure storage as a service. The absence of a proper centralized monitoring system in the existing ad hoc cloud is a major obstacle for convincing a client to trust the neighboring mobile nodes for content offloading. In case a client and an outsourced node gets disconnected, retrieving the offloaded contents along with ensuring their confidentiality and integrity becomes non-trivial. Additionally, providing a feasible and justified monetary incentive is a complex process for such ad hoc mobile frameworks. In this paper, we propose SASCloud, a centrally controlled ad hoc cloud system that provides a secure and reliable storage service for mobile clients. Our proposed system uses the contextual information of mobile users along with partial environmental knowledge and forms a temporal cloud using the resources of neighboring mobile devices. Along with the detailed reasoning of possible threats in our model, we provide a secure framework for content distribution and retrieval. We provide extensive analysis of our model using simulated experimental modules.
Congratulations to Dr. Rasib Khan, from SECRETLab, for successfully defending his thesis, titled “Towards Trustworthy Authentication in Service Oriented Computing”, supervised by Dr. Ragib Hasan.
Dr. Ragib Hasan, Chair (UAB CIS)
Dr. Purushotham Bangalore (UAB CIS)
Dr. Alan Sprague (UAB CIS)
Dr. Anthony Skjellum (Auburn)
Dr. John Sloan (UAB Justice Sciences)
Today’s Internet and network-based applications are highly driven by the service-oriented architecture model. Given the variety of online services, we hypothesized that there is a significant non-uniformity in the behavior of users pertaining to security-oriented practices on the Internet. We performed statistical analysis on open source user-survey datasets to establish the validity of the statement. We performed further study with respect to the security-oriented behavioral practices in developing countries. We were able to determine certain traits and insecure practices that general Internet users from both developed and developing countries adopt, and addressed the corresponding issues to devise secure authentication technologies for online services.
The rapid growth in the number and type of online services has resulted in adopting diverse models for authentication. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management.
We adopted notions of real-life authentication with similar causal effects in service computing architectures. We introduced the concept of interaction provenance in service oriented computing as the only and unified authentication factor. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We presented a W3C PROV standard compliant model for interaction provenance, including secure provenance preservation techniques for service oriented computing architectures. We also applied the concept of interaction provenance to create secure frameworks for provenance-aware services. Next, we explored the causal relationship with the quality of past events to create a flexible and novel authentication and threshold based access control engine using fuzzy policies. We showed how linguistic terminologies, fuzzy ranges, and visualization of policies in fuzzy engines can be used to create simplistic yet innovative policies with additional benefits in the usability and maintenance of such systems.
Three papers from SECRETLab accepted in the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD). Congratulations to Shahid Noor, Md. Mahmud Hossain, Rasib Khan, Shams Zawoad, and Ragib Hasan.
1. Shahid Al Noor, Rasib Khan, Md. Mahmud Hossain,and Ragib Hasan, “Litigo: A Cost-Driven Model for Opaque Cloud Services“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016. (Acceptance Rate 15%).
2. Md. Mahmud Hossain, Rasib Khan, Shahid Al Noor, and Ragib Hasan, “Jugo: A Generic Architecture for Composite Cloud as a Service“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.
3. Shams Zawoad and Ragib Hasan, “SECAP: Towards Securing Application Provenance in the Cloud“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.
Congratulations to Dr. Shams Zawoad, from SECRETLab, for successfully defending his thesis, titled “Trustworthy and Efficient Forensics in the Cloud”, supervised by Dr. Ragib Hasan.
Dr. Ragib Hasan (UAB CIS), Chair
Dr. Alan Sprague (UAB CIS)
Dr. Purushotham Bangalore (UAB CIS)
Dr. Marjan Mernik (UM FERI)
Dr. Anthony Skjellum (AU CSSE)
The rise of cloud computing has changed the way of using computing services and resources. However, the black-box nature of clouds and the multi-tenant cloud models have brought new security risks, especially in terms of digital forensics. Current cloud computing architectures often lack support for digital forensic investigations since many of the assumptions that are valid for traditional computing environment are invalid in clouds.Current digital forensics tools and procedures rely on the physical access to the evidence. In clouds, computing and storage resources are no longer local and these resources are also shared between multiple cloud users. Hence, even with a subpoena, forensics investigators cannot confiscate a suspect’s computer and get access to the digital evidence that reside in the cloud. Data in the virtual machines (VM) are not also accessible after terminating the VMs. Hence, investigators need to depend on the Cloud Service Providers (CSP) to acquire various important evidence, such as activity logs of VMs, files stored in clouds, VM images, etc. Unfortunately, current cloud architectures do not guarantee that a CSP is providing valid evidence to investigators. A CSP in its entirety or a malicious employee of the CSP can collude with an adversary or a dishonest investigator to tamper with the evidence. Moreover, forensics investigators can also alter the evidence before presenting to a court. Hence, for a reliable digital forensics investigation in clouds, we need to ensure the integrity of the evidence and the privacy of users in the multi-tenant cloud environment.
In this dissertation, we explore techniques for ensuring the trustworthiness of various types of evidence in a strong adversarial scenario. We show that, without incurring high performance overheads, we can preserve and provide required evidence for digital forensics investigations involving clouds, while protecting the privacy and integrity of the evidence. We propose an Open Cloud Forensics model (OCF) and adapt this model to design forensics-enabled architectures for Infrastructure-as-a-Service (IaaS) and Storage-as-a- Service (STaaS) clouds. For IaaS clouds, we first focus on the trustworthiness of activity logs of cloud users. We design a logging scheme to securely retrieve, store, and expose these activity logs to forensics investigators. To ensure the trustworthiness of the time associated with the logs, we propose a tamper-evident scheme to prove the correctness of the system time of cloud hosts and VMs. To parse and store heterogeneous formats of logs securely in a convenient way, we develop the Forensics Aware Language (FAL) – a domain specific language. Next, we focus on the data possession information for STaaS clouds. In this regard, we first design a proof of past data possession scheme to prove the data possession of a particular user at a given past time. We then develop a secure litigation hold management scheme to provide the assurance of maintaining litigation holds on data stored in the cloud. Next, we investigate secure provenance for clouds and develop an efficient, secure data provenance scheme. We integrate all the proposed schemes with an open source cloud platform – OpenStack, and show the efficiency of the schemes. Finally, we investigate the big data forensics domain and design a cloud-based system to expedite the process of digital forensics investigations involving big data.
Four papers from SECRETLab accepted in the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), 2016. Congratulations to Shams Zawoad, Rasib Khan, Ragib Hasan, Shahid Noor, Munirul Haque, and Darrell Burke.
1. Shams Zawoad and Ragib Hasan “Chronos: Towards Securing System Time in the Cloud for Reliable Forensics Investigation“, the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Acceptance rate 18%).
Abstract: In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation.
We integrate Chronos with a popular open-source cloud platform – OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that, Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.
2. Ragib Hasan, Shams Zawoad, Shahid Noor, Md Munirul Haque, and Darrell Burke “How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)
Abstract: In recent years, wireless communication has become popular in healthcare infrastructures. The availability of wireless interfaces with the new generation medical devices has spawned numerous opportunities in providing better healthcare support to patients. However, the weaknesses of available wireless communication channels also introduce various novel attacks on the medical devices. Since the smart mobile devices, such as smartphones, tablets, laptops are also equipped with the same communication channels (WiFi/Bluetooth), attacks on medical devices can be initiated from a compromised or malware infected mobile device. Since the compromised mobile devices are already inside the security perimeter of a healthcare network, it is very challenging to block attacks from such compromised mobile devices. In this paper, we systematically analyze the novel threats on healthcare devices and networks, which can be initiated from compromised mobile devices. We provide a detail audit guideline to evaluate the security strength of a healthcare network. Based on our proposed guideline, we evaluate the current security state of a large university healthcare facility. We also propose several mitigation strategies to mitigate some of the possible attacks.
3. Rasib Khan and Ragib Hasan, “The Story of Naive Alice: Behavioral Analysis of Susceptible Users on the Internet“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)
Abstract: The Internet has become an integral part of our everyday life. Unfortunately, not all of us are equally aware of the threats which come along when we use online services. Online criminals target users and steal their personal information for illicit benefits. The most susceptible to these online predators are naive users, who are generally less aware of security and privacy practices on the Internet. In this paper, we present a behavioral analysis of Internet users and their susceptibility to online malpractices. We have considered the dataset from the Global Internet User Survey for 10789 respondents to perform a security-oriented statistical analysis of correlated user behavior. The results were used to construct logistic regression models to analyze statistical predictability of susceptible and not-so-susceptible identity theft victims based on their behavior and knowledge of particular security and privacy practices. We posit that such a study can be used to assess the vulnerability of Internet users and can hence be used to leverage institutional and personal safety on the Internet by promoting online security education, threat awareness, and guided Internet-safe behavior.
4. Rasib Khan and Ragib Hasan, “A Cloud You can Wear: Towards a Mobile and Wearable Personal Cloud“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)
Abstract: As we enter the age of mobile and wearable computing, we are using various wearable computing devices, such as, mobile phones, smart glasses, smart watches, and personal health monitors. To provide the expected user experience and the ability to run complex applications, all of these devices require powerful processors, long-lasting batteries, and uses provider-specific public clouds for the services. This makes design of such wearable devices complex, expensive, and with major personal data privacy concerns. In this paper, we show how we can simplify the design of personal wearable devices by introducing a wearable cloud — a complete yet compact and lightweight cloud which can be embedded into the clothing of a user. The wearable cloud makes the design of wearable devices simple and inexpensive, as these devices can now essentially be lightweight terminals tapping into the computing and storage power of the wearable cloud with proximal and private placement of the user’s personal data. We introduce five service delivery models using the proposed wearable cloud approach. We provide details of a prototype implementation of the wearable cloud embedded into a `Cloud Jacket’ along with a cheap touchscreen terminal device. The paper also presents experimental results on the usability of such a cloud in terms of reduced energy consumption and improved application performance.
Our work “Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service” got accepted for publication in the IEEE Transactions on Dependable and Secure Computing (TDSC), SI-Cyber Crime, 2015. (Impact factor 1.351).
Congratulations Shams Zawoad, Amit Dutta, and Ragib Hasan.
Abstract: Collection and analysis of various logs (e.g., process logs, network logs) are fundamental activities in computer forensics. Ensuring the security of the activity logs is therefore crucial to ensure reliable forensics investigations. However, because of the black-box nature of clouds and the volatility and co-mingling of cloud data, providing the cloud logs to investigators while preserving users’ privacy and the integrity of logs is challenging. The current secure logging schemes, which consider the logger as trusted cannot be applied in clouds since there is a chance that cloud providers (logger) collude with malicious users or investigators to alter the logs.
In this paper, we analyze the threats on cloud users’ activity logs considering the collusion between cloud users, providers, and investigators. Based on the threat model, we propose Secure-Logging-as-a-Service (SecLaaS), which preserves various logs generated for the activity of virtual machines running in clouds and ensures the confidentiality and integrity of such logs. Investigators or the court authority can only access these logs by the RESTful APIs provided by SecLaaS, which ensures confidentiality of logs. The integrity of the logs is ensured by hash-chain scheme and proofs of past logs published periodically by the cloud providers. In prior research, we used two accumulator schemes Bloom filter and RSA accumulator to build the proofs of past logs. In this paper, we propose a new accumulator scheme – Bloom-Tree, which performs better than the other two accumulators in terms of time and space requirement.
Congratulations to Shahid Noor and Ragib Hasan for having their work accepted in the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, Canada, November 2015. (Acceptance rate 48/189=25.4%)
Congratulations to Shams Zawoad and Ragib Hasan for having their work on big data forensics accepted in the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity 2015), New York, USA.
Abstract::The age of big data opens new opportunities in various fields. While the availability of a big dataset can be helpful in some scenarios, it introduces new challenges in digital forensics investigations. The existing tools and infrastructures cannot meet the expected response time, when we investigate on a big dataset. Forensics investigators will face challenges while identifying necessary pieces of evidence from a big dataset, and collecting and analyzing those evidence. In this article, we propose the first working definition of big data forensics and systematically analyze the big data forensics domain to explore the challenges and issues in this forensics paradigm. We propose a conceptual model for supporting big data forensics investigation and present several use cases, where big data forensics can provide new insights to determine facts about criminal incidents.