Visible to the public International Conferences: IBCAST 2015, Islamabad

SoS Newsletter- Advanced Book Block


SoS Logo

International Conferences:



The Twelfth International Bhurban Conference on Applied Sciences & Technology (IBCAST) was held at the National Centre for Physics, Islamabad Pakistan on January 13-18, 2015. It was organized by the Centres of Excellence in Science & Applied Technologies (CESAT), Islamabad, in collaboration with Beihang University of Aeronautics & Astronautics, Beijing Institute of Technology, Nanjing University of Aeronautics & Astronautics and Northwestern Polytechnical University, Xian, China. Topics included Advanced Materials, Biomedical Sciences, Control & Signal Processing, Cyber Security, Fluid Dynamics, Underwater Technologies and Wireless Communication & Radar. The cybersecurity papers are cited here and were recovered on September 3, 2015.

Saghar, K.; Kendall, D.; Bouridane, A., “RAEED: A Solution for Hello Flood Attack,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 248-253, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058512
Abstract: Hello flood attack has long been a problem in ad-hoc and wireless networks during data routing. Although numerous solutions have been proposed, they all have drawbacks. The main reason is that formal modeling techniques have not been employed to confirm whether the solutions are immune from DoS attacks. We have earlier shown how formal modeling can be utilized efficiently to detect the vulnerabilities of existing routing protocols against DoS attacks. In this paper we propose a new protocol, RAEED (Robust formally Analysed protocol for wirEless sEnsor networks Deployment), which is able to address the problem of Hello flood attacks. Using formal modeling we prove that RAEED avoids these types of attack. Finally computer simulations were carried out to support our findings. RAEED employs an improved bidirectional verification and the key exchange characteristics of the INSENS and the LEAP. RAEED preserves the security and reduces traffic. The improvements in RAEED were the less number of messages exchanged, less percentage of messages lost and reduction in time to complete key setup phase.
Keywords: computer network security; formal verification; mobile computing; routing protocols; telecommunication traffic; wireless sensor networks; DoS attacks; INSENS; LEAP; RAEED protocol; ad-hoc networks; bidirectional verification; computer simulations; data routing; formal modeling techniques; hello flood attack; key exchange characteristics; message exchange; messages lost; robust formally analysed protocol for wireless sensor networks deployment; security; traffic reduction; Amplitude shift keying; Computational modeling; Computer crime; Noise; Routing protocols; Wireless sensor networks; Formal Modeling; Routing Protocol; Security Attacks; Wireless Sensor Networks (WSN) (ID#: 15-6488)


Fatima, T.; Saghar, K.; Ihsan, A., “Evaluation of Model Checkers SPIN and UPPAAL for Testing Wireless Sensor Network Routing Protocols,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 263-267, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058514
Abstract: Formal modeling and verification has been under considerable attraction of researchers these days. Using formal methods one can find bugs and hidden errors in different systems, codes and protocols. As formal models can detect worst case scenarios which are not possible in computer simulations and other testing techniques, they are often employed by researchers to detect flaws in security protocols. A lot of hidden errors have been detected in encryption techniques and secure routing protocols by analyzing them using formal modeling and verification. Although many tools have been developed to perform formal verification; but SPIN and UPPAAL are most frequently used by researchers to demonstrate some previously unreported weaknesses. This paper analyzes these two model checkers in terms of learning time, ease of use and their features of modeling and verification. We later annotate our findings by applying these tools against a wire-less sensor network routing protocol. We claim that our paper can help future researchers to decide which formal modeling tool is best in a particular scenario thus saving a lot of time in decision making.
Keywords: cryptography; decision making; formal verification; routing protocols; telecommunication network reliability; telecommunication security; wireless sensor networks; SPIN; UPPAAL; decision making; encryption techniques; formal methods; formal modeling; formal verification; model checkers; secure routing protocols; security protocols; testing techniques; wireless sensor network routing protocols; Analytical models; Automata; Computational modeling; Model checking; Routing protocols; Wireless sensor networks; Formal Verification; Routing Protocols; Sensor Networks; Software Testing (ID#: 15-6489)


Kashif, U.A.; Memon, Z.A.; Balouch, A.R.; Chandio, J.A., “Distributed Trust Protocol for IaaS Cloud Computing,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 275-279, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058516
Abstract: Due to economic benefits of cloud computing, consumers have rushed to adopt Cloud Computing. Apart from rushing into cloud, security concerns are also raised. These security concerns cause trust issue in adopting cloud computing. Enterprises adopting cloud, will have no more control over data, application and other computing resources that are outsourced from cloud computing provider. In this paper we propose a novel technique that will not leave consumer alone in cloud environment. Firstly we present theoretical analysis of selected state of the art technique and identified issues in IaaS cloud computing. Secondly we propose Distributed Trust Protocol for IaaS Cloud Computing in order to mitigate trust issue between cloud consumer and provider. Our protocol is distributed in nature that lets the consumer to check the integrity of cloud computing platform that is in the premises of provider's environment. We follow the rule of security duty separation between the premises of consumer and provider and let the consumer be the actual owner of the platform. In our protocol, user VM hosted at IaaS Cloud Computing uses Trusted Boot process by following specification of Trusted Computing Group (TCG) and by utilizing Trusted Platform Module (TPM) Chip of the consumer. The protocol is for the Infrastructure as a Service IaaS i.e. lowest service delivery model of cloud computing.
Keywords: cloud computing; formal specification; security of data; trusted computing; virtual machines; IaaS cloud computing; Infrastructure as a Service; TCG specification; TPM chip; Trusted Computing Group; cloud computing platform integrity checking; cloud consumer; cloud environment; cloud provider; computing resources; distributed trust protocol; economic benefit; security concern; security duty separation; service delivery model; trust issue mitigation; trusted boot process; trusted platform module chip; user VM; Hardware; Information systems; Security; Virtual machine monitors; Trusted cloud computing; cloud security and trust; trusted computing; virtualization (ID#: 15-6490)


Jalalzai, M.H.; Shahid, W.B.; Iqbal, M.M.W., “DNS Security Challenges and Best Practices to Deploy Secure DNS with Digital Signatures,” Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 280-285, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058517
Abstract: This paper is meant to discuss the DNS security vulnerabilities and best practices to address DNS security challenges. The Domain Name System (DNS) is the foundation of internet which translates user friendly domains, named based Resource Records (RR) into corresponding IP addresses and vice-versa. Nowadays usage of DNS services are not merely for translating domain names, but it is also used to block spam, email authentication like DKIM and the latest DMARC, the TXT records found in DNS are mainly about improving the security of services. So, virtually almost every internet application is using DNS. If not works properly then whole internet communication will collapse. Therefore security of DNS infrastructures is one of the core requirements for any organization in current cyber security arena. DNS are favorite place for attackers due to huge loss of its outcome. So breach in DNS security will in resultant affects the trust worthiness of whole internet. Therefore security of DNS is paramount, in case DNS infrastructure is vulnerable and compromised, organizations lose their revenue, they face downtime, customer dissatisfaction, privacy loss, confront legal challenges and many more. As we know that DNS is now become the largest distributed database, but initially at the time of DNS design the only goal was to provide scalable and available name resolution service but its security perspectives were not focused and overlooked at that time. So there are number of security flaws exist and there is an urgent requirement to provide some additional mechanism for addressing known vulnerabilities. From these security challenges, most important one is DNS data integrity and availability. For this purpose we introduced cryptographic framework that is configured on open source platform by incorporating DNSSEC with Bind DNS software which addresses integrity and availability issues of DNS by establishing DNS chain of trust using digitally signed DNS data.
Keywords: Internet; computer network security; cryptography; data integrity; data privacy; digital signatures; distributed databases; public domain software; Bind DNS software; DKIM; DMARC; DNS availability issues; DNS chain; DNS data integrity; DNS design; DNS infrastructures; DNS security; DNS security vulnerabilities; DNS services; DNSSEC; IP addresses; Internet application; Internet communication; Internet trustworthiness; cryptographic framework; customer dissatisfaction; cyber security arena; digital signatures; digitally signed DNS data; distributed database; domain name system; email authentication; index TXT services; named based resource records; open source platform; privacy loss; secure DNS; security flaws; user friendly domains; Best practices; Computer crime; Cryptography; Internet; Servers; Software; DNS Security; DNS Vulnerabilities; DNSSEC; Digital Signatures; Network and Computer Security; PKI (ID#: 15-6491)


Islam, S.; Haq, I.U.; Saeed, A., “Secure End-to-End SMS Communication over GSM Networks,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 286-292, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058518
Abstract: In today's GSM networks, security mechanisms provided by network operators are limited to the wireless links only, leaving the information traveling over the wired links insecure to a large extent. Moreover, the encryption algorithms used over the wireless links provide weak notion of security. Thus end-to-end security for SMS communication is not achieved in current GSM networks. An adversary is able to capture the traffic over the wireless link and decrypt it using specialized hardware. Short Message Service (SMS) is used widely all over the world which may contain sensitive and confidential information like financial transactions. SMS spoofing applications are widely available through which any sender ID can be set. The objectives of this research includes end-to-end confidentiality, authentication, message integrity and non-repudiation of SMS. The proposed scheme uses symmetric key and identity based techniques for encryption and key management. The overhead incurred due to addition of control information may increase the message length but the computational delay due to cryptographic operations is negligible on mobile devices with 1GHz+ processors. The proposed solution ensures end-to-end security even if the transmission is tapped, leaked or sniffed on either the wired or wireless links.
Keywords: cellular radio; cryptography; electronic messaging; message authentication; mobile computing; telecommunication security; GSM networks; SMS nonrepudiation; SMS spoofing applications; authentication; computational delay; confidential information; cryptographic operations; encryption algorithms; end-to-end confidentiality; end-to-end security; financial transactions; identity based techniques; key management; message integrity; message length; mobile devices; network operators; secure end-to-end SMS communication; security mechanisms; sender ID; sensitive information; short message service; symmetric key; wired links; wireless links; Encryption; Program processors; Receivers (ID#: 15-6492)


Siddiqui, R.A.; Grosvenor, R.I.; Prickett, P.W., “dsPIC-Based Advanced Data Acquisition System for Monitoring, Control and Security Applications,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 293-298, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058519
Abstract: This paper reports on design and implementation of data acquisition system based on dsPIC Microcontroller for Monitoring, Control and Security Application. Data acquisition is fundamental stage in any DSP, monitoring and digital control and security system. The efficiency and effectiveness of the system is defined by the quality of acquired data, which in turn depends on the characteristics of data acquisition system. There are two types of data acquisition; (a) digital (b) analog data acquisition, having different characteristics and system requirements. Microchip's dsPIC provides various on-chip integrated modules which enable efficient data acquisition such as 10/12-bit Analog to Digital Convertor (ADC) with up to 1Msps (Million samples per second) sampling rate, simultaneous sampling and various trigger mechanisms, Timers, Input Capture (IC), External (hardware) and Internal (software) Interrupt and processing capability up to 30 MIPS (Million Instructions Per Second). A system is developed for data acquisition of 16 analog signals with 10/12-bit resolution, simultaneous sampling of 4 signals, fixed and variable sampling rate, on chip storage and real-time signal processing capabilities. The system also supports for data acquisition of digital signals with time resolution of up to 33.33nsec and signal parameters like frequency, time period, pulse width, duty cycle, and delay & time difference between two signals. It can be customized according to the system requirements and provides advanced data acquisition capabilities to the low cost monitoring, control or security system.
Keywords: analogue-digital conversion; data acquisition; digital control; digital signal processing chips; microcontrollers;10-12-bit analog-digital convertor;10-12-bit resolution; 16 analog signals; 30 MIPS; ADC; DSP; advanced data acquisition capabilities; analog data acquisition; chip storage; control-security system; delay time difference; digital control-security system; digital data acquisition; dsPIC microcontroller; dsPIC-based advanced data acquisition system; duty cycle; efficient data acquisition; external hardware; internal software; low cost monitoring; microchip dsPIC; on-chip integrated modules; pulse width; real-time signal processing; timers; variable sampling rate; Security; ADC; DSP; Data Acquisition; MIPS; Microchip; Monitoring; Security; dsPIC (ID#: 15-6493)


Arifeen, F.U.; Siddiqui, R.A.; Ashraf, S.; Waheed, S., “Inter-Cloud Authentication Through X.509 for Defense Organization,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 299-306, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058520
Abstract: Over the recent years of research in cloud computing, different approaches are adopted for Inter-Cloud Authentication. These approaches give successful results in identifying the authentic request. Defense organization communicate with each other's through legitimate requests. For establishing a security and privacy, a PKI based authentication model is needed. This paper signifies a new approach in implementing cloud based PKI authentication inside the existing infrastructure of defense organization. As security is the prime concern for any organization and its implementation requirement varies from organization to organization, each and every organization embrace their own policies to implement it. The problem of understanding each other's security policies is a huge barrier and challenge for existing IT infrastructure for implementation purposes. Requirement to establish Inter-Cloud Authentication is made possible through this PKI based model which ensures all five security services i.e. confidentiality, integrity, authentication, digital signature and non-repudiation. This PKI model is a multi-domain atmosphere between various defense organization and their Data Centers (DC) for the facilitation and resource provisioning inside the cloud platform. This model utilizes the existing network infrastructure composed of high intercommunication traffic between various Data Centers of defense organization. In this model, a nationwide Certification Authority (CA) is implemented in the Inter-Cloud infrastructure and all other Data Centers are inter-communicated through this mechanism having different authentication approaches for legitimate access through the X.509 Certificates.
Keywords: cloud computing; computer centres; computer network security; data integrity; data privacy; digital signatures; organisational aspects; public key cryptography; telecommunication traffic; IT infrastructure; PKI based authentication model; X.509; certification authority; cloud based PKI authentication; cloud platform; data center; data confidentiality; defense organization; digital signature; intercloud authentication; intercloud infrastructure; intercommunication traffic; multidomain atmosphere; network infrastructure; non-repudiation; resource provisioning; security policies; security services; Hardware; Organizations; Public key cryptography; Software; Virtual private networks; Certification Authority (CA); Data Centers; Inter-Cloud; Master CA; Public Key Infrastructure (PKI); VPN; X.509 Certificate Services (ID#: 15-6494)


Ishfaq, H.; Iqbal, W.; Bin Shahid, W., “Attaining Accessibility and Personalization with Socio-Captcha (SCAP),” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 307-311, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058521
Abstract: Many websites have made use of motions, videos, flash, gif animations and static images to implement Captcha in order to ensure that the entity trying to connect to their website(s) or system is not a Bot, but a human being. A wide variety of Captcha types and solution methods are available and few are described in section II. All of these Captcha systems possess the functionality of distinguishing humans and Bots but lack in providing personalization attribute(s) whilst browsing the internet or using any networking application. This paper has suggested a novel scheme for generation of Captcha by attaining accessibility and personalization through user's social media profile attributes Socio-Captcha (SCAP). This Socio-Captcha Scheme relies on Socio-Captcha application which is discussed in this paper.
Keywords: security of data; social networking (online); Internet; SCAP; Web sites; personalization attribute; social media profile; socio-captcha scheme; CAPTCHAs; Clothing; Electronic publishing; Facebook; Frequency modulation; Information services; Lead; accessibility; bot; captcha; human; personalization; social media; web (ID#: 15-6495)


Amin, M.; Afzal, M., “On the Vulnerability of EC DRBG,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 318-322, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058523
Abstract: Random Number Generation is an important element of any cryptographic function. National Institute of Standards and Technology (NIST) has also developed few Random Number Generators, Dual Elliptic Curve Deterministic Random Bit Generator(Dual EC DRBG) is one of them. Over a period of time, various sources highlighted that Dual EC DRBG has vulnerability, that its next output can be predicted with the help of previous output. However very limited material is available to provide an insight to understand the vulnerability. This paper has provided a proof of concept on the vulnerability in Dual EC DRBG with explaining the working of DRBG and related flaw. The paper has also proposed the solution to overcome the said flaw in Dual EC DRBG.
Keywords: public key cryptography; random number generation; Dual EC DRBG vulnerability; NIST; National Institute of Standards and Technology; cryptographic function; dual elliptic curve deterministic random bit generator; Elliptic curves; Entropy; Generators; Random number generation; Elliptic Curves; Random Numbers (ID#: 15-6496)


Tanveer, A.; Ali, A.; Paracha, M.A.; Raja, F.R., “Performance Analysis of AES-finalists Along with SHS in IPSEC VPN over 1Gbps Link,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp.323-332, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058524
Abstract: IPSEC is suit of protocols designed to provide secure communication over Network Layer (Layer-3) of TCP/IP model. Participating IPSEC gateways may have different algorithms installed in them but RFC-4835 mentions mandatory algorithms that a gateway must have so that participating gateways always have at least one algorithmic combination to agree upon. Off the shelve IPSEC implementations only implement these mandatory algorithms. In this paper, the enhancements involve the selection of hashing and encryption algorithms that yield better performance for the given system. All AES finalists and SHS algorithms have been embedded after some modifications in 64 bit RHEL 6.2 Linux kernel (2.6.32) and Openswan 2.6.38 (A user space agent which helps gateways to negotiate security associations between them) and performance analysis of these algorithms having throughput as the main parameter over 1 Gbps link in an IPSEC VPN has been done. For this purpose, all the combinations of block ciphers with different key lengths along with hashing algorithms are tested and analyzed under same operating conditions. Comparative results are shown with respect to every combination of AES finalists with every hashing algorithm of SHS and MD5. Furthermore, All the AES finalists have also been tested without hashing algorithms.
Keywords: Linux; computer network security; cryptographic protocols; internetworking; operating system kernels; transport protocols; virtual private networks; AES finalist performance analysis; IPSEC VPN network layer; IPSEC gateway; Openswan 2.6.38; RHEL 6.2 Linux kernel; SHS algorithm; TCP-IP protocol model; advanced encryption standard; bit rate 1 Gbit/s; cipher blocking; encryption algorithm; hashing algorithm; off the shelve IPSEC implementation; secure communication; secure hash standard; user space agent; Authentication; Encryption; IP networks; Logic gates; Payloads (ID#: 15-6497)


Javed, A.; Akhlaq, M., “Patterns in Malware Designed for Data Espionage and Backdoor Creation,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 338-342, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058526
Abstract: In the recent past, malware have become a serious cyber security threat which has not only targeted individuals and organizations but has also threatened the cyber space of countries around the world. Amongst malware variants, trojans designed for data espionage and backdoor creation dominates the threat landscape. This necessitates an in depth study of these malware with the scope of extracting static features like APIs, strings, IP Addresses, URLs, email addresses etc. by and large found in such malicious codes. Hence in this research paper, an endeavor has been made to establish a set of patterns, tagged as APIs and Malicious Strings persistently existent in these malware by articulating an analysis framework.
Keywords: application program interfaces; feature extraction; invasive software; APIs; backdoor creation; cyber security threat; data espionage; malicious codes; malicious strings; malware; static feature extraction; trojans; Accuracy; Feature extraction; Lead; Malware; Sensitivity (ID#: 15-6498)


Saboor, A.; Aslam, B., “Analyses of Flow Based Techniques to Detect Distributed Denial of Service Attacks,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 354-362, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058529
Abstract: Distributed Denial of Service (DDoS) attacks comprise of sending huge network traffic to a victim system using multiple systems. Detecting such attacks has gained much attention in current literature. Studies have shown that flow-based anomaly detection mechanisms give promising results as compared to typical signature based attack detection mechanisms which have not been able to detect such attacks effectively. For this purpose, a variety of flow-based DDoS detection algorithms have been put forward. We have divided the flow-based DDoS attack detection techniques broadly into two categories namely, packet header based and mathematical formulation based. Analyses has been done for two techniques one belonging to each category. The paper has analyzed and evaluated these with respect to their detection accuracy and capability. Finally, we have suggested improvements that can be helpful to give results better than both the previously proposed algorithms. Furthermore, our findings can be applied to DDoS detection systems for refining their detection capability.
Keywords: computer network security; mathematical analysis; telecommunication traffic; flow-based anomaly detection mechanisms; flow-based distributed denial of service attack detection techniques; mathematical formulation; multiple systems; network traffic; packet header; signature based attack detection mechanisms; victim system; Correlation; Correlation coefficient; IP networks; Distributed Denial of Service Attack; Exploitation Tools; Flow-based attack detection; Intrusion Detection; cyber security (ID#: 15-6499)


Raza, F.; Bashir, S.; Tauseef, K.; Shah, S.I., “Optimizing Nodes Proportion for Intrusion Detection in Uniform and Gaussian Distributed Heterogeneous WSN,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 623-628, 13-17 Jan. 2015. doi:10.1109/IBCAST.2015.7058571
Abstract: In wireless sensor networks (WSN), intrusion detection applications have gained significant importance because of diverse implementations including tracking malicious intruder in the battlefield. Network parameters such as allowable distance, sensing range, transmission range, and node density plays important role in designing a model according to specific applications. Numerous models have been proposed to efficiently deploy WSNs for these applications. However, deviated requirements of different applications make it difficult to develop a generic model. Another important factor with significant contribution towards the performance of a WSN is the strategy adopted for distribution of the sensor nodes in the area of interest. The most common method is to deploy the sensors is either through uniform or gaussian distribution. Several performance comparisons have been reported to evaluate the detection probability and analyze its dependency on various network parameters. Another aspect fundamental to the performance of a sensor network is heterogeneity. Practically, for economic or logistic reasons, it may not be possible to ensure availability of nodes with identical features e.g. sensing range, transmission/detection capability etc. It is, therefore, important to assess the detection performance of the network when the nodes do not possess same sensing range. In this paper we analyze the impact of various node densities in calculating detection probability in a Uniform and Gaussian distributed heterogeneous network under K-sensing model. Experimental results provide optimal values of node densities for efficient deployment in heterogeneous WSN environment.
Keywords: Gaussian distribution; object detection; optimisation; safety systems; wireless sensor networks; K-sensing model; allowable distance; battlefield; detection probability evaluation; economic reasons; generic model; intrusion detection application performance; logistic reasons; malicious intruder tracking; node density; node proportion optimization; sensing range; sensor node distribution; transmission range; uniform-Gaussian distributed heterogeneous WSN; wireless sensor network parameter; Ad hoc networks; Communication system security; Intrusion detection; Sensors; Wireless communication; Wireless sensor networks (ID#: 15-6500)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.