Visible to the public Biblio

Filters: Author is Shahriar, H.  [Clear All Filters]
Zhang, C., Shahriar, H., Riad, A. B. M. K..  2020.  Security and Privacy Analysis of Wearable Health Device. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1767—1772.

Mobile wearable health devices have expanded prevalent usage and become very popular because of the valuable health monitor system. These devices provide general health tips and monitoring human health parameters as well as generally assisting the user to take better health of themselves. However, these devices are associated with security and privacy risk among the consumers because these devices deal with sensitive data information such as users sleeping arrangements, dieting formula such as eating constraint, pulse rate and so on. In this paper, we analyze the significant security and privacy features of three very popular health tracker devices: Fitbit, Jawbone and Google Glass. We very carefully analyze the devices' strength and how the devices communicate and its Bluetooth pairing process with mobile devices. We explore the possible malicious attack through Bluetooth networking by hacker. The outcomes of this analysis show how these devices allow third parties to gain sensitive information from the device exact location that causes the potential privacy breach for users. We analyze the reasons of user data security and privacy are gained by unauthorized people on wearable devices and the possible challenge to secure user data as well as the comparison of three wearable devices (Fitbit, Jawbone and Google Glass) security vulnerability and attack type.

Farhadi, M., Haddad, H., Shahriar, H..  2019.  Compliance Checking of Open Source EHR Applications for HIPAA and ONC Security and Privacy Requirements. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:704–713.
Electronic Health Record (EHR) applications are digital versions of paper-based patient's health information. They are increasingly adopted to improved quality in healthcare, such as convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. Furthermore, Office of the National Coordinator (ONC) for Health Information Technology (HIT) certification criteria for usability of EHRs. A compliance checking approach attempts to identify whether or not an adopted EHR application meets the security and privacy criteria. There is no study in the literature to understand whether traditional static code analysis-based vulnerability discovered can assist in compliance checking of regulatory requirements of HIPAA and ONC. This paper attempts to address this issue. We identify security and privacy requirements for HIPAA technical requirements, and identify a subset of ONC criteria related to security and privacy, and then evaluate EHR applications for security vulnerabilities. Finally propose mitigation of security issues towards better compliance and to help practitioners reuse open source tools towards certification compliance.
Shahriar, H., Bond, W..  2017.  Towards an Attack Signature Generation Framework for Intrusion Detection Systems. 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :597–603.
Attacks on web services are major concerns and can expose organizations valuable information resources. Despite there are increasing awareness in secure programming, we still find vulnerabilities in web services. To protect deployed web services, it is important to have defense techniques. Signaturebased Intrusion Detection Systems (IDS) have gained popularity to protect applications against attacks. However, signature IDSs have limited number of attack signatures. In this paper, we propose a Genetic Algorithm (GA)-based attack signature generation approach and show its application for web services. GA algorithm has the capability of generating new member from a set of initial population. We leverage this by generating new attack signatures at SOAP message level to overcome the challenge of limited number of attack signatures. The key contributions include defining chromosomes and fitness functions. The initial results show that the GA-based IDS can generate new signatures and complement the limitation of existing web security testing tools. The approach can generate new attack signatures for injection, privilege escalation, denial of service and information leakage.