Ali A. Yassin

Bio: Ali A. Yassin is an academic researcher from University of Basrah. The author has contributed to research in topics: Authentication & Password. The author has an hindex of 10, co-authored 41 publications receiving 306 citations. Previous affiliations of Ali A. Yassin include Wuhan University & Huazhong University of Science and Technology.

Efficient Conditional Anonymity With Message Integrity and Authentication in a Vehicular Ad-Hoc Network

Abstract: Vehicles in a vehicular ad-hoc network (VANET) broadcast beacons giving safety-related and traffic information. In an open-access environment, this means that the VANET is susceptible to security and privacy issues. In this paper, we propose a new pseudo-identity-based scheme for conditional anonymity with integrity and authentication in a VANET. The proposed scheme uses a pseudonym in the joining process with the road-side unit (RSU) to protect the real identity even from the RSU, in case it is compromised. All previous identity-based schemes have been prone to insider attackers, and have not met the revocation process. Our scheme resolves these drawbacks as the vehicle signs the beacon with a signature obtained from the RSU. Our scheme satisfies the requirements for security and privacy, and especially the requirements for message integrity and authentication, privacy preservation, non-repudiation, traceability, and revocation. In addition, it provides conditional anonymity to guarantee the protection of an honest vehicle's real identity, unless malicious activities are detected. It is also resistant to common attacks such as modification, replay, impersonation, and man-in-the-middle (MITM) attacks. Although the numerous existing schemes have used a bilinear pairing operation, our scheme does not depend on this due to the complex operations involved, which cause significant computation overhead. Furthermore, it does not have a certification revocation list, giving rise to significant costs due to storage and inefficient communication. Our analysis demonstrates that our scheme can satisfy the security and privacy requirements of a VANET more effectively than previous schemes. We also compare our scheme with the recently proposed schemes in terms of communication and computation and demonstrate its cost-efficiency and appropriateness in working with the VANET. Meanwhile, the computation costs of the beacon signing and verification in our scheme are reduced by 49.9% and 33.3%, respectively.

VPPCS: VANET-Based Privacy-Preserving Communication Scheme

Abstract: Over the past years, vehicular ad hoc networks (VANETs) have been commonly used in intelligent traffic systems. VANET's design encompasses critical features that include autonomy, distributed networking, and rapidly changing topology. The characteristics of VANET and its implementations for road safety have attracted considerable industry and academia interest, particularly in research involving transport systems enhancement that could potentially save lives. Message broadcasting in an open access system, such as VANET, is the main and utmost challenging problem with regard to security and privacy in VANETs. Various studies on VANET security and privacy have been proposed. Nevertheless, none has considered overall privacy requirements such as unobservability. In order to address these shortcomings, we propose a VANET based privacy-preserving communication scheme (VPPCS), which meets the requirements for content and contextual privacy. It leverages elliptic curve cryptography (ECC) and an identity-based encryption scheme. We have carried out a detailed security analysis (burrows-abadi-needham (BAN) logic, random oracle model, security of proof, and security attributes) to validate and verify the proposed scheme. The analysis has shown that our scheme is secure and also shown to be effective in a performance evaluation. The proposed scheme does not only meet the previously mentioned security and privacy requirements, but also impervious to various types of attacks such as replay, impersonation, modification, and man-in-the-middle attacks.

Secure Rank-Ordered Search of Multi-keyword Trapdoor over Encrypted Cloud Data

Abstract: Advances in cloud computing and Internet technologies have pushed more and more data owners to outsource their data to remote cloud servers to enjoy with huge data management services in an efficient cost. However, despite its technical advances, cloud computing introduces many new security challenges that need to be addressed well. This is because, data owners, under such new setting, loss the control over their sensitive data. To keep the confidentiality of their sensitive data, data owners usually outsource the encrypted format of their data to the untrusted cloud servers. Several approaches have been provided to enable searching the encrypted data. However, the majority of these approaches are limited to handle either a single keyword search or a Boolean search but not a multikeyword ranked search, a more efficient model to retrieve the top documents corresponding to the provided keywords. In this paper, we propose a secure multi-keyword ranked search scheme over the encrypted cloud data. Such scheme allows an authorized user to retrieve the most relevant documents in a descending order, while preserving the privacy of his search request and the contents of documents he retrieved. To do so, data owner builds his searchable index, and associates with each term document with a relevance score, which facilitates document ranking. The proposed scheme uses two distinct cloud servers, one for storing the secure index, while the other is used to store the encrypted document collection. Such new setting prevents leaking the search result, i.e. the document identifiers, to the adversary cloud servers. We have conducted several empirical analyses on a real dataset to demonstrate the performance of our proposed scheme.

Anonymous Password Authentication Scheme by Using Digital Signature and Fingerprint in Cloud Computing

Abstract: Cloud security represents a main hindrance that causes to retard its widespread adoption. Authentication considers a significance element of security in cloud environment, aiming to verify a user's identity when a user wishes to request services from cloud. There are many authentication schemes that depend on username/password, but they are considered weak techniques of cloud authentication. A more secure scheme is the two-factor authentication that does not only verify the username/password pair, but also needs a second factor such as a token device, biometric. However, the feasibility of second-factor authentication is limited by the deployment complexity, high cost and the cloud security is compromised when the token is missing or purloined. Furthermore, these schemes are failed to resist well-known attacks such as replay attacks, reflection attacks. This paper proposes two-factor authentication scheme based on Schnorr digital signature and feature extraction from fingerprint to overcome above aforementioned issues. Security analysis and experimental results illustrate that our proposed scheme can withstand the common security attacks as well, and has a good performance of password authentication.

Efficient Password-based Two Factors Authentication in Cloud Computing

Abstract: Security threats are considered the main barrier that precluded potential users from reaping the compelling benefits of the cloud computing model. Unfortunately, traditional password authentication jeopardizes user privacy. Anonymous password authentication (APA) represents a promising method to maintain users’ privacy. However, the major handicap that faces the deployment of APA is the high computation cost and inherent shortcomings of conventional password schemes. In our proposed scheme, we present a new setting where users do not need to register their passwords to service provider. They are supplied with the necessary credential information from the data owner. Furthermore, for enabling the service provider to know the authorized users, data owner provides the service provider with some secret identity information that is derived from the pair (username/password) of each user. Our approach shows good results in terms of high scalability which makes our scheme more suitable to the cloud environment, strong authentication that withstands different known attacks.

The knowledge complexity of interactive proof-systems

Abstract: Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

PORs: Proofs of Retrievability for Large Files

Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

Cloud computing and security issues in the cloud

Abstract: Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The global computing infrastructure is rapidly moving towards cloud based architecture. While it is important to take advantages of could based computing by means of deploying it in diversified sectors, the security aspects in a cloud based computing environment remains at the core of interest. Cloud based services and service providers are being evolved which has resulted in a new business trend based on cloud technology. With the introduction of numerous cloud based services and geographically dispersed cloud service providers, sensitive information of different entities are normally stored in remote servers and locations with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing those information are compromised. If security is not robust and consistent, the flexibility and advantages that cloud computing has to offer will have little credibility. This paper presents a review on the cloud computing concepts as well as security issues inherent within the context of cloud computing and cloud infrastructure.