Kamal Ali Alezabi

Bio: Kamal Ali Alezabi is an academic researcher from University of Kuala Lumpur. The author has contributed to research in topics: Authentication & Authentication protocol. The author has an hindex of 6, co-authored 16 publications receiving 104 citations. Previous affiliations of Kamal Ali Alezabi include UCSI University & Universiti Putra Malaysia.

An efficient authentication and key agreement protocol for 4G (LTE) networks

Abstract: Long Term Evolution (LTE) networks designed by 3rd Generation Partnership Project (3GPP) represent a widespread technology. LTE is mainly influenced by high data rates, minimum delay and the capacity due to scalable bandwidth and its flexibility. With the rapid and widespread use LTE networks, and increase the use in data/video transmission and Internet applications in general, accordingly, the challenges of securing and speeding up data communication in such networks is also increased. Authentication in LTE networks is very important process because most of the coming attacks occur during this stage. Attackers try to be authenticated and then launch the network resources and prevent the legitimate users from the network services. The basics of Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) are used in LTE AKA protocol which is called Evolved Packet System AKA (EPS-AKA) protocol to secure LTE network, However it still suffers from various vulnerabilities such as disclosure of the user identity, computational overhead, Man In The Middle (MITM) attack and authentication delay. In this paper, an Efficient EPS-AKA protocol (EEPS-AKA) is proposed to overcome those problems. The proposed protocol is based on the Simple Password Exponential Key Exchange (SPEKE) protocol. Compared to previous proposed methods, our method is faster, since it uses a secret key method which is faster than certificate-based methods, In addition, the size of messages exchanged between User Equipment (UE) and Home Subscriber Server (HSS) is reduced, this reduces authentication delay and storage overhead effectively. The automated validation of internet security protocols and applications (AVISPA) tool is used to provide a formal verification. Results show that the proposed EEPS-AKA is efficient and secure against active and passive attacks.

Efficient authentication and re-authentication protocols for 4G/5G heterogeneous networks

Abstract: In the next-generation heterogeneous wireless networks, designing authentication protocols that meet the demand of mobile users/applications is a challenge. This paper proposes authentication and re-authentication protocols for 4G wireless networks, in particular, LTE-Advanced (LTE-A), WLAN, and WiMAX-Advanced (WiMAX-A) interworking architecture. The proposed protocols are applicable to 5G networks. With the consideration of the existing standard authentication protocols, a new set of authentication and re-authentication protocols has been reinvented to provide fast and secure handovers (HO) in the current 4G and the next 5G networks. The proposed authentication protocols can be invoked when the users perform a vertical HO (between different networks) for the first time, whereas the re-authentication protocols can be invoked when the users perform a horizontal HO (within the same network domain). These protocols provide an efficient method to protect user identity and reduce the burden on the authentication server (AS) during the sequential handovers. The results of the analytical model show that the proposed protocols achieve better performance than standard and other protocols. The reduction of handover cost, handover delay, and energy consumption in the proposed protocols reaches up to 22%, 44%, and 17%, respectively. In addition, the verification tools show that the proposed protocols are secure, dependable, and prevent all types of authentication and secrecy attacks.

Hybrid Multi-Level Detection and Mitigation of Clone Attacks in Mobile Wireless Sensor Network (MWSN).

Abstract: Wireless sensor networks (WSNs) are often deployed in hostile environments, where an adversary can physically capture some of the sensor nodes. The adversary collects all the nodes' important credentials and subsequently replicate the nodes, which may expose the network to a number of other security attacks, and eventually compromise the entire network. This harmful attack where a single or more nodes illegitimately claims an identity as replicas is known as the node replication attack. The problem of node replication attack can be further aggravated due to the mobile nature in WSN. In this paper, we propose an extended version of multi-level replica detection technique built on Danger Theory (DT), which utilizes a hybrid approach (centralized and distributed) to shield the mobile wireless sensor networks (MWSNs) from clone attacks. The danger theory concept depends on a multi-level of detections; first stage (highlights the danger zone (DZ) by checking the abnormal behavior of mobile nodes), second stage (battery check and random number) and third stage (inform about replica to other networks). The DT method performance is highlighted through security parameters such as false negative, energy, detection time, communication overhead and delay in detection. The proposed approach also demonstrates that the hybrid DT method is capable and successful in detecting and mitigating any malicious activities initiated by the replica. Nowadays, crimes are vastly increasing and it is crucial to modify the systems accordingly. Indeed, it is understood that the communication needs to be secured by keen observation at each level of detection. The simulation results show that the proposed approach overcomes the weaknesses of the previous and existing centralized and distributed approaches and enhances the performance of MWSN in terms of communication and memory overhead.

Normalized Advancement Based Totally Opportunistic Routing Algorithm With Void Detection and Avoiding Mechanism for Underwater Wireless Sensor Network

Abstract: Underwater wireless sensor network (UWSN) is the enabling technology for a new era of underwater monitoring and actuation applications. In this network, data aggregation and forwarding are intensely constrained due to channel impairment, and therefore require due consideration. One way to address the data collection of UWSN is by enhancing the routing protocol using the Opportunistic Routing (OR) technique. This article proposes a normalized advancement based opportunistic routing protocol called NA-TORA. NA-TORA is a geographically opportunistic routing protocol in which the next-hop forwarder is selected based on Normalized Advancement (NA). NA is calculated from Expected Transmission Count (ETX) and node' s energy consumption to find an optimal forwarding node. However, the forwarded data may not be received on the designated sink node due to the existence of a void node in the data forwarding route. To overcome the issue of void nodes, we have incorporated a void node detection and avoiding mechanism on NA-TORA, called NA-TORA with VA. The proposed scheme recursively detect void nodes and avoid these nodes to participate in data routing by utilizing the angle of transmission adjustment and transmission range extension method. The novelty of this work lies within its data transmission phase, where normalized advancement is used to select a potential candidate forwarder. Apart from that, the proposed routing protocol operates in two different modes, i.e., standard operating mode (NA-TORA), and void avoidance mode (NA-TORA with VA). Comprehensive simulations were performed to compare the performance of NA-TORA and NA-TORA with VA with some well-known existing routing protocols.

A new tunnelled EAP based authentication method for WiMAX networks

Abstract: Despite well-defined and commercially viable security standards for WiMAX networks, vulnerability in current system design and other inherent characteristics expose the network to various types of security attacks These attacks are commonly related to network access security, authentication of users, validation of data transmission, and confidentiality issues In order to provide better protection to WiMAX users, several improvements in the security mechanism have been provided One notable solution is by using a more secure protocol, namely the Privacy Key Management (PKM), which later being revised into PKMv2 (PKM version 2) In this protocol, authentication (as well as mutual authentication) plays an important role since it must be completed in order to establish a secure connection between the network entities PKMv2 uses either RSA-based or EAP-based authentication modes While there are variations of authentication modes exist in the literature, some of them prone to man-in-the-middle (MITM) attack and significant overheads This paper proposes a new method called EAP-TTLS-ISRP which embeds the transmission of security messages in a secure tunnel This authentication method is proposed for a single EAP based authentication to achieve both user and device authentications between Mobile Station (MS) and Authentication Server (AS) by using strong and fast authentication methods The proposed method outperforms other methods in the number of messages exchanged and thus it has less overhead cost, it also satisfies the EAP requirement for secure and efficient data exchange, as well as robust to MITM attacks Automated Validation of Internet Security Protocols and Applications (AVISPA) verification tools are used to verify the security performance of the proposed EAP-TTLS-ISRP method

Security for 5G and Beyond

Abstract: The development of the fifth generation (5G) wireless networks is gaining momentum to connect almost all aspects of life through the network with much higher speed, very low latency and ubiquitous connectivity. Due to its crucial role in our lives, the network must secure its users, components, and services. The security threat landscape of 5G has grown enormously due to the unprecedented increase in types of services and in the number of devices. Therefore, security solutions if not developed yet must be envisioned already to cope with diverse threats on various services, novel technologies, and increased user information accessible by the network. This paper outlines the 5G network threat landscape, the security vulnerabilities in the new technological concepts that will be adopted by 5G, and provides either solutions to those threats or future directions to cope with those security challenges. We also provide a brief outline of the post-5G cellular technologies and their security vulnerabilities which is referred to as future generations (XG) in this paper. In brief, this paper highlights the present and future security challenges in wireless networks, mainly in 5G, and future directions to secure wireless networks beyond 5G.

Survey on Threats and Attacks on Mobile Networks

Abstract: Since the 1G of mobile technology, mobile wireless communication systems have continued to evolve, bringing into the network architecture new interfaces and protocols, as well as unified services, high data capacity of data transmission, and packet-based transmission (4G). This evolution has also introduced new vulnerabilities and threats, which can be used to launch attacks on different network components, such as the access network and the core network. These drawbacks stand as a major concern for the security and the performance of mobile networks, since various types of attacks can take down the whole network and cause a denial of service, or perform malicious activities. In this survey, we review the main security issues in the access and core network (vulnerabilities and threats) and provide a classification and categorization of attacks in mobile network. In addition, we analyze major attacks on 4G mobile networks and corresponding countermeasures and current mitigation solutions, discuss limits of current solutions, and highlight open research areas.

An Optimized Framework for Energy-Resource Allocation in A Cloud Environment based on the Whale Optimization Algorithm.

Abstract: Cloud computing offers the services to access, manipulate and configure data online over the web. The cloud term refers to an internet network which is remotely available and accessible at anytime from anywhere. Cloud computing is undoubtedly an innovation as the investment in the real and physical infrastructure is much greater than the cloud technology investment. The present work addresses the issue of power consumption done by cloud infrastructure. As there is a need for algorithms and techniques that can reduce energy consumption and schedule resource for the effectiveness of servers. Load balancing is also a significant part of cloud technology that enables the balanced distribution of load among multiple servers to fulfill users’ growing demand. The present work used various optimization algorithms such as particle swarm optimization (PSO), cat swarm optimization (CSO), BAT, cuckoo search algorithm (CSA) optimization algorithm and the whale optimization algorithm (WOA) for balancing the load, energy efficiency, and better resource scheduling to make an efficient cloud environment. In the case of seven servers and eight server’s settings, the results revealed that whale optimization algorithm outperformed other algorithms in terms of response time, energy consumption, execution time and throughput.

CPPHA: Capability-Based Privacy-Protection Handover Authentication Mechanism for SDN-Based 5G HetNets

Abstract: Ultra-dense Heterogeneous network (HetNet) technique can significantly improve wireless link quality, spectrum efficiency and system capacity, and satisfy different requirements for coverage in hotspots, which has been viewed as one of the key technologies in fifth Generation (5G) network. Due to the existence of many different types of base stations (BSs) and the complexity of the network topology in the 5G HetNets, there are a lot of new challenges in security and mobility management aspects for this multi-tier 5G architecture including insecure access points and potential frequent handovers among several different types of base stations. In this paper, we integrate user capability and Software Defined Network (SDN) technique, and propose a capability-based privacy protection handover authentication mechanism in SDN-based 5G HetNets. Our proposed scheme can achieve the mutual authentication and key agreement between User Equipments (UEs) and BSs in 5G HetNets at the same time largely reduce the authentication handover cost. We demonstrate that our proposed scheme indeed can provide robust security protection by employing several security analysis methods including the BAN logic and the formal verification tool Scyther. In addition, the performance evaluation results show that our scheme outperforms other existing schemes.