Syed S. Rizvi

Bio: Syed S. Rizvi is an academic researcher from Pennsylvania State University. The author has contributed to research in topics: Cloud computing security & Cloud computing. The author has an hindex of 15, co-authored 78 publications receiving 612 citations. Previous affiliations of Syed S. Rizvi include Penn State College of Information Sciences and Technology & University of Bridgeport.

Securing the Internet of Things (IoT): A Security Taxonomy for IoT

Abstract: In Internet of Things (IoT), there is a vast number of connected devices that exist These devices are collecting and transmitting great volumes of data from device to device, device to enterprise systems, and occasionally from device to humans Due to the billions of connected devices, there is a great risk of identity and data theft, device manipulation, data falsification, server/network manipulation, and subsequent impact to application platforms While the number of these interconnected devices continues to grow every day, so does the number of security threats and vulnerabilities posed to these devices Security is one of the most paramount technological research problems that exist today for IoT Security has many facets - security built within the device, security of data transmission, and data storage within the systems and its applications There is an extensive amount of literature that exists on the subject with countless problems as well as proposed solutions; however, most of the existing work does not provide a holistic view of security and data privacy issues within the IoT The primary goal of this research work is to advance the current state of the art in IoT research by identifying (a) the critical domains where IoT is heavily used, (b) the security requirements and challenges that IoT is currently facing, and (c) the existing security solutions that have been proposed or implemented with their limitations

A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions

Abstract: While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

Cloud Security Auditing: Challenges and Emerging Approaches

Abstract: IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

Identifying the attack surface for IoT network

Abstract: For this research, our primary goal is to define an attack surface for networks utilizing the IoT (Internet of Things) devices. The IoT consists of systems of integrated objects, computing devices, digital, or mechanical machines that are given the ability to transmit and receive the data over a network without the need for human interaction. Each of these devices can operate independently within the existing Internet infrastructure. Issues will continue to increase as devices become more prevalent and continuously evolve to counter newer threats and schemes. The attack surface of a network sums up all penetration points, otherwise known as attack vectors. An attacker or an unauthorized user can take advantage of these attack vectors to penetrate and change or extract data from the threat environment. For this research, we define a threat model that allows us to systematically analyze the security solutions to mitigate potential risks from the beginning of the design phase. By designing an IoT architecture and breaking it down into several zones, we focus on each zone to identify any vulnerability or weaknesses within a system that allows unauthorized privileges, as well as any attacks that can target that area. We also investigate the available IoT devices across several domains (e.g., wellness, industrial, home, etc.) to provide a 1:1 and 1:n mapping across devices, vulnerabilities, and potential security threats based on the subjective assessment.

A centralized trust model approach for cloud computing

Abstract: In the IT world of corporate networking, how businesses store and compute data is starting to shift from in-house servers to the cloud. However, some enterprises are still hesitant to make this leap to the cloud because of their information security and data privacy concerns. Enterprises that want to invest into this service need to feel confident that the information stored on the cloud is secure. Due to this need for confidence, trust is one of the major qualities that cloud service providers (CSPs) must build for cloud service users (CSUs). To do this, a model that all CSPs can follow must exist to establish a trust standard in the industry. If no concrete model exists, the future of cloud computing will be stagnant. This paper presents a new trust model that involves all the cloud stakeholders such as CSU, CSP, and third-party auditors. Our proposed trust model is objective since it involves third-party auditors to develop unbiased trust between the CSUs and the CSPs. Furthermore, to support the implementation of the proposed trust model, we rank CSPs according to the trust-values obtained from the trust model. The final score for each participating CSP will be determined based on the third-party assessment and the feedback received from the CSUs.

PORs: Proofs of Retrievability for Large Files

Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

All One Needs to Know about Metaverse: A Complete Survey on Technological Singularity, Virtual Ecosystem, and Research Agenda

Abstract: Since the popularisation of the Internet in the 1990s, the cyberspace has kept evolving. We have created various computer-mediated virtual environments including social networks, video conferencing, virtual 3D worlds (e.g., VR Chat), augmented reality applications (e.g., Pokemon Go), and Non-Fungible Token Games (e.g., Upland). Such virtual environments, albeit non-perpetual and unconnected, have bought us various degrees of digital transformation. The term `metaverse' has been coined to further facilitate the digital transformation in every aspect of our physical lives. At the core of the metaverse stands the vision of an immersive Internet as a gigantic, unified, persistent, and shared realm. While the metaverse may seem futuristic, catalysed by emerging technologies such as Extended Reality, 5G, and Artificial Intelligence, the digital `big bang' of our cyberspace is not far away. This survey paper presents the first effort to offer a comprehensive framework that examines the latest metaverse development under the dimensions of state-of-the-art technologies and metaverse ecosystems, and illustrates the possibility of the digital `big bang'. First, technologies are the enablers that drive the transition from the current Internet to the metaverse. We thus examine eight enabling technologies rigorously - Extended Reality, User Interactivity (Human-Computer Interaction), Artificial Intelligence, Blockchain, Computer Vision, IoT and Robotics, Edge and Cloud computing, and Future Mobile Networks. In terms of applications, the metaverse ecosystem allows human users to live and play within a self-sustaining, persistent, and shared realm. Therefore, we discuss six user-centric factors -- Avatar, Content Creation, Virtual Economy, Social Acceptability, Security and Privacy, and Trust and Accountability. Finally, we propose a concrete research agenda for the development of the metaverse.

Cybersecurity data science: an overview from machine learning perspective

Abstract: In a computing context, cybersecurity is undergoing massive shifts in technology and its operations in recent days, and data science is driving the change. Extracting security incident patterns or insights from cybersecurity data and building corresponding data-driven model, is the key to make a security system automated and intelligent. To understand and analyze the actual phenomena with data, various scientific methods, machine learning techniques, processes, and systems are used, which is commonly known as data science. In this paper, we focus and briefly discuss on cybersecurity data science, where the data is being gathered from relevant cybersecurity sources, and the analytics complement the latest data-driven patterns for providing more effective security solutions. The concept of cybersecurity data science allows making the computing process more actionable and intelligent as compared to traditional ones in the domain of cybersecurity. We then discuss and summarize a number of associated research issues and future directions. Furthermore, we provide a machine learning based multi-layered framework for the purpose of cybersecurity modeling. Overall, our goal is not only to discuss cybersecurity data science and relevant methods but also to focus the applicability towards data-driven intelligent decision making for protecting the systems from cyber-attacks.

The Design of CMOS Radio-Frequency Integrated Circuits: RF CIRCUITS THROUGH THE AGES

Abstract: This expanded and thoroughly revised edition of Thomas H. Lee's acclaimed guide to the design of gigahertz RF integrated circuits features a completely new chapter on the principles of wireless systems. The chapters on low-noise amplifiers, oscillators and phase noise have been significantly expanded as well. The chapter on architectures now contains several examples of complete chip designs that bring together all the various theoretical and practical elements involved in producing a prototype chip. First Edition Hb (1998): 0-521-63061-4 First Edition Pb (1998); 0-521-63922-0