- Palestinian Territory
Ahmad Alsadeh
Birzeit University, Department of Computer Systems Engineering, Department Member
- Computer Systems Engineering, Computer Science, Computer Networks, Wireless Communications, Information Security, and Computer and Network Security Information Assurance and Security Cyber Security Access Control in Collaborative, Mobile, Pervasive and Grid Systems Semantic Web and Security Ontologiesedit
Research Interests:
Research Interests:
Identity federation allows one to link a user’s digital identities across several identity management systems. Federated identity management (FIM) ensures that users have easy access to the available resources. However, scaling FIM to... more
Identity federation allows one to link a user’s digital identities across several identity management systems. Federated identity management (FIM) ensures that users have easy access to the available resources. However, scaling FIM to numerous partners is a challenging process due to the interoperability issue between different federation architectures. This study proposes a dynamic identity federation model to eliminate the manual configuration steps needed to establish an organizational identity federation by utilizing the OpenID Connect (OIDC) framework. The proposed model consists of three major steps to establish dynamic FIM: first, the discovery of the OpenID service provider, which indicates the location of the partner organization; second, the registration of the OpenID relying party, which allows the organization and its partner to negotiate information for establishing the federation; finally, establishing the dynamic trust federation. The proposed dynamic FIM model allows...
Research Interests:
During the coexistence period between IPv4 and IPv6 networks, it is important to test the effect of using IPv6 transition techniques on applications’ performance. We evaluate the performance of specific user’s applications over three... more
During the coexistence period between IPv4 and IPv6 networks, it is important to test the effect of using IPv6 transition techniques on applications’ performance. We evaluate the performance of specific user’s applications over three transition techniques: dual-stack, automatic 6to4 and manual tunneling. A set of experiments have been carried out using OPNET network simulator to evaluate the performance of five applications: web browsing, file transfer, voice, email and database access over these transition techniques and comparing with applications’ performance over pure IPv4 and IPv6 networks. The finding results show varying in the applications’ performance between dualstack, automatic 6to4 tunneling, and manual 6to4 tunneling. For most applications, dual-stack performed better than tunneling regarding the response time. In some cases, tunneling performed better than dual-stack regarding other performance parameters, such as throughput and Jitter.
Research Interests: Computer Science and IPV
According to International Data Corporation (IDC), the Android operating system has occupied most of the market share and it will increase to 87.4% by the end of 2023. Unfortunately, there is a large number of malicious applications that... more
According to International Data Corporation (IDC), the Android operating system has occupied most of the market share and it will increase to 87.4% by the end of 2023. Unfortunately, there is a large number of malicious applications that attack Android OS in different ways. Therefore, much research has been done in this area to detect these malware, but until now there is no complete solution that can detect all malware, especially new malware that increases from year to year. In this research, we proposed MLSecAndroid: an Android anti-malware approach that automatically detects malicious applications in Android applications‘ marketplaces using machine-learning techniques. MLSecAndroid uses 14984 benign applications and 2116 malicious applications from the Google Play and Aptoide stores with their users‘ feedbacks. The collected dataset need for cleaning to be ready for processing. Therefore, the pre-processing stage is applied to clean the data using many steps such as data cleanin...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
The Shortest-Remaining-Response-Time (SRRT) policy has been proposed for scheduling static HTTP requests in web servers to reduce the mean response time. The SRRT prioritizes requests based on a combination of the current round-trip-time... more
The Shortest-Remaining-Response-Time (SRRT) policy has been proposed for scheduling static HTTP requests in web servers to reduce the mean response time. The SRRT prioritizes requests based on a combination of the current round-trip-time (RTT), TCP ...
Research Interests:
Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However,... more
Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However, CGA is relatively computationally intensive, and bandwidth consuming. Besides, it has some security limitations. This paper defines a Compact and more Secure CGA (CS-CGA) version. We adopt
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Abstract. Current developments in sensors open new possible uses across numerous real-life applications, including optical character recognition (OCR). An OCR system requires incorporation of text processing tools into the sensor... more
Abstract. Current developments in sensors open new possible uses across numerous real-life applications, including optical character recognition (OCR). An OCR system requires incorporation of text processing tools into the sensor functionality. The most critical stage in OCR systems is the segmentation stage. It refers to the challenge of subdividing a text image into characters, which can be individually processed using a classifier. The cursive nature of the Arabic script such as the existence of different shapes for each character according to its location in the word besides the existence of diacritics makes Arabic character segmentation a very challenging task. A robust offline character segmentation algorithm for printed Arabic text with diacritics is developed based on the contour extraction technique. The algorithm works through extracting the up-contour part of a word and then identifies the splitting areas of the word characters. Then a postprocessing stage is used to handle the over-segmentation problems that appear in the initial segmentation stage. The proposed scheme is benchmarked using the APTI dataset and a manually collected dataset consisting of image texts varying in font size, type, and style for more than 38,000 words. The experiments show that the proposed algorithm is able to segment Arabic words with diacritics with an average accuracy of 98.5%.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Data encryption is a common approach to protect the confidentiality of users' data. However, when computation is required, the data must be decrypted before processing. The decryption-for-processing approach causes critical threats.... more
Data encryption is a common approach to protect the confidentiality of users' data. However, when computation is required, the data must be decrypted before processing. The decryption-for-processing approach causes critical threats. For instance, a compromised server may lead to the leakage of data or cryptographic keys. On the other hand, data owners are concerned since the data is beyond their control. Thus, they look for mechanisms to achieve strong data protection. Accordingly, alternatives for protecting data become essential. Consequently, the trend of processing over encrypted data starts to arise along with a rapidly growing literature. This paper surveys applications, tools, building blocks, and approaches that can be used to directly process encrypted data (i.e., without decrypting it). The purpose of this survey is to provide an overview of existing systems and approaches that can be used to process encrypted data, discuss commercial usage of such systems, and to anal...
Research Interests: Computer Science and Acm
Data encryption is a common approach to protect the confidentiality of users' data. However, when computation is required, the data must be decrypted before processing. The decryption-for-processing approach causes critical threats. For... more
Data encryption is a common approach to protect the confidentiality of users' data. However, when computation is required, the data must be decrypted before processing. The decryption-for-processing approach causes critical threats. For instance, a compromised server may lead to the leakage of data or cryptographic keys. On the other hand, data owners are concerned since the data is beyond their control. Thus, they look for mechanisms to achieve strong data protection. Accordingly, alternatives for protecting data become essential. Consequently , the trend of processing over encrypted data starts to arise along with a rapidly growing literature. This paper surveys applications, tools, building blocks, and approaches that can be used to directly process en-crypted data (i.e., without decrypting it). The purpose of this survey is to provide an overview of existing systems and approaches that can be used to process encrypted data, discuss commercial usage of such systems, and to analyze the current developments in this area.
Research Interests:
Included in the IPv6 suite is a method for devices to automatically configure their own addresses in a secure manner. This technique is called Cryptographically Generated Addresses (CGAs). CGA provides the ownership proof necessary for an... more
Included in the IPv6 suite is a method for devices to automatically configure their own addresses in a secure manner. This technique is called Cryptographically Generated Addresses (CGAs). CGA provides the ownership proof necessary for an IPv6 address without relying on any trust authority. However, the CGAs computation is very high, especially for a high security level defined by the security parameter (Sec). Therefore, the high cost of address generation may keep hosts that use a high Sec values from changing their addresses on a frequent basis. This results in hosts still being susceptible to privacy related attacks. This paper proposes modifications to the standard CGA to make it more applicable security approach while protecting user privacy. We make CGA more privacy-conscious by changing addresses over time which protects users from being tracked. We propose to reduce the CGA granularity of the security level from 16 to 8. We believe that an 8 granularity is more feasible for use in most applications and scenarios. These extensions to the standard CGA are implemented and evaluated.
Research Interests:
Cryptographically Generated Addresses (CGAs) were mainly designed to prove address ownership and to prevent the theft of existing IPv6 addresses by binding the owner’s public key to the generated address. The address owner uses a... more
Cryptographically Generated Addresses (CGAs) were mainly designed to prove address ownership and to prevent the theft of existing IPv6 addresses by binding the owner’s public key to the generated address. The address owner uses a corresponding private key to prove its ownership by using signed messages that are originated from that address. Though the CGA approach is quite useful in providing a means of proving address ownership in IPv6 networks, it does have some limitations and some vulnerabilities. In this paper we will provide a security analysis and descriptions of possible ways of attacking CGA. We found that the CGA verification process is prone mainly to Denial-of-Service (DoS) attacks. We also found that CGAs are still susceptible to privacy related attacks. We will therefore propose some extensions to the CGA standard verification algorithm to mitigate DoS attacks and to make CGA more privacy-conscious.
Research Interests:
In IPv6 networks, two security mechanisms are available at the network-layer; SEcure Neighbor Discovery (SEND) and IP security (IPsec). Although both provide authentication, neither subsumes the other; both SEND and IPsec mechanisms... more
In IPv6 networks, two security mechanisms are available at the network-layer; SEcure Neighbor Discovery (SEND) and IP security (IPsec). Although both provide authentication, neither subsumes the other; both SEND and IPsec mechanisms should be deployed together to protect IPv6 networks. However, when a node uses both SEND and IPsec, the authentication has to be done twice, which increases the burden on the node and decreases its performance. In this paper, we propose an approach to enable them to work together under the mediation of an Authentication Management Block, where IPsec uses the public-private keys obtained by SEND rather than negotiating its own authentication credentials in order to save the time and facilitate the IPsec authentication deployment. We implement and evaluate our approach using ipsec-tools and DoCoMo SEND implementations. Our proof-of-concept experiment shows a considerable speedup of IPsec authentication time.
Research Interests:
Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However,... more
Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However, CGA is relatively computationally intensive, and bandwidth consuming. Besides, it has some security limitations. This paper defines a Compact and more Secure CGA (CS-CGA) version. We adopt Elliptic Curve Cryptograph (ECC) keys in CGA instead of standardized RSA keys in order to minimize the size of CGA parameters and reduce CGA generation time. To enhance the security of CGA against the global time-memory trade-off attack, the subnet prefix is included in Hash2 calculations of CGA generation algorithm. For the signature and the key calculations, SHA-256 is used instead of SHA-1, which is known to have security flaws.
Research Interests:
The Shortest-Remaining-Response-Time (SRRT) policy has been proposed for scheduling static HTTP requests in web servers to reduce the mean response time. The SRRT prioritizes requests based on a combination of the current round-trip-time... more
The Shortest-Remaining-Response-Time (SRRT) policy has been proposed for scheduling static HTTP requests in web servers to reduce the mean response time. The SRRT prioritizes requests based on a combination of the current round-trip-time (RTT), TCP congestion window size (cwnd) and the size of what remains of the requested file. We compare SRRT to Shortest-Remaining-Processing-Time (SRPT) and Processor-Sharing (PS) policies. The SRRT shows the best improvement in the mean response time. SRRT gives an average improvement of about 7.5% over SRPT. This improvement comes at a negligible expense in response time for long requests. We found that under 100Mbps link, only 1.5% of long requests have longer response times than under PS. The longest request under SRRT has an increase in response time by a factor 1.7 over PS. For 10Mbps link, only 2.4% of requests are penalized, and SRRT increases the longest request time by a factor 2.2 over PS.