2018 3rd Cloudification of the Internet of Things (CIoT), 2018
The Internet of Things (IoT) is a promising technology that can connect and communicate virtual a... more The Internet of Things (IoT) is a promising technology that can connect and communicate virtual and physical objects globally. It allows billions of devices to be connected and communicate with each other to share information that creates new application and services. These services result in improving our quality of life. On the other hand, Artificial Intelligence (AI) is applied in many fields of science. It aims to understand techniques that require an intelligent action and solve complex problems. Integrating IoT with AI will create a powerful technology that can solve many of IoT problems that relate to the huge amount of data created by different IoT devices. With the huge analytic capabilities of AI, IoT data can be analysed efficiently to extract meaningful information. In addition, AI can help IoT devices to interact with humans and other objects intelligently and make autonomous decisions. This paper provides an overview of the integration of the IoT with AI by highlighting the integration benefits and opportunities of AI in different IoT applications. Challenges standing in the way of successful convergence of IoT with AI are also discussed. We can conclude that the integration of AI with IoT will generate a robust technology that can help companies to avoid unplanned downtime, increase operating efficiency, and enable new IoT applications and services.
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connec... more The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoTcontextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
The Internet of Things (IoT) has become one of the unprecedented research trends for both academi... more The Internet of Things (IoT) has become one of the unprecedented research trends for both academic and commercial organizations. Every day, the publicity of the IoT is increased. This is because the unlimited benefits that the IoT can bring to our environment. The IoT has the ability to connect almost all objects of real-world to communicate and cooperate with each other over the Internet to facilitate generating new applications and services that can improve our quality of life. This paper provides an overview of the IoT system with highlighting its applications, challenges, and open issues. It starts with discussing the state-of-the-art of the IoT system and its layered architecture. This is followed by discussing different characteristics of the IoT with presenting a comparison between common IoT communication technologies. Different IoT applications and challenges are also discussed. At the end, open research directions related to the IoT are also presented.
Nanotechnology provides new solutions for numerous applications that have a significant effect on... more Nanotechnology provides new solutions for numerous applications that have a significant effect on almost every aspect of our community including health monitoring, smart cities, military, agriculture, and industry. The interconnection of nanoscale devices with existing communication networks over the Internet defines a novel networking paradigm called the Internet of Nano-Things (IoNT). The IoNT involves a large number of nanosensors that used to provide more precise and detailed information about a particular object to enable a better understanding of object behaviour. In this paper, we investigate the challenges and opportunities of the IoNT system in various applications. An overview of the IoNT is first introduced. This is followed by a discussion of the network architecture of the IoNT and various applications that benefit from integrating IoT with nanotechnology. In the end, since security is considered to be one of the main issues of the IoNT system, we provide an in-depth discussion on security goals, attack vectors and security challenges of the IoNT system.
The Internet of Things (IoT) has extended the internet connectivity to reach not just computers a... more The Internet of Things (IoT) has extended the internet connectivity to reach not just computers and humans, but most of our environment things. The IoT has the potential to connect billions of objects simultaneously which has the impact of improving information sharing needs that result in improving our life. Although the IoT benefits are unlimited, there are many challenges facing adopting the IoT in the real world due to its centralized server/client model. For instance, scalability and security issues that arise due to the excessive numbers of IoT objects in the network. The server/client model requires all devices to be connected and authenticated through the server, which creates a single point of failure. Therefore, moving the IoT system into the decentralized path may be the right decision. One of the popular decentralization systems is blockchain. The Blockchain is a powerful technology that decentralizes computation and management processes which can solve many of IoT issues, especially security. This paper provides an overview of the integration of the blockchain with the IoT with highlighting the integration benefits and challenges. The future research directions of blockchain with IoT are also discussed. We conclude that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.
With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud com... more With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud computing paradigm faces several challenges such as high latency, low capacity and network failure. To address these challenges, fog computing brings the cloud closer to IoT devices. The fog provides IoT data processing and storage locally at IoT devices instead of sending them to the cloud. In contrast to the cloud, the fog provides services with faster response and greater quality. Therefore, fog computing may be considered the best choice to enable the IoT to provide efficient and secure services for many IoT users. This paper presents the state-of-the-art of fog computing and its integration with the IoT by highlighting the benefits and implementation challenges. This review will also focus on the architecture of the fog and emerging IoT applications that will be improved by using the fog model. Finally, open issues and future research directions regarding fog computing and the IoT are discussed.
Although the Internet of things (IoT) brought unlimited benefits, it also brought many security i... more Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an efficient access control model for the IoT require selecting an appropriate access policy language to implement access policies. Therefore, this paper presents an overview of most common access policy languages. It starts with discussing different access control models and features of the access policy. After reviewing different access policy languages, we proposed XACML as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distributed and flexible approach to work with different access control scenarios of the IoT system. In addition, we proposed an XACML model for an Adaptive Risk-Based Access Control (AdRBAC) for the IoT and showed how the access decision will be made using XACML.
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physi... more The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions... more The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions of devices to be connected and communicate with each other to share information that improves the quality of our daily lives. On the other hand, Cloud Computing provides on-demand, convenient and scalable network access which makes it possible to share computing resources; indeed, this, in turn, enables dynamic data integration from various data sources. There are many issues standing in the way of the successful implementation of both Cloud and IoT. The integration of Cloud Computing with the IoT is the most effective way on which to overcome these issues. The vast number of resources available on the Cloud can be extremely beneficial for the IoT, while the Cloud can gain more publicity to improve its limitations with real world objects in a more dynamic and distributed manner. This paper provides an overview of the integration of the Cloud into the IoT by highlighting the integration benefits and implementation challenges. Discussion will also focus on the architecture of the resultant Cloud-based IoT paradigm and its new applications scenarios. Finally, open issues and future research directions are also suggested.
The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco r... more The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers. The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure. Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.
The Internet of Things (IoT) is growing in different ways. The adoption rate of the IoT is at lea... more The Internet of Things (IoT) is growing in different ways. The adoption rate of the IoT is at least five times faster than the adoption of electricity and telephony. Moreover, it is becoming the backbone of the future of the Internet that encompass various applications and devices. The IoT faces many challenges that stand as a barrier for the successful deployment. The security is considered the most difficult challenge that need to be addressed. Our work was instructed by the Internet of Things Security Foundation (IoTSF) in order to guide the future focus for the steering group to identify which areas of the IoT security to prioritize its efforts. The IoTSF has a mission to address the security needs of the IoT in order to ensure that its adoption can meet its predicted aspirations for establishing the business value. An initial focus on providing advice and best practice to hinder repeats of the mayhem enabled by the Mirai infection of consumer remote cameras and mainstream consumer vehicles, that is working towards building consensus for an internationally “approved by” mark that consumers can look for to determine security. This is addressing the need for trusted boot, root of trust, signed binary images and encrypted communication channels to secure the remote device. This paper suggests that the next area for consideration for The IoTSF is a co-operative security, a means of building trust into a group such that a collection of data sources that provide different telemetry data that are used in analytics to formulate an action are of known, secure origin.
The rapid increase in the use of cloud computing has led it to become a new arena for cybercrime.... more The rapid increase in the use of cloud computing has led it to become a new arena for cybercrime. Since cloud environments are, to some extent, a new field for digital forensics, a number of technical, legal and organisational challenges have been raised. Although security and digital forensics share the same concerns, when an attack occurs, the fields of security and digital forensics are considered different disciplines. This paper argues that cloud security and digital forensics in cloud environments are converging fields. As a result, unifying security and forensics by being forensically ready and including digital forensics aspects in security mechanisms would enhance the security level in cloud computing, increase forensic capabilities and prepare organizations for any potential attack.
The concept of cloud computing has arisen thanks to academic work in the fields of utility comput... more The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else’s hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.
The Internet of Things (IoT) represents a modern approach where boundaries between real and digit... more The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.
Nowadays, rapid and effective searching for relevant images in large image databases has become a... more Nowadays, rapid and effective searching for relevant images in large image databases has become an area of wide interest in many applications. The current image retrieval system is based on text-based approaches. This system has many challenges such as it cannot retrieve images that are context sensitive and the amount of effort required to manually annotate every image, as well as the difference in human perception when describing the images, which result in inaccuracies during the retrieval process. Content-based image retrieval (CBIR) supports an effective way to retrieve images depending on automatically derived image features. It retrieves relevant images using unique image features such as texture, color or shape. This paper presents novel methods to retrieve relevant images from large image databases. Two proposed methods are presented. The first proposed method improves the retrieval performance by identifying the most efficient gray-level co-occurrence matrix (GLCM) texture features and combine them with the appropriate Discrete Wavelet Transform (DWT) decomposition band. The second proposed method increases the system performance by combining color and texture features as one feature vector which is resulting in increasing the retrieval accuracy. The proposed methods have shown a promising and faster retrieval on a WANG image database containing 1000 color images. The retrieval performance has been evaluated with the existing systems that discussed in the literature. The proposed methods give better performance than other systems.
Content Based Image Retrieval (CBIR) system helps users to retrieve relevant images based on thei... more Content Based Image Retrieval (CBIR) system helps users to retrieve relevant images based on their contents. It finds images in large databases by using a unique image feature such as texture, color, intensity or shape of the object inside an image. This paper presents a comparative study between the feature extraction techniques that based on color feature. These techniques include Color Histogram, HSV Color Histogram and Color Histogram Equalization. In this study, the retrieval process is first done by measuring the similarities between the query image and the images within the WANG database using two approaches: Euclidean distance and correlation coefficients. Then, the comparison is carried out by measuring the accuracy, error rate and elapsed time of each technique.
2018 3rd Cloudification of the Internet of Things (CIoT), 2018
The Internet of Things (IoT) is a promising technology that can connect and communicate virtual a... more The Internet of Things (IoT) is a promising technology that can connect and communicate virtual and physical objects globally. It allows billions of devices to be connected and communicate with each other to share information that creates new application and services. These services result in improving our quality of life. On the other hand, Artificial Intelligence (AI) is applied in many fields of science. It aims to understand techniques that require an intelligent action and solve complex problems. Integrating IoT with AI will create a powerful technology that can solve many of IoT problems that relate to the huge amount of data created by different IoT devices. With the huge analytic capabilities of AI, IoT data can be analysed efficiently to extract meaningful information. In addition, AI can help IoT devices to interact with humans and other objects intelligently and make autonomous decisions. This paper provides an overview of the integration of the IoT with AI by highlighting the integration benefits and opportunities of AI in different IoT applications. Challenges standing in the way of successful convergence of IoT with AI are also discussed. We can conclude that the integration of AI with IoT will generate a robust technology that can help companies to avoid unplanned downtime, increase operating efficiency, and enable new IoT applications and services.
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connec... more The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoTcontextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
The Internet of Things (IoT) has become one of the unprecedented research trends for both academi... more The Internet of Things (IoT) has become one of the unprecedented research trends for both academic and commercial organizations. Every day, the publicity of the IoT is increased. This is because the unlimited benefits that the IoT can bring to our environment. The IoT has the ability to connect almost all objects of real-world to communicate and cooperate with each other over the Internet to facilitate generating new applications and services that can improve our quality of life. This paper provides an overview of the IoT system with highlighting its applications, challenges, and open issues. It starts with discussing the state-of-the-art of the IoT system and its layered architecture. This is followed by discussing different characteristics of the IoT with presenting a comparison between common IoT communication technologies. Different IoT applications and challenges are also discussed. At the end, open research directions related to the IoT are also presented.
Nanotechnology provides new solutions for numerous applications that have a significant effect on... more Nanotechnology provides new solutions for numerous applications that have a significant effect on almost every aspect of our community including health monitoring, smart cities, military, agriculture, and industry. The interconnection of nanoscale devices with existing communication networks over the Internet defines a novel networking paradigm called the Internet of Nano-Things (IoNT). The IoNT involves a large number of nanosensors that used to provide more precise and detailed information about a particular object to enable a better understanding of object behaviour. In this paper, we investigate the challenges and opportunities of the IoNT system in various applications. An overview of the IoNT is first introduced. This is followed by a discussion of the network architecture of the IoNT and various applications that benefit from integrating IoT with nanotechnology. In the end, since security is considered to be one of the main issues of the IoNT system, we provide an in-depth discussion on security goals, attack vectors and security challenges of the IoNT system.
The Internet of Things (IoT) has extended the internet connectivity to reach not just computers a... more The Internet of Things (IoT) has extended the internet connectivity to reach not just computers and humans, but most of our environment things. The IoT has the potential to connect billions of objects simultaneously which has the impact of improving information sharing needs that result in improving our life. Although the IoT benefits are unlimited, there are many challenges facing adopting the IoT in the real world due to its centralized server/client model. For instance, scalability and security issues that arise due to the excessive numbers of IoT objects in the network. The server/client model requires all devices to be connected and authenticated through the server, which creates a single point of failure. Therefore, moving the IoT system into the decentralized path may be the right decision. One of the popular decentralization systems is blockchain. The Blockchain is a powerful technology that decentralizes computation and management processes which can solve many of IoT issues, especially security. This paper provides an overview of the integration of the blockchain with the IoT with highlighting the integration benefits and challenges. The future research directions of blockchain with IoT are also discussed. We conclude that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.
With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud com... more With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud computing paradigm faces several challenges such as high latency, low capacity and network failure. To address these challenges, fog computing brings the cloud closer to IoT devices. The fog provides IoT data processing and storage locally at IoT devices instead of sending them to the cloud. In contrast to the cloud, the fog provides services with faster response and greater quality. Therefore, fog computing may be considered the best choice to enable the IoT to provide efficient and secure services for many IoT users. This paper presents the state-of-the-art of fog computing and its integration with the IoT by highlighting the benefits and implementation challenges. This review will also focus on the architecture of the fog and emerging IoT applications that will be improved by using the fog model. Finally, open issues and future research directions regarding fog computing and the IoT are discussed.
Although the Internet of things (IoT) brought unlimited benefits, it also brought many security i... more Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an efficient access control model for the IoT require selecting an appropriate access policy language to implement access policies. Therefore, this paper presents an overview of most common access policy languages. It starts with discussing different access control models and features of the access policy. After reviewing different access policy languages, we proposed XACML as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distributed and flexible approach to work with different access control scenarios of the IoT system. In addition, we proposed an XACML model for an Adaptive Risk-Based Access Control (AdRBAC) for the IoT and showed how the access decision will be made using XACML.
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physi... more The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions... more The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions of devices to be connected and communicate with each other to share information that improves the quality of our daily lives. On the other hand, Cloud Computing provides on-demand, convenient and scalable network access which makes it possible to share computing resources; indeed, this, in turn, enables dynamic data integration from various data sources. There are many issues standing in the way of the successful implementation of both Cloud and IoT. The integration of Cloud Computing with the IoT is the most effective way on which to overcome these issues. The vast number of resources available on the Cloud can be extremely beneficial for the IoT, while the Cloud can gain more publicity to improve its limitations with real world objects in a more dynamic and distributed manner. This paper provides an overview of the integration of the Cloud into the IoT by highlighting the integration benefits and implementation challenges. Discussion will also focus on the architecture of the resultant Cloud-based IoT paradigm and its new applications scenarios. Finally, open issues and future research directions are also suggested.
The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco r... more The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers. The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure. Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.
The Internet of Things (IoT) is growing in different ways. The adoption rate of the IoT is at lea... more The Internet of Things (IoT) is growing in different ways. The adoption rate of the IoT is at least five times faster than the adoption of electricity and telephony. Moreover, it is becoming the backbone of the future of the Internet that encompass various applications and devices. The IoT faces many challenges that stand as a barrier for the successful deployment. The security is considered the most difficult challenge that need to be addressed. Our work was instructed by the Internet of Things Security Foundation (IoTSF) in order to guide the future focus for the steering group to identify which areas of the IoT security to prioritize its efforts. The IoTSF has a mission to address the security needs of the IoT in order to ensure that its adoption can meet its predicted aspirations for establishing the business value. An initial focus on providing advice and best practice to hinder repeats of the mayhem enabled by the Mirai infection of consumer remote cameras and mainstream consumer vehicles, that is working towards building consensus for an internationally “approved by” mark that consumers can look for to determine security. This is addressing the need for trusted boot, root of trust, signed binary images and encrypted communication channels to secure the remote device. This paper suggests that the next area for consideration for The IoTSF is a co-operative security, a means of building trust into a group such that a collection of data sources that provide different telemetry data that are used in analytics to formulate an action are of known, secure origin.
The rapid increase in the use of cloud computing has led it to become a new arena for cybercrime.... more The rapid increase in the use of cloud computing has led it to become a new arena for cybercrime. Since cloud environments are, to some extent, a new field for digital forensics, a number of technical, legal and organisational challenges have been raised. Although security and digital forensics share the same concerns, when an attack occurs, the fields of security and digital forensics are considered different disciplines. This paper argues that cloud security and digital forensics in cloud environments are converging fields. As a result, unifying security and forensics by being forensically ready and including digital forensics aspects in security mechanisms would enhance the security level in cloud computing, increase forensic capabilities and prepare organizations for any potential attack.
The concept of cloud computing has arisen thanks to academic work in the fields of utility comput... more The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else’s hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.
The Internet of Things (IoT) represents a modern approach where boundaries between real and digit... more The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.
Nowadays, rapid and effective searching for relevant images in large image databases has become a... more Nowadays, rapid and effective searching for relevant images in large image databases has become an area of wide interest in many applications. The current image retrieval system is based on text-based approaches. This system has many challenges such as it cannot retrieve images that are context sensitive and the amount of effort required to manually annotate every image, as well as the difference in human perception when describing the images, which result in inaccuracies during the retrieval process. Content-based image retrieval (CBIR) supports an effective way to retrieve images depending on automatically derived image features. It retrieves relevant images using unique image features such as texture, color or shape. This paper presents novel methods to retrieve relevant images from large image databases. Two proposed methods are presented. The first proposed method improves the retrieval performance by identifying the most efficient gray-level co-occurrence matrix (GLCM) texture features and combine them with the appropriate Discrete Wavelet Transform (DWT) decomposition band. The second proposed method increases the system performance by combining color and texture features as one feature vector which is resulting in increasing the retrieval accuracy. The proposed methods have shown a promising and faster retrieval on a WANG image database containing 1000 color images. The retrieval performance has been evaluated with the existing systems that discussed in the literature. The proposed methods give better performance than other systems.
Content Based Image Retrieval (CBIR) system helps users to retrieve relevant images based on thei... more Content Based Image Retrieval (CBIR) system helps users to retrieve relevant images based on their contents. It finds images in large databases by using a unique image feature such as texture, color, intensity or shape of the object inside an image. This paper presents a comparative study between the feature extraction techniques that based on color feature. These techniques include Color Histogram, HSV Color Histogram and Color Histogram Equalization. In this study, the retrieval process is first done by measuring the similarities between the query image and the images within the WANG database using two approaches: Euclidean distance and correlation coefficients. Then, the comparison is carried out by measuring the accuracy, error rate and elapsed time of each technique.
Uploads
Papers by Hany F. Atlam
reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications,
risk-based access control model has become the best candidate for both academic and commercial organizations to address access
control issues. This model carries out a security risk analysis on the access request by using IoTcontextual information to provide
access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we
propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated
with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access
request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the
access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the
access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to
build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy
inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based
model in the IoT system.
This paper suggests that the next area for consideration for The IoTSF is a co-operative security, a means of building trust into a group such that a collection of data sources that provide different telemetry data that are used in analytics to formulate an action are of known, secure origin.
reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications,
risk-based access control model has become the best candidate for both academic and commercial organizations to address access
control issues. This model carries out a security risk analysis on the access request by using IoTcontextual information to provide
access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we
propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated
with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access
request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the
access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the
access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to
build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy
inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based
model in the IoT system.
This paper suggests that the next area for consideration for The IoTSF is a co-operative security, a means of building trust into a group such that a collection of data sources that provide different telemetry data that are used in analytics to formulate an action are of known, secure origin.