ORCID Profile
0000-0002-2004-5324
Current Organisation
Imam Abdulrahman Bin Faisal University
Does something not look right? The information on this page has been harvested from data sources that may not be up to date. We continue to work with information providers to improve coverage and quality. To report an issue, use the Feedback Form.
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 2021
Publisher: MDPI AG
Date: 16-09-2022
DOI: 10.3390/JSAN11030054
Abstract: Phishing is still a major security threat in cyberspace. In phishing, attackers steal critical information from victims by presenting a spoofing/fake site that appears to be a visual clone of a legitimate site. Several Unicode characters are visually identical to ASCII characters. This similarity in characters is generally known as homoglyphs. Malicious adversaries utilize homoglyphs in URLs and DNS domains to target organizations. To reduce the risks caused by phishing attacks, effective ways of detecting phishing websites are urgently required. This paper proposes a homoglyph attack detection model that combines a hash function and machine learning. There are two phases to the model approach. The machine was being trained during the development phase. The deployment phase involved deploying the model with a Java interface and testing the outcomes through actual user interaction. The results are more accurate when the URL is hashed, as any little changes to the URL can be recognized. The homoglyph detector can be developed as a stand-alone software that is used as the initial step in requesting a webpage as it enhances browser security and protects websites from phishing attempts. To verify the effectiveness, we compared the proposed model on several criteria to existing phishing detection methods. By using the hash function, the proposed security features increase the overall security of the homoglyph attack detection in terms of accuracy, integrity, and availability. The experiment results showed that the model can detect phishing sites with an accuracy of 99.8% using Random Forest, and the hash function improves the accuracy of homoglyph attack detection.
Publisher: IEEE
Date: 2010
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 2022
Publisher: IEEE
Date: 04-2018
Publisher: MDPI AG
Date: 12-02-2022
DOI: 10.3390/APP12041927
Abstract: The Internet of Things (IoT) is an emerging field consisting of Internet-based globally connected network architecture. A subset of IoT is the Internet of Healthcare Things (IoHT) that consists of smart healthcare devices having significant importance in monitoring, processing, storing, and transmitting sensitive information. It is experiencing novel challenges regarding data privacy protection. This article discusses different components of IoHT and categorizes various healthcare devices based on their functionality and deployment. This article highlights the possible points and reasons for data leakage, such as conflicts in laws, the use of sub-standard devices, lack of awareness, and the non-availability of dedicated local law enforcement agencies. This article draws attention to the escalating demand for a suitable regulatory framework and analyzes compliance problems of IoHT devices concerning healthcare data privacy and protection regulations. Furthermore, the article provides some recommendations to improve the security and privacy of IoHT implementation.
Publisher: Informa UK Limited
Date: 08-2021
DOI: 10.2147/JMDH.S317884
Publisher: Springer Science and Business Media LLC
Date: 22-02-2021
Publisher: MDPI AG
Date: 09-06-2022
DOI: 10.3390/JSAN11020028
Abstract: The use of Electric Vehicles (EVs) is almost inevitable in the near future for the sake of the environment and our plant’s long-term sustainability. The availability of an Electric-Vehicle-Charging Station (EVCS) is the key challenge that owners are worried about. Therefore, we suggest benefiting from in idual EVs that have excess energy and are willing to share it with other EVs in order to maximize the availability of EVCSs without the need to rely on the existing charging infrastructure. The Internet of Electric Vehicles (IoEV) is gradually gaining traction, allowing for a more efficient and intelligent transportation system by leveraging these capabilities between EVs. However, the IoEV is considered a trustless environment, with untrustworthy trading partners such as data sellers, buyers, and brokers. Data exchanged between the EV and the Energy AGgregator (EAG) or EV/EV can be used to analyze users’ behavior and compromise their privacy. Thus, a Vehicle-to-Vehicle (V2V)-charging system that is both secure and private must be established. Several V2V-charging systems with security and privacy features have been proposed. However, even if the transmitted communications are entirely anonymous, anonymity alone will not prevent the tracking adversary from reconstructing the target vehicle’s route. These systems frequently fail to find a balance between privacy concerns (e.g., trade traceability to achieve anonymity, and so on) and security measures. In this paper, we propose an efficient privacy-preserving and secure authentication based on Elliptic Curve Qu–Vanstone (ECQV) for a V2V-charging system that fulfils the essential requirements and re-authentication protocol in order to reduce the overhead of future authentication processes. The proposed scheme utilizes the ECQV implicit-certificate mechanism to create credentials and authenticate EVs. The proposed protocols provide efficient security and privacy to EVs, as well as an 88% reduction in computational time through re-authentication, as compared to earlier efforts.
Publisher: ACM
Date: 17-08-2012
Publisher: MDPI AG
Date: 30-12-2022
DOI: 10.3390/ELECTRONICS12010172
Abstract: Aircraft are complex systems that rely heavily on monitoring and real-time communications with the base station. During aviation and flight operations, erse data are gathered from different sources, including the Cockpit Voice Recorder (CVR), Flight Data Recorder (FDR), logbook, passenger data, passenger manifest etc. Given the high sensitivity of flight data, it is an attractive target for adversaries which could result in operational, financial and safety related incidents. Communications between aircraft pilots and air traffic controllers are all unencrypted. The data, mainly audio communication files, are placed openly within data centers on the ground stations which could lead to a serious compromise in security and privacy. One may rely on the cloud owing to its on-demand features but to thwart possible attacks, the data need to be encrypted first, giving rise to the issue of conducting search over encrypted data. This research presents a novel approach for data security in aviation industry by introducing a semantic-based searchable encryption scheme over the cloud. The designed system has proven to be extraordinarily effective for semantic-based searchable encryption at the word and the text level. The rigorous security and complexity analysis shows that the proposed solution provides a high level of security and efficiency and can be effectively deployed in the aviation sector. The designed scheme is tested through a real-world aviation dataset collected to demonstrate the significance of this research. The proof of concept proves to be secure, privacy-preserving and lightweight while resisting distinguishability attacks.
Publisher: Elsevier BV
Date: 07-2019
Publisher: Springer Science and Business Media LLC
Date: 12-03-2021
Publisher: Springer Science and Business Media LLC
Date: 07-06-2022
Publisher: IEEE
Date: 06-2019
Publisher: IEEE
Date: 05-2019
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 2020
Publisher: MDPI AG
Date: 08-08-2022
DOI: 10.3390/JSAN11030044
Abstract: Telecare medical information system (TMIS) is a technology used in a wireless body area network (WBAN), which has a crucial role in healthcare services. TMIS uses wearable devices with sensors to collect patients’ data and transmit the data to the controller node via a public channel. Then, the medical server obtains the data from the controller node and stores it in the database to be analyzed. Unfortunately, an attacker can try to perform attacks via a public channel. Thus, establishing a secure mutual authentication protocol is essential for secure data transfer. Several authentication schemes have been presented to achieve mutual authentication, but there are performance limitations and security problems. Therefore, this study aimed to propose two secure and efficient WBAN authentication protocols between sensors and a mobile device/controller: authentication protocol-I for emergency medical reports and authentication protocol-II for periodic medical reports. To analyze the proposed authentication protocols, we conducted an informal security analysis, implemented BAN logic analysis, validated our proposed authentication protocol using the AVISPA simulation tool, and conducted a performance analysis. Consequently, we showed that our proposed protocols satisfy all security requirements in this study, attain mutual authentication, resist active and passive attacks, and have suitable computation and communication costs for a WBAN.
Publisher: IEEE
Date: 06-2010
DOI: 10.1109/SNPD.2010.17
Publisher: Elsevier BV
Date: 05-2020
Publisher: Computers, Materials and Continua (Tech Science Press)
Date: 2021
Publisher: IEEE
Date: 08-2015
Publisher: IGI Global
Date: 07-2015
Abstract: Mobile authentication is an essential service to ensure the security of engaging parties in a ubiquitous wireless network environment. Several solutions have been proposed mainly based on both centralised and distributed authentication models to allow ubiquitous mobile access authentication however, limitations still exist in these approaches, namely flexibility, security and performance issues and vulnerabilities. These shortcomings are influenced by the resource limitations of both wireless networks and the mobile devices together with inter-technology and inter-provider challenges. In this paper, the authors reviewed the major techniques in the field of ubiquitous mobile access authentication, which has attracted many researchers in the past decade. After investigating existing mobile authentication models and approaches, the common challenges are summarised to serve as the solution key requirements. The identified key solution requirements allow analysing and evaluating mobile authentication approaches.
Publisher: MDPI AG
Date: 17-04-2021
DOI: 10.3390/S21082845
Abstract: With population growth and aging, the emergence of new diseases and immunodeficiency, the demand for emergency departments (EDs) increases, making overcrowding in these departments a global problem. Due to the disease severity and transmission rate of COVID-19, it is necessary to provide an accurate and automated triage system to classify and isolate the suspected cases. Different triage methods for COVID-19 patients have been proposed as disease symptoms vary by country. Still, several problems with triage systems remain unresolved, most notably overcrowding in EDs, lengthy waiting times and difficulty adjusting static triage systems when the nature and symptoms of a disease changes. In this paper, we conduct a comprehensive review of general ED triage systems as well as COVID-19 triage systems. We identified important parameters that we recommend considering when designing an e-Triage (electronic triage) system for EDs, namely waiting time, simplicity, reliability, validity, scalability, and adaptability. Moreover, the study proposes a scoring-based e-Triage system for COVID-19 along with several recommended solutions to enhance the overall outcome of e-Triage systems during the outbreak. The recommended solutions aim to reduce overcrowding and overheads in EDs by remotely assessing patients’ conditions and identifying their severity levels.
Publisher: MDPI AG
Date: 24-03-2021
DOI: 10.3390/S21072282
Abstract: The COVID-19 epidemic has caused a large number of human losses and havoc in the economic, social, societal, and health systems around the world. Controlling such epidemic requires understanding its characteristics and behavior, which can be identified by collecting and analyzing the related big data. Big data analytics tools play a vital role in building knowledge required in making decisions and precautionary measures. However, due to the vast amount of data available on COVID-19 from various sources, there is a need to review the roles of big data analysis in controlling the spread of COVID-19, presenting the main challenges and directions of COVID-19 data analysis, as well as providing a framework on the related existing applications and studies to facilitate future research on COVID-19 analysis. Therefore, in this paper, we conduct a literature review to highlight the contributions of several studies in the domain of COVID-19-based big data analysis. The study presents as a taxonomy several applications used to manage and control the pandemic. Moreover, this study discusses several challenges encountered when analyzing COVID-19 data. The findings of this paper suggest valuable future directions to be considered for further research and applications.
Publisher: Springer Berlin Heidelberg
Date: 2010
Publisher: MDPI AG
Date: 30-11-2020
DOI: 10.3390/S20236860
Abstract: Wireless Healthcare Sensor Network (WHSN) is a benchmarking technology deployed to levitate the quality of lives for the patients and doctors. WHSN systems must fit IEEE 802.15.6 standard for specific application criteria, unlike some standard criteria that are difficult to meet. Therefore, many security models were suggested to enhance the security of the WHSN and promote system performance. Yu and Park proposed a three-factor authentication scheme based on the smart card, biometric, and password, and their scheme can be easily employed in three-tier WHSN architecture. Furthermore, they claimed that their scheme can withstand guessing attack and provide anonymity, although, after cryptanalysis, we found that their scheme lacks both. Accordingly, we suggested a three-factor authentication scheme with better system confusion due to multiplex parametric features, hash function, and higher key size to increase the security and achieve anonymity for the connected nodes. Moreover, the scheme included initialization, authentication, re-authentication, secure node addition, user revocation, and secure data transmission via blockchain technology. The formal analysis of the scheme was conducted by BAN logic (Burrows Abadi Nadeem) and the simulation was carried out by Tamarin prover to validate that the proposed scheme is resistant to replay, session hijacking, and guessing attacks, plus it provides anonymity, perfect forward secrecy, and authentication along with the key agreement.
Publisher: IEEE
Date: 06-2010
DOI: 10.1109/SNPD.2010.30
Publisher: MDPI AG
Date: 19-08-2023
DOI: 10.3390/S23167273
Abstract: Cybersecurity is a significant concern for businesses worldwide, as cybercriminals target business data and system resources. Cyber threat intelligence (CTI) enhances organizational cybersecurity resilience by obtaining, processing, evaluating, and disseminating information about potential risks and opportunities inside the cyber domain. This research investigates how companies can employ CTI to improve their precautionary measures against security breaches. The study follows a systematic review methodology, including selecting primary studies based on specific criteria and quality valuation of the selected papers. As a result, a comprehensive framework is proposed for implementing CTI in organizations. The proposed framework is comprised of a knowledge base, detection models, and visualization dashboards. The detection model layer consists of behavior-based, signature-based, and anomaly-based detection. In contrast, the knowledge base layer contains information resources on possible threats, vulnerabilities, and dangers to key assets. The visualization dashboard layer provides an overview of key metrics related to cyber threats, such as an organizational risk meter, the number of attacks detected, types of attacks, and their severity level. This relevant systematic study also provides insight for future studies, such as how organizations can tailor their approach to their needs and resources to facilitate more effective collaboration between stakeholders while navigating legal/regulatory constraints related to information sharing.
Publisher: IGI Global
Date: 21-10-2022
DOI: 10.4018/978-1-6684-5284-4.CH005
Abstract: COVID-19 has accelerated the digital transformation in the business sector as many business organizations adopted electronic commerce to keep their operations running. Business organizations have also increased their participation on social networking applications to attract customers. Due to huge presence of users, social networking sites have also evolved into an emerging marketplace, which is referred as social commerce. There are many security issues involved in technological adoption in different business processes. On the other hand, social media is extensively used for product marketing, so fake information and fake product reviews can also influence consumers purchasing decision, so providing accurate marketing information is also a challenge for business organizations. In this chapter, the authors conduct a systematic literature review to understand the cybersecurity issues faced by business organizations and customers and how recent advances such as fintech, etc. provide additional cybersecurity challenges for business organization to protect themselves and their customers.
Publisher: Computers, Materials and Continua (Tech Science Press)
Date: 2021
Publisher: MDPI AG
Date: 02-12-2021
Abstract: Program outcome assessment is a complex process that demands careful planning and resources in order to accurately assess higher-order thinking skills. A well-defined assessment approach provides detailed insights into program weaknesses and leads to continuous improvement. Whereas a poor assessment approach does not reflect the underlying weaknesses and may result in a useless effort. Furthermore, each accreditation body may have a different recommended outcome measurement approach. As a result, academic institutions may make adhoc choices just to satisfy accreditation requirements rather than designing a sustainable measurement approach. On the other hand, the magnitude of huge tasks for satisfying multiple accreditation bodies results in fatigue and mental stress for academic staff. ABET is a well-known international program accreditation body, and NCAAA is a local accreditation body for academic programs in the Kingdom of Saudi Arabia. In this paper, we have documented that how a sustainable outcome measurement mechanism can be designed to satisfy both ABET and NCAAA requirements. The core contribution of this paper is relevant specifically for academic programs in the Kingdom striving to meet both ABET and NCAAA requirements and is also relevant for all education programs to design an appropriate program assessment approach to ensure a sustainable process to foster better learning among students.
Publisher: Springer Berlin Heidelberg
Date: 2010
Publisher: IEEE
Date: 2010
Publisher: IEEE
Date: 08-2011
DOI: 10.1109/NCA.2011.48
Publisher: MDPI AG
Date: 26-07-2022
DOI: 10.3390/ELECTRONICS11152324
Abstract: The popularity of wireless sensor networks for establishing different communication systems is increasing daily. A wireless network consists of sensors prone to various security threats. These sensor nodes make a wireless network vulnerable to denial-of-service attacks. One of them is a wormhole attack that uses a low latency link between two malicious sensor nodes and affects the routing paths of the entire network. This attack is brutal as it is resistant to many cryptographic schemes and hard to observe within the network. This paper provides a comprehensive review of the literature on the subject of the detection and mitigation of wormhole attacks in wireless sensor networks. The existing surveys are also explored to find gaps in the literature. Several existing schemes based on different methods are also evaluated critically in terms of throughput, detection rate, low energy consumption, packet delivery ratio, and end-to-end delay. As artificial intelligence and machine learning have massive potential for the efficient management of sensor networks, this paper provides AI- and ML-based schemes as optimal solutions for the identified state-of-the-art problems in wormhole attack detection. As per the author’s knowledge, this is the first in-depth review of AI- and ML-based techniques in wireless sensor networks for wormhole attack detection. Finally, our paper explored the open research challenges for detecting and mitigating wormhole attacks in wireless networks.
Publisher: MDPI AG
Date: 12-10-2020
DOI: 10.3390/SU12208380
Abstract: Education is an important enabler for economic uplift of a society and academic institutions need to deliver quality education to equip students with required skills to excel in their professional careers. Due to international initiatives such as Washington and Seoul accords, outcome-based education has gained significant interest from industry, academia, governments, accreditation bodies and students. Outcome-based education is a paradigm shift form conventional education approach and its successful adoption requires sustainable quality practices by higher education institutions. Fostering quality assurance processes for outcome-based education requires careful planning and active collaboration among stakeholders. However, due to the sparse body of knowledge about quality processes in outcome-based education, many academic institutions rely on ad hoc practices, resulting in a trial and error approach. In this paper, we present set of guidelines which can help academic institutions to deploy sustainable practices in their academic programs. We document important guidelines to deliver outcome-based education based on our longitudinal work of ABET accreditation process of three different computing programs (Computer Science, Computer Information Systems, and Cyber Security and Digital Forensics). The successful application of proposed guidelines helps to foster sustainable quality practices in academic programs.
Publisher: IEEE
Date: 05-2019
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 2022
Publisher: MDPI AG
Date: 11-06-2022
DOI: 10.3390/S22124432
Abstract: Globally, the surge in disease and urgency in maintaining social distancing has reawakened the use of telemedicine/telehealth. Amid the global health crisis, the world adopted the culture of online consultancy. Thus, there is a need to rev the conventional model of the telemedicine system as per the current challenges and requirements. Security and privacy of data are main aspects to be considered in this era. Data-driven organizations also require compliance with regulatory bodies, such as HIPAA, PHI, and GDPR. These regulatory compliance bodies must ensure user data privacy by implementing necessary security measures. Patients and doctors are now connected to the cloud to access medical records, e.g., voice recordings of clinical sessions. Voice data reside in the cloud and can be compromised. While searching voice data, a patient’s critical data can be leaked, exposed to cloud service providers, and spoofed by hackers. Secure, searchable encryption is a requirement for telemedicine systems for secure voice and phoneme searching. This research proposes the secure searching of phonemes from audio recordings using fully homomorphic encryption over the cloud. It utilizes IBM’s homomorphic encryption library (HElib) and achieves indistinguishability. Testing and implementation were done on audio datasets of different sizes while varying the security parameters. The analysis includes a thorough security analysis along with leakage profiling. The proposed scheme achieved higher levels of security and privacy, especially when the security parameters increased. However, in use cases where higher levels of security were not desirous, one may rely on a reduction in the security parameters.
Publisher: MDPI AG
Date: 27-09-2022
DOI: 10.3390/BDCC6040102
Abstract: In the near future, using electric vehicles will almost certainly be required for the sustainability of nature and our planet. The most significant challenge that users are concerned about is the availability of electric vehicle charging stations. Therefore, to maximize the availability of electric vehicle charging stations, we suggest taking benefit from in idual sellers who produce renewable energy from their homes or electric vehicle owners who have charging piles installed in their homes. However, energy services that are rapidly being offered by these businesses do not have a trust connection developed with the consumers and stakeholders in these new systems. Exchange of data related to electric vehicles and energy aggregators can be used to identify users’ behavior and compromise their privacy. Consequently, it is necessary to set up a charging system that will guarantee privacy and security. Several electric vehicle charging systems have been proposed to provide security and privacy preservation. However, ensuring anonymity alone is not enough to guarantee protection from reconstructing the victim vehicle’s route by the tracking adversary, even if the exchanged messages are completely anonymous. Furthermore, anonymity should not be absolute in order to protect the system and function as necessary by all entities. In this research, we propose an effective, secure, and privacy-preserving authentication method based on the Elliptic Curve Qu–Vanstone for an electric vehicle charging system. The proposed scheme provides all the necessary requirements and a reauthentication protocol to minimize the overhead of subsequent authentication processes. To create credentials and validate electric vehicles and energy aggregators, the scheme makes use of the Elliptic Curve Qu–Vanstone implicit certificate mechanism. The new protocols give EVs security and privacy while cutting computational time by 95% thanks to reauthentication, as demonstrated by the performance comparison with earlier works.
Publisher: MDPI AG
Date: 24-10-2022
DOI: 10.3390/BDCC6040124
Abstract: The Telecare Medical Information System (TMIS) is a technology used in Wireless Body Area Networks (WBAN) that is used efficiently for remote healthcare services. TMIS services can be provided as cloud computing services for storage and processing purposes. TMIS uses wearable sensors to collect patient data and transmit it to the controller node over a public channel. The data is then obtained from the controller node by the medical server and stored in the database for analysis. However, an attacker can attempt to launch attacks on data transferred across an unsecured channel. Several schemes have therefore been proposed to provide mutual authentication however, there are security and performance problems. Therefore, the research aims to design two secure and efficient inter-BAN authentication protocols for WBAN: protocol-I (P-I) for emergency authentication and protocol-II (P-II) for periodic authentication. To analyze the proposed protocols, we conduct an informal security analysis, implement Burrows-Abadi-Needham (BAN) logic analysis, validate the proposed protocols using the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool, and conduct a performance analysis. Consequently, we show that the proposed protocols meet all the security requirements in this research, achieve mutual authentication, prevent passive and active attacks, and have suitable performance for WBAN.
Publisher: IEEE
Date: 04-2019
No related grants have been discovered for Abdullah M. Almuhaideb.