Research output per year
Research output per year
Accepting PhD Students
Willing to speak to media
Research activity per year
Research Statement
My research interests are in Internet engineering, computer security and applied cryptography, e.g., security and privacy in distributed systems, networks, databases, and e-commerce, with a focus on protocols, authentication, access control and trust.
Accomplishments
I embarked on my research career as a Research Fellow at the School of Engineering, the University of Aberdeen in January 2014, since I have researched within interdisciplinary projects in Internet and Communication Engineering with a focus on Security.
My first post associated with the University’s Dot.Rural interdisciplinary research hub. In this research, I designed and developed new network access methodologies and network system applications for Linux-based routers and satellite communication systems.
I successfully developed a network system application to access the Internet on capacity limited links, as low as 2Mbps called “Public Access Wi-Fi Service”, and deployed them across eight pilot hard-to-reach areas in Newcastle upon Clun. I also successfully developed a new methodology for prioritising public Internet access services for rural broadband access, and exhibited in the 2014 Applications of Digital Innovations and published the research findings in conferences and journals.
I joined NEAT project in 2016, a horizon2020 project. In NEAT, I successfully formulated a new research problem to study the impact of transport (multistreaming and multiplexing) on web access performance. This work studied the transport protocol designs to understand how deficiencies in Internet protocol designs impacted the performance of web access. I designed and implemented experiments, developed emulator testbeds and web metric measurement tools for experiments, and published the results with Prof. Fairhurst. I worked with academic partners across the globe, and with industry partners, namely Mozilla and Nokia. The “Making the web Faster” community at Google has acknowledged my output.
In 2018, I studied the impact of transport and congestion control (BBR) on the performance of the Dynamic Adaptive Streaming over HTTP (DASH), in the SMILE project, a project funded by Thales Alenia Space, and to which I contributed to writing the research proposal. In this study, I identified the root cause of the initial start-up delay in DASH streaming and presented the outcome along with Nokia at IBC in Amsterdam and at NetSatDay in France.
In 2019 I started a research work that involved modelling a secure point-to-point sensor communication system used in downhole (oil well), and to improve the protocol structure used in the system to achieve better performance in terms of Bit Error Ratio (BER) and energy utilisation using machine learning. Expro International, an industry partner, funded this project.
In my PhD, I researched on authentication and access control mechanisms for off campus e-assessments. In my research, I used non-intrusive biometric features to implement authentication and access control for e-learning systems. I utilised the HAAR learning algorithm and PCA for the face-based access model. Further, in my study, I also developed a behavioural profiler model based on aggregate elements of trace records for trust management in e-assessment. In my postgraduate degree I developed an agent-based Distributed Network Intrusion Detection System, This system was given a unique architecture for anomaly processing (using known signatures) and real-time monitoring by multiple layers of Intelligent Agents using deep packet learning features. The whole system was coded in PERL programming language. Additionally, in 2011, I contributed to Prof. Karim’s (London Metropolitan University) research in the “Intelligent Keyboard”, which won a prestigious Queen’s award, later I also contributed to his research work in “Intelligent Evacuation Planner”.
A multidisciplinary approach to security research
Computer security is closely related to a wide range of other fields. Security problems exist in operating systems, databases, networks, distributed systems, and many other fields. On the other hand, techniques from various fields are needed to solve security problems, e.g, logic, cryptography, model checking, programming languages, artificial intelligence, databases, coding theory, automata theory, control theory, etc. My research approach is to understand a topic thoroughly, identify new problems, and apply suitable techniques from a broad range of sources. I have fruitfully applied techniques from fields such as logic programming, knowledge representation, constraint databases, and applied cryptography to solve research problems I encountered. In my last work on secure communication for energy conserved downhole system, I found that cryptology and information theory presents the necessary machinery.
Collaboration
My multidisciplinary approach works best when applied in collaboration with experts in related fields. I have always enjoyed collaboration and believed that interaction is critical to the success of the research. Ideas always become clearer when I am trying to convey them to others. Discussions refine ideas and provoke new insights. I look forward to forging abundant collaboration opportunities within the academic and industry.
Balance of theory and practice
In my research, I strive to find solutions that are both mathematically sound and practical. Furthermore, I strongly believe that formal analysis and practical experimentation are both necessary for building secure systems. Formal analysis is indispensable for designing security systems while building systems and experimenting can provide invaluable feedback, especially on usability, which is critical for the practical security of systems.
Future Research in IoT Security
I am excited to share my research knowledge in Internet Engineering ad security and continue to explore new methodologies and to expand its potential in multidisciplinary research, for example, in Ubiquitous Computing/IoT security. My research background in Internet engineering and knowledge in computer security provide opportunities to think creatively and lead new research. I can port my research knowledge in Internet engineering and security directly to apply to research areas in security for IoT devices and protocols such as CoAP and underpin the issue of trust management and authentication in constrained devices using CoAP.
The current state (Authentication and Trust Management) in Constrained Devices.
The Internet of Things (IoT) is ubiquitous and promises endless opportunity of applications across a wide spectrum of areas, with the number of connected devices, sensors, and actuators expected to reach 50 billion in 2020. The IoT devices range in size, capability and are deployed across a mesh of networking architectures. Some examples of existing IoT systems are self-driving vehicles (SDV) for automated vehicular systems, microgrids for distributed energy resources systems, and Smart City Drones for surveillance systems.
On the other hand, the widespread non-standard productions of IoT devices have spurred the development of insecure protocols, poor trust management and authentication mechanisms. When connected to the Internet, these devices pose a threat to the ecosystem of IoT. For instance, a network of over 25,000 CCTV cameras was turned into a botnet and was used as the Launchpad of a DDoS attack against Dyn, a DNS service provider for major social service networks. A poor authentication mechanism was in the blame for the security lapse.
Authentication is one way to mitigate attacks to the IoT systems such as the reply attack, the Man-in-the-Middle attack, the impersonation attack, and the Sybil attack. On the other hand, many IoT devices have limited amounts of storage, memory, and processing capability and they often need to be able to operate on lower power. Hence, conventional cryptographic primitives are not suitable for such constrained devices. Currently, there are three types of authentication protocols designed for IoT: asymmetric-cryptosystem based protocols, symmetric-cryptosystem based protocols, and hybrid protocols.
Transport Layer Security (TLS) is widely used for communication authentication and encryption. Specifically for constrained devices, TLS offers TLS-PSK, which uses pre-shared keys, and TLS-DHE-RSA authentication method which uses RSA and Diffie-Hellman (DH) key exchange, which are public key and cryptographic protocols. However, in this scheme, the two entities that are to perform mutual authentication must prove their legitimacy to each other by sharing secret information (pre-shared keys) beforehand. Since only symmetric key encryption is used in the authentication process.
IoT core in general supports device to cloud communication using HTTP/MQTT protocols. HTTP/1.1 is a plain text-based application protocol, which leaves the IoT devices vulnerable to MitM attacks unless the communication is supported by Public-Key Infrastructure (or Transport Layer Security). The new web protocols HTTP/2 and QUIC are interesting candidates to study with the security of IoT devices. Further, obtaining and maintaining individual keys or certificates for each IoT device is a non-trivial task. Moreover, when IoT devices communicate using multiparty protocols, the issues surrounding the cryptography and authentication systems used by such multiparty protocols are important in maintaining the Trust and Authentication between IoT devices and form an interesting area of future study.
In addition, trust management might be able to complement the obvious weakness of authentication mechanisms, such as attacks from the corrupted nodes. Automated and dynamic trust calculations to validate the trust values of the participating nodes in an IoT network are among the state of the art in trust management research. However, most of the research focuses on detecting the malicious nodes; only a few trust-based access control methods have been proposed. Indeed, due to scalability and the huge number of smart things which hold sensitive data, there is an urgent need for an automated, transparent and easy access control management, so that different access level can be given to different nodes/users. Trust computing for access control in an IoT network, Trust-Based Access Control (TBAC), is still relatively new but has been implemented successfully in commercial applications. A trust-aware control system for IoT that promotes multidimensional trust properties is proposed. However, due to the devices’ resource constraints, the trust evaluation is centralised as in many systems. I find that I can contribute to the research in D2D trust management through my knowledge of Internet protocols.
In a Nutshell
Constrained devices typically only employ fast, lightweight encryption algorithms. IoT systems should make use of multiple layers of defence to compensate for these device limitations. With so many devices offering potential points of failure within an IoT system, D2D and D2C trust and authentication is critical for securing IoT ecosystems. Devices must establish their identity and trust; the protocols used by these devices should cater for this. Therefore, more research is required on the authentication mechanisms and trust management for constrained devices.
In 2015, UN member states agreed to 17 global Sustainable Development Goals (SDGs) to end poverty, protect the planet and ensure prosperity for all. This person’s work contributes towards the following SDG(s):
External Examiner , Staffordshire University
31 Dec 2020 → 31 Dec 2024
Research output: Contribution to journal › Article › peer-review
Research output: Contribution to journal › Article › peer-review
Research output: Contribution to journal › Article › peer-review
Research output: Contribution to journal › Article › peer-review
Research output: Contribution to journal › Article › peer-review