Yassine Mekdad, Ahmet Arış, Abbas Acar, Mauro Conti, Riccardo Lazzeretti, Abdeslam El Fergougui, Selcuk Uluagac
A comprehensive security and performance assessment of UAV authentication schemes Journal Article
Wiley Security and Privacy Journal, 2023.
Abstract | Links | BibTeX | Tags: Authentication
@article{mekdadCompAUV2022,
title = {A comprehensive security and performance assessment of UAV authentication schemes},
author = {Yassine Mekdad and Ahmet Arış and Abbas Acar and Mauro Conti and Riccardo Lazzeretti and Abdeslam El Fergougui and Selcuk Uluagac},
url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.338},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Wiley Security and Privacy Journal},
abstract = {In the past few years, unmanned aerial vehicles (UAVs) have significantly gained attention and popularity from industry, government, and academia. With their rapid development and deployment into the civilian airspace, UAVs play an important role in different applications, including goods delivery, search-and-rescue, and traffic monitoring. Therefore, providing secure communication through authentication models for UAVs is necessary for a successful and reliable flight mission. To satisfy such requirements, numerous authentication mechanisms have been proposed in the literature. However, the literature lacks a comprehensive study evaluating the security and performance of these solutions. In this article, we analyze the security and performance of 27 recent UAV authentication works by considering ten different key metrics. First, in the performance analysis, we show that the majority of UAV authentication schemes are lightweight in their communication cost. However, the storage overhead or the energy consumption is not reported by many authentication studies. Then, we reveal in the security analysis the widely employed formal models (i.e., abstract description of an authentication protocol through a mathematical model), while most of the studies lack coverage of many attacks that can target UAV systems. Afterwards, we highlight the challenges that need to be addressed in order to design and implement secure and reliable UAV authentication schemes. Finally, we summarize the lessons learned on the authentication strategies for UAVs to motivate promising direction for further research.},
keywords = {Authentication},
pubstate = {published},
tppubtype = {article}
}
Abbas Acar, Shoukat Ali, Koray Karabina, Cengiz Kaygusuz, Hidayet Aksu, Kemal Akkaya, Selcuk Uluagac
A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA Journal Article
ACM Transactions on Privacy and Security (TOPS) Journal, 2021.
Abstract | Links | BibTeX | Tags: Authentication, Privacy Preserving
@article{AcarPACA,
title = {A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA},
author = {Abbas Acar and Shoukat Ali and Koray Karabina and Cengiz Kaygusuz and Hidayet Aksu and Kemal Akkaya and Selcuk Uluagac},
url = {https://doi.org/10.1145/3464690},
year = {2021},
date = {2021-09-01},
urldate = {2021-09-01},
journal = {ACM Transactions on Privacy and Security (TOPS) Journal},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
abstract = {As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously},
keywords = {Authentication, Privacy Preserving},
pubstate = {published},
tppubtype = {article}
}
Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya
A usable and robust continuous authentication framework using wearables Journal Article
IEEE Transactions on Mobile Computing Journal, 2020.
Abstract | BibTeX | Tags: Authentication, IoT Security, Smart Home Security
@article{acar2020usable,
title = {A usable and robust continuous authentication framework using wearables},
author = {Abbas Acar and Hidayet Aksu and A Selcuk Uluagac and Kemal Akkaya},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {IEEE Transactions on Mobile Computing Journal},
publisher = {IEEE},
abstract = {One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. Continuous authentication, which re-verifies the user identity without breaking the continuity of the session, can address this issue. However, existing methods for Continuous Authentication are either not reliable or not usable. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. },
keywords = {Authentication, IoT Security, Smart Home Security},
pubstate = {published},
tppubtype = {article}
}
Z Berkay Celik, Abbas Acar, Hidayet Aksu, Ryan Sheatsley, Patrick McDaniel, A Selcuk Uluagac
Curie: Policy-based secure data exchange Conference Paper
In the Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY), 2019.
Abstract | Links | BibTeX | Tags: Authentication, IoT Security
@conference{celik2019curie,
title = {Curie: Policy-based secure data exchange},
author = {Z Berkay Celik and Abbas Acar and Hidayet Aksu and Ryan Sheatsley and Patrick McDaniel and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/10.1145/3292006.3300042},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {In the Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY)},
abstract = {Data sharing among partners—users, companies, organizations—is crucial for the advancement of collaborative machine learning in many domains such as healthcare, finance, and security. Sharing through secure computation and other means allow these partners to perform privacy-preserving computations on their private data in controlled ways. However, in reality, there exist complex relationships among members (partners). Politics, regulations, interest, trust, data demands and needs prevent members from sharing their complete data. Thus, there is a need for a mechanism to meet these conflicting relationships on data sharing. This paper presents, an approach to exchange data among members who have complex relationships. },
keywords = {Authentication, IoT Security},
pubstate = {published},
tppubtype = {conference}
}
Abbas Acar, Wenyi Liu, Raheem Beyah, Kemal Akkaya, Arif Selcuk Uluagac
A privacy-preserving multifactor authentication system Journal Article
Security and Privacy, 2019.
Abstract | BibTeX | Tags: Authentication, Privacy Preserving
@article{acar2019privacy,
title = {A privacy-preserving multifactor authentication system},
author = {Abbas Acar and Wenyi Liu and Raheem Beyah and Kemal Akkaya and Arif Selcuk Uluagac},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {Security and Privacy},
publisher = {Wiley Online Library},
abstract = {In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anythingthey simply communicate how you type to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacypreserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes hostbased and network flowbased features.},
keywords = {Authentication, Privacy Preserving},
pubstate = {published},
tppubtype = {article}
}
Abbas Acar, Hidayet Aksu, Kemal Akkaya, A Selcuk Uluagac
Method for continuous user authentication with wearables Patent
US Patent, 2018.
Abstract | Links | BibTeX | Tags: Authentication, patent
@patent{nokey,
title = {Method for continuous user authentication with wearables},
author = {Abbas Acar and Hidayet Aksu and Kemal Akkaya and A Selcuk Uluagac},
url = {https://patents.google.com/patent/US10075846B1/en},
year = {2018},
date = {2018-09-11},
urldate = {2018-09-11},
abstract = {Systems and methods for continuous and transparent verification, authentication, and identification of individuals are provided. A method can include detecting a signal from a sensor embedded in a wearable device, determining a set of features unique to the wearer of the wearable device, creating a user profile of that individual, detecting a signal from a sensor of an unknown individual, determining a set of features unique to the unknown individual, and comparing the features of the unknown individual to the previously created user profile.},
howpublished = {US Patent},
keywords = {Authentication, patent},
pubstate = {published},
tppubtype = {patent}
}
Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, Kemal Akkaya
WACA: Wearable-Assisted Continuous Authentication Conference Paper
In the Proceedings of the IEEE Security and Privacy Workshops (SPW) , 2018.
Abstract | Links | BibTeX | Tags: Authentication, Vehicle security
@conference{Acar2018WACAb,
title = {WACA: Wearable-Assisted Continuous Authentication},
author = {Abbas Acar and Hidayet Aksu and A. Selcuk Uluagac and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/8424658},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
publisher = {In the Proceedings of the IEEE Security and Privacy Workshops (SPW) },
abstract = {One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged in initially. We implemented the WACA framework and evaluated its performance on real devices with real users. The empirical evaluation of WACA reveals that WACA is feasible and its error rate is as low as 1% with 30 seconds of processing time and 2 - 3% for 20 seconds. The computational overhead is minimal. Furthermore, WACA is capable of identifying insider threats with very high accuracy (99.2%).},
keywords = {Authentication, Vehicle security},
pubstate = {published},
tppubtype = {conference}
}
Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Selcuk Uluagac
Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications Conference Paper
In the Proceedings of the 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2018.
Abstract | Links | BibTeX | Tags: Authentication, SDN Security
@conference{Aydeger2018AuthOverheadb,
title = {Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya and Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8319206},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
publisher = {In the Proceedings of the 15th IEEE Annual Consumer Communications & Networking Conference (CCNC)},
abstract = {Since real-time and resilient recovery of link failures is crucial for power grid infrastructure to continue its services, emerging technologies such as Software Defined Networking (SDN) has started to be employed for such purposes. SDN switches can be remotely controlled to change their configurations by exploiting the wireless communication options. However, when wireless is to be used in Smart Grid communications, security and reliability become important issues due to the specific characteristics of wireless communications. This paper investigates the overhead of providing such services on wireless links when SDN is utilized. Specifically, we consider the establishment of authentication services when wireless back-up links (i.e., WiFi or LTE) are employed as a result of a reactive link failure detection mechanism. To the best of our knowledge, this work is the first to consider authentication of such an SDN-enabled Smart Grid inter-substation communication with WiFi and LTE. To be able to effectively evaluate the performance of this proposed SDN-enabled framework, we developed it in Mininet emulator. Since Mininet does not support the authentication services for WiFi or LTE, we proposed several novel extensions to Mininet by integrating it with ns-3 simulator that supports the LTE/WiFi protocol stacks. We conducted extensive experiments by considering a general application using Smart Grid Manufacturing Message Specification (MMS) standard to assess the recovery performance of the proposed secure SDN-enabled recovery system. The results show that when authentication and reliable protocols such as TCP are to be employed, the proposed framework can still meet the deadlines of 100 ms with WiFi while LTE misses only a few packets.},
keywords = {Authentication, SDN Security},
pubstate = {published},
tppubtype = {conference}
}
A. Selcuk Uluagac, Wenyi Liu, Raheem Beyah
A multi-factor re-authentication framework with user privacy Conference Paper
In the Proceedings of the IEEE Conference on Communications and Network Security, 2014.
Abstract | Links | BibTeX | Tags: Authentication
@conference{UluagacAuthenticationIEEE,
title = {A multi-factor re-authentication framework with user privacy},
author = {A. Selcuk Uluagac and Wenyi Liu and Raheem Beyah},
url = {https://ieeexplore.ieee.org/document/6997526},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {In the Proceedings of the IEEE Conference on Communications and Network Security},
abstract = {Continuous re-authentication of users is a must to protect connections with long duration against any malicious activity. Users can be re-authenticated in numerous ways. One popular way is an approach that requires the presentation of two or more authentication factors (i.e., knowledge, possession, identity) called Multi-factor authentication (MFA). Given the market dominance of ubiquitous computing systems (e.g., cloud), MFA systems have become vital in re-authenticating users. Knowledge factor (i.e., passwords) is the most ubiquitous authentication factor; however, forcing a user to re-enter the primary factor, a password, at frequent intervals could significantly lower the usability of the system. Unfortunately, an MFA system with a possession factor (e.g., Security tokens) usually depends on the distribution of some specific device, which is cumbersome and not user-friendly. Similarly, MFA systems with an identity factor (e.g., physiological biometrics, keystroke pattern) suffer from a relatively low deployability and are highly intrusive and expose users sensitive information to untrusted servers. These servers can keep physically identifying elements of users, long after the user ends the relationship with the server. To address these concerns, in this poster, we introduce our initial design of a privacy-preserving multi-factor re-authentication framework. The first factor is a password while the second factor is a hybrid profile of user behavior with a large combination of host- and network-based features. Our initial results are very promising as our framework can successfully validate legitimate users while detecting impostors.},
keywords = {Authentication},
pubstate = {published},
tppubtype = {conference}
}
Wenyi Liu, A. Selcuk Uluagac, Raheem Beyah
MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data Conference Paper
In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM Wksps) , 2014.
Abstract | Links | BibTeX | Tags: Authentication, Big Data Security
@conference{LiuMACAIEEE2014,
title = {MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data},
author = {Wenyi Liu and A. Selcuk Uluagac and Raheem Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6849285/},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM Wksps)
},
abstract = {Multi-factor authentication (MFA) is an approach to user validation that requires the presentation of two or more authentication factors. Given the popularity of cloud systems, MFA systems become vital in authenticating users. However, MFA approaches are highly intrusive and expose users' sensitive information to untrusted cloud servers that can keep physically identifying elements of users, long after the user ends the relationship with the cloud. To address these concerns in this work, we present a privacy-preserving multi-factor authentication system utilizing the features of big data called MACA. In MACA, the first factor is a password while the second factor is a hybrid profile of user behavior. The hybrid profile is based on users' integrated behavior, which includes both host-based characteristics and network flow-based features. MACA is the first MFA that considers both user privacy and usability combining big data features (26 total configurable features). Furthermore, we adopt fuzzy hashing and fully homomorphic encryption (FHE) to protect users' sensitive profiles and to handle the varying nature of the user profiles. We evaluate the performance of our proposed approach through experiments with several public datasets. Our results show that our proposed system can successfully validate legitimate users while detecting impostors.},
keywords = {Authentication, Big Data Security},
pubstate = {published},
tppubtype = {conference}
}
Xiaojing Liao, A. Selcuk Uluagac, Raheem A. Beyah
S-Match: An efficient privacy-preserving profile matching scheme Conference Paper
In the proceedings of IEEE Conference on Communications and Network Security (CNS), 2013.
Abstract | Links | BibTeX | Tags: Authentication, Privacy-preserving
@conference{LiaoS-MatchIEEE2013,
title = {S-Match: An efficient privacy-preserving profile matching scheme},
author = {Xiaojing Liao, A. Selcuk Uluagac and Raheem A. Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6682736},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {In the proceedings of IEEE Conference on Communications and Network Security (CNS)},
abstract = {Profile matching is a fundamental and significant step for mobile social services to build social relationships and share interests. Given the privacy and efficiency concerns of mobile platforms, we propose a cost-effective profile matching technique called S-Match for mobile social services in which matching operations are achieved in a privacy-preserving manner utilizing property-preserving encryption (PPE). Specifically, in this poster, we first analyze the challenges of directly using PPE for profile matching. Second, we introduce a solution based on entropy increase. Our initial results, with three real-world datasets, show that S-Match achieves at least an order of magnitude improvement over other relevant schemes.},
keywords = {Authentication, Privacy-preserving},
pubstate = {published},
tppubtype = {conference}
}
Citations: 8413
h-index: 44
i10-index: 107