Research News

Solving Cybersecurity’s Biggest Challenges with KU-TII Projects

February 10, 2021

As our cities become ‘smarter’ and increasingly connected by Internet of Things (IoT) devices that collect and transmit data every second, governments across the world are figuring out the best way to keep this new IoT infrastructure secure and sustainable.


Read Arabic story here.


In the UAE, the Technology Innovation Institute (TII) – part of the Abu Dhabi Government’s Advanced Technology Research Council, which oversees research in the emirate – is partnering up with Khalifa University on a number of strategic research projects in cryptography, digital security, and secure communication, to help the country develop efficient and secure communications infrastructure.


Seven projects have been funded by TII as part of this partnership, each spanning a period of years across various topics.


Project 1: Energy-Aware IoT Devices


To have a powerful communications infrastructure, IoT devices need to communicate sustainably in an energy-efficient manner. The short battery lifetime in most IoT devices, however, still pose a major design challenge. In response, researchers are turning their attention to developing energy-aware, self-sustaining devices that can harvest and recycle energy from various sources.


One such technology under development is BackCom, which has emerged as a new communications paradigm for low-power wireless networks. BackCom is based on the concept that a transmitter sends data to its receiver by backscattering ambient signals, consuming significantly less power than traditional transceivers.


BackCom systems suffer from several drawbacks though, which a team from Khalifa University aims to solve by integrating radio frequency-powered transmission systems and optimizing them for network scenarios.


Dr. Sami Muhaidat, Professor, Dr. Paschalis Sofotasios, Assistant Professor, Dr. Lina Bariah, Postdoctoral Fellow, and Dr. Ernesto Damiani, Professor, Senior Director of the Robotics and Intelligent Systems Institute and Director of the Center for Cyber-Physical Systems (C2PS), will develop scalable solutions that can accommodate power-constrained wireless mesh networks (networks where a group of devices act as a single Wi-Fi network) with protocols that are energy aware and security systems that are lightweight, among other solutions to these challenges.


Project 2: Machine Learning to Optimize IoT Connectivity


Another project looking at wireless mesh networks and IoT devices aims to use machine learning to optimize IoT connectivity. Dr. Muhaidat, Dr. Sofotasios, Dr. Bariah, and Dr. Damiani are joined by Dr. Hany Elgala, Assistant Professor from the University of Albany, to address key challenges in mobile wireless mesh networks, with particular emphasis on unmanned aerial vehicle networks.


Current wireless technologies cannot meet the demands of the envisioned IoT where devices are more reliable with higher data-rates, extended coverage and better security. Machine learning techniques can address the various design challenges of mobile wireless mesh networks, and deep learning, a subset of machine learning, allows machines to learn complex functions with high accuracy and online self-optimization.


Project 3: Detecting Malware in Smart Phones


Also investigating machine learning are Dr. Damiani, Gabriele Gianini, Senior Researcher, and Hussam AlHammadi, Research Scientist, who will design a malware detection engine for Android phones based on machine learning techniques.


Data collected and routed by Android phones are targets for malware. Attacks targeting mobile phones often inject sleepers, malware modules that use open and cover channels, piggybacking legitimate protocols for infiltration and exfiltration (when malware carries out an unauthorized data transfer from a computer).


While periodically checking Android configuration can detect installed exfiltration code, only external monitoring systems, which continuously analyze the behavior of Android and onboard applications, can hope to detect and alleviate data leakage as it happens. The research team will design an exfiltration detection engine for Android phones based on machine learning to detect when exfiltration occurs.


Project 4: Protecting UAVs


Another team is conducting research on unmanned aerial vehicles (UAVs). UAVs can play a vital role in shaping the future of wireless networks, which is why protecting the networks from malicious parties is crucial.


UAV networks contain elements which make them more vulnerable to several types of attacks, since a security issue in any one element may impact the entire system. Some attacks could be performed by directly tampering with the physical elements in the networks, such as batteries, or realized through malware and software.


Dr. Arafat Al-Dweik, Associate Professor, Dr. Baker Mohammed, Associate Professor, and Dr. Yousuf Alsalami, Assistant Professor, are evaluating the feasibility of adopting physical layer security (PLS) techniques for UAV-aided wireless communications networks. PLS exploits the intrinsic characteristics of wireless channels, such as noise, fading, and interference, to secure the communications. Using PLS, the team aims to design a novel communications system with high reliability, security and anti-jamming capabilities for use with UAVs.


Project 5: Protecting Drones


Further targeting drone vulnerabilities, Dr. Abdulhadi Shoufan, Associate Professor, Dr. Faisal Shah Khan, Assistant Professor, Dr. Damiani, and Hussam Al-Hammadi, Research Scientist, aim to provide a holistic security analysis of drone operations in the context of unmanned traffic management systems to form the basis of the security functions and objectives which should be implemented on the drone.


Flying a drone is associated with security, privacy, and safety risks which have shaped the progress of this technology over the last few years. Security is an especially critical requirement for drone operations because cyber and physical attacks on drones do not only present a threat to information security, but also to people, assets and infrastructure.


The first challenge in securing drone operations is understanding all the vulnerabilities of this technology. Once understood, the security objectives will be implemented using a dedicated system-on-chip, which will support important security functions.


Project 6: Securing Wireless Sensor Networks with Hash Chains


IoT technology is accompanied by numerous cybersecurity challenges that must be addressed to ensure the security and privacy of the network. Many possible solutions have been proposed and many of them address important fundamental security requirements such as authentication, confidentiality and authorization. However, no proposed security protocol completely satisfies all the cybersecurity requirements of an IoT network. Dr. Chan Yeob Yeun, Associate Professor, Dr. Yousof Al Hammadi, Assistant Professor and Dean of Graduate Studies, and Dr. Damiani are looking to provide more secure and flexible solutions for wireless sensor networks using a combination of high-level and low-level key chains.


Comprising hundreds or thousands of small devices each with sensing, processing, and communication capabilities, wireless sensor networks have varied applications, but due to their distributed nature and deployment in remote areas, these networks are vulnerable to numerous security threats. The research team will use hash chain techniques – a method to produce many one-time keys from a single key or password – to ensure continuity of authentication and enhance the security of the network.


Project 7: Securing Data on the Cloud


The final project considers cybersecurity in the cloud. A field-programmable gate array (FGPA) is an integrated circuit designed to be configured by a customer or designer after manufacturing.


The main security risk to using FGPAs in the cloud stems from the multi-user environment, where several users may be sharing the same physical hardware platform, with the possibility of one user sniffing the bitstream file.


A sniffing attack involves the theft or interception of data by capturing the network traffic using a sniffer, an application aimed at capturing network packets. When data is transmitted across networks, if the data packets are not encrypted, the data can be read using a sniffer. An attacker can analyze the network and gain information to eventually crash or corrupt the network or read the communications happening within. Encryption may be a possible defense, with Dr. Ibrahim Elfadel, Professor, Dr. Abdulhadi Shoufan, Associate Professor, looking at cryptography to secure the information on a cloud using FGPAs with the intent that the security will be robust against even quantum computers. 


Jade Sterling
Science Writer
10 February 2021