Showing 1–3 of 3 results for author: Al-Ibrahim, O

Geo-Encryption Protocol For Mobile Networks

Authors: Ala Al-Fuqaha, Omar Al-Ibrahim, Ammar Rayes

Abstract: We propose a geo-encryption protocol that allow mobile nodes to communicate securely by restricting the decryption of a message to a particular location and time period. Our protocol will handle the exchange of movement parameters, so that a sender is able to geo-encrypt messages to a moving decryption zone that contains a mobile node's estimated location. We also present methods for estimating th… ▽ More We propose a geo-encryption protocol that allow mobile nodes to communicate securely by restricting the decryption of a message to a particular location and time period. Our protocol will handle the exchange of movement parameters, so that a sender is able to geo-encrypt messages to a moving decryption zone that contains a mobile node's estimated location. We also present methods for estimating the node's movement parameters to allow for geo-encryption. Finally, we evaluate our model by measuring the induced overhead to the network and its performance in terms of decryption ratio. △ Less

Submitted 21 June, 2017; originally announced June 2017.

Beyond Free Riding: Quality of Indicators for Assessing Participation in Information Sharing for Threat Intelligence

Authors: Omar Al-Ibrahim, Aziz Mohaisen, Charles Kamhoua, Kevin Kwiat, Laurent Njilla

Abstract: Threat intelligence sharing has become a growing concept, whereby entities can exchange patterns of threats with each other, in the form of indicators, to a community of trust for threat analysis and incident response. However, sharing threat-related information have posed various risks to an organization that pertains to its security, privacy, and competitiveness. Given the coinciding benefits an… ▽ More Threat intelligence sharing has become a growing concept, whereby entities can exchange patterns of threats with each other, in the form of indicators, to a community of trust for threat analysis and incident response. However, sharing threat-related information have posed various risks to an organization that pertains to its security, privacy, and competitiveness. Given the coinciding benefits and risks of threat information sharing, some entities have adopted an elusive behavior of "free-riding" so that they can acquire the benefits of sharing without contributing much to the community. So far, understanding the effectiveness of sharing has been viewed from the perspective of the amount of information exchanged as opposed to its quality. In this paper, we introduce the notion of quality of indicators (\qoi) for the assessment of the level of contribution by participants in information sharing for threat intelligence. We exemplify this notion through various metrics, including correctness, relevance, utility, and uniqueness of indicators. In order to realize the notion of \qoi, we conducted an empirical study and taken a benchmark approach to define quality metrics, then we obtained a reference dataset and utilized tools from the machine learning literature for quality assessment. We compared these results against a model that only considers the volume of information as a metric for contribution, and unveiled various interesting observations, including the ability to spot low quality contributions that are synonym to free riding in threat information sharing. △ Less

Submitted 2 February, 2017; originally announced February 2017.

Rethinking Information Sharing for Actionable Threat Intelligence

Authors: Aziz Mohaisen, Omar Al-Ibrahim, Charles Kamhoua, Kevin Kwiat, Laurent Njilla

Abstract: In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introduc- ing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators ar… ▽ More In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introduc- ing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are pro- posed in the literature, although various issues are undermined. In this paper, we rethink information sharing for actionable intelli- gence, by highlighting various issues that deserve further explo- ration. We argue that information sharing can benefit from well- defined use models, threat models, well-understood risk by mea- surement and robust scoring, well-understood and preserved pri- vacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agent. We call for using the differential nature of data and community structures for optimizing sharing. △ Less

Submitted 2 February, 2017; originally announced February 2017.