security

Paper: Android Users Privacy Awareness Survey

ABSTRACT

Having a share of over 80% of the smartphone market, Android has become an important mobile operating system that is used by billions of users on daily basis. With the widespread use of smartphones in general, and Android in specific, privacy concerns grow with that expansion in the user base. With the millions of applications being downloaded by users daily, it is becoming increasingly difficult to differentiate between the good and the bad in terms of security and privacy. In this paper, we present the results of a survey conducted among 4027 Android users worldwide. This survey was conducted to measure the awareness of Android users regarding their privacy. The study measures the users’ interaction with the permissions required by different applications they install. The results of the survey show apparent weakness in the awareness of Android users regarding the privacy of their data.

Citation Info:

Mohammed M. Alani, “Android Users Privacy Awareness Survey”, International Journal of Interactive Mobile Technology (i-JIM), Vol 11, No 3, pp 130-144.

Full-text (open-access) can be accessed through the link: https://doi.org/10.3991/ijim.v11i3.6605

Book: Elements of Cloud Computing Security

This work serves as a thorough, yet simple-to-read, reference on various aspects of cloud computing security. The text opens with an introduction to the general concepts of cloud computing necessary to build a basic understanding of the cloud, followed by a discussion of aspects of security. The work then examines how cloud security differs from conventional information security, and reviews cloud-specific classes of threats and attacks. A range of varying threats in cloud computing are covered, from threats of data loss and data breaches, to threats to availability and threats posed by malicious insiders. The text discusses cloud security attacks on different levels, including attacks on the hypervisor, and on the confidentiality of data. Newer attacks, such as side-channel attacks and resource-freeing attacks, are also described. The work concludes with a set of general security recommendations for the cloud.

 

eBook ISBN 978-3-319-41411-9

Softcover ISBN 978-3-319-41410-2

Link: Elements of Cloud Computing Security: A Survey of Key Practicalities

Paper: Development of a VoIP Security System Based on H.323 Protocol

ABSTRACT
In this thesis a secure IP-Telephony framework is proposed. This framework relies on H.323 and covers two of the most important weaknesses that were in the original H.323 and were not covered in an efficient and easily implementable way. These two weaknesses are secrecy of voice data traveling from one EndPoint to another, and authentication between GateKeepers when calls made are Inter-GateKeeper calls. In the suggested framework, Advanced Encryption Standard and HMAC-SHA1-96 were used to overcome the weak points of the original H.323.
The suggested framework was implemented and tested and has proved strength over most popular IP-Telephony attacks and provided acceptable quality of service as compared to other solutions of the H.323 security loopholes. The implementation was tested for two different scenarios; calls placed on EndPoints laying in the same local area network, and calls made over the Internet with EndPoints laying in different zones.
For the local area network calls, the delay was 61 milliseconds, and the jitter was 8 millisecond, with an average loss of 0.93%. For the Internet-separated EndPoints, the delay was 265 milliseconds, and the jitter was 41 milliseconds, with an average loss of 1.22%. These values were calculated for 1000 calls.
The implementation environment included Asterisk software as the GateKeeper software, and JCPPhone as the EndPoints software. The Asterisk version used was AsteriskNOW beta5-x86. It was installed on Linux servers.
The proposed system has shown more resistance towards the most common three IP-Telephony attacks; toll fraud, eavesdropping, and denial of service. The features of the proposed system were compared with the original H.323 set, Session Initiation Protocol, and H.235 Annex D.

Citation Information:

Mohammed M. Alani,  “Development of a VoIP Security System Based on H.323 Protocol”, PhD Thesis, Computer Engineering Department, College of Engineering, Nahrain University, May, 2007.

 

Mohammed M. Alani,  “Development of a VoIP Security System Based on H.323 Protocol”, PhD Thesis, Computer Engineering Department, College of Engineering, Nahrain University, Baghdad, Iraq. May, 2007.

Paper: Design of H.323 Secure IP-Telephony Framework

ABSTRACT
The paper is aimed to provide a secure IP-Telephony system based on H.323 set of protocols. H.323 is a standard that specifies the components and procedures that provide multimedia communication services—real-time audio, video, and data communications—over packet networks, including Internet protocol (IP)–based networks. H.323 is part of a family of ITU—T recommendations called H.32x that provides multimedia communication services over a variety of networks. From the security aspect, H.323 provides a scheme for authentication between the End Point (EP) and the GateKeeper (GK). However, the authentication between EPs lying on different GKs needs to be considered. Thus, the paper shows a proposed model and implementation with the evaluation of such authentication process. It also provides secrecy for certain users that require such a service. These have been provided by providing authentication for EPs laying on different GKs, as well as providing encryption for the voice data traveling between EPs laying on same GK or different GKs.

Keywords: Computer network, VoIP, IP-Telephony, H.323, and VoIP security.

Citation Information:

Siddeeq Y. Ameen, Fawzi Alnaima, and Mohammed M. Alani, Design of H.323 Secure IP-Telephony Framework, published in The 6th International Philadelphia Engineering Conference On Computational Aspects and Their Applications in Electrical Engineering, Philadelphia University, Amman, Jordan, September, 2006.