Abdelrahman Abdou

Abdelrahman Abdou
Carleton University · School of Computer Science

PhD

About

24
Publications
2,456
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
212
Citations

Publications

Publications (24)
Preprint
Two-factor authentication (2FA) offers several security benefits that security-conscious users might expect from high-value services such as online banks. In this work, we present our preliminary study to develop a scoring scheme to automatically recognize when bank sites mention support for two-factor authentication. We extract information related...
Preprint
Organizations like Apple, Microsoft, Mozilla and Google maintain certificate root stores, which are used as trust anchors by their software platforms. Is there sufficient consensus on their root-store inclusion and trust policies? Disparities appear astounding, including in the government-owned certificates that they trust. Such a status-quo is ala...
Preprint
Mobile autonomous systems, robots, and cyber-physical systems rely on accurate positioning information. To conduct distance-measurement, two devices exchange signals and, knowing these signals propagate at the speed of light, the time of arrival is used for distance estimations. Existing distance-measurement techniques are incapable of protecting a...
Preprint
In this article, we provide a summary of recent efforts towards achieving Internet geolocation securely, \ie without allowing the entity being geolocated to cheat about its own geographic location. Cheating motivations arise from many factors, including impersonation (in the case locations are used to reinforce authentication), and gaining location...
Preprint
The ability to quickly revoke a compromised key is critical to the security of a public-key infrastructure. Regrettably, most certificate revocation schemes suffer from latency, availability, or privacy issues. The problem is exacerbated by the lack of a native delegation mechanism in TLS, which increasingly leads domain owners to engage in dangero...
Article
Software defined networking implements the network control plane in an external entity, rather than in each individual device as in conventional networks. This architectural difference implies a different design for control functions necessary for essential network properties, e.g., loop prevention and link redundancy. We explore how such differenc...
Research
Full-text available
In this article, we provide a summary of recent efforts towards achieving Internet geolocation securely, i.e., without allowing the entity being geolocated to cheat about its own geographic location. Cheating motivations arise from many factors, including impersonation (in the case locations are used to reinforce authentication), and gaining locati...
Article
In web authentication, the many password alternatives proposed over the years, despite having different designs and objectives, all predominantly rely on an element of secrecy. This motivates us, herein, to provide the first detailed exploration of the integration of a fundamentally different element of defense into the design of web authentication...
Article
We introduce the first known mechanism providing realtime server location verification. Its uses include enhancing server authentication by enabling browsers to automatically interpret server location information. We describe the design of this new measurement-based technique, Server Location Verification (SLV), and evaluate it using PlanetLab. We...
Conference Paper
Delay-based Internet geolocation techniques are repeatedly positioned as well suited for security-sensitive applications, e.g., location-based access control, and credit-card verification. We present new strategies enabling adversaries to accurately control the forged location. Evaluation showed that using the new strategies, adversaries could misr...
Article
Software defined networking implements the network control plane in an external entity, rather than in each individual device as in conventional networks. This architectural difference implies a different design for control functions necessary for essential network properties, e.g., loop prevention and link redundancy. We explore how such differenc...
Article
Security related incidents such as unauthorised system access, data tampering and theft have been noticeably rising. Tools such as firewalls, intrusion detection systems and anti-virus software strive to prevent these incidents. Since these tools only prevent an attack, once an illegal intrusion occurs, they cease to provide useful information beyo...
Article
Client Presence Verification (CPV) was proposed in previous literature as a delay-based location verification algorithm that iteratively estimates Internet delays to corroborate assertions about a client’s geographic presence in a prescribed region, e.g., before granting access to a location-based service. We evaluate CPV’s performance in the prese...
Conference Paper
We report on what we believe to be the largest dataset (to date) of automated secure shell (SSH) bruteforce attacks. The dataset includes plaintext password guesses in addition to timing, source, and username details, which allows us to analyze attacker behaviour and dynamics (e.g., coordinated attacks and password dictionary sharing). Our methodol...
Article
Full-text available
This thesis addresses the problem of verifying the geographic locations of Internet clients. First, we demonstrate how current state-of-the-art delay-based geolocation techniques are susceptible to evasion through delay manipulations, which involve both increasing and decreasing the Internet delays that are observed between a client and a remote me...
Article
The requirement for accurate one-way delay (OWD) estimation led to the recent introduction of an algorithm enabling a server to estimate OWDs between itself and a client by cooperating with two other servers, requiring neither client-clock synchronization nor client trustworthiness in reporting one-way delays. We evaluate the algorithm by deriving...
Article
Over the Internet, location-sensitive content/service providers are those that employ location-aware authentication or location-aware access policies in order to prevent fraud, comply with media streaming licencing, regulate online gambling/voting, etc. An adversary can configure its device to fake geolocation information, such as GPS coordinates,...

Network

Cited By

Projects