Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Subject: search.filters.subject.Security

Search Results

Now showing 1 - 10 of 19
  • No Thumbnail Available
    ItemRestricted
    Security of Distributed and Federated Deep Learning Systems
    (Newcastle University, 2025) Alqattan, Duaa; Ojha, Varun
    Distributed and federated deep learning (DL) systems, operating across the client-edge cloud continuum, have transformed real-time data processing in critical domains like smart cities, healthcare, and industrial Internet of Things (IoT). By distributing DL training and inference tasks across multiple nodes, these systems enhance scalability, reduce latency, and improve efficiency. However, this decentralisation introduces significant security challenges, particularly concerning the availability and integrity of DL systems during training and inference. This thesis tackles these challenges through three main contributions. • Edge-based Detection of Early-stage IoT Botnets: The first contribution involves employing Modular Neural Networks (MNN), a distributed DL approach, to develop an edge-based system for detecting early-stage IoT botnet activities and preventing DDoSattacks. By harnessing parallel computing on Multi-Access Edge Computing (MEC)servers, the system delivers rapid and accurate detection, ensuring uninterrupted service availability. This addresses the research gap in detecting early-stage IoT botnet activities as faults in network communication, enabling preventive measures before attacks escalate. Key findings include a significant reduction in false-negative rates and faster detection times (as low as 16 milliseconds), enabling early intervention in large-scale IoT environments. • Security Assessment of Hierarchical Federated Learning (HFL): The second contri bution is a security assessment of Hierarchical Federated Learning (HFL), evaluating its resilience against data and model poisoning attacks during training and adversarial data manipulation during inference. Defense mechanisms like Neural Cleanse (NC) and Adversarial Training (AT) are explored to improve model integrity in privacy sensitive environments. This addresses the gap in systematically assessing the security vulnerabilities of HFL systems, particularly in detecting and mitigating targeted at tacks in multi-level architectures. Key findings highlight that while HFL enhances scalability and recovery from untargeted attacks, it remains vulnerable to targeted back door attacks, especially in higher-level architectures, necessitating stronger defence mechanisms. • Analysis of HFL Dynamics Under Attack: The third contribution examines HFL dynamics under attack using a Model Discrepancy score to analyse discrepancies in model updates. This study sheds light on the impact of adversarial attacks and data heterogeneity, providing insights for more robust aggregation methods in HFL. This addresses the gap in understanding the dynamics of HFL under adversarial attacks through model discrepancy phenomena. Key findings reveal that increased hierarchy and data heterogeneity can obscure malicious activity detection, emphasising the need for advanced aggregation methods tailored to complex, real-world scenarios. Overall, this thesis enhances the security, availability, and integrity of Distributed and Federated DL systems by proposing novel detection and assessment methods, ultimately laying the foundation for more resilient DL-driven infrastructures.
    21 0
  • No Thumbnail Available
    ItemRestricted
    ACCEPTANCE OF BLOCKCHAIN TECHNOLOGY BY HIGHER EDUCATION INSTITUTIONS IN THE KINGDOM OF SAUDI ARABIA
    (Aston University, 2025) Alhumayzi, Mohammed; Batista, Luciano; Benson, Vladlena
    The increasing adoption of new technologies in the Higher Education Institutions (HEIs) sector highlights the importance of exploring blockchain acceptance among employees. Adopting blockchain, as an emerging technology, is likely to encounter resistance among employees. This study explores this issue. Specifically, this study aims to determine the drivers and hindrances of blockchain acceptance among employees in the HEIs industry. To address this aim, this study proposes a framework that extends the unified theory of acceptance and use of technology (UTAUT) with individual characteristics. The framework represents factors that explain blockchain acceptance. The identified elements are performance expectancy (PE), effort expectancy (EX), social influence (SI), facilitating conditions (FC), trust, perceived security (SEC) and awareness (AW). The relationships among these factors were examined based on a quantitative approach, where an online questionnaire was employed to collect data from administrative and academic staff working for HEIs in the Kingdom of Saudi Arabia (KSA). Partial Least Squares Structural Equation Model (PLS-SEM) and Multi-group Analysis (MGA) techniques were employed to analyse 394 responses. The findings of this study revealed the direct drivers and hindrances of blockchain acceptance, i.e., PE, FC, SEC and AW. Additionally, this study demonstrated the moderating effects of AW between FC and blockchain acceptance. Furthermore, it determined specific indirect effects of the EX, trust and SEC on blockchain acceptance. Moreover, this research detected significant differences between categories’ subsamples and identified the significant factors of blockchain acceptance per subsample. Finally, this research identified where blockchain needs to be adopted most within the HEIs, i.e., financial exchange, certificate management, and students’ assessment areas. The HEIs industry in KSA could use these findings to develop concise strategies that encourage the adoption of blockchain. Scholars might also employ the proposed framework to investigate the adoption of blockchain.
    28 0
  • No Thumbnail Available
    ItemRestricted
    Privacy-aware Secure Authentication and Handover Protocols for 5G-enabled Mobile Communication
    (University of Sheffield, 2025) Alnashwan, Rabiah; Prosanta, Gope; Benjamin, Dowling
    The evolution of mobile communication has facilitated technological advancements that enable seamless global connectivity. With the advent of 5G technology, wireless communication has taken a significant leap forward, promising unparalleled speed, capacity, and connectivity. As we enter this era of advanced communication, we also need to consider its implications for security and privacy. The integration of 5G technology brings new opportunities and challenges, making it essential to thoroughly examine the security and privacy frameworks that support this advanced network. Compared to the previous mobile communication generations, 5G offers a more robust security infrastructure by strengthening two key protocols: Authentication and Key Agreement (AKA) and Handover (HO). Although 5G-AKA significantly improves security measures, it is worth noting that the current protocols lack support for several essential security and privacy properties, such as forward secrecy, forward privacy, and unlinkability. Thus, a critical need remains to address these gaps to ensure comprehensive protection in 5G networks. In response to the issues in respect of security and privacy, this thesis proposes three novel AKA and HO schemes. The three proposed schemes have different security and privacy goals that support improved security and privacy features compared to the conventional 5G-AKA and HO protocols currently utilized and other existing solutions. In particular, we examine challenges associated with integrating ultra-dense small cell networks (SCNs) into the 5G infrastructure. This exploration led us to investigate the concept of region-based handovers and to propose, to the best of our knowledge, the first scheme that provides privacy-preserving, secure inter-region-based AKA and HO scheme. This scheme provides secure authentication for roaming users with an efficient and seamless handover process. To enhance security and privacy measures further, we undertake an additional investigation into fortifying resilience against key compromise impersonation attacks. This involves proposing a novel, secure, privacy-preserving Universal Handover scheme (UniHand) tailored for SCNs within the 5G mobile communication framework. Finally, in pursuit of seamless compatibility with 5G networks, we introduce an improved iteration of the 5G-AKA and HO protocols. Referred to as Pretty Good User Privacy (PGUP), this novel symmetry-based scheme aims to mitigate security and privacy vulnerabilities inherent in the existing 5G-AKA and HO protocols while maintaining high compatibility with the 5G infrastructure.
    23 0
  • No Thumbnail Available
    ItemRestricted
    AI-Driven Approaches for Privacy Compliance: Enhancing Adherence to Privacy Regulations
    (Univeristy of Warwick, 2024-02) Alamri, Hamad; Maple, Carsten
    This thesis investigates and explores some inherent limitations within the current privacy policy landscape, provides recommendations, and proposes potential solutions to address these issues. The first contribution of this thesis is a comprehensive study that addresses a significant gap in the literature. This study provides a detailed overview of the current landscape of privacy policies, covering both their limitations and proposed solutions, with the aim of identifying the most practical and applicable approaches for researchers in the field. Second, the thesis tackles the challenge of privacy policy accessibility in app stores by introducing the App Privacy Policy Extractor (APPE) system. The APPE pipeline consists of various components, each developed to perform a specific task and provide insightful information about the apps' privacy policies. By analysing over two million apps in the iOS App Store, APPE offers unprecedented and comprehensive store-wide insights into policy distribution and can act as a mechanism for enforcing privacy policy requirements in app stores automatically. Third, the thesis investigates the issue of privacy policy complexity. By establishing generalisability across app categories and drawing attention to associated matters of time and cost, the study demonstrates that the current situation requires immediate and effective solutions. It suggests several recommendations and potential solutions. Finally, to enhance user engagement with privacy policies, a novel framework utilising a cost-effective unsupervised approach, based on the latest AI innovations, has been developed. The comparison of the findings of this study with state-of-the-art methods suggests that this approach can produce outcomes that are on par with those of human experts, or even surpass them, yet in a more efficient and automated manner.
    23 0
  • Thumbnail Image
    ItemRestricted
    Verification of Smart Contracts using the Interactive Theorem Prover Agda
    (Swansea University, 2024-07-25) Alhabardi, Fahad; Setzer, Anton
    The goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).
    7 0
  • Thumbnail Image
    ItemRestricted
    Verification of Smart Contracts using the Interactive Theorem Prover Agda
    (Swansea University, 2024-07-25) Alhabardi, Fahad Faleh; Setzer, Anton
    The goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).
    11 0
  • Thumbnail Image
    ItemRestricted
    CROSS-CULTURAL UNDERSTANDING OF HOW PEOPLE USE SECURE GROUP CHAT TOOLS IN THE UNITED KINGDOM AND SAUDI ARABIA
    (King’s College London, 2023-08-15) Alrabeah, Ghada; Abu-Salma, Ruba
    Group communication tools have gained widespread popularity, attracting over a billion users. However, questions arise, how closely are our messages being watched by external parties? Is end-to-end encryption implemented by the application? Many group communication tools either do not offer enough security features to protect their users or make it challenging for them to understand and use these features. This research discusses how users perceive and use secure group communication tools, focusing on users in the United Kingdom and Saudi Arabia. A mixed-methods approach involving interviews with 20 participants and a survey with 204 respondents was conducted. The study reveals key factors driving users' choices, their understanding of security and privacy, their willingness to adopt or not adopt secure group communication tools, and cultural differences. The findings underline the priority factors like popularity, usability, and being free, as influential in tool selection. Users express willingness to use secure tools, yet gaps arise between intention and practice, attributed to misconceptions, motivation, and trust concerns. Privacy practices vary between cultures, with Saudi participants showing more caution. On the other hand, the UK displays higher trust levels in communication tools compared to Saudi Arabia. These cultural influences shape communication priorities, with Saudis leaning toward group communication and the UK prioritizing individual communications. Despite these differences, the study suggests the potential for universally secure applications catering to diverse user needs. The study offers recommendations for tool design that help improve the adoption of secure group communication.
    6 0
  • Thumbnail Image
    ItemRestricted
    Testing Privacy and Security of Voice Interface Applications in the IoT Era
    (Temple University, 2024-04-04) Shafei, Hassan Ali; Tan, Chiu C.
    Voice User Interfaces (VUI) are rapidly gaining popularity, revolutionizing user interaction with technology through the widespread adoption in devices such as desktop computers, smartphones, and smart home assistants, thanks to significant advancements in voice recognition and processing technologies. Over a hundred million users now utilize these devices daily, and smart home assistants have been sold in massive numbers, owing to their ease and convenience in controlling a diverse range of smart devices within the home IoT environment through the power of voice, such as controlling lights, heating systems, and setting timers and alarms. VUI enables users to interact with IoT technology and issue a wide range of commands across various services using their voice, bypassing traditional input methods like keyboards or touchscreens. With ease, users can inquire in natural language about the weather, stock market, and online shopping and access various other types of general information. However, as VUI becomes more integrated into our daily lives, it brings to the forefront issues related to security, privacy, and usability. Concerns such as the unauthorized collection of user data, the potential for recording private conversations, and challenges in accurately recognizing and executing commands across diverse accents, leading to misinterpretations and unintended actions, underscore the need for more robust methods to test and evaluate VUI services. In this dissertation, we delve into voice interface testing, evaluation for privacy and security associated with VUI applications, assessment of the proficiency of VUI in handling diverse accents, and investigation into access control in multi-user environments. We first study the privacy violations of the VUI ecosystem. We introduced the definition of the VUI ecosystem, where users must connect the voice apps to corresponding services and mobile apps to function properly. The ecosystem can also involve multiple voice apps developed by the same third-party developers. We explore the prevalence of voice apps with corresponding services in the VUI ecosystem, assessing the landscape of privacy compliance among Alexa voice apps and their companion services. We developed a testing framework for this ecosystem. We present the first study conducted on the Alexa ecosystem, specifically focusing on voice apps with account linking. Our designed framework analyzes both the privacy policies of these voice apps and their companion services or the privacy policies of multiple voice apps published by the same developers. Using machine learning techniques, the framework automatically extracts data types related to data collection and sharing from these privacy policies, allowing for a comprehensive comparison. Next, researchers studied the voice apps' behavior to conduct privacy violation assessments. An interaction approach with voice apps is needed to extract the behavior where pre-defined utterances are input into the simulator to simulate user interaction. The set of pre-defined utterances is extracted from the skill's web page on the skill store. However, the accuracy of the testing analysis depends on the quality of the extracted utterances. An utterance or interaction that was not captured by the extraction process will not be detected, leading to inaccurate privacy assessment. Therefore, we revisited the utterance extraction techniques used by prior works to study the skill's behavior for privacy violations. We focused on analyzing the effectiveness and limitations of existing utterance extraction techniques. We proposed a new technique that improved prior work extraction techniques by utilizing the union of these techniques and human interaction. Our proposed technique makes use of a small set of human interactions to record all missing utterances, then expands that to test a more extensive set of voice apps. We also conducted testing on VUI with various accents to study by designing a testing framework that can evaluate VUI on different accents to assess how well VUI implemented in smart speakers caters to a diverse population. Recruiting individuals with different accents and instructing them to interact with the smart speaker while adhering to specific scripts is difficult. Thus, we proposed a framework known as AudioAcc, which facilitates evaluating VUI performance across diverse accents using YouTube videos. Our framework uses a filtering algorithm to ensure that the extracted spoken words used in constructing these composite commands closely resemble natural speech patterns. Our framework is scalable; we conducted an extensive examination of the VUI performance across a wide range of accents, encompassing both professional and amateur speakers. Additionally, we introduced a new metric called Consistency of Results (COR) to complement the standard Word Error Rate (WER) metric employed for assessing ASR systems. This metric enables developers to investigate and rewrite skill code based on the consistency of results, enhancing overall WER performance. Moreover, we looked into a special case related to the access control of VUI in multi-user environments. We proposed a framework for automated testing to explore the access control weaknesses to determine whether the accessible data is of consequence. We used the framework to assess the effectiveness of voice access control mechanisms within multi-user environments. Thus, we show that the convenience of using voice systems poses privacy risks as the user's sensitive data becomes accessible. We identify two significant flaws within the access control mechanisms proposed by the voice system, which can exploit the user's private data. These findings underscore the need for enhanced privacy safeguards and improved access control systems within online shopping. We also offer recommendations to mitigate risks associated with unauthorized access, shedding light on securing the user's private data within the voice systems.
    29 0
  • Thumbnail Image
    ItemRestricted
    Security Countermeasures for Topology and Flooding Attacks in Low Power and Lossy Networks
    (University of Bristol, 2023-10-06) Algahtani, Fahad Mohammed F; Oikonomou, George
    Internet of Things have become an integral part in many industries such as health- care, home automation, automobile, and agriculture. Many applications of IoT use networks of unattended micro battery-operated devices with limited compu- tational power and unreliable communication systems. Such networks are called Low-Power and Lossy Network (LLN) which is based on a stack of protocols de- signed to prolong the life of an application by conserving battery power and mem- ory usage. Most commonly used routing protocol is the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). RPL suffers from vulnerabilities related to routing paths formation, network maintenance, and response to some of its control messages. Specifically, compro- mised nodes can advertise falsified routing information to form sub-optimised paths or trigger network reformations. Furthermore, they can flood a network with join- ing requests to trigger a massive number of replies. No standardised RPL solutions provide the security against such attacks. Moreover, existing literature works are mostly based on using monitoring architectures, public key infrastructure (PKI), or a blacklisting approach. Any monitoring devices must be physically secured and utilising only secure communications which is not easily scaleable. Using PKI in LLNs is still a challenge as certificates management is unsuitable for LLN devices. Blacklisting nodes using their advertise addresses is clearly vulnerable to identity spoofing. Moreover, attacks described in few sentences could miss details which transforms any discussion on impact analysis to be subject to interpretation. Therefore, the aim of this dissertation is to first implement attacks using a developed framework to launch multiple attacks simultaneously on different nodes during specified times. Second, to analyse the strategies of an adversary when launching the aforementioned attacks. Then, the impact of the instigated attacks in each strategy is analysed to establish a baseline for countermeasures evaluation. Finally, security countermeasures for the aforementioned attacks are proposed as well as their performances are evaluated. In countering the attack responsible for forming sub-optimised routing paths, preloading a minimum relative location in each node has filtered out any future attempts to accept false routing metrics. As for the attack causing unnecessary net- work reformations, nodes will only accept cryptographically authenticated routing information to trigger future network rebuilds. Lastly, any faster interarriving join- ing requests will be evaluated against thresholds with hysteresis to adjust RPL’s response to potential floods.
    29 0
  • Thumbnail Image
    ItemRestricted
    LIGHTWEIGHT MUTUAL AUTHENTICATION PROTOCOLS FOR IOT SYSTEMS
    (University of Maryland Baltimore County, 2024) Alkanhal, Mona; Younis, Mohamed
    The Internet of Things (IoT) refers to the large-scale internetworking of diverse devices, many of them with very limited computational resources. Given the ad-hoc formation of the network and dynamic membership of nodes, device authentication is critical to prevent malicious devices from joining the network and impersonating legitimate nodes. The most popular authentication strategy in the literature is to pursue asymmetric cryptography. Such a solution is costly in terms of computing resources and power consumption and thus is not suitable for IoT devices which are often resource constrained. Moreover, due to the autonomous nature of the IoT nodes, relying on an intermediary server to manage the authentication process induces overhead and consequently decreases the network efficacy. Thus, the authentication process should be geared for nodes that operate autonomously. This dissertation opts to fulfill the aforementioned requirements by developing a library of lightweight authentication protocols that caterers for variant IoT applications. We consider a hardware-based security primitive, namely Physical Unclonable Functions (PUFs). A PUF benefits from the random and uncontrollable variations experienced during the manufacturing of integrated circuits in constructing a device signature that uniquely maps input bits, referred to as challenge, into an output bit(s) that reflects the PUF response. A fundamental issue with distributed authentication using PUFs is that the challenge-response exchange is among IoT nodes rather than the secure server and hence becomes subject to increased vulnerability to attacks. Particularly, eavesdroppers could intercept the inter-node interactions to collect sufficient challenge-response pairs (CRPs) for modeling the underlying PUF using machine learning (ML) techniques. Obfuscating the challenge and response through encryption is not practical since it requires network-wide management of secret keys and diminishes the advantages of PUFs. The dissertation tackles the aforementioned challenges. We first develop a novel authentication mechanism that is based on the incorporation of a PUF in each device. Our mechanism enables the challenge bit string intended by a verifier δy to be inferred by a prover δx rather than being explicitly sent. The proposed mechanism also obfuscates the shared information to safeguard it from eavesdroppers who strive to model the underlying PUF using machine learning techniques. Secondly, we further combine the advantage of PUFs, and the agility and configurability of physical-layer communication mechanisms, specifically the Multi-Input Multi Output (MIMO) method. We devise a protocol that utilizes an innovative method to counter attackers who might intercept the communication between δy and δx and uncover a set of CRPs to model δx’s PUF. Our protocol encodes the challenge bit using MIMO antennas array in a manner that is controlled by the verifier and that varies overtime. Additionally, we derive a two-factors authentication protocol by associating a Radio Frequency (RF) fingerprint with PUF. Such a unique combination obviates the need for traditional identification methods that rely on key storage for authentication. This identification mechanism enables the protocol to obfuscate the PUF response, circumventing the need for the incorporation of cryptographic primitives. Since both the PUF and the RF-fingerprint are based on unintended variations caused by manufacturing, we aim to increase robustness and mitigate the potential effect of noise by applying the fuzzy extractor. Such a protocol does not retain CRPs of a node during the enrollment phase, nor does it incorporate a cryptosystem. All the aforementioned techniques enable mutual authentication of two devices without the involvement of a trusted third party. The experimental results demonstrate the efficacy of the proposed protocols against modeling attacks and impersonation attempts.
    15 0

Copyright owned by the Saudi Digital Library (SDL) © 2025