Showing 1–9 of 9 results for author: AlQahtani, A A S

Securing the Invisible Thread: A Comprehensive Analysis of BLE Tracker Security in Apple AirTags and Samsung SmartTags

Authors: Hosam Alamleh, Michael Gogarty, David Ruddell, Ali Abdullah S. AlQahtani

Abstract: This study presents an in-depth analysis of the security landscape in Bluetooth Low Energy (BLE) tracking systems, with a particular emphasis on Apple AirTags and Samsung SmartTags, including their cryptographic frameworks. Our investigation traverses a wide spectrum of attack vectors such as physical tampering, firmware exploitation, signal spoofing, eavesdropping, jamming, app security flaws, Bl… ▽ More This study presents an in-depth analysis of the security landscape in Bluetooth Low Energy (BLE) tracking systems, with a particular emphasis on Apple AirTags and Samsung SmartTags, including their cryptographic frameworks. Our investigation traverses a wide spectrum of attack vectors such as physical tampering, firmware exploitation, signal spoofing, eavesdropping, jamming, app security flaws, Bluetooth security weaknesses, location spoofing, threats to owner devices, and cloud-related vulnerabilities. Moreover, we delve into the security implications of the cryptographic methods utilized in these systems. Our findings reveal that while BLE trackers like AirTags and SmartTags offer substantial utility, they also pose significant security risks. Notably, Apple's approach, which prioritizes user privacy by removing intermediaries, inadvertently leads to device authentication challenges, evidenced by successful AirTag spoofing instances. Conversely, Samsung SmartTags, designed to thwart beacon spoofing, raise critical concerns about cloud security and user privacy. Our analysis also highlights the constraints faced by these devices due to their design focus on battery life conservation, particularly the absence of secure boot processes, which leaves them susceptible to OS modification and a range of potential attacks. The paper concludes with insights into the anticipated evolution of these tracking systems. We predict that future enhancements will likely focus on bolstering security features, especially as these devices become increasingly integrated into the broader IoT ecosystem and face evolving privacy regulations. This shift is imperative to address the intricate balance between functionality and security in next-generation BLE tracking systems. △ Less

Submitted 24 January, 2024; originally announced January 2024.

Navigating Cybersecurity Training: A Comprehensive Review

Authors: Saif Al-Dean Qawasmeh, Ali Abdullah S. AlQahtani, Muhammad Khurram Khan

Abstract: In the dynamic realm of cybersecurity, awareness training is crucial for strengthening defenses against cyber threats. This survey examines a spectrum of cybersecurity awareness training methods, analyzing traditional, technology-based, and innovative strategies. It evaluates the principles, efficacy, and constraints of each method, presenting a comparative analysis that highlights their pros and… ▽ More In the dynamic realm of cybersecurity, awareness training is crucial for strengthening defenses against cyber threats. This survey examines a spectrum of cybersecurity awareness training methods, analyzing traditional, technology-based, and innovative strategies. It evaluates the principles, efficacy, and constraints of each method, presenting a comparative analysis that highlights their pros and cons. The study also investigates emerging trends like artificial intelligence and extended reality, discussing their prospective influence on the future of cybersecurity training. Additionally, it addresses implementation challenges and proposes solutions, drawing on insights from real-world case studies. The goal is to bolster the understanding of cybersecurity awareness training's current landscape, offering valuable perspectives for both practitioners and scholars. △ Less

Submitted 20 January, 2024; originally announced January 2024.

Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication

Authors: Ali Abdullah S. AlQahtani, Thamraa Alshayeb, Mahmoud Nabil, Ahmad Patooghy

Abstract: The traditional two-factor authentication (2FA) methods primarily rely on the user manually entering a code or token during the authentication process. This can be burdensome and time-consuming, particularly for users who must be authenticated frequently. To tackle this challenge, we present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) that continuou… ▽ More The traditional two-factor authentication (2FA) methods primarily rely on the user manually entering a code or token during the authentication process. This can be burdensome and time-consuming, particularly for users who must be authenticated frequently. To tackle this challenge, we present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) that continuously verifies the user's identity with zero effort. Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi Access Points (APs). These features are gathered and analyzed in real-time by our ML algorithm to ascertain the user's identity. For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access. This precaution ensures that unauthorized users cannot access sensitive information or systems, even with the correct login credentials. Through experimentation, we have demonstrated our system's effectiveness in determining the location of the user's devices based on beacon frame characteristics and RSSI values, achieving an accuracy of 92.4%. Additionally, we conducted comprehensive security analysis experiments to evaluate the proposed 2FA system's resilience against various cyberattacks. Our findings indicate that the system exhibits robustness and reliability in the face of these threats. The scalability, flexibility, and adaptability of our system render it a promising option for organizations and users seeking a secure and convenient authentication system. △ Less

Submitted 12 January, 2024; originally announced January 2024.

Comprehensive Survey: Biometric User Authentication Application, Evaluation, and Discussion

Authors: Reem Alrawili, Ali Abdullah S. AlQahtani, Muhammad Khurram Khan

Abstract: This paper conducts an extensive review of biometric user authentication literature, addressing three primary research questions: (1) commonly used biometric traits and their suitability for specific applications, (2) performance factors such as security, convenience, and robustness, and potential countermeasures against cyberattacks, and (3) factors affecting biometric system accuracy and po-tent… ▽ More This paper conducts an extensive review of biometric user authentication literature, addressing three primary research questions: (1) commonly used biometric traits and their suitability for specific applications, (2) performance factors such as security, convenience, and robustness, and potential countermeasures against cyberattacks, and (3) factors affecting biometric system accuracy and po-tential improvements. Our analysis delves into physiological and behavioral traits, exploring their pros and cons. We discuss factors influencing biometric system effectiveness and highlight areas for enhancement. Our study differs from previous surveys by extensively examining biometric traits, exploring various application domains, and analyzing measures to mitigate cyberattacks. This paper aims to inform researchers and practitioners about the biometric authentication landscape and guide future advancements. △ Less

Submitted 20 January, 2024; v1 submitted 7 July, 2023; originally announced November 2023.

Secure Mobile Payment Architecture Enabling Multi-factor Authentication

Authors: Hosam Alamleh, Ali Abdullah S. AlQahtani, Baker Al Smadi

Abstract: The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security… ▽ More The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers. △ Less

Submitted 19 April, 2023; originally announced April 2023.

Zero-Effort Two-Factor Authentication Using Wi-Fi Radio Wave Transmission and Machine Learning

Authors: Ali Abdullah S. AlQahtani, Thamraa Alshayeb

Abstract: The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a users environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi… ▽ More The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a users environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi-Fi radio wave transmission and ML algorithms to analyze beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi access points to determine the users location. The aim is to provide a secure and efficient method of authentication without the need for additional hardware or software. A prototype was developed using Raspberry Pi devices and experiments were conducted to demonstrate the effectiveness and practicality of the proposed approach. Results showed that the proposed system can significantly enhance the security of sensitive information in various industries such as finance, healthcare, and retail. This study sheds light on the potential of Wi-Fi radio waves and RSSI values as a means of user authentication and the power of ML to identify patterns in wireless signals for security purposes. The proposed system holds great promise in revolutionizing the field of 2FA and user authentication, offering a new era of secure and seamless access to sensitive information. △ Less

Submitted 4 March, 2023; originally announced March 2023.

ML for Location Prediction Using RSSI On WiFi 2.4 GHZ Frequency Band

Authors: Ali Abdullah S. AlQahtani, Nazim Choudhury

Abstract: For decades, the determination of an objects location has been implemented utilizing different technologies. Despite GPS (Global Positioning System) provides a scalable efficient and cost effective location services however the satellite emitted signals cannot be exploited indoor to effectively determine the location. In contrast to GPS which is a cost effective localization technology for outdoor… ▽ More For decades, the determination of an objects location has been implemented utilizing different technologies. Despite GPS (Global Positioning System) provides a scalable efficient and cost effective location services however the satellite emitted signals cannot be exploited indoor to effectively determine the location. In contrast to GPS which is a cost effective localization technology for outdoor locations several technologies have been studied for indoor localization. These include Wireless Fidelity (Wi-Fi) Bluetooth Low Energy (BLE) and Received Signal Strength Indicator (RSSI) etc. This paper presents an enhanced method of using RSSI as a mean to determine an objects location by applying some Machine Learning (ML) concepts. The binary classification is defined by considering the adjacency of the coordinates denoting objects locations. The proposed features were tested empirically via multiple classifiers that achieved a maximum of 96 percent accuracy. △ Less

Submitted 1 October, 2022; originally announced October 2022.

Technical Report-IoT Devices Proximity Authentication In Ad Hoc Network Environment

Authors: Ali Abdullah S. AlQahtani, Hosam Alamleh, Baker Al Smadi

Abstract: Internet of Things (IoT) is a distributed communication technology system that offers the possibility for physical devices (e.g. vehicles home appliances sensors actuators etc.) known as Things to connect and exchange data more importantly without human interaction. Since IoT plays a significant role in our daily lives we must secure the IoT environment to work effectively. Among the various secur… ▽ More Internet of Things (IoT) is a distributed communication technology system that offers the possibility for physical devices (e.g. vehicles home appliances sensors actuators etc.) known as Things to connect and exchange data more importantly without human interaction. Since IoT plays a significant role in our daily lives we must secure the IoT environment to work effectively. Among the various security requirements authentication to the IoT devices is essential as it is the first step in preventing any negative impact of possible attackers. Using the current IEEE 802.11 infrastructure this paper implements an IoT devices authentication scheme based on something that is in the IoT devices environment (i.e. ambient access points). Data from the broadcast messages (i.e. beacon frame characteristics) are utilized to implement the authentication factor that confirms proximity between two devices in an ad hoc IoT network. △ Less

Submitted 30 September, 2022; originally announced October 2022.

Preprint: Privacy-preserving IoT Data Sharing Scheme

Authors: Ali Abdullah S. AlQahtani, Hosam Alamleh, Reem Alrawili

Abstract: Data sharing can be granted using different factors one of which is something in a users or an IoT devices environment which is in this paper broadcast signals. Using broadcast signals to measure Received Signal Strength Indicator values and Machine Learning models this paper implements an IoT data sharing scheme based on something that is in an IoT devices environment. The proposed scheme is expe… ▽ More Data sharing can be granted using different factors one of which is something in a users or an IoT devices environment which is in this paper broadcast signals. Using broadcast signals to measure Received Signal Strength Indicator values and Machine Learning models this paper implements an IoT data sharing scheme based on something that is in an IoT devices environment. The proposed scheme is experimentally tested using different ML models and shows 97.78 percent as its highest accuracy. △ Less

Submitted 26 September, 2022; originally announced September 2022.