Mohammed Gharib

Mohammed Gharib, Sam Burns, Martin Zizi

Liveness detection has evolved from a safeguard against presentation and replay attacks in biometric authentication to a broader requirement for distinguishing human users from non-human agents in modern digital systems. The emergence of generative and agentic AI further amplifies this need, positioning liveness as a fundamental security primitive. Existing approaches face key limitations, including reliance on explicit user interaction, specialized hardware, vulnerability to increasingly realistic spoofing, and limited scalability in real-world deployments. We present A-Live, a passive liveness detection framework that operates solely on inertial measurement unit (IMU) signals available in commodity devices. A-Live is based on the observation that neuromuscular micro-motions inherent to human motor control produce subtle but measurable signatures in inertial data, which are often treated as noise in prior work. We design a lightweight feature extraction pipeline and a compact classifier suitable for real-time on-device deployment, and introduce a controllable physical micro-motion platform to evaluate robustness against engineered non-human motion. Extensive evaluation across Android and iOS devices, including both automated and real-user settings, shows that A-Live achieves over 99.5\% accuracy with low false acceptance and rejection rates. Our results demonstrate that neuromuscular micro-motion signatures provide a scalable and passive foundation for liveness detection under emerging AI-driven threat models.

Mohammed Gharib, Fatemeh Afghah

Cooperative ad hoc unmanned aerial vehicle (UAV) networks need essential security services to ensure their communication security. Cryptography, as the inseparable tool for providing security services, requires a robust key management system. Alas, the absence of infrastructure in cooperative networks leads to the infeasibility of providing conventional key management systems. Key pre-distribution schemes have shown promising performance in different cooperative networks due to their lightweight nature. However, intermediate decryption-encryption (DE) steps and the lack of key updates are the most concerning issues they suffer from. In this paper, we propose a simple and effective key management algorithm inspired by the idea of key pre-distribution, where it utilizes the highly dynamic UAV node movement in 3D space to provide the key update feature and optimizes the number of intermediate DE steps. Although it is a general model for any mobile ad hoc network, we have selected UAV network as an example domain to show the efficiency of the model given the high mobility. We define the communication density parameter to analytically show that using any highly dynamic random movement pattern leads our algorithm to work effectively. To show the proposed algorithm's effectiveness, we exhaustively analyze its security and performance in the UAV network using the ns-3 network simulator. Results validate our analytical findings and show how the highly dynamic UAV network movement helps our algorithm to provide the key update feature and to optimize the number of DE steps.

Mohammed Gharib, Bahram Mohammadi, Shadi Hejareh Dastgerdi et al.

Intrusion Detection System (IDS) is one of the most effective solutions for providing primary security services. IDSs are generally working based on attack signatures or by detecting anomalies. In this paper, we have presented AutoIDS, a novel yet efficient solution for IDS, based on a semi-supervised machine learning technique. AutoIDS can distinguish abnormal packet flows from normal ones by taking advantage of cascading two efficient detectors. These detectors are two encoder-decoder neural networks that are forced to provide a compressed and a sparse representation from the normal flows. In the test phase, failing these neural networks on providing compressed or sparse representation from an incoming packet flow, means such flow does not comply with the normal traffic and thus it is considered as an intrusion. For lowering the computational cost along with preserving the accuracy, a large number of flows are just processed by the first detector. In fact, the second detector is only used for difficult samples which the first detector is not confident about them. We have evaluated AutoIDS on the NSL-KDD benchmark as a widely-used and well-known dataset. The accuracy of AutoIDS is 90.17\% showing its superiority compared to the other state-of-the-art methods.