Waqas Aman

Kawish Pervez, Waqas Aman, M. Mahboob Ur Rahman et al.

In post-covid19 world, radio frequency (RF)-based non-contact methods, e.g., software-defined radios (SDR)-based methods have emerged as promising candidates for intelligent remote sensing of human vitals, and could help in containment of contagious viruses like covid19. To this end, this work utilizes the universal software radio peripherals (USRP)-based SDRs along with classical machine learning (ML) methods to design a non-contact method to monitor different breathing abnormalities. Under our proposed method, a subject rests his/her hand on a table in between the transmit and receive antennas, while an orthogonal frequency division multiplexing (OFDM) signal passes through the hand. Subsequently, the receiver extracts the channel frequency response (basically, fine-grained wireless channel state information), and feeds it to various ML algorithms which eventually classify between different breathing abnormalities. Among all classifiers, linear SVM classifier resulted in a maximum accuracy of 88.1\%. To train the ML classifiers in a supervised manner, data was collected by doing real-time experiments on 4 subjects in a lab environment. For label generation purpose, the breathing of the subjects was classified into three classes: normal, fast, and slow breathing. Furthermore, in addition to our proposed method (where only a hand is exposed to RF signals), we also implemented and tested the state-of-the-art method (where full chest is exposed to RF radiation). The performance comparison of the two methods reveals a trade-off, i.e., the accuracy of our proposed method is slightly inferior but our method results in minimal body exposure to RF radiation, compared to the benchmark method.

M. Hashim Shahab, Hasan Mujtaba Buttar, Ahsan Mehmood et al.

Non-intrusive load monitoring (NILM) or energy disaggregation aims to extract the load profiles of individual consumer electronic appliances, given an aggregate load profile of the mains of a smart home. This work proposes a novel deep-learning and edge computing approach to solve the NILM problem and a few related problems as follows. 1) We build upon the reputed seq2-point convolutional neural network (CNN) model to come up with the proposed seq2-[3]-point CNN model to solve the (home) NILM problem and site-NILM problem (basically, NILM at a smaller scale). 2) We solve the related problem of appliance identification by building upon the state-of-the-art (pre-trained) 2D-CNN models, i.e., AlexNet, ResNet-18, and DenseNet-121, which are fine-tuned two custom datasets that consist of Wavelets and short-time Fourier transform (STFT)-based 2D electrical signatures of the appliances. 3) Finally, we do some basic qualitative inference about an individual appliance's health by comparing the power consumption of the same appliance across multiple homes. Low-frequency REDD dataset is used for all problems, except site-NILM where REFIT dataset has been used. As for the results, we achieve a maximum accuracy of 94.6\% for home-NILM, 81\% for site-NILM, and 88.9\% for appliance identification (with Resnet-based model).

Hala Amin, Jawaher Kaldari, Nora Mohamed et al.

Vehicular communication networks are rapidly emerging as vehicles become smarter. However, these networks are increasingly susceptible to various attacks. The situation is exacerbated by the rise in automated vehicles complicates, emphasizing the need for security and authentication measures to ensure safe and effective traffic management. In this paper, we propose a novel hybrid physical layer security (PLS)-machine learning (ML) authentication scheme by exploiting the position of the transmitter vehicle as a device fingerprint. We use a time-of-arrival (ToA) based localization mechanism where the ToA is estimated at roadside units (RSUs), and the coordinates of the transmitter vehicle are extracted at the base station (BS).Furthermore, to track the mobility of the moving legitimate vehicle, we use ML model trained on several system parameters. We try two ML models for this purpose, i.e., support vector regression and decision tree. To evaluate our scheme, we conduct binary hypothesis testing on the estimated positions with the help of the ground truths provided by the ML model, which classifies the transmitter node as legitimate or malicious. Moreover, we consider the probability of false alarm and the probability of missed detection as performance metrics resulting from the binary hypothesis testing, and mean absolute error (MAE), mean square error (MSE), and coefficient of determination $\text{R}^2$ to further evaluate the ML models. We also compare our scheme with a baseline scheme that exploits the angle of arrival at RSUs for authentication. We observe that our proposed position-based mechanism outperforms the baseline scheme significantly in terms of missed detections.

Ali Safa, Waqas Aman, Ali Al-Zawqari et al.

Autonomously controlling the position of Remotely Operated underwater Vehicles (ROVs) is of crucial importance for a wide range of underwater engineering applications, such as in the inspection and maintenance of underwater industrial structures. Consequently, studying vision-based underwater robot navigation and control has recently gained increasing attention to counter the numerous challenges faced in underwater conditions, such as lighting variability, turbidity, camera image distortions (due to bubbles), and ROV positional disturbances (due to underwater currents). In this paper, we propose (to the best of our knowledge) a first rigorous unified benchmarking of more than seven Machine Learning (ML)-based one-shot object tracking algorithms for vision-based position locking of ROV platforms. We propose a position-locking system that processes images of an object of interest in front of which the ROV must be kept stable. Then, our proposed system uses the output result of different object tracking algorithms to automatically correct the position of the ROV against external disturbances. We conducted numerous real-world experiments using a BlueROV2 platform within an indoor pool and provided clear demonstrations of the strengths and weaknesses of each tracking approach. Finally, to help alleviate the scarcity of underwater ROV data, we release our acquired data base as open-source with the hope of benefiting future research.

Ahsan Mehmood, Waqas Aman, M. Mahboob Ur Rahman et al.

This work considers identity attack on a radio-frequency identification (RFID)-based backscatter communication system. Specifically, we consider a single-reader, single-tag RFID system whereby the reader and the tag undergo two-way signaling which enables the reader to extract the tag ID in order to authenticate the legitimate tag (L-tag). We then consider a scenario whereby a malicious tag (M-tag)---having the same ID as the L-tag programmed in its memory by a wizard---attempts to deceive the reader by pretending to be the L-tag. To this end, we counter the identity attack by exploiting the non-reciprocity of the end-to-end channel (i.e., the residual channel) between the reader and the tag as the fingerprint of the tag. The passive nature of the tag(s) (and thus, lack of any computational platform at the tag) implies that the proposed light-weight physical-layer authentication method is implemented at the reader. To be concrete, in our proposed scheme, the reader acquires the raw data via two-way (challenge-response) message exchange mechanism, does least-squares estimation to extract the fingerprint, and does binary hypothesis testing to do authentication. We also provide closed-form expressions for the two error probabilities of interest (i.e., false alarm and missed detection). Simulation results attest to the efficacy of the proposed method.

Waqas Aman, M. Mahboob Ur Rahman, Hassan T. Abbas et al.

Nanoscale communication systems operating in Ter-ahertz (THz) band are anticipated to revolutionise the healthcaresystems of the future. Global wireless data traffic is undergoinga rapid growth. However, wireless systems, due to their broad-casting nature, are vulnerable to malicious security breaches. Inaddition, advances in quantum computing poses a risk to existingcrypto-based information security. It is of the utmost importanceto make the THz systems resilient to potential active and passiveattacks which may lead to devastating consequences, especiallywhen handling sensitive patient data in healthcare systems. Newstrategies are needed to analyse these malicious attacks and topropose viable countermeasures. In this manuscript, we presenta new authentication mechanism for nanoscale communicationsystems operating in THz band at the physical layer. We assessedan impersonation attack on a THz system. We propose usingpath loss as a fingerprint to conduct authentication via two-stephypothesis testing for a transmission device. We used hiddenMarkov Model (HMM) viterbi algorithm to enhance the outputof hypothesis testing. We also conducted transmitter identificationusing maximum likelihood and Gaussian mixture model (GMM)expectation maximization algorithms. Our simulations showedthat the error probabilities are a decreasing functions of SNR. At 10 dB with 0.2 false alarm, the detection probability was almostone. We further observed that HMM out-performs hypothesistesting at low SNR regime (10% increase in accuracy is recordedat SNR =5 dB) whereas the GMM is useful when groundtruths are noisy. Our work addresses major security gaps facedby communication system either through malicious breachesor quantum computing, enabling new applications of nanoscalesystems for Industry 4.0.

Waqas Aman, Zeeshan Haider, S. Waqas H. Shah et al.

This paper investigates the impact of authentication on effective capacity (EC) of an underwater acoustic (UWA) channel. Specifically, the UWA channel is under impersonation attack by a malicious node (Eve) present in the close vicinity of the legitimate node pair (Alice and Bob); Eve tries to inject its malicious data into the system by making Bob believe that she is indeed Alice. To thwart the impersonation attack by Eve, Bob utilizes the distance of the transmit node as the feature/fingerprint to carry out feature-based authentication at the physical layer. Due to authentication at Bob, due to lack of channel knowledge at the transmit node (Alice or Eve), and due to the threshold-based decoding error model, the relevant dynamics of the considered system could be modelled by a Markov chain (MC). Thus, we compute the state-transition probabilities of the MC, and the moment generating function for the service process corresponding to each state. This enables us to derive a closed-form expression of the EC in terms of authentication parameters. Furthermore, we compute the optimal transmission rate (at Alice) through gradient-descent (GD) technique and artificial neural network (ANN) method. Simulation results show that the EC decreases under severe authentication constraints (i.e., more false alarms and more transmissions by Eve). Simulation results also reveal that the (optimal transmission rate) performance of the ANN technique is quite close to that of the GD method.

Sidra Zafar, Waqas Aman, Muhammad Mahboob Ur Rahman et al.

Consider impersonation attack by an active malicious nano node (Eve) on a diffusion based molecular communication (DbMC) system---Eve transmits during the idle slots to deceive the nano receiver (Bob) that she is indeed the legitimate nano transmitter (Alice). To this end, this work exploits the 3-dimensional (3D) channel impulse response (CIR) with $L$ taps as device fingerprint for authentication of the nano transmitter during each slot. Specifically, Bob utilizes the Alice's CIR as ground truth to construct a binary hypothesis test to systematically accept/reject the data received in each slot. Simulation results highlight the great challenge posed by impersonation attack--i.e., it is not possible to simultaneously minimize the two error probabilities. In other words, one needs to tolerate on one error type in order to minimize the other error type.

Waqas Aman, Aneeqa Ijaz, M. Mahboob Ur Rahman et al.

This work presents a novel method to generate secret keys shared between a legitimate node pair (Alice and Bob) to safeguard the communication between them from an unauthorized node (Eve). To this end, we exploit the {\it reciprocal carrier frequency offset} (CFO) between the legitimate node pair to extract common randomness out of it to generate shared secret keys. The proposed key generation algorithm involves standard steps: the legitimate nodes exchange binary phase-shift keying (BPSK) signals to perform blind CFO estimation on the received signals, and do equi-probable quantization of the noisy CFO estimates followed by information reconciliation--to distil a shared secret key. Furthermore, guided by the Allan deviation curve, we distinguish between the two frequency-stability regimes---when the randomly time-varying CFO process i) has memory, ii) is memoryless; thereafter, we compute the key generation rate for both regimes. Simulation results show that the key disagreement rate decreases exponentially with increase in the signal to noise ratio of the link between Alice and Bob. Additionally, the decipher probability of Eve decreases as soon as either of the two links observed by the Eve becomes more degraded compared to the link between Alice and Bob.

Waqas Aman, Muhammad Mahboob Ur Rahman, Junaid Qadir et al.

This work considers a line-of-sight underwater acoustic sensor network (UWASN) consisting of $M$ underwater sensor nodes randomly deployed according to uniform distribution within a vertical half-disc (the so-called trusted zone). The sensor nodes report their sensed data to a sink node on water surface on a shared underwater acoustic (UWA) reporting channel in a time-division multiple-access (TDMA) fashion, while an active-yet-invisible adversary (so-called Eve) is present in the close vicinity who aims to inject malicious data into the system by impersonating some Alice node. To this end, this work first considers an additive white Gaussian noise (AWGN) UWA channel, and proposes a novel, multiple-features based, two-step method at the sink node to thwart the potential impersonation attack by Eve. Specifically, the sink node exploits the noisy estimates of the distance, the angle of arrival, and the location of the transmit node as device fingerprints to carry out a number of binary hypothesis tests (for impersonation detection) as well as a number of maximum likelihood hypothesis tests (for transmitter identification when no impersonation is detected). We provide closed-form expressions for the error probabilities (i.e., the performance) of most of the hypothesis tests. We then consider the case of a UWA with colored noise and frequency-dependent pathloss, and derive a maximum-likelihood (ML) distance estimator as well as the corresponding Cramer-Rao bound (CRB). We then invoke the proposed two-step, impersonation detection framework by utilizing distance as the sole feature. Finally, we provide detailed simulation results for both AWGN UWA channel and the UWA channel with colored noise. Simulation results verify that the proposed scheme is indeed effective for a UWA channel with colored noise and frequency-dependent pathloss.

Waqas Aman

Malware writers have employed various obfuscation and polymorphism techniques to thwart static analysis approaches and bypassing antivirus tools. Dynamic analysis techniques, however, have essentially overcome these deceits by observing the actual behaviour of the code execution. In this regard, various methods, techniques and tools have been proposed. However, because of the diverse concepts and strategies used in the implementation of these methods and tools, security researchers and malware analysts find it difficult to select the required optimum tool to investigate the behaviour of a malware and to contain the associated risk for their study. Focusing on two dynamic analysis techniques: Function Call monitoring and Information Flow Tracking, this paper presents a comparison framework for dynamic malware analysis tools. The framework will assist the researchers and analysts to recognize the tools implementation strategy, analysis approach, system wide analysis support and its overall handling of binaries, helping them to select a suitable and effective one for their study and analysis.