Abbas Yazdinejad

Mohammed Aledhari, Rehma Razzak, Mohamed Rahouti et al.

The advancements in autonomous driving technology, coupled with the growing interest from automotive manufacturers and tech companies, suggest a rising adoption of Connected Autonomous Vehicles (CAVs) in the near future. Despite some evidence of higher accident rates in AVs, these incidents tend to result in less severe injuries compared to traditional vehicles due to cooperative safety measures. However, the increased complexity of CAV systems exposes them to significant security vulnerabilities, potentially compromising their performance and communication integrity. This paper contributes by presenting a detailed analysis of existing security frameworks and protocols, focusing on intra- and inter-vehicle communications. We systematically evaluate the effectiveness of these frameworks in addressing known vulnerabilities and propose a set of best practices for enhancing CAV communication security. The paper also provides a comprehensive taxonomy of attack vectors in CAV ecosystems and suggests future research directions for designing more robust security mechanisms. Our key contributions include the development of a new classification system for CAV security threats, the proposal of practical security protocols, and the introduction of use cases that demonstrate how these protocols can be integrated into real-world CAV applications. These insights are crucial for advancing secure CAV adoption and ensuring the safe integration of autonomous vehicles into intelligent transportation systems.

Keerthana Madhavan, Abbas Yazdinejad, Fattane Zarrinkalam et al.

As AI systems integrate into critical infrastructure, security gaps in AI compliance frameworks demand urgent attention. This paper audits and quantifies security risks in three major AI governance standards: NIST AI RMF 1.0, UK's AI and Data Protection Risk Toolkit, and the EU's ALTAI. Using a novel risk assessment methodology, we develop four key metrics: Risk Severity Index (RSI), Attack Potential Index (AVPI), Compliance-Security Gap Percentage (CSGP), and Root Cause Vulnerability Score (RCVS). Our analysis identifies 136 concerns across the frameworks, exposing significant gaps. NIST fails to address 69.23 percent of identified risks, ALTAI has the highest attack vector vulnerability (AVPI = 0.51) and the ICO Toolkit has the largest compliance-security gap, with 80.00 percent of high-risk concerns remaining unresolved. Root cause analysis highlights under-defined processes (ALTAI RCVS = 033) and weak implementation guidance (NIST and ICO RCVS = 0.25) as critical weaknesses. These findings emphasize the need for stronger, enforceable security controls in AI compliance. We offer targeted recommendations to enhance security posture and bridge the gap between compliance and real-world AI risks.

Karthik Viswanathan, Abbas Yazdinejad

There is a growing need for authentication methodology in virtual reality applications. Current systems assume that the immersive experience technology is a collection of peripheral devices connected to a personal computer or mobile device. Hence there is a complete reliance on the computing device with traditional authentication mechanisms to handle the authentication and authorization decisions. Using the virtual reality controllers and headset poses a different set of challenges as it is subject to unauthorized observation, unannounced to the user given the fact that the headset completely covers the field of vision in order to provide an immersive experience. As the need for virtual reality experiences in the commercial world increases, there is a need to provide other alternative mechanisms for secure authentication. In this paper, we analyze a few proposed authentication systems and reached a conclusion that a multidimensional approach to authentication is needed to address the granular nature of authentication and authorization needs of a commercial virtual reality applications in the commercial world.

Reza M. Parizi, Sajad Homayoun, Abbas Yazdinejad et al.

Blockchains are turning into decentralized computing platforms and are getting worldwide recognition for their unique advantages. There is an emerging trend beyond payments that blockchains could enable a new breed of decentralized applications, and serve as the foundation for Internet's security infrastructure. The immutable nature of the blockchain makes it a winner on security and transparency; it is nearly inconceivable for ledgers to be altered in a way not instantly clear to every single user involved. However, most blockchains fall short in privacy aspects, particularly in data protection. Garlic Routing and Onion Routing are two of major Privacy Enhancing Techniques (PETs) which are popular for anonymization and security. Garlic Routing is a methodology using by I2P Anonymous Network to hide the identity of sender and receiver of data packets by bundling multiple messages into a layered encryption structure. The Onion Routing attempts to provide lowlatency Internet-based connections that resist traffic analysis, deanonymization attack, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). As there are a few controversies over the rate of resistance of these two techniques to privacy attacks, we propose a PET-Enabled Sidechain (PETES) as a new privacy enhancing technique by integrating Garlic Routing and Onion Routing into a Garlic Onion Routing (GOR) framework suitable to the structure of blockchains. The preliminary proposed GOR aims to improve the privacy of transactions in blockchains via PETES structure.