Mohammed Abdulridha Hussain
@uobasrah.edu.iq
Computer Science Department / College of Education for Pure Sciences
University of Basrah
EDUCATION
Ph.D in Computer Engineer / Network Security
RESEARCH INTERESTS
Network Security
Cloud security
Networking
Data Security
Web
Scopus Publications
Scopus Publications
Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, Ahmed Ali Ahmed, Junchao Ma, Mustafa A. Al Sibahee, Mohammed Abdulridha Hussain, Zaid Alaa Hussien, Ali Hasan Ali, Abdulla J. Y. Aldarwish, and Husam A. Neamah
Springer Science and Business Media LLC
Duaa Sameer Zhraw, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, Ali Hasan Ali, and Husam A. Neamah
Mesopotamian Academic Press
Man-in-the-Middle (MITM) attacks reduce Hypertext Transfer Protocol Secure (HTTPS) to Hypertext Transfer Protocol (HTTP), compromising network communications to potential exploitation. Attackers exploit application-layer vulnerabilities, and the attack often occurs on LAN. This study addresses the problem by introducing a Uniform Resource Locator (URL) protection mechanism that combines encryption with secure key exchange. A browser built with Python and PyQt5 encrypts URLs before transmission. The router decrypts, processes, re-encrypts, and returns data securely. The Diffie–Hellman algorithm generates a new session key for each connection, and the Advanced Encryption Standard with Galois Counter Mode (AES-GCM) technique to encrypt. The system was tested in a VMware host-only environment under four scenarios: normal use, active attacker, system-only, and active attacker with the system enabled. Packet capture and timing analysis evaluated security and performance. The scheme achieved a 100% prevention rate against HTTPS downgrades. Intercepted traffic appeared as unreadable ciphertext. Average execution time increased from 0.05 seconds to 0.11 seconds due to encryption, but it did not affect stability. This research improves application-layer security independently and offers a concrete defense against MITM stripping attacks. In conclusion, the proposed methodology provides a pragmatic and effective strategy for protecting URL traffic in vulnerable local network environments.
Duaa Sameer Zhraw, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, and Abdulla J. Y. Aldarwish
Springer Nature Switzerland
Huda Kamil Abdali, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, and Vincent Omollo Nyangaresi
Engineering, Technology & Applied Science Research
E-Government is used to provide various services to citizens via an online portal and is currently available in many countries. Current e-government technology is supported by an extensive, centrally controlled database and a collection of applications linked to it through web interfaces. However, e-government depends too much on centralization. E-government services store sensitive data about citizens, making them particularly vulnerable to cyberattacks, data breaches, and access control. Therefore, alternative techniques should be developed to protect sensitive data and ensure secure storage in e-government platforms. This study proposes a safe and distributed electronic system for e-government based on blockchain technology to protect sensitive data from breaches. This system uses advanced encryption methods, including Lightweight Encryption Device (LED) and Elliptic-Curve Cryptography (ECC), to protect transmitted data. The proposed system employs a two-layer encryption approach to secure user data. The first layer utilizes the LED algorithm with a randomly generated key, and the second employs the ECC algorithm with a public key obtained from the blockchain server to enhance user data security and privacy. The proposed system allows data to be disseminated across many networks, retrieves and synchronizes data in case of unauthorized changes, and restores them to their original form. Experimental results showed that the proposed system takes an average of 0.05 seconds to complete the login process for five successful login attempts, confirming the effectiveness of the proposed approach in the execution of login procedures. The effectiveness of this system in resisting different attack types was verified through formal and informal security analyses and simulations based on the Scyther tool.
Batool Mohammed Radhi, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, and Vincent Omollo Nyangaresi
IEEE
The proliferation of the internet of things (IoT) has led to the emergence of a wide range of intelligent devices, creating a broad domain with significant security concerns. These concerns impose a high level of security; unfortunately, IoT devices usually have limited resources in terms of little memory, low computing power, and a short battery life. Therefore, IoT application developers must use lightweight cryptographic tools to achieve a trade-off between performance and security. The storage and high computation capacity of cloud computing is often exploited to manage the vast amount of data produced by such gadgets. Some methods still suffer from attacks, and others cannot achieve low complexity. We propose a secure and low-complexity system for smart buildings in transferring data between the local server, the cloud, and users authorized by the owner. The LED encryption algorithm, which is lightweight and requires limited resources and less energy, was used to create a mobile application system characterized by confidentiality, authentication, and privacy. For further security, the owner's biometrics were used and derived as the key to decrypt data from the cloud. We have leveraged Dragonfly authentication technology to transfer data from the local server to the users. The owner can add authorized persons in the cloud database and local server to enjoy using the application. Moreover, we successfully balance security complexity and performance in our work. As a result, we achieve good results with a computation cost of 0.281 s and a communication cost of 1472 $bit$.
Batool Mohammed Radhi, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, and Abdulla J. Y. Aldarwish
Springer Nature Switzerland
Huda Kamil Abdali, Mohammed Abdulridha Hussain, Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, and Abdulla J. Y. Aldarwish
Springer Nature Switzerland
Hiba Nasser and Mohammed Hussain
University of Basrah - College of Engineering
Address Resolution Protocol (ARP) is used to resolve a host’s MAC address, given its IP address. ARP is stateless, as there is no authentication when exchanging a MAC address between the hosts. Hacking tactics using ARP spoofing are constantly being abused differently; many previous studies have prevented such attacks. However, prevention requires modification of the underlying network protocol or additional expensive equipment, so applying these methods to the existing network can be challenging. In this paper, we examine the limitations of previous research in preventing ARP spoofing. In addition, we propose a defense mechanism that does not require network protocol changes or expensive equipment. Before sending or receiving a packet to or from any device on the network, our method checks the MAC and IP addresses to ensure they are correct. It protects users from ARP spoofing. The findings demonstrate that the proposed method is secure, efficient, and very efficient against various threat scenarios. It also makes authentication safe and easy and ensures data and users’ privacy, integrity, and anonymity through strong encryption techniques.
Meqdam Mohammed, Zakariya Oraibi, and Mohammed Hussain
University of Basrah - College of Engineering
Advancements in internet accessibility and the affordability of digital picture sensors have led to the proliferation of extensive image databases utilized across a multitude of applications. Addressing the semantic gap between low-level attributes and human visual perception has become pivotal in refining Content-Based Image Retrieval (CBIR) methodologies, especially within this context. As this field is intensely researched, numerous efficient algorithms for CBIR systems have surfaced, precipitating significant progress in the artificial intelligence field. In this study, we propose employing a hard voting ensemble approach on features derived from three robust deep learning architectures: Inception, Exception, and Mobilenet. This is aimed at bridging the divide between low-level image features and human visual perception. The Euclidean method is adopted to determine the similarity metric between the query image and the features database. The outcome was a noticeable improvement in image retrieval accuracy. We applied our approach to a practical dataset named CBIR 50, which encompasses categories such as mobile phones, cars, cameras, and cats. The effectiveness of our method was thereby validated. Our approach outshone existing CBIR algorithms with superior accuracy (ACC), precision (PREC), recall (REC), and F1-score (F1-S), proving to be a noteworthy addition to the field of CBIR. Our proposed methodology could be potentially extended to various other sectors, including medical imaging and surveillance systems, where image retrieval accuracy is of paramount importance.
Zaid Ameen Abduljabbar, Vincent Omollo Nyangaresi, Hend Muslim Jasim, Junchao Ma, Mohammed Abdulridha Hussain, Zaid Alaa Hussien, and Abdulla J. Y. Aldarwish
MDPI AG
Precision agriculture encompasses automation and application of a wide range of information technology devices to improve farm output. In this environment, smart devices collect and exchange a massive number of messages with other devices and servers over public channels. Consequently, smart farming is exposed to diverse attacks, which can have serious consequences since the sensed data are normally processed to help determine the agricultural field status and facilitate decision-making. Although a myriad of security schemes has been presented in the literature to curb these challenges, they either have poor performance or are susceptible to attacks. In this paper, an elliptic curve cryptography-based scheme is presented, which is shown to be formally secure under the Burrows–Abadi–Needham (BAN) logic. In addition, it is semantically demonstrated to offer user privacy, anonymity, unlinkability, untraceability, robust authentication, session key agreement, and key secrecy and does not require the deployment of verifier tables. In addition, it can withstand side-channeling, physical capture, eavesdropping, password guessing, spoofing, forgery, replay, session hijacking, impersonation, de-synchronization, man-in-the-middle, privileged insider, denial of service, stolen smart device, and known session-specific temporary information attacks. In terms of performance, the proposed protocol results in 14.67% and 18% reductions in computation and communication costs, respectively, and a 35.29% improvement in supported security features.
Meqdam A. Mohammed, Zakariya A. Oraibi, and Mohammed Abdulridha Hussain
IEEE
This paper introduces a deep learning approach to efficiently retrieve images using a robust deep features extracted from VGG-19 architecture. Our work involves fine-tuning this pre-trained network to adapt it to our dataset by replacing the final layers, we can then train the network so that it learns feature representation for the content based image retrieval task. After applying transfer learning, then, the new network is trained on our dataset after performing augmentation to the set of training images to increase the number of images in order to improve the training accuracy. Augmentation techniques involve using shifting, shearing, and flipping to the original input images. Finally, features are extracted from the ‘fc7’ layer that has 4096 bins for each input image. Euclidean distance is applied to calculate the closest distance between the query image and the features database. Experiments are conducted on a standard dataset called Corel-1k with 1000 images and 10 different categories. Results show that our approach generates high precision accuracy that outperforms traditional image retrieval methods and is in level with deep learning based methods.
Vincent Omollo Nyangaresi, Zaid Ameen Abduljabbar, Keyan Abdul-Aziz Mutlaq, Mohammed Abdulridha Hussain, and Zaid Alaa Hussien
Springer Nature Singapore
Zaid Alaa Hussien, Husam A. Abdulmalik, Mohammed Abdulridha Hussain, Vincent Omollo Nyangaresi, Junchao Ma, Zaid Ameen Abduljabbar, and Iman Qays Abduljaleel
MDPI AG
The information obtained from external sources within the cloud and the resulting computations are not always reliable. This is attributed to the absence of tangible regulations and information management on the part of the information owners. Although numerous techniques for safeguarding and securing external information have been developed, security hazards in the cloud are still problematic. This could potentially pose a significant challenge to the effective adoption and utilization of cloud technology. In terms of performance, many of the existing solutions are affected by high computation costs, particularly in terms of auditing. In order to reduce the auditing expenses, this paper proposes a well-organised, lightweight system for safeguarding information through enhanced integrity checking. The proposed technique implements a cryptographic hash function with low-cost mathematic operations. In addition, this paper explores the role of a semi-trusted server with regard to smart device users. This facilitates the formal management of information prior to distribution through the IoT-cloud system. Essentially, this facilitates the validation of the information stored and exchanged in this environment. The results obtained show that the proposed system is lightweight and offers features such as a safeguarding capability, key management, privacy, decreased costs, sufficient security for smart device users, one-time key provision, and high degree of accuracy. In addition, the proposed method exhibits lower computation complexity and storage expenses compared with those of other techniques such as bilinear map-based systems.
Mohammed Abdulridha Hussain, Zaid Alaa Hussien, Zaid Ameen Abduljabbar, Junchao Ma, Mustafa A. Al Sibahee, Sarah Abdulridha Hussain, Vincent Omollo Nyangaresi, and Xianlong Jiao
Elsevier BV
Hiba Imad Nasser and Mohammed Abdulridha Hussain
Institute of Advanced Engineering and Science
Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.
Iman Khazal and Mohammed Hussain
University of Basrah - College of Engineering
Cross-Site Scripting (XSS) is one of the most common and dangerous attacks. The user is the target of an XSS attack, but the attacker gains access to the user by exploiting an XSS vulnerability in a web application as Bridge. There are three types of XSS attacks: Reflected, Stored, and Dom-based. This paper focuses on the Stored-XSS attack, which is the most dangerous of the three. In Stored-XSS, the attacker injects a malicious script into the web application and saves it in the website repository. The proposed method in this paper has been suggested to detect and prevent the Stored-XSS. The prevent Stored-XSS Server (PSS) was proposed as a server to test and sanitize the input to web applications before saving it in the database. Any user input must be checked to see if it contains a malicious script, and if so, the input must be sanitized and saved in the database instead of the harmful input. The PSS is tested using a vulnerable open-source web application and succeeds in detection by determining the harmful script within the input and prevent the attack by sterilized the input with an average time of 0.3 seconds.
Enas Wahab Abood, Zaid Ameen Abduljabbar, Mustafa A. Al Sibahee, Mohammed Abdulridha Hussain, and Zaid Alaa Hussien
Institute of Advanced Engineering and Science
One of the things that must be considered when establishing a data exchange connection is to make that communication confidential and hide the file’s features when the snoopers intercept it. In this work, transformation (encoding) and steganography techniques are invested to produce an efficient system to secure communication for an audio signal by producing an efficient method to transform the signal into a red–green–blue (RGB) image. Subsequently, this image is hidden in a cover audio file by using the least significant bit (LSB) method in the spatial and transform domains using discrete wavelet transform. The audio files of the message and the cover are in *.wav format. The experimental results showed the success of the transformation in concealing audio secret messages, as well the remarkability of the stego signal quality in both techniques. A peak signal-to-noise ratio peak signal-to-noise ratio (PSNR) scored (20-26) dB with wavelet and (81-112) dB with LSB for cover file size 4.96 MB and structural similarity index metric structural similarity index metric (SSIM) has been used to measure the signal quality which gave 1 with LSB while wavelet was (0.9-1), which is satisfactory in all experimented signals with low time consumption. This work also used these metrics to compare the implementation of LSB and WAV.
Mohammed Abdulridha Hussain, Salah H. Abbdal Refish, Mustafa S. Khalefa, Sarah Abdulridha Hussain, Zaid Alaa Hussien, Zaid Ameen Abduljabbar, and Mustafa A. Al Sibahee
ACM
Web application is the base of online businesses through the Internet. The emergence of COVID 19 forced almost every job to operate online so as to bridge the distance amongst individuals. The rapid increment in the needs of web application increases security threats on information and data. According to the Open Web Application Security Project, Structured Query Language Injection Attack (SQLIA) is a top security threat for web application. SQLIA inserts malicious code to gain access or to manipulate database information by cheating the server to bypass the code to the database, thereby causing a severe impact on web application. In this paper, permutation encoding method has been proposed to prevent SQLIA, which is based on encoding all database information using the proposed method. Initially, a special character is inserted to restrict the method from reversing. Subsequently, permutation encoding method is applied. Permutation refers to the method wherein the bit location is changed within three characters and then radix encoding is applied. Permutation is based on the primitive root value. Encoding has been used to hide permutation. The proposed method is implemented and tested using PHP and MySQL databases, where the proposal result has been compared with those of other proposal methods. The results with security analysis prove that the proposal method prevents SQLIA and protects database information.
Vincent Omollo Nyangaresi, Ayad Ibrahim, Zaid Ameen Abduljabbar, Mohammed Abdulridha Hussain, Mustafa A. Al Sibahee, Zaid Alaa Hussien, and Mudhafar Jalil Jassim Ghrabat
IEEE
Unmanned Aerial Vehicles (UAVs) convey secret data that belongs to the military, individual or organizations. As such, privacy and security protection of this data is critical. To accomplish this, many protocols have been presented based on techniques such as dynamic keys, Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC), public key cryptosystems, bilinear pairing, certificate-less group keys and Radio Frequency Identification (RFID). However, some of these schemes have long session keys and hence high computational and communication complexities, while others fail to address most pertinent attack vectors in UAV networks. In this paper, a provably secure session key agreement protocol is developed. The security analysis shows that it offers backward and forward key secrecy, strong anonymity, and can withstand impersonation, replay, privileged insider and side-channeling attacks. In terms of bandwidth requirements, the proposed protocol has the least bandwidth requirements among other related protocols. On the other hand, it requires average execution time during the key agreement and authentication phases.
Mustafa A. Al Sibahee, Songfeng Lu, Zaid Ameen Abduljabbar, Erasmus Xin Liu, Yanli Ran, Ahmed Abdulelah Jasim Al-ashoor, Mohammed Abdulridha Hussain, and Zaid Alaa Hussien
IEEE
Document integrity and origin for E2E S2S in IoTcloud have recently received considerable attention because of their importance in the real-world fields. Maintaining integrity could protect decisions made based on these message/image documents. Authentication and integrity solutions have been conducted to recognise or protect any modification in the exchange of documents between E2E S2S (smart-to-smart). However, none of the proposed schemes appear to be sufficiently designed as a secure scheme to prevent known attacks or applicable to smart devices. We propose a robust scheme that aims to protect the integrity of documents for each users session by integrating HMAC-SHA-256, handwritten feature extraction using a local binary pattern, one-time random pixel sequence based on RC4 to randomly hide authentication codes using LSB. The proposed scheme can provide users with one-time bio-key, robust message anonymity and a disappearing authentication code that does not draw the attention of eavesdroppers. Thus, the scheme improves the data integrity for a users messages/image documents, phase key agreement, bio-key management and a one-time message/image document code for each users session. The concept of stego-anonymity is also introduced to provide additional security to cover a hashed value. Finally, security analysis and experimental results demonstrate and prove the invulnerability and efficiency of the proposed scheme.
Mustafa A. Al Sibahee, Songfeng Lu, Zaid Ameen Abduljabbar, Xin Liu, Hemn Barzan Abdalla, Mohammed Abdulridha Hussain, Zaid Alaa Hussien, and Mudhafar Jalil Jassim Ghrabat
Institute of Electrical and Electronics Engineers (IEEE)
The continuous increase in the use of smart devices and the need for E2E smart2smart (S2S) services in IoT systems play effective and contemporary roles in the field of communication, and a large amount of resources is required. Thus, IoTs and cloud computing must be integrated. One of the results of this integration is the increase in the number of attacks and vulnerabilities in the E2E S2S message delivery service of such an IoT-cloud system. However, none of the traditional security solutions can be sufficiently regarded as a secure and lightweight mechanism for ensuring that the security requirements for E2E S2S message transmission in the IoT-cloud system are fulfilled. This work aims to provide an efficient and secure, lightweight E2E S2S message delivery function, which includes the E2E S2S secure key and biometric parameter exchange function, a bio-shared parameter and bio-key generation function, secure lightweight E2E S2S communication negotiation and secure E2E S2S lightweight message delivery. The secure, lightweight cryptographic communication procedure is negotiated between a pair of smart devices during each E2E session to minimize the power consumption required of limited-energy devices. Such a negotiation process prevents known attacks by providing responsive mutual authentication. Lightweight message delivery by the two smart devices can satisfy the basic security requirements of E2E communication and ensure that the computational cost required for a real-time system is as low as possible.
Zaid Ameen Abduljabbar, A. Ibrahim, M. Hussain, Zaid Alaa Hussien, M. A. A. Sibahee and Songfeng Lu
Korean Society for Internet Information (KSII)
Zaid Alaa Hussien, Zaid Ameen Abduljabbar, Mohammed Abdulridha Hussain, Mustafa A. Al Sibahee, Songfeng Lu, and Hamid A. AL-Asadi
ACM Press
People have proposed many data integrity techniques to secure data storage in cloud. The majority of these schemes assume that only the owner of the data can modify their storage in cloud. In recent years, researchers have allowed different cloud users to use integrity assurance for modifying data. As a result, schemes with stronger reality than before have been proposed. Nevertheless, these attempts are impractical due to the large computing costs for cloud users. Clients must also perform numerous computations to ensure the integrity of data storage. A robust and efficient scheme is put forward in this study to maintain data integrity in cases that involve public auditing. In this way, multiuser modification can be used to check the public integrity for cloud data and reduce the auditing cost.
The proposed scheme uses public key cryptography equipped with a proxy re-encryption and a cryptographic hash function. We allow a third-party auditor (TPA) to conduct preprocessing of data for the sake of cloud users prior to uploading these data to the cloud service providers (CSPs) and then verify the integrity of data. We also allow the TPA to perform re-encryption of data for sharing data without losing privacy. The scheme is characterised by significant security features, such as management of key, privacy, low-cost computation, exchange of key, freeing clients from burdens, failure of CSPs in creating right verifier response in absence of data and one-time key requirement. Numerical analysis and extensive experimental results verify that the proposed scheme is efficient and scalable.
Mohammed Abdulridha Hussain, Zaid Alaa Hussien, Zaid Ameen Abduljabbar, Sarah Abdulridha Hussain, and Mustafa A. Al Sibahee
IEEE
Recently, variety purposes of Internet used present a demand to embody highest levels of security in every network-connected device. This proposal strives to address a secure network connection via Secure Certificate Public Key (SCPK) to resist the Man-in-the-Middle Sniffing attack on SSL. The model aims to encrypt Certificate Public Key and authenticate between clients and servers. Drawing on our simulation, proposed key is secure, efficient and safely monitor.