Selected Publications
You can also find all of my articles on the Google Scholar profile.
Published in IEEE Transactions on Big Data, 2022
Preserving the data privacy and security of AI-based applications is of utmost importance. In this respect, a modelling technique for identifying potential data privacy threats and specifying countermeasures to mitigate the related vulnerabilities in such AI-based systems plays a significant role in preserving and securing personal data. Various threat modelling techniques have been proposed such as STRIDE, LINDDUN, and PASTA but none of them is sufficient to model the data privacy threats in autonomous systems. Furthermore, they are not designed to model compliance with data protection legislation like the EU/UK General Data Protection Regulation (GDPR), which is fundamental to protecting data owners privacy as well as to preventing personal data from potential privacy-related attacks. In this article, we survey the existing threat modelling techniques for data privacy threats in autonomous systems and then analyse such techniques from the viewpoint of GDPR compliance.
Download here
Published in Elsevier Future Generation Computer Systems, 2021
Blockchain technology has been envisaged to commence an era of decentralised applications and services (DApps) without the need for a trusted intermediary. Such DApps open a marketplace in which services are delivered to end-users by contributors which are then incentivised by cryptocurrencies in an automated, peer-to-peer, and trustless fashion. However, blockchain, consolidated by smart contracts, only ensures on-chain data security, autonomy and integrity of the business logic execution defined in smart contracts. It cannot guarantee the quality of service of DApps, which entirely depends on the services performance. Thus, there is a critical need for a trust system to reduce the risk of dealing with fraudulent counterparts in a blockchain network. These reasons motivate us to develop a fully decentralised trust framework deployed on top of a blockchain platform, operating along with DApps in the marketplace to demoralise deceptive entities while encouraging trustworthy ones. The trust system works as an underlying decentralised service providing a feedback mechanism for end-users and maintaining trust relationships among them in the ecosystem accordingly.
Download here
Published in Elsevier Computers and Security (CoSE), 2020
Federated learning (FL) emerges as a prospective solution that facilitates distributed collaborative learning without disclosing original training data whilst naturally complying with the GDPR. Recent research has demonstrated that retaining data and computation on-device in FL is not sufficient enough for privacy-guarantee. This article is dedicated to surveying on the state-of-the-art privacy-preserving techniques which can be employed in FL in a systematic fashion, as well as how these techniques mitigate data security and privacy risks.
Download here
Published in IEEE International Symposium on Network Computing and Applications (NCA), 2019
The emerging blockchain technology has enabled various decentralised applications in a trustless environment without relying on a trusted intermediary. However, when utilising Blockchain for developing a personal data management system, fictions have occurred in existing approaches and been promulgated in the literature. Such fictions are theoretically doable; unfortunately, by thoroughly breaking down consensus protocols and transaction validation processes, we clarify that such existing approaches are either impractical or highly inefficient due to the natural limitations of the blockchain and Smart Contracts technologies. This encourages us to propose a feasible solution in which such fictions are reduced by designing a novel system architecture with a blockchain-based proof of permission protocol.
Download here
Published in IEEE Transactions on Information Forensics and Security (TIFS), 2019
The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of GDPR-compliance, handled by a supervisory authority, is irregularly conducted; it is challenging to be certified that a service provider has been continuously adhering to the GDPR. Furthermore, it is beyond the capability of the dat owners to perceive whether a service provider complies with the GDPR and effectively protects her personal data. This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies.
Download here
Published in IEEE International Symposium on Network Computing and Applications (NCA), 2019
The emerging Blockchain (BC) and Distributed Ledger technologies have come to impact a variety of domains, from capital market sectors to digital asset management in the Internet of Things (IoT). As a result, more and more BC-based decentralized applications for numerous cross-domain services have been developed. These applications implement specialized decentralized computer programs called Smart Contracts (SCs) which are deployed into BC frameworks. Although these SCs are open to public, it is challenging to discover and utilize such SCs for a wide range of usages from both systems and end-users because such SCs are already compiled in form of byte-codes without any associated meta-data. This motivates us to propose a solution called Semantic SC (SSC) which integrates RESTful semantic web technologies in SCs, deployed on the Ethereum Blockchain platform, for indexing, browsing and annotating such SCs. The solution also exposes the relevant distributed ledgers as Linked Data for enhancing the discovery capability.
Download here
Published in IEEE Transactions on Information Forensics and Security (TIFS), 2019
Mobile crowd-sensing (MCS) has appeared as a prospective solution for large-scale data collection, leveraging built-in sensors and social applications in mobile devices that enables a variety of Internet of Things (IoT) services. However, the human involvement in MCS results in a high possibility for unintentionally contributing corrupted and falsified data or intentionally spreading disinformation for malevolent purposes, consequently undermining IoT services. Therefore, recruiting trustworthy contributors plays a crucial role in collecting high-quality data and providing a better quality of services while minimizing the vulnerabilities and risks to MCS systems. In this paper, a novel trust model called experience-reputation (E-R) is proposed for evaluating trust relationships between any two mobile device users in an MCS platform.
Download here
Published in 2015 IFIP/IEEE Integrated Network Management (IM) Symposium, 2015
Although Vehicular Adhoc Networks (VANETs) are deployed in reality offering several services, the current architecture has been facing many difficulties in deployment and management because of poor connectivity, less scalability, less flexibility and less intelligence. We propose a new VANET architecture called FSDN which combines two emergent computing and network paradigm Software Defined Networking (SDN) and Fog Computing as a prospective solution. SDN-based architecture provides flexibility, scalability, programmability and global knowledge while Fog Computing offers delay-sensitive and location-awareness services which could be satisfy the demands of future VANETs scenarios. We figure out all the SDN-based VANET components as well as their functionality in the system. We also consider the system basic operations in which Fog Computing are leveraged to support surveillance services by taking into account resource manager and Fog orchestration models.
Download here
