Nour El Madhoun

An end-to-end approach for the detection of phishing attacks

By Badis Hammi, Tristan Billot, Danyil Bazain, Nicolas Binand, Maxime Jaen, Chems Mitta, Nour El Madhoun

2024-04-01

In Advanced information networking and applications (AINA))

Abstract

The main approaches/implementations used to counteract phishing attacks involve the use of crowd-sourced blacklists. However, blacklists come with several drawbacks. In this paper, we present a comprehensive approach for the detection of phishing attacks. Our approach uses our own detection engine which relies on Graph Neural Networks to leverage the hyperlink structure of the websites to analyze. Additionally, we offer a turnkey implementation to the end-users in the form of a Mozilla Firefox plugin.

Continue reading

New security protocols for offline point-of-sale machines

By Nour El Madhoun, Emmanuel Bertin, Mohamad Badra, Guy Pujolle

2022-03-01

In The 36th international conference on advanced information networking and applications (AINA-2022)

Abstract

EMV (Europay MasterCard Visa) is the protocol implemented to secure the communication, between a client’s payment device and a Point-of-Sale machine, during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the “offline” connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool.

Continue reading

Current trends in blockchain implementations on the paradigm of public key infrastructure: A survey

By Daniel Maldonado-Ruiz, Jenny Torres, Nour El Madhoun, Mohamad Badra

2022-01-01

In IEEE Access

Abstract

Since the emergence of the Bitcoin cryptocurrency, the blockchain technology has become the new Internet tool with which researchers claim to be able to solve any existing online problem. From immutable log ledger applications to authorisation systems applications, the current technological consensus implies that most of Internet problems could be effectively solved by deploying some form of blockchain environment. Regardless this ’consensus’, there are decentralised Internet-based applications on which blockchain technology can actually solve several problems and improve the functionality of these applications. The development of these new blockchain-based solutions is grouped into a new paradigm called Blockchain 3.0 and its concepts go far beyond the well-known cryptocurrencies. In this paper, we study the current trends in the application of blockchain on the paradigm of Public Key Infrastructures (PKI). In particular, we focus on how these current trends can guide the exploration of a fully Decentralised Identity System, with blockchain as be part of the core technology.

Continue reading

A secure blockchain-based architecture for the COVID-19 data network

By Darine Al-Mohtar, Amani Ramzi Daou, Nour El Madhoun, Rachad Maallawi

2021-10-01

In 2021 5th cyber security in networking conference (CSNet)

Abstract

The COVID-19 pandemic has impacted the world economy and mainly all activities where social distancing cannot be respected. In order to control this pandemic, screening tests such as PCR have become essential. For example, in the case of a trip, the traveler must carry out a PCR test within 72 hours before his departure and if he is not a carrier of the COVID-19, he can therefore travel by presenting, during check-in and boarding, the negative result sheet to the agent. The latter will then verify the presented sheet by trusting: (a) the medical biology laboratory, (b) the credibility of the traveler for not having changed the PCR result from “positive to negative”. Therefore, this confidence and this verification are made without being based on any mechanism of security and integrity, despite the great importance of the PCR test results to control the COVID-19 pandemic. Consequently, we propose in this paper a blockchain-based decentralized trust architecture that aims to guarantee the integrity, immutability and traceability of COVID-19 test results. Our proposal also aims to ensure the interconnection between several organizations (airports, medical laboratories, cinemas, etc.) in order to access COVID-19 test results in a secure and decentralized manner.

Continue reading

An innovative and decentralized identity framework based on blockchain technology

By Daniel Maldonado-Ruiz, Jenny Torres, Nour El Madhoun, Mohamad Badra

2021-04-01

In 11th IFIP international conference on new technologies, mobility and security (NTMS)

Abstract

Network users usually need a third party validation to prove that they are who they claim to be. Authentication systems mostly assume the existence of a Trusted Third Party (TTP) in the form of a Certificate Authority (CA) or as an authentication server. However, relying on a TTP implies that users do not directly manage their identities, but delegate this role to a third party. This intrinsic issue can generate trust concerns (e.g., identity theft), as well as privacy concerns towards the third party. The main objective of this research is to present an autonomous and independent solution where users can store their self created credentials without depending on TTPs. To this aim, the use of an TTP autonomous and independent network is needed, where users can manage and assess their identities themselves. In this paper, we propose the framework called Three Blockchains Identity Management with Elliptic Curve Cryptography (3BI-ECC). With our proposed framework, the users’ identities are self-generated and validated by their owners. Moreover, it allows the users to customize the information they want to share with third parties.

Continue reading

3BI-ECC: A decentralized identity framework based on blockchain technology and elliptic curve cryptography

By Daniel Maldonado-Ruiz, Jenny Torres, Nour El Madhoun

2020-09-01

In 2020 2nd conference on blockchain research & applications for innovative networks and services (BRAINS)

Abstract

Most of the authentication protocols assume the existence of a Trusted Third Party (TTP) in the form of a Certificate Authority or as an authentication server. The main objective of this research is to present an autonomous solution where users could store their credentials, without depending on TTPs. For this, the use of an autonomous network is imperative, where users could use their uniqueness in order to identify themselves. We propose the framework “Three Blockchains Identity Management with Elliptic Curve Cryptography (3BI-ECC)”. Our proposed framework is a decentralize identity management system where users’ identities are self-generated.

Continue reading

Search

Tags