Mehmet Ufuk Çağlayan

Bogazici University · Department of Computer Engineering

This article summarizes some of the research contributions of several EU Projects including NEMESYS, GHOST, KONFIDO, SDK4ED, SerIoT and IoTAC, primarily with a cybersecurity and Machine Learning orientation. The subjects covered include the cybersecurity of Mobile Networks and of the Internet of Things (IoT), the design of IoT Gateways and their pe...

This paper reviews research from several EU Projects that have addressed cybersecurity using techniques based on Machine Learning, including the security of Mobile Networks and the Internet of Things (IoT). These research projects have considered IoT Gateways and their design, security and performance, the security of digital health systems that ar...

The International Symposia on the Modelling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS) have a 28 year-long distinguished record, and we introduce the papers that were presented at the MASCOTS 2020 workshop. We also briefly review recent work of one of the founders of this series and organizer of this year’s confere...

Dynamic group key agreement protocols are cryptographic primitives to provide secure group communications in decentralized and dynamic networks. Such protocols provide additional operations to update the group key while adding new participants into the group and removing existing participants from the group without re-executing the protocol from th...

Quality of Service (QoS) aware routing is an ongoing and major problem for traditional networks since they are not able to manage network traffic for immense variety of users due to their inflexible and static architectures. Software Defined Networking (SDN) has emerged to remove these limitations by separating the control plane and the data plane...

We present a brief summary of the papers that were presented at the Security Workshop 2018 of the International Symposium on Computer and Information Sciences (ISCIS) that was held on February 26, 2018 at Imperial College, London. These papers are primarily based on several research projects funded by the European Commission. The subjects that are...

Mobile ad hoc networks have been used in many application areas such as sensors, file sharing and vehicle-to-vehicle communications. Providing secure communications among the users in such networks is a significant issue. Group key agreement protocols are frequently used to provide security in mobile ad hoc networks. There is a number of problems r...

The essence of dynamic group key agreement protocols is to help compute a secure key for a group communication with a dynamic set of participants in distributed systems. In dynamic group key agreement protocols, the number of participants may change over time because of participants leaving or joining the group. The security of such join and leave...

With the pervasive use of communications technologies, security of multiparty communication systems becomes crucial more than ever. However, providing a secure communication in distributed and dynamic networks is a challenging issue. Dynamic group key agreement protocols are one of the best candidates to overcome this issue. In dynamic group key ag...

Because credit card fraud costs the banking sector billions of dollars every year, decreasing the losses incurred from credit card fraud is an important driver for the sector and end-users. In this paper, we focus on analyzing cardholder spending behavior and propose a novel cardholder behavior model for detecting credit card fraud. The model is ca...

This paper introduces a special issue of this journal (Probability in the Engineering and Informational Sciences) that is devoted to G(elenbe)-Networks and their Applications. The special issue is based on revised versions of some of the papers that were presented at a workshop held in early January 2017 at the Séminaire Saint-Paul in Nice (France)...

Introduction to the Special Section - Volume 25 Issue 2 - Mehmet Ufuk Çag̃layan

As a natural consequence of the multibillion dollar annual losses incurred as a result of credit card fraud, banks attach great importance to credit card fraud detection. In this paper, we proposed the use of six known models, namely, decision tree, random forest, Bayesian network, Naïve Bayes, support vector machine, and K* models, to form an ense...

Mobile systems interact with many autonomous entities and multiple services that provide a ubiquitous environment for societies. In this environment, trust to security is a challenging issue. Entities and services have unpredictable behaviors therefore conventional trust models have limited accuracy for security related computations due to static n...

We focus on Erol Gelenbe's scientific and technical contributions to probability models in the computer and information sciences, but limit our survey to the last fifteen years. We start with a brief overview of his work as a single author, as well as his work in collaboration with over 200 co-authors. We discuss some of his recent and innovative w...

zet: Grup Anahtar Anlaşması Protokollerinin kablosuz algılayıcı ağları (KAA) üzerinde çeşitli uygulamaları bulunmasına rağmen bu uygulamaların gerçek hayatta yalnızca birkaç örneği bulunmaktadır. KAA'lar için önerilen anahtar değişim şemalarının çoğu olasılıksal ön anahtar değişimi yaklaşımına dayanmaktadır. Bu çalışmada geleneksel grup anahtar değ...

In this study, we present a lightweight context-aware security system for wireless Internet access. Our system consists of an Android mobile application and a web browser plug-in called G&ALF. Android application is used to retrieve the public configuration parameters of available wireless connections, evaluate the context and assess the security l...

The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of tags. Some proposals use a tree-based approach to solve the search efficiency problem. The tree-ba...

We celebrate the 30th annual ISCIS (International Symposium on Computer and Information Sciences) that Erol Gelenbe started in 1986 and pursued each year since then uninterruptedly as a service to the Turkish Computer Science and Engineering Community. We also outline his scientific contributions and wide collaborations over the last fifteen years...

Because of its low cost and ease of deployment, radio frequency identification (RFID) technology offers great potential for all applications that require identification. Main obstacle for wide adoption of this technology is the concerns about its security and privacy issues. Many RFID authentication protocols have been proposed to provide desired s...

The pervasive usage of the Internet has made secure group communications a significant issue. Conference-key agreement protocols provide secure group communications with lower computational cost. Providing key agreements and updates of dynamic groups in an efficient manner is a significant challenge for conference-key agreement protocols. Auxiliary...

Internet of Things (IoT) emerges as a global network in which any things (including humans and the real world things) having unique identifier can communicate each other. The RFID system has very important role in the IoT system for solving the identification issues of things cost-effectively. However, RFID systems have serious security and privacy...

Özet: Kablosuz algılayıcı ağları, kısıtlı enerji, hesaplama ve iletişim kabiliyetine sahip cihazlardan oluştuğu için, geleneksel ağlarda kullanılan güvenlik tekniklerinin doğrudan uygulanamayacağı yaygın bir şekilde kabul görmektedir. Teknolojideki son gelişmeler ile birlikte algılayıcı cihazların yetenekleri önemli ölçüde gelişmiştir. Bu çalışmada...

Information system security is receiving increasing attention every day because a security problem can cause serious financial loss or even loss of lives. Some of these security problems occur as a result of poor design practices, where important security functionality is not designed properly and is directly implemented later in the development cy...

The expansive connectivity of emerging information systems has set the stage for pervasive access to healthcare services via e-health systems for selecting the best possible healthcare services. Emerging systems are expected to be highly dynamic open environments connecting diverse number of healthcare services and autonomous entities that are auto...

We present XFPM-RBAC (XML-based formal policy language for mobility with role-based access control), an XML-based specification language for specification of domain and interdomain security policies with location and mobility constraints based on role-based access control. XFPM-RBAC supports specification of locations, mobility, interdomain access...

Security is a challenging issue in Vehicular Ad-hoc Networks since entities in the networks generally use insecure channels to communicate with each other, where key agreements are a major challenge. Actually, there exist several security constraints in vehicle to infrastructure communication and vehicle-to-vehicle communications. In this paper, we...

Obtaining sufficient information is a significant issue to compute trust about a security system in cyber space. In existing approaches, an entity considers only its experiences about a service and recommendations about the security system of the service. Such approaches are not adequate for critical services in cyber space since trust computations...

The pervasive usage of the Internet has made secure group communications a significant issue. Conference key agreement protocols provide secure group communications against some attacks with lower computational cost in the Internet. However, forward secrecy is a challenging issue in the existing protocols, where it is preserved either the long-term...

Oturum anahtarları, kriptografide, bir oturuma katılan katılımcıların güvenli bir şekilde iletişim kurabilmesi için kullanılır. Bu anahtarlar, anahtar kurma protokolleri kullanarak elde edilir. Eğer oturumdaki katılımcı sayısı ikiden fazla ise o zaman, anahtar kurma protokolleri, konferans ya da grup anahtarı kurma protokolleri olarak adlandırılırl...

zet: Kullanıcıların iletişimde olduğu web-servisleri, diğer web-servisleri ile gerektiğinde doğrudan bilgi alışverişi yapabilirler. Web-servisleri arasındaki güven yayılımı, kullanıcının kullandığı web servisine olan güvenin belirlenmesinde önemli bir etkendir. Bu araştırmanın amacı web servisleri arasındaki güven yayılımının biçimsel bir model ola...

For the formal verification of security in mobile networks, a requirement is that security policies associated with mobility and location constraints are formally specified and verified. For the formal specification and verification of security policies, formal methods ensure that a given network configuration that includes certain network elements...

Mobile users present challenges for security in multi-domain mobile networks. The actions of mobile users moving across security domains need to be specified and checked against domain and inter-domain policies. We propose a new formal security policy model for multi-domain mobile networks, called FPM-RBAC, Formal Policy Model for Mobility with Rol...

A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile terminals, connected by wireless links. In such environments, delivering communication guarantees has hardly been achieved by any protocol in its entirety. In this work, we model the secure on-demand routing protocol Ariadne, in order to verify one of its powerful security prop...

The issue of trust is a research problem in emerging open environments, such as ubiquitous networks. Such environments are highly dynamic and they contain diverse number of services and autonomous entities. Entities in open environments have different security needs from services. Trust computations related to the security systems of services neces...

In this paper, we propose a privacy-preserving authentication scheme for RFID systems with fast lookup time. Our solution is based on the use of Physically Unclonable Functions (PUFs). Although there are many proposals that addresses the security and privacy issues of RFID, the search efficiency still remains as a challenging issue. A first tree ba...

There are numerous works on the privacy and the security problems for RFID systems. However, many of them have failed due to the lack of formal security proof. In the literature, there are a few formal models that consider forward untraceability. In ASIACRYPT 2007, Vaudenay presented an new security and privacy model for RFID that combines early mo...

In this paper, we analyze the security of the lightweight RFID mutual authentication protocol called the GA protocol. It is claimed that the GA protocol provides data confidentiality, integrity, tag anonymity and untraceability of tags and also prevents replay attacks, man-in-the-middle attacks as well as impersonating the parties. We show that an...

In this paper, we analyze the security of the lightweight RFID mutual authentication protocol called SLAP proposed by Godor et al. at Globecom 2008. It is claimed that SLAP can resist the well-known attacks and does not demand high computational capacity. We present server impersonation attacks against SLAP in which an adversary that does not know...

Verification of security for mobile networks requires specification and verification of security policies in multiple-domain environments. Mobile users present challenges for specification and verification of security policies in such environments. Formal methods are expected to ensure that the construction of a system adheres to its specification....

Service oriented environments are computer network systems that are highly dynamic and change with time. Entities in such environments have different security needs from services. Management of security information in dynamic environments with multiple entities, each with its own changing needs, is a complex task. The complexity mainly arises from...

In this paper, we analyze storage awareness RFID authentication protocol based on sparse tree structure (SAPA), which provides backward untraceability and reduces the space for storing key sequence. We discover that SAPA does not provide location and information privacy between successful authentication sessions and does not resist denial of servic...

In this paper, we analyze the security of the lightweight RFID mutual authentication protocol called the GA protocol. It is claimed that the GA protocol provides data confidentiality, integrity, tag anonymity and untraceability of tags and also prevents replay attacks, man-in-the-middle attacks as well as impersonating the parties. We show that an...

Security is one of the main issues to adopt RFID technology in daily use. Due to resource constraints of RFID systems, it is very restricted to design a private authentication protocol based on existing cryptographic functions. In this paper, we propose a new RFID authentication protocol. The proposed protocol provides better protection against pri...

We investigate trust relationships between and within a security policy and a security mechanism to assess system trust of software application. It has been recognized that trust assessment of security systems in dynamic environments with multiple entities, each with its own changing needs from the security mechanisms, is a complex task. In this pa...

In this paper, we propose a method for formal specification of security policies of multi-domain mobile networks with roaming users. Multi-domain mobile networks are characterized by multiple administrative domains, roaming users and different security policies. We are interested in formal specification of authorization policies. We are especially...

In this work, we give a survey on secure routing issues in MANETs, with a brief summary of the current state of the art in secure routing protocols and their resistance to known attacks. We describe formal specification and verification methods that are applicable in security property verification, especially having our focus on model checking. We...

In this paper, we consider the query slipping and its prevention in wireless sensor networks. The problem happens when a query propagating along a subscribe trajectory moves through a publish trajectory without obtaining desired information, even though two trajectories intersect geometrically. There follows resubmission of the query or initiation...

Acknowledgment based transport protocols such as TCP have low performance in satellite links, which are characterized by high latencies and high bit error rates. Low performance of TCP in satellite links is due to the fact that TCP packet losses are assumed to be the cause of congestion in the network, which turns out to be an invalid assumption fo...

For large information systems with many entities, defining and verifying information security policies manually is error-prone and cumbersome. An automated analysis is necessary to ensure that the policies are conflict-free when defined at first and as new authorization terms are added and removed. Graph theory and logic based approaches have been...

In Wide Area Networks (WANs)inconsistencies among the security policies of Administrative Domains (ADs) may cause severe security flaws. Recently, security policies are written in natural language and as they get more complicated, even for an expert it might be impossible to detect such inconsistencies. However, when a formal language is used, it m...

We briefly summarize the career of Prof. Sami Erol Gelenbe who founded the ISCIS conference series, on the occasion of his 60th birthday, and on this 20th anniversary of the ISCIS conferences.

We consider query slipping and its prevention in wireless sensor networks. The problem happens when a query propagating along a subscribe trajectory moves through a publish trajectory without obtaining the desired information, even though the two trajectories intersect geometrically. There follows resubmission of the query or initiation of another...

The fourth generation wireless networks (4G) are expected to provide ubiquitous wireless communications at high data rates and large variety of services, as their main properties will be the secure interoperability and seamless roaming among various wireless network technologies. One of the major problems of these networks is the authentication int...

We describe relay attacks on Bluetooth authentication protocol. The aim of these attacks is impersonation. The attacker does not need to guess or obtain a common secret known to both victims in order to set up these attacks, merely to relay the information it receives from one victim to the other during the authentication protocol run. Bluetooth au...

We describe relay attacks on Bluetooth authentication protocol. The aim of these attacks is impersonation. The attacker does not need to guess or obtain a common secret known to both victims in order to set up these attacks, merely to relay the information it receives from one victim to the other during the authentication protocol run. Bluetooth au...

A new group of end-to-end reliable event transfer schemes is introduced for sensor networks. In these schemes, reliable event delivery is considered rather than reliable delivery of data packets, since the ultimate goal is the detection of events in sensor networks. Reliable event transfer is critical in many applications. Therefore, the need for t...

Location area (LA) planning plays an important role in cellular networks because of the tradeoff caused by paging and registration signalling. The upper boundary for the size of an LA is the service area of a mobile services switching center (MSC). In that extreme case, the cost of paging is at its maximum but no registration is needed. On the othe...

The nested certification and the corresponding subject certificate verification methods were proposed to improve certificate path verification times. It was found that the Nested public key infrastructure (NPKI) construction model was the transition from existing public key infrastructure (PKI) and the method to realize the transition was called th...

Due to the scarcity of the spectral resources and mobility of the portables, the call attempts may be blocked during call initiation or terminated during the hand-off process. When the blocking ratio exceeds some grade of service level, the capacity of the congested cell must be replanned using the call attempt data. However, most of the time, the...

During the optimization of the Global System for Mobile Communications (GSM) network, the operations and maintenance center (OMC) measurements are of significant importance. Because of false predictions, the capacity planning of a cell may be done inaccurately. If the capacity of the cell is not adequate to handle all of the busy-hour requests, the...

Location area (LA) planning plays an important role in cellular networks because of the trade-off caused by paging and registration signaling. The upper bound on the size of an LA is the service area of a mobile switching center (MSC). In that extreme case, the cost of paging is at its maximum, but no registration is needed. On the other hand, if e...

Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as alternative to classical PKI. The NPKI formation model is a tr...

Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called nested certificate based PKI (NPKI), is proposed as an alternative to classical PKI. The NPKI formation model is a transition fr...

GSM operators work with call data that include retrials and redials as well. Based on these inflated, virtual call attempt statistics, it appears that enormous demands are put on the available spectrum. In this paper, we develop simple models to estimate the expected number of retrials and redials per original call attempt, which is used to determi...

The classical certificatesystems are computationally inefficient, since they use signature operations based on public key cryptosystems. The nested certificates(A. Levi, Design and performance evaluation of the nested certification scheme and its applications in public key infrastructures, Ph.D. Thesis, Department of Computer Engineering, Bo ˘ gazi...

Nested certificates are used to certify their subject certificates. In this way, the subject certificates can be verified via their nested certificates without using signature verification methods based on public key cryptosystems. Such a verification method is called subject certificate verification. In this paper, a subject certificate verificati...

Most of the authentication and digital signature protocols assume the existence of a trusted third party either as an authentication server or certification authority. However, such servers and authorities create both security and fault intolerance bottlenecks within the protocols. This problem can be solved by combining a secret sharing scheme wit...

This paper presents the performance enhancement for a self-routing packet network called the plane interconnected parallel network (PIPN) which exploits the properties of banyan networks for use in fast packet switches while improving the performance by alleviating the drawbacks of banyan networks especially under heterogeneous traffic requirements...

This paper presents a new self-routing packet network called the plane interconnected parallel network (PIPN). In the proposed design, the traffic arriving at the network is shaped and routed through two banyan network based interconnected planes. The interconnections between the planes distribute the incoming load more homogeneously over the netwo...

Banyan networks are frequently employed in fast packet switches and it is important to evaluate their performance under heterogeneous traffic requirements. Type-II traffic is a frequently employed heterogeneous traffic type. The authors show that to evaluate the performance of a banyan network under type-II traffic there is no need to employ more t...

The potential mismatch between benchmark scores and performance on real tasks leads us to use testbeds to compare and evaluate expert system shells. In this paper we describe our experience in testbed agent design, and our experience in integrating a testbed, Truckworld and expert system shells.

The potential mismatch between benchmark scores and performance on real tasks leads us to use testbeds to compare and evaluate expert system shells. In this paper we describe the resulting integration architecture in integrating a testbed, Truckworld and an expert system shell, CLIPS. We also propose truck agent designs.

A model for representing and analyzing the design of a distributed software system is presented. The model is based on a modified form of Petri net, and enables one to represent both the structure and the behavior of a distributed software system at a desired level of design. Behavioral properties of the design representation can be verified by tra...

Ph. D. (Computer Science)--Northwestern University, 1982. Vita.