المناصب الاكاديمية

  • 2016 2016

    Senior Lecturer محاضر

    جامعة تيناجا الوطنية - College of Engineering

  • 2014 2015

    Research Assistant مساعد باحث

    جامعة ملايا - Faculty of Computer Science & Information Technology

  • 2012 2012

    Part-time Lecturer محاضر بدوام جزئي

    جامعة البنية التحتية كوالالمبور - Faculty of Engineering and Technology Infrastructure

  • 2011 2012

    Part-time Lecturer محاضر بدوام جزئي

    جامعة المدينة العالمية - كلية الحاسب الآلي وتقنية المعلومات

المراحل الدراسية

  • Degree بكالوريوس 2003

    B.Eng. in Computer Science and Engineering

    جامعة عدن

  • Master ماجستير 2010

    M.Eng. in Communications and Computer Eng

    الجامعة الوطنية الماليزية

  • Ph.D دكتوراه 2015

    Ph.D in Electrical and Electronic Eng

    الجامعة الوطنية الماليزية

الانشطة الاكاديمية

  • 2/19/2016



    اختراع | ماليزيا | ضمن فريق | اللغة الانجليزية

  • 6/17/2013

    The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013)


    المشاركة بمؤتمر | ماليزيا | بمفردي | اللغة الانجليزية

  • 12/16/2013

    2013 IEEE Student Conference on Research and Development (SCOReD)


    المشاركة بمؤتمر | ماليزيا | بمفردي | اللغة الانجليزية

  • 11/27/2013

    Android Programming Workshop


    تقديم دورة تدريبية | ماليزيا | بمفردي | اللغة الانجليزية

  • 9/17/2015

    Reviewer for Journal of Network and Computer Applications


    محكم في مجلة | | بمفردي | اللغة الانجليزية

  • 5/27/2014

    Malaysia 3-Minute Thesis


    المشاركة بمسابقة | ماليزيا | بمفردي | اللغة الانجليزية

  • image

    Implementation of Secure Framework for Electronic Medical Records (EMRs)

    UM.C/625/1/HIR/MOHE/FCSIT/12 This project resulted in a proposal for a nationwide Health Informatio

Filter by type:

Sort by year:

The rise of keyloggers on smartphones: A survey and insight into motion-based tap inference attacks

Muzammil Hussain, Ahmed Al-Haiqi, AA Zaidan, BB Zaidan, ML Mat Kiah, Nor Badrul Anuar, Mohamed Abdulnabi
0 Pervasive and Mobile Computing, Elsevier, 25, , 2015, 1–25

Abstract | ملخص البحث

Smartphone sensing capabilities have opened new opportunities for innovative User Interface (UI) and context-aware applications. They have also opened new possibilities for potential risks to user privacy and security infiltration. Researchers have recently explored a new attack vector that exploits the built-in motion sensors to infer user taps on smartphone touchscreens. This new side channel has introduced the threat of keylogging to smartphones despite the lack of physical keyboards. In this paper, we review this type of attack and survey the leading works in the literature to highlight the underpinning motivations and threat model. We also discuss the main issues in the design and implementation of the new attack, in order to provide insights into the practicality, prospects, and limitations of the different approaches. Different countermeasures that can mitigate the rising threat are investigated, and recommendations for further research on this emerging trend are discussed. A comparative summary of the surveyed works is also presented.

The eye as a new side channel threat on smartphones

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin
0 2013 IEEE Student Conference on Research and Development SCOReD, IEEE, , , 2013, 475-479

Abstract | ملخص البحث

Eye tracking is not a new idea in human-computer interaction research. Since at least as early as 1990s, researchers have tried to utilize eye movement to drive or monitor user interaction with computers. The new idea is using eye movement tracking to breach the privacy of mobile users. In this paper, we study the feasibility of exploiting consumer-grade cameras built onto current smartphones to log eye gazes, and then estimating the keypad numbers being tapped by the user. Assuming Trojan applications with camera use permissions, this process could be implemented without the user contest or knowledge, imposing a potential new threat to the security and privacy of mobile users. Our approach does not involve machine learning methods. In these first preliminary proof-of-concept experiments, we mainly rely on a human attacker to manually analyze the collected images from the smartphone. Utilizing basic dimensionality and motion flow calculations, our results show a promising attack vector with more than 60% of taps inference accuracy.

Multi-criteria analysis for OS-EMR software selection problem: A comparative study

AA Zaidan, BB Zaidan, Muzammil Hussain, Ahmed Haiqi, ML Mat Kiah, Mohamed Abdulnabi
0 Decision Support Systems, Elsevier, 78, , 2015, 15-27

Abstract | ملخص البحث

Various software packages offer a large number of customizable features to meet the specific needs of organizations. Improper selection of a software package may result in incorrect strategic decisions and subsequent economic loss of organizations. This paper presents a comparative study that aims to evaluate and select open-source electronic medical record (OS-EMR) software based on multiple-criteria decision-making (MCDM) techniques. A hands-on study is performed, and a set of OS-EMR software are implemented locally in separate virtual machines to closely examine the systems. Several measures as evaluation bases are specified, and systems are selected based on a set of metric outcomes by using AHP integrated with different MCDM techniques, namely, WPM, WSM, SAW, HAW, and TOPSIS. Paired sample t-test is then utilized to measure the correlations among different techniques on ranking scores and orders. Findings are as follows. (1) Significant differences exist among MCDM techniques on the basis of different integrations on ranking scores, whereas no significant differences exist among them when representing the ranking scores to the ranking orders in place of the technique scale. (2) The software GNUmed, OpenEMR, OpenMRS, and ZEPRS do not differ in ranking scores/orders of experiments for all MCDM techniques presented. On the contrary, discrepancies among the ranking scores/orders are more noticeable in other software. (3) GNUmed, OpenEMR, and OpenMRS software are the most promising candidates for providing a good basis on ranking scores/orders, whereas ZEPRS is not recommended because it records the worst ranking score/order in comparison with other OS-EMR software.

Determination of DPPH free radical scavenging activity: Application of artificial neural networks

Khalid Hamid Musa, Aminah Abdullah, Ahmed Al-Haiqi
0 Food chemistry, Elsevier, 194, , 2016, 705-711

Abstract | ملخص البحث

A new computational approach for the determination of 2,2-diphenyl-1-picrylhydrazyl free radical scavenging activity (DPPH-RSA) in food is reported, based on the concept of machine learning. Trolox standard was mix with DPPH at different concentrations to produce different colors from purple to yellow. Artificial neural network (ANN) was trained on a typical set of images of the DPPH radical reacting with different levels of Trolox. This allowed the neural network to classify future images of any sample into the correct class of RSA level. The ANN was then able to determine the DPPH-RSA of cinnamon, clove, mung bean, red bean, red rice, brown rice, black rice and tea extract and the results were compared with data obtained using a spectrophotometer. The application of ANN correlated well to the spectrophotometric classical procedure and thus do not require the use of spectrophotometer, and it could be used to obtain semi-quantitative results of DPPH-RSA.

Insider Threats + Disruptive Smart Phone Technology = New Challenges to Corporate Security

Ahmed Al-Haiqi, Kasmiran Jumari, Mahamod Ismail
0 Research Journal of Applied Sciences, Medwell Journals, 8, 3, 2013, 161-166

Abstract | ملخص البحث

Wireless portable computing technology is proving itself as the ultimate disruptive technology to enterprises, and new threats have already been a concern for media and industry. Unlike most available advisories and public guidelines, the focus of this paper is on the intersection of two aspects of these new challenges; the indispensable smart phones in the hands of malicious insiders to the corporate. Many new threats could be less than obvious with the combination of these two aspects. We provide a general classification for these threats, present some challenging scenarios, and finally discuss the solutions that already had been considered or could be taken into consideration to eliminate or mitigate the new threats.

Beyond ubiquitous computing: The Malaysian HoneyBee project for innovative digital economy

Ahmed Patel, Rosdiadee Nordin, Ahmed Al-Haiqi
0 Computer Standards & Interfaces, Elsevier, 36, 5, 2014, 844-854

Abstract | ملخص البحث

In the proposed advanced computing environment, known as the HoneyBee Platform, various computing devices using single or multiple interfaces and technologies/standards need to communicate and cooperate efficiently with a certain level of security and safety measures. These computing devices may be supported by different types of operating systems with different features and levels of security support. In order to ensure that all operations within the environment can be carried out seamlessly in an ad-hoc manner, there is a need for a common mobile platform to be developed. The purpose of this long-term project is to investigate and implement a new functional layered model of the common mobile platform with secured and trusted ensemble computing architecture for an innovative Digital Economic Environment in the Malaysian context. This mobile platform includes a lightweight operating system to provide a common virtual environment, a middleware for providing basic functionalities of routing, resource and network management, as well as to provide security, privacy and a trusted environment. A generic application programming interface is provided for application developers to access underlying resources. The aim is for the developed platform to act as the building block for an ensemble environment, upon which higher level applications could be built. Considered as the most essential project in a series of related projects towards a more digital socio-economy in Malaysia, this article presents the design of the target computational platform as well as the conceptual framework for the HoneyBee project.

The landscape of research on smartphone medical apps: Coherent taxonomy, motivations, open challenges and recommendations

Muzammil Hussain, Ahmed Al-Haiqi, AA Zaidan, BB Zaidan, MLM Kiah, Nor Badrul Anuar, Mohamed Abdulnabi
0 Computer methods and programs in biomedicine, Elsevier, 122, 3, 2015, 393-408

Abstract | ملخص البحث

Objective To survey researchers’ efforts in response to the new and disruptive technology of smartphone medical apps, mapping the research landscape form the literature into a coherent taxonomy, and finding out basic characteristics of this emerging field represented on: motivation of using smartphone apps in medicine and healthcare, open challenges that hinder the utility, and the recommendations to improve the acceptance and use of medical apps in the literature. Methods We performed a focused search for every article on (1) smartphone (2) medical or health-related (3) app, in four major databases: MEDLINE, Web of Science, ScienceDirect, and IEEE Xplore. Those databases are deemed broad enough to cover both medical and technical literature. Results The final set included 133 articles. Most articles (68/133) are reviews and surveys that refer to actual apps or the literature to describe medical apps for a specific specialty, disease, or purpose; or to provide a general overview of the technology. Another group (43/133) carried various studies, from evaluation of apps to exploration of desired features when developing them. Few researchers (17/133) presented actual attempts to develop medical apps, or shared their experiences in doing so. The smallest portion (5/133) proposed general frameworks addressing the production or operation of apps. Discussion Since 2010, researchers followed the trend of medical apps in several ways, though leaving areas or aspect for further attention. Regardless of their category, articles focus on the challenges that hinder the full utility of medical apps and do recommend mitigations to them. Conclusions Research on smartphone medical apps is active and various. We hope that this survey contribute to the understanding of the available options and gaps for other researchers to join this line of research.

A security framework for nationwide health information exchange based on telehealth strategy

BB Zaidan, Ahmed Haiqi, AA Zaidan, Mohamed Abdulnabi, ML Mat Kiah, Hussaen Muzamel
0 Journal of medical systems, Springer US, 39, 5, 2015, 1-19

Abstract | ملخص البحث

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

Evaluation and selection of open-source EMR software packages based on integrated AHP and TOPSIS

AA Zaidan, BB Zaidan, Ahmed Al-Haiqi, Miss Laiha Mat Kiah, Muzammil Hussain, Mohamed Abdulnabi
0 Journal of biomedical informatics, Elsevier, 53, , 2015, 390-404

Abstract | ملخص البحث

Evaluating and selecting software packages that meet the requirements of an organization are difficult aspects of software engineering process. Selecting the wrong open-source EMR software package can be costly and may adversely affect business processes and functioning of the organization. This study aims to evaluate and select open-source EMR software packages based on multi-criteria decision-making. A hands-on study was performed and a set of open-source EMR software packages were implemented locally on separate virtual machines to examine the systems more closely. Several measures as evaluation basis were specified, and the systems were selected based a set of metric outcomes using Integrated Analytic Hierarchy Process (AHP) and TOPSIS. The experimental results showed that GNUmed and OpenEMR software can provide better basis on ranking score records than other open-source EMR software packages.

Open source EMR software: profiling, insights and hands-on analysis

ML Mat Kiah, Ahmed Haiqi, BB Zaidan, AA Zaidan
0 Computer methods and programs in biomedicine, Elsevier, 117, 2, 2014, 360-382

Abstract | ملخص البحث

Background The use of open source software in health informatics is increasingly advocated by authors in the literature. Although there is no clear evidence of the superiority of the current open source applications in the healthcare field, the number of available open source applications online is growing and they are gaining greater prominence. This repertoire of open source options is of a great value for any future-planner interested in adopting an electronic medical/health record system, whether selecting an existent application or building a new one. The following questions arise. How do the available open source options compare to each other with respect to functionality, usability and security? Can an implementer of an open source application find sufficient support both as a user and as a developer, and to what extent? Does the available literature provide adequate answers to such questions? This review attempts to shed some light on these aspects. Objective The objective of this study is to provide more comprehensive guidance from an implementer perspective toward the available alternatives of open source healthcare software, particularly in the field of electronic medical/health records. Methods The design of this study is twofold. In the first part, we profile the published literature on a sample of existent and active open source software in the healthcare area. The purpose of this part is to provide a summary of the available guides and studies relative to the sampled systems, and to identify any gaps in the published literature with respect to our research questions. In the second part, we investigate those alternative systems relative to a set of metrics, by actually installing the software and reporting a hands-on experience of the installation process, usability, as well as other factors. Results The literature covers many aspects of open source software implementation and utilization in healthcare practice. Roughly, those aspects could be distilled into a basic taxonomy, making the literature landscape more perceivable. Nevertheless, the surveyed articles fall short of fulfilling the targeted objective of providing clear reference to potential implementers. The hands-on study contributed a more detailed comparative guide relative to our set of assessment measures. Overall, no system seems to satisfy an industry-standard measure, particularly in security and interoperability. The systems, as software applications, feel similar from a usability perspective and share a common set of functionality, though they vary considerably in community support and activity. Conclusion More detailed analysis of popular open source software can benefit the potential implementers of electronic health/medical records systems. The number of examined systems and the measures by which to compare them vary across studies, but still rewarding insights start to emerge. Our work is one step toward that goal. Our overall conclusion is that open source options in the medical field are still far behind the highly acknowledged open source products in other domains, e.g. operating systems market share.

Keystrokes Inference Attack on Android A Comparative Evaluation of Sensors and Their Fusion

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin
0 Journal of ICT Research and Applications, 7, 2, 2013, 117-136

Abstract | ملخص البحث

Introducing motion sensors into smartphones contributed to a wide range of applications in human-phone interaction, gaming, and many others. However, built-in sensors that detect subtle motion changes (e.g. accelerometers), might also reveal information about taps on touch screens: the main user input mode. Few researchers have already demonstrated the idea of exploiting motion sensors as side-channels into inferring keystrokes. Taken at most as initial explorations, much research is still needed to analyze the practicality of the new threat and examine various aspects of its implementation. One important aspect affecting directly the attack effectiveness is the selection of the right combination of sensors, to supply inference data. Although other aspects also play crucial role (e.g. the features set), we start in this paper by focusing on the comparison of different available sensors, in terms of the inference accuracy. We consider individual sensors shipped on Android phones, and study few options of preprocessing their raw datasets as well as fusing several sensors' readings. Our results indicate an outstanding performance of the gyroscope, and the potential of sensors data fusion. However, it seems that sensors with magnetometer component or the accelerometer alone have less benefit in the context of the adverted attack.

A New Sensors-Based Covert Channel on Android

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin
0 The Scientific World Journal, Hindawi, 2014, Article ID, 2014, 1-14

Abstract | ملخص البحث

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5–5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

On the best sensor for keystrokes inference attack on android

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin
0 Procedia Technology, Elsevier, 11, 2013, 2013, 989-995

Abstract | ملخص البحث

One of the most recently exposed security threats on smartphone platforms is the potential use of motion sensors to infer user keystrokes. Exploited as side channels, few researchers have demonstrated the ability of built-in accelerometers and gyroscopes in particular, to reveal information related to user input, though the practicality of such an attack remains an open question. This paper takes further steps along the path of exploring the aspects of the new threat, addressing the question of which available sensors can perform best in the context of the inference attack. We design and implement a benchmark experiment, against which the performances of several commodity smartphone-sensors are compared, in terms of inference accuracy. All available Android motion sensors are considered through different settings provided by the OS, and we add the option of fusing several sensors input into a single dataset, to examine the amount/lack of improvement in the attack accuracy. Our results indicate an outstanding performance of the gyroscope sensor, and the potential improvement obtained out of sensors data fusion. On the other hand, it seems that sensors with magnetometer component or the accelerometer alone have less benefit in the adverted attack.

التدريس الحالي

الخبرة التدريسية