Research Interests

AbdelRahman Abdou is an Associate Professor at the School of Computer Science, Carleton University. He is the co-director of Carleton Internet Security Lab (CISL). His research interests include all aspects related to Internet Systems Security and large-scale Internet measurements.

Interest in these fields arises from the continuous evolution of the Internet and its usage. Due to its ever increasing complexities, the Internet's behaviour can no longer be easily anticipated nor analyzed. This is exacerbated by the growing trends of softwarizing physical infrastructure. Such trends did not stop at virtual machines and cloud computing paradigms, they rather extended to the network in the form of software-defined networks (SDNs) and network function virtualizations (NFVs). This evolution is intriguing, as it shifts the Internet to become a holistic body that could be abstracted as a single homogeneous system. In the same time, we continue the habit of attaching more devices to the Internet's edge; our traditional view of the Internet as a network of networks is now changing to a network of things (cf. IoT).

Prof. Abdou's research group deals with how Security similarly morphs, tackling issues related to securing the Internet as it evolves. Areas include the security of next generation networks (e.g., SDN, 5G), Internet-connected embedded and smart systems security (e.g., IoT and autonomous system), the security of cloud computing and content-distribution networks (CDNs), secure delegation of services and operations over the Internet, Internet security architectures (TLS, DNS security), and web security topics.

Security requires deep understanding of how systems work. Internet Measurements is a discipline focusing on methodologies by which we can measure parameters and behaviours in a scientific and reproducible manner. The global spread of vulnerabilities, attack patterns, and content popularity are example phenomena of interest. The discipline became increasingly important as it paves the way for innovations and security improvements. Prof. Abdou's group is also researching actively in this area, developing novel techniques for conducting large-scale sound Internet measurements to understand and solve Internet security problems. For a collection of measurement tools and datasets available online, check out this page.

Journal Publications

1. Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes
   F. Alaca, A. Abdou, P.C. van Oorschot.
   IEEE Transactions on Dependable and Secure Computing (TDSC, Vol.18. Num.2. pp:534-549. 2021).
   PDF      Cite
   
   
2. Comparative Analysis of Control Plane Security of SDN and Conventional Networks
   A. Abdou, P.C. van Oorschot, T. Wan.
   IEEE Communications Surveys and Tutorials (COMST, Vol.20. Num.4. pp:3542-3559. 2018).
   PDF      Cite
   
   
3. Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication
   A. Abdou, P.C. van Oorschot.
   ACM Transactions on Privacy and Security (TOPS, Vol.21. Num.1. pp:1:1-1:26. 2018).
   PDF      Cite
   
   
4. Location Verification of Wireless Internet Clients: Evaluation and Improvements
   A. Abdou, A. Matrawy, P.C. van Oorschot.
   IEEE Transactions on Emerging Topics in Computing (TETC, Vol.5. Num.4. pp:563-575. 2017).
   PDF      Cite
   
   
5. CPV: Delay-based Location Verification for the Internet
   A. Abdou, A. Matrawy, P.C. van Oorschot.
   IEEE Transactions on Dependable and Secure Computing (TDSC, Vol.14. Num.2. pp:130-144. 2017); see a 2-page abstract summary below.
   Miscellaneous coverage: The Globe and Mail, Carleton Now, TechVibes, reddit, Slashdot, Schneier's blog,
   TheStack, TechRepublic, HP Enterprise, Hacker News, VPN Service Point.
   PDF      Cite
   


6. Accurate One-Way Delay Estimation with Reduced Client-Trustworthiness
   A. Abdou, A. Matrawy, P.C. van Oorschot.
   IEEE Communications Letters (CL, Vol.19. Num.5. pp:735-738. 2015)
   PDF      Cite
   


7. Taxing the Queue: Hindering Middleboxes from Unauthorized Large-Scale Traffic Relaying
   A. Abdou, A. Matrawy, P.C. van Oorschot.
   IEEE Communications Letters (CL, Vol.19. Num.1. pp:42-25. 2015)
   PDF      Cite
   


8. A Survey on Forensic Event Reconstruction Systems
   A. Dabir, A. Abdou, A. Matrawy.
   International Journal of Information and Computer Security (IJICS, Vol.9. Num.4. pp:337-360. 2017)
   PDF      Cite
   

Conference and Workshop Publications, Refereed Abstracts, and Periodicals

1. Why do Internet Devices Remain Vulnerable? A Survey with System Administrators
   T. Bondar, H. Assal, A. Abdou.
   NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023)
   PDF      Cite      Presentation


2. Applying Accessibility Metrics to Measure the Threat Landscape for Users with Disabilities
   J. Breton, A. Abdou.
   NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023)
   PDF      Cite     


3. Certificate Root Stores---An Area of Unity or Disparity?
   J. Purushothaman, E. Thompson, A. Abdou.
   Workshop on Cyber Security Experimentation and Test (CSET 2022)
   PDF      Cite      Kudos      Presentation


4. Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification
   W. Findlay, A. Abdou.
   NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2022)
   PDF      Cite      Presentation


5. Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
   E. Ulqinaku, H. Assal, A. Abdou, S. Chiasson, S. Čapkun.
   USENIX Security Symposium (USENIX Sec. 2021)
   Miscellaneous coverage: see online Twitter thread.
   PDF      Cite
   


6. Comparative Analysis of DoT and HTTPS Certificate Ecosystems
   A. Jahromi, A. Abdou.
   NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2021)
   PDF      Cite      Presentation
   


7. Empirical Scanning Analysis of Censys and Shodan
   C. Bennett, A. Abdou, P.C. van Oorschot.
   NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2021)
   PDF      Cite      Presentation
   


8. SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust
   L. Chuat, A. Abdou, R. Sasse, C. Sprenger, D. Basin, A. Perrig.
   IEEE European Symposium on Security & Privacy (EuroS&P 2020)
   PDF      Cite
   


9. UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband
   M. Singh, P. Leu, A. Abdou, S. Čapkun.
   USENIX Security Symposium (USENIX Sec. 2019)
   PDF      Cite
   


10. Secure Client and Server Geolocation Over the Internet
    A. Abdou, P.C. van Oorschot.
    USENIX ;login: magazine, Spring 2018 issue.
    Miscellaneous coverage: covered in the APNIC Internet Registry blogs: blog 1, blog 2, blog 3.
    PDF      Cite
    


11. Accurate Manipulation of Delay-based Internet Geolocation Distinguished Paper Award
    A. Abdou, A. Matrawy, P.C. van Oorschot.
    ACM Asia Conference on Computer and Communications Security (AsiaCCS 2017)
    PDF      Cite      Slides
    


12. Verifying Geographic Location Presence of Internet Clients
    A. Abdou, A. Matrawy, P.C. van Oorschot.
    Two page refereed Abstract, and a Poster in the 37^th IEEE Symposium on Security and Privacy. San Jose, CA, USA. 2016.
    Abstract      Poster
    


13. What lies beneath? Analyzing automated SSH bruteforce attacks
    A. Abdou, D. Barrera, P.C. van Oorschot.
    Springer LNCS, Vol. 9551. (Passwords 2015)
    PDF      Cite
    


14. Location Verification on the Internet: Towards Enforcing Location-aware Access Policies Over Internet Clients Nominated for Best Paper Award
    A. Abdou, A. Matrawy, P.C. van Oorschot.
    IEEE Conference on Communications and Network Security (CNS 2014)
    Miscellaneous coverage: featured in the quarterly cybersecurity knowledge digest of SERENE-RISC Smart Security Network.
    PDF      Cite
    


15. Rump session summary of the 21^st USENIX Security Symposium
    A. Abdou, S. Neti.
    USENIX ;login: magazine, December 2012 issue.
    Conference Reports


16. Internet Geolocation: An Adversarial Perspective
    A. Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    One page refereed Abstract, and a Poster in the 4^th annual ISSNet Workshop. Kingston, ON, Canada. 2012.
    Poster


17. A Novel Forwarding/Dropping Decision Engine for Wireless Multi-hop Ad-hoc Networks
    A. Abdou, M. Abou El-Nasr, O. Ismail.
    International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2009)
    PDF      Cite
    

Technical Reports

1. DNSSEC+: An Enhanced DNS Scheme Motivated by Benefits and Pitfalls of DNSSEC
   A. Jahromi, A. Abdou, P.C. van Oorschot.
   Cornell University arXiv, arXiv:2408.00968, Aug 2024.
   PDF      Cite
   


2. Work in progress: Identifying Two-Factor Authentication Support in Banking Sites
   S.G. Morkonda, A. Abdou.
   Cornell University arXiv, arXiv:2202.06459, Feb 2022.
   PDF      Cite
   


3. Certificate Root Stores: An Area of Unity or Disparity?
   J. Purushothaman, A. Abdou.
   Cornell University arXiv, arXiv:2110.11488, Oct 2021.
   PDF      Cite
   


4. Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
   E. Ulqinaku, H. Assal, A. Abdou, S. Chiasson, S. Čapkun.
   Cryptology ePrint Archive, Report 2020/1298, Oct 2020.
   PDF      Cite
   


5. Proxy Certificates: The Missing Link in the Web's Chain of Trust
   L. Chuat, A. Abdou, R. Sasse, C. Sprenger, D. Basin, A. Perrig.
   Cornell University arXiv, arXiv:1906.10775, Jun 2019.
   PDF      Cite
   


6. Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes
   F. Alaca, A. Abdou, P.C. van Oorschot.
   Cornell University arXiv, arXiv:1708.01706, Aug 2017.
   PDF      Cite
   


7. A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks
   A. Abdou, P.C. van Oorschot, T. Wan.
   Cornell University arXiv, arXiv:1703.06992, March 2017.
   PDF      Cite
   


8. Server Location Verification and Server Location Pinning: Augmenting TLS Authentication
   A. Abdou, P.C. van Oorschot.
   Cornell University arXiv, arXiv:1608.03939, August 2016.
   PDF      Cite
   


9. On the Evasion of Delay-Based IP Geolocation
   A. Abdou, A. Matrawy, P.C. van Oorschot.
   Carleton University Technical Report, #TR-14-03, June 2014.
   PDF      Cite
   

Theses

1. Internet Location Verification: Challenges and Solutions
   PhD in Systems and Computer Engineering
   Carleton University, Ottawa, ON, Canada. 2015.
   PDF      Cite      Carleton CURVE      Collections Canada     
   


2. Decision Engines for Multi-hop Ad-hoc Networks
   M.Sc. in Computer Engineering
   Arab Academy for Science and Technology (AAST), Egypt. 2010.