Mohammed Misbahuddin

Work place: CDAC (Centre for Development of Advanced Computing)/ACTS & BD, Bangalore- 560 100



Research Interests: Network Security


Dr. Mohammed Misbahuddin did his B.Tech (CSE) from Gulbarga University, M.Tech (S/w Engg.) from JNTU-Anantapur and PhD (CSE) in Network Security from JNTU Hyderabad. He is currently working as Joint Director (Scientist ‘E’) in Centre for Development of Advanced Computing (C-DAC), E-City, Bangalore. He is the Chief Investigator of the Cyber Security Awareness Project namely Information Security Education and Awareness (ISEA) – Phase II at C-DAC Bangalore. He is a key member of a Nation-wide awareness project on Digital Signatures and PKI namely Next Generation PKI for Smart Applications. He is the Co-Investigator of a National Project named “e-Pramaan – A National e-Authentication Service along with Aadhaar”. He has 17+ years of experience in Research, Training and Project Management. He has applied 3 patents with IPO in the area of Secure and Usable Authentication. He has been in various Programme committees of IEEE /ACM conferences and is a reviewer for two International Journals. His area of interest is Network Security & Cryptography especially Secure and Usable Authentication, Public Key Cryptography and Risk based Engines.

Author Articles
Enabling Trust in Single Sign-On Using DNS Based Authentication of Named Entities

By Usman Aijaz N Nikita Mittal Mohammed Misbahuddin A Syed Mustafa

DOI:, Pub. Date: 8 Feb. 2022

Single Sign-On (SSO) allows the client to access multiple partner e-services through a single login session. SSO is convenient for the users as the user neither needs to set multiple login credentials nor login separately for individual services every time. SSO (single sign-on) authentication is a password-authentication approach that permits end users to login into multiple systems and websites with a single set of login credentials. SSO authentication is mainly useful for IT organizations that consist of many different commercial applications. The outstanding feature of SSO is that it gives organizations centralized control of their systems by giving different levels of access to each individual. It reduces password fatigue and increases security because users only need to remember a single username/password that grants them access to multiple systems. However, the Single Sign-on poses risks related to a single point of attack which may lead to a path for cybercrimes. This paper proposes a trust model to increase the security of Single Sign-on systems against the vulnerabilities discussed in the subsequent sections. The proposed Trust model is named as DANE-based Trust Plugin (DTP) which acts as an added security layer over DNS Based Authentication of Named entities(DANE). The DTP proposes the modified SAML XML schema which enables the DTP to counter the attacks.

[...] Read more.
D-TS: A Secure and Trusted Authentication Framework for Domain Name Server

By Usman Aijaz N Syed Mustafa Mohammed Misbahuddin

DOI:, Pub. Date: 8 Dec. 2021

DNS is responsible for the hostname to IP address translation. It is an open resolver that's why vulnerable to different kinds of attacks such as cache poisoning, man-in-the-middle, DOS and DDOS, etc. DNS is responsible for the hostname to IP address translation. To protect DNS IETF added a layer of security to it known as Domain Name System Security Extensions (DNSSEC). DNSSEC is also vulnerable to phishing, spoofing, and MITM attacks. To protect DNS, along with DNSSEC we require certifying authorities to authenticate the communicating parties. DNSSEC combined with an SSL certificate issued by Certifying Authorities (CA's) can protect the DNS from various attacks. The main weakness of this system is there are too many CA's and It is not feasible to trust all of them. Any breached CA can issue a certificate for any domain name. A certificate issued from a compromised CA's is valid. In this scenario, it is necessary for the organization to limit the number of CAs and to check whether the server is signed by a trusted CA's or not. DNS Based Authentication of Named Entities (DANE) permits a domain possessor to stipulate specific CA's issue certificates for a specific resource. DANE will not allow any CA to issue certificates for any domain. It limits the number of CA's used by the client. As there were still some security issues left in it that can be resolved using a mechanism called D-TS. It is a DANE-based trusted server that acts as a third party and validates the certificates of all the entities of the network. D-TS will be a proof-of-concept for enhancing the security in communications between Internet applications by using information available in DNS. The system attempts to solve the shortcomings of DANE by establishing a trust zone between the clients and the services. By adding multiple levels of validations, it aims to provide improved authenticity of services to clients, thereby mitigating attacks like phishing, Spoofing, Dos, and man-in-the-middle attack. In this paper, we will discuss the detailed working of our proposed solution D-TS.

[...] Read more.
Design, Analysis, and Implementation of a Two-factor Authentication Scheme using Graphical Password

By Khaja Mizbahuddin Quadry A Govardhan Mohammed Misbahuddin

DOI:, Pub. Date: 8 Jun. 2021

With the increase in the number of e-services, there is a sharp increase in online financial transactions these days. These services require a strong authentication scheme to validate the users of these services and allow access to the resources for strong security. Since two-factor authentication ensures the required security strength, various organizations employ biometric-based or Smart Card or Cryptographic Token-based methods to ensure the safety of user accounts. But most of these methods require a verifier table for validating users at a server. This poses a security threat of stolen-verifier attack. To address this issue, there is a strong need for authentication schemes for e-services that do not require a verifier table at the server. Therefore, this paper proposes the design of an authentication scheme for e-services which should be resistant to various attacks including a stolen verifier attack. The paper will also discuss: 1) The proposed scheme analyzed for security provided against the known authentication attacks 2) The concept implementation of the proposed scheme.

[...] Read more.
A Novel Approach of Kurtosis based Watermarking by Using Wavelet Transformation

By Khaza Mizbahuddin Quadry A Govardhan Mohammed Misbahuddin

DOI:, Pub. Date: 8 Jul. 2018

The authentication is used to ensure the authentication of the owner of the data. Currently, the data is available in multimedia format viz., audio, video, image and text. The present paper focuses on the image authentication. The watermarking methods are used for the image authentication. The present paper proposes a novel method of Kurtosis based Watermarking by using Wavelet Transformation (KWWT). The proposed method uses wavelet transformation. Further, the bands or the coefficients are divided into various non overlapped windows. For each of the approximation band windows, the kurtosis value will be estimated. Then the windows in all bands will be selected based on their kurtosis value. Then, the watermark image will be embedded into the selected windows of the bands. Finally, inverse wavelet transformation will be applied to get the resultant watermarked image. The proposed KWWT method is evaluated with 14 input images and 3 watermark images. Various performance measures are estimated and the results show the efficacy of the proposed method.

[...] Read more.
Other Articles