About Me
Research 
News
Our paper titled "Protecting the 4G and 5G Cellular Paging
Protocols against Security and Privacy Attacks" has been accepted at the 20th Privacy Enhancing Technologies Symposium (PETS 2020). Congratulations Syed Rafiul Hussain and Ankush Singla.
I have been awarded the DARPA Young Faculty Award (YFA) 2019 to work on improving the cellular network ecosystem security using formal methods. Thanks DARPA! Our paper titled "Opening Pandora's Box through ATFuzzer: Dynamic Analysis of
AT Interface for Android Smartphones" has been accepted at 35th Annual Computer Security Applications Conference (ACSAC) 2019. Congratulations Syed Rafiul Hussain, Imtiaz Karim, and Fabrizio Cicala.
Our paper titled "5GReasoner: A Property-Directed Security and Privacy Analysis
Framework for 5G Cellular Network Protocol" has been accepted at 26th ACM Conference on Computer and Communications Security (CCS) 2019. Congratulations Syed Rafiul Hussain, Mitziu Echeverria, and Imtiaz Karim.
Our paper titled "Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms" has been accepted at the ACM Symposium on Access Control Models and Technologies (SACMAT) 2019. Congratulations Moosa Yahyazadeh.
Our paper titled "Insecure Connection Bootstrapping in Cellular Networks: The
Root of All Evil" has been accepted at The ACM Conference on Security and Privacy in Wireless and Mobile
Networks (WiSec) 2019. Congratulations Syed Rafiul Hussain and Mitziu Echeverria.
Our paper titled "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information" was chosen as one of the 11 finalists for the NDSS 2019 Distinguished Paper Award. It has also received substantial coverage from both national and international media such as wired, threatpost, techcrunch, the register, Daily Mail, CNET, The hacker news, and others.
Our paper titled "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information" has been accepted at The Network and Distributed System Security Symposium (NDSS) 2019. Congratulations Syed Rafiul Hussain and Mitziu Echeverria.
Our paper titled "Analyzing Semantic Correctness using Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification" has been accepted at The Network and Distributed System Security Symposium (NDSS) 2019. Congratulations Sze Yiu Chau and Moosa Yahyazadeh.
Our paper titled "Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps" has been accepted at the Annual Computer Security Applications Conference (ACSAC) 2018. Congratulations Sze Yiu Chau and Bincheng Wang. Our work on LTE was mentioned in articles at The New York Times and Forbes. Our project titled "VERDICT: Verification Evidence & Resilient Design In anticipation of Cybersecurity Threats" has been funded under the DARPA CASE Program (In Collaboration with Cesare Tinelli and GE Global Research). Thanks DARPA. Our paper titled "Adaptive Deterrence of DNS Cache Poisoning" has been accepted at the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018). Our NDSS 2018 paper on 4G LTE has been invited to be presented at the 2018 Qualcomm Mobile Security Summit. Our NDSS 2018 paper on 4G LTE has been highlighted at the ACM Tech news. Our NDSS 2018 paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" has been showcased in the technology media. Our paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" (accepted at the Network and Distributed System Security Symposium (NDSS) 2018) has received positive feedback. PC: ACM SACMAT 2018; PST 2018; IEEE S&P 2019
[Reported Bugs in SSL/TLS Libraries:]
CVE-2017-1000415;
CVE-2017-1000416;
CVE-2017-1000417
Our paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" has been accepted at the Network and Distributed System Security Symposium (NDSS) 2018. Congratulations Syed Rafiul Hussain and Shagufta Mehnaz. Our "SymCerts" paper has been selected as a CSAW North America finalist for the applied research competition. Congratulations Sze Yiu Chau and Endadul Hoque. Our paper titled "Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs" has been accepted at IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. Congratulations Sze Yiu Chau and Endadul Hoque. Our paper titled "SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations" has been accepted at IEEE S&P 2017. Congratulations Sze Yiu Chau and Endadul Hoque. Project on the development of a compliant Internet PKI has been funded under NSF SaTC CRII program. Thanks NSF. Unabridged award abstract may be found here. Contributed to an article in the Daily Iowan. I have been invited to join the CCS 2017, PST 2017, WPES 2017 PC. [Bugs] We tested MatrixSSL v3.7.2 for RFC compliance and other vulnerabilities. The developers of MatrixSSL acknowledged our findings of a collision-prone OID comparison, and ineffective expiration date checks. All of these have been fixed in newer versions. [Bugs] We tested axTLS 1.5.3 for RFC compliance and other vulnerabilities. The developers of axTLS acknowledged our findings of certain attributes of distinguished names being ignored, certificates with unrecognised extensions are not being rejected, hhmmss of UTCTime being ignored,
not processing any extensions (they added support for 3 extension: subject alternative name, basic constraints and key usage, in commit r273 and commit r274), and an off-by-one error in interpreting the year of UTCTime. Fixes have been implemented or being implemented in future revision. FALL 2016: Joined the University of Iowa as an Assistant Professor of Computer Science. SUMMER 2016: Two papers accepted in CCS 2016.
Students
Selected Publications
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Analyzing Semantic Correctness using Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps Adaptive Deterrence of DNS Cache Poisoning LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE 
Video of the presentation and Slides Analyzing Operational Behavior of Stateful Protocol
Implementations for Detecting Semantic Bugs SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations Video of the presentation
An Empirical Study of Mnemonic Sentence-based Password Generation Strategies On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits Temporal Mode-Checking for Runtime Monitoring of Privacy Policies