News

• Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques
  Zengrui Liu,  Prakash Shrestha and Nitesh Saxena.
  In International Conference on Applied Cryptography and Network Security (ACNS), June  2022.
• Beware of Your Vibrating Devices! Vibrational Relay Attacks on Zero-Effort Deauthentication
  Prakash Shrestha and Nitesh Saxena.
  In International Conference on Applied Cryptography and Network Security (ACNS), June  2022

• Evaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White Noise
  Payton Walker and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2021.

Face-Mic: Inferring Live Speech and Speaker Identity via Subtle Facial Dynamics Captured by AR/VR Motion Sensors
Cong Shi, Xiangyu Xu, Tianfang Zhang , Payton Walker, Yi Wu, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
In the 27th Annual International Conference on Mobile Computing and Networking (Mobicom), Jan/Feb 2022.

 

Analyzing the Security of OTP 2FA in the Face of
Malicious Terminals
Tanvir Mahdad, Mohammed Jubur, and Nitesh Saxena
In the International Conference on Information and Communications Security (ICICS), 2021.

Dr. Saxena has a new NSF CICI grant funded:

NSF Cybersecurity Innovation for Cyberinfrastructure (CICI), “UCSS: Towards Secure and Usable Push Notification Authentication for Collaborative Scientific Infrastructures”, $499,934, Aug 2021 – Aug 2024, Sole PI.

This project will allow us to study and redesign push notification based authentication.

• SoK: Assessing the Threat Potential of Vibration-based Attacks against Live Speech using Mobile Sensors
  Payton Walker and Nitesh Saxena
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jun-Jul 2021.
  [pdf]
• Spearphone: A Lightweight Speech Privacy Exploit via Accelerometer-Sensed Reverberations from Smartphone Loudspeakers
  Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jun-Jul 2021.
  [pdf]

Authentication of Voice Commands on Voice Assistance Systems Leveraging Vibrations on Wearables
Cong Shi, Yan Wang, Yingying Chen, and Nitesh Saxena.
In IEEE Security and Privacy (Magazine), Special Issue of Selected Papers from ACSAC’20, 2021.

Dr. Saxena is serving as the PC Co-Chair for the IEEE CNS 2021 conference. This is a top-tier venue for presenting security and privacy research as it pertains to communications and network security. The deadline is May 17, 2021. Please submit your best work.
https://cns2021.ieee-cns.org/

Three papers accepted to AsiaCCS 2021:

• EchoVib: Exploring Voice Authentication via Unique Non-Linear Vibrations of Short Replayed Speech
  Abhishek Anand, Jian Liu, Chen Wang, Maliheh Shirvanian, Nitesh Saxena and Yingying Chen
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
• Bypassing Push-based Second Factor and Passwordless Authentication with Human-Indistinguishable Notifications
  Mohammed Jubur, Prakash Shrestha, Nitesh Saxena and Jay Prakash
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
• HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks
  Yi Wu, Xiangyu Xu, Payton Walker, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.

• • Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures
    Prakash Shrestha, Nitesh Saxena, Diksha Shukla and Vir Phoha
    In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.
  • Countering Concurrent Login Attacks in Just Tap Push-based Authentication: A Redesign and Usability Evaluations
    Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre, Andrei Bytes, Mohammed Jubur, Nitesh Saxena, Lucienne Blessing, Jianying Zhou and Tony Quek
    In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.