News

https://engineering.tamu.edu/news/2023/04/saxena-awarded-12m-grant-to-study-cognitive-security.html

Dr. Nitesh Saxena, professor in the Department of Computer Science at Texas A&M University and Engineering Dean’s Research Fellow, is part of a research team that was recently awarded a $6.2 million grant from the highly competitive Department of Defense’s Multidisciplinary University Research Initiative (MURI) Program. Given over five years, the funds will support their work investigating human cognitive security in various information environments.

Collaborators on the project include researchers from the United States Air Force Academy and the University of Colorado Boulder. Saxena is the sole Texas A&M principal investigator, and the university will receive $1.2 million from the grant.

Cognitive security refers to the notion of protecting people from information-based threats that aim to disrupt cognitive processes, such as their ability to reason and make decisions. Due to the prevalence of sophisticated technology, social media, the amount of personal data generated online daily in society and the convergence of information technology with operational technology, these threats are becoming increasingly more dangerous in scale and scope.

The researchers will develop defensive solutions to combat users’ susceptibility to cyber-attacks through the foundations of psychology and neuroscience for their project. To do this, the team will study average users, emergency responders and astronauts within various information-dense environments that may impact their decision-making when faced with security threats.

“This is an area of research that was pioneered in my lab and that of my collaborators. We are humbled to receive the award and excited to launch this MURI project to further contribute toward a deeper understanding of human behavior vis-à-vis cybersecurity threats and design appropriate mitigations,” Saxena said.

The team’s previous studies on user-centered security regarding how people process the tasks of detecting phishing attacks and malware warnings serve as a foundation for this project.

A total of 31 teams from 61 U.S. universities were selected to receive a MURI grant to support their research projects, which span 24 topic areas that are of strategic importance to the Department of Defense.

 

Dr. Saxena has been appointed as the Vice Chair of the Engineering Faculty Advisory Council (EFAC), 2023-2024.

https://engineering.tamu.edu/information/efac/index.html

The purpose of the Engineering Faculty Advisory Council (EFAC) is to:

1. Generate and develop broad ideas for the improvement and ultimate development of the Texas A&M University College of Engineering and to suggest policies that will enable the College of Engineering to better serve the educational needs of the people of Texas.
2. Advise the dean of engineering on matters of basic importance to the engineering faculty as a body.

The committee includes a faculty member from each of the departments in the College of Engineering. The representative is elected by their department’s faculty every three years. EFAC meets with the dean once per month during the academic year. Each representative serves as a liaison between his/her department’s faculty and the committee, and is responsible for conveying concerns and suggestions to the committee, which in turn discusses these issues with the dean. Our faculty are welcome to attend EFAC meetings, but must convey their concerns or suggestions through their department representative or the EFAC chairperson.

 

 

• Passive Vital Sign Monitoring via Facial Vibrations Leveraging  AR/VR Headsets
  Tianfang Zhang, Cong Shi, Payton Walker, Zhengkun Ye, Yan Wang,  Nitesh Saxena, Yingying Chen
  In the 21st ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2023

• EmoLeak: Smartphone Motions Reveal Emotions
  Ahmed Tanvir Mahdad, Cong Shi, Zhengkun Ye, Tianming Zhao, Yan Wang, Yingying Chen and Nitesh Saxena
  In the 43 rd IEEE International Conference on Distributed Computing Systems (ICDCS), July 2023.

• A Survey of Threats to Research Literature Dependent Medical AI Solutions
  Shalini Saini and Nitesh Saxena
  In ACM Computing Surveys (CSUR), 2023

• BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers
  Payton Walker, Tianfang Zhang, Cong Shi, Nitesh Saxena and Yinying Chen
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May/June 2023.
• SoK: An Analysis of End-to-End Encryption and Authentication Ceremonies in Secure Messaging Systems
  Mashari Alatawi and Nitesh Saxena
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.
• SoK: A Comprehensive Evaluation of 2FA-based Schemes in the Face of Active Concurrent Attacks from User Terminals
  Tanvir Ahmed Mahdad and Nitesh Saxena
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.

• Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards
  Yi Wu, Cong Shi, Tianfang Zhang, Payton Walker, Jian Liu, Nitesh Saxena and Yingying Chen
  In IEEE Symposium on Security and Privacy (IEEE S&P; Oakland), May 2023

• Hidden Reality: Caution, Your Hand Gesture Inputs in the Immersive Virtual World are Visible to All!
  Sindhu Reddy Kalathur Gopal, Diksha Shukla, James Wheelock, and Nitesh Saxena
  In the 32nd USENIX Security Symposium, August 2023.

UAB’s MS program in Cybersecurity ranked #1 among best cybersecurity graduate programs by Fortune. This is the program Dr. Saxena architected and led for almost a decade before he joined A&M in 2021, jointly with his superb colleagues in Criminal Justice (the same program led to UAB’s Scholarship for Service program, funded by NSF, which Dr. Saxena led as well). There are some reasonably good programs in the list, including Syracuse and Indiana Bloomington.

https://fortune.com/education/information-technology/best-masters-in-cybersecurity/

We all know rankings do not always work, but students value them, and so this one is for all current and former students of the program! Cheers!

 

The EarSpy received extensive national and international media coverage. It’s a vulnerability that can be used to eavesdrop over phone calls and caller identities by listening through benign-looking, “zero-permission” hardware sensors such as accelerometers on the phones. Led by one of SPIES PhD students, Ahmed Tanvir Mahdad, in a collaboration with several universities. The paper is here: https://arxiv.org/abs/2212.12151, and some instances of major coverage appears below:

EarSpy

• This creepy Android flaw can detect your identity and even gender, MSN, December 28 2022
• EarSpy — A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data, Medium.com, January 7, 2023
• EarSpy can eavesdrop on your phone conversations using motion sensors, Android Police,  January 1, 2023
• How hackers could use popular virtual reality headsets to steal sensitive informatioEarSpy : cette technique permet d’écouter vos appels grâce à l’accéléromètre, CNET France, January 3, 2023
• EarSpy Attack Can Use Motion Sensors Data to Pry on Android Devices, Hackread, December 29, 2022
• EarSpy attack eavesdrops on Android phones via motion, Bleepingcomputer, December 27, 2022
• EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer, Securityweek, December 28, 2022
• EarSpy Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer, Odaloop, 2 January 2023
• EarSpy can spy on your phone calls by using motion sensors, Android Headlines, 2 January 2023
• EarSpy can eavesdrop on your phone conversations using motion sensors, Reddit, 2 January 2023
• Android: Interception of calls through.. motion sensors!, iTechnews Greece, January 5, 2023
• Can the New EarSpy Hack Eavesdrop on Your Phone Conversations Through Vibrations?, Timesnow News India, January 3, 2023
• EarSpy, Android and how smartphones can be eavesdropped, Lifestyle.bg Bulgeria, January 3, 2023
• EarSpy’s research has proven that Androids can be eavesdropped by vibrations picked up by the accelerometer, MobileMania Czech Republic, December 29, 2022
• EarSpy – A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data, GBhackers on Security, December 30, 2030
• Security: how your smartphone’s call speaker can be used without your knowledge, Frandroid France, January 2, 2023