CS Faculty Candidate Talk: Dr. Ahmed Tanvir Mahdad

Title: New Frontiers in Authentication and Side-Channels in Emerging Platforms: 2FA Attacks, Sensor Exploits, and AR/VR Security

Time: February 10, 2025 at 10:00 AM Eastern Time (US and Canada)

Location: M03-732/Web lab. Refreshments will be served. (US and Canada)

Abstract: Emerging mobile platforms, such as modern smartphones and AR/VR devices, bring new challenges in user verification, data protection, and user privacy. In terms of user verification and data protection, it is important to analyze modern authentication systems that use emerging platforms (e.g., smartphones) and state-of-the-art protocols (e.g., FIDO2) to implement Two-Factor Authentication (2FA) systems. To address this, we developed a novel attack framework and evaluated these authentication systems, uncovering vulnerabilities in all of them. Moreover, to explore user privacy risks on these emerging platforms, we analyzed side-channel vulnerabilities exploiting built-in zero-permission motion sensors of smartphones and AR/VR devices, revealing potential severe privacy leaks. Additionally, we leverage this side-channel information to develop potential defenses against known threats, such as unwanted robocalls and better AR/VR authentication systems.

Bio: Ahmed Tanvir Mahdad is a final-year Ph.D. student in the Computer Science and Engineering Department at Texas A&M University. He is currently conducting research under the supervision of Dr. Nitesh Saxena at the SPIES Lab. His research focuses on exploring and mitigating security and privacy issues in modern authentication systems and smart devices (e.g., smartphones, and AR/VR devices). Many of his works have been published in top-tier security and systems conferences and journals, including ACM CCS, IEEE S&P, ACM Mobicom, WWW, IEEE ICDCS, and ACM TOPS. Additionally, his research has been featured in various news media worldwide.