Candidates for the multiple cybersecurity and computer science faculty position openings in the College of Computing will be visiting campus this semester, including Ahmed Tanvir Mahdad.
Bio
Ahmed Tanvir Mahdad is a final-year Ph.D. student in the Computer Science and Engineering Department at Texas A&M University. He is currently conducting research under the supervision of Dr. Nitesh Saxena at the SPIES Lab. His research focuses on exploring and mitigating security and privacy issues in modern authentication systems and smart devices (e.g., smartphones, and AR/VR devices).
Many of his works have been published in top-tier security and systems conferences and journals, including ACM CCS, IEEE S&P, ACM Mobicom, WWW, IEEE ICDCS, and ACM TOPS. Additionally, his research has been featured in various news media worldwide.
Candidate: Ahmed Tanvir Mahdad
Date and time of visit: Thursday, Feb. 20, 2025, 2 p.m.
Location: Rekhi 214
Abstract
New Frontiers in Authentication and Side-Channels in Emerging Platforms: 2FA Attacks, Sensor Exploits, and AR/VR Security
Emerging mobile platforms, such as modern smartphones and AR/VR devices, bring new challenges in user verification, data protection, and user privacy. In terms of user verification and data protection, it is important to analyze modern authentication systems that use emerging platforms (e.g., smartphones) and state-of-the-art protocols (e.g., FIDO2) to implement Two-Factor Authentication (2FA) systems. To address this, we developed a novel attack framework and evaluated these authentication systems, uncovering vulnerabilities in all of them. Moreover, to explore user privacy risks on these emerging platforms, we analyzed side-channel vulnerabilities exploiting built-in zero-permission motion sensors of smartphones and AR/VR devices, revealing potential severe privacy leaks. Additionally, we leverage this side-channel information to develop potential defenses against known threats, such as unwanted robocalls and better AR/VR authentication systems.
My presentation focuses on two key areas of my research. First, I will present our designed attack framework that uncovers practical vulnerabilities in 2FA systems, revealing how attackers can bypass FIDO2 key-based and push notification authentication mechanisms without compromising the possession-factor device. Next, I will discuss side-channel privacy risks associated with zero-permission motion sensor data in smartphones and AR/VR devices, highlighting how sensitive information (e.g., user’s gender, identity, emotion, and biological info such as vital signs and blood pressure) can be extracted. Finally, I will outline future research directions aimed at strengthening authentication security and safeguarding privacy in various emerging platforms.
About the College of Computing
The Michigan Tech College of Computing, established in 2019, is the first academic unit in Michigan dedicated solely to computing, and one of only a handful such academic units in the United States. The college is composed of two academic departments. The Computer Science department offers four bachelor of science programs in computer science, cybersecurity, data science, and software engineering; four master of science programs in applied computer science, computer science, cybersecurity, and data science; and a doctoral program in computer science. The Applied Computing department offers four bachelor of science programs in cybersecurity, electrical engineering technology, information technology, and mechatronics; and two master of science programs in health informatics and mechatronics. The college also helps to administer an interdisciplinary doctoral program in computational science and engineering.
Questions? Contact us at computing@mtu.edu. Follow the College of Computing on Facebook, Instagram, LinkedIn and Twitter.