<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Aptos;}

@font-face

        {font-family:"Segoe UI";

        panose-1:2 11 5 2 4 2 4 2 2 3;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Aptos",sans-serif;

        mso-ligatures:standardcontextual;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#467886;

        text-decoration:underline;}

span.me-email-text

        {mso-style-name:me-email-text;}

span.me-email-text-secondary

        {mso-style-name:me-email-text-secondary;}

span.EmailStyle23

        {mso-style-type:personal-compose;

        color:#0E101A;

        font-weight:bold;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        mso-ligatures:none;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">

<div class="WordSection1">

<p style="margin:0in"><strong><span style="font-family:"Aptos",sans-serif;color:#0E101A">Title: </span></strong><em><span style="font-family:"Aptos",sans-serif;color:#0E101A">New Frontiers in Authentication and Side-Channels in Emerging Platforms: 2FA Attacks,

 Sensor Exploits, and AR/VR Security</span></em><span style="color:#0E101A"><o:p></o:p></span></p>

<p style="margin:0in"><span style="color:#0E101A"><o:p> </o:p></span></p>

<p style="margin:0in"><strong><span style="font-family:"Aptos",sans-serif;color:#0E101A">Abstract:</span></strong><span style="color:#0E101A"> Emerging mobile platforms, such as modern smartphones and AR/VR devices, bring new challenges in user verification,

 data protection, and user privacy. In terms of user verification and data protection, it is important to analyze modern authentication systems that use emerging platforms (e.g., smartphones) and state-of-the-art protocols (e.g., FIDO2) to implement Two-Factor

 Authentication (2FA) systems. To address this, we developed a novel attack framework and evaluated these authentication systems, uncovering vulnerabilities in all of them. Moreover, to explore user privacy risks on these emerging platforms, we analyzed side-channel

 vulnerabilities exploiting built-in zero-permission motion sensors of smartphones and AR/VR devices, revealing potential severe privacy leaks. Additionally, we leverage this side-channel information to develop potential defenses against known threats, such

 as unwanted robocalls and better AR/VR authentication systems.<o:p></o:p></span></p>

<p style="margin:0in"><span style="color:#0E101A"><o:p> </o:p></span></p>

<p style="margin:0in"><span style="color:#0E101A">My presentation focuses on two key areas of my research. First, I will present our designed attack framework that uncovers practical vulnerabilities in 2FA systems, revealing how attackers can bypass FIDO2 key-based

 and push notification authentication mechanisms without compromising the possession-factor device. Next, I will discuss side-channel privacy risks associated with zero-permission motion sensor data in smartphones and AR/VR devices, highlighting how sensitive

 information (e.g., user's gender, identity, emotion, and biological info such as vital signs and blood pressure) can be extracted. Finally, I will outline future research directions aimed at strengthening authentication security and safeguarding privacy in

 various emerging platforms.<o:p></o:p></span></p>

<p style="margin:0in"><span style="color:#0E101A"><o:p> </o:p></span></p>

<p style="margin:0in"><strong><span style="font-family:"Aptos",sans-serif;color:#0E101A">Bio:</span></strong><span style="color:#0E101A"> Ahmed Tanvir Mahdad is a final-year Ph.D. student in the Computer Science and Engineering Department at Texas A&M University.

 He is currently conducting research under the supervision of Dr. Nitesh Saxena at the SPIES Lab. His research focuses on exploring and mitigating security and privacy issues in modern authentication systems and smart devices (e.g., smartphones, and AR/VR devices). Many

 of his works have been published in top-tier security and systems conferences and journals, including ACM CCS, IEEE S&P, ACM Mobicom, WWW, IEEE ICDCS, and ACM TOPS. Additionally, his research has been featured in various news media worldwide.<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div style="margin-bottom:.25in;overflow:hidden">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424">________________________________________________________________________________</span><span style="font-size:12.0pt;font-family:"Segoe UI",sans-serif;color:#242424;mso-ligatures:none"><o:p></o:p></span></p>

</div>

<div style="margin-bottom:9.0pt">

<p class="MsoNormal"><span class="me-email-text"><b><span style="font-size:18.0pt;font-family:"Segoe UI",sans-serif;color:#242424">Microsoft Teams</span></b></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<a href="https://aka.ms/JoinTeamsMeeting?omkt=en-US"><span style="font-size:10.5pt;color:#5B5FC7">Need help?</span></a>

<o:p></o:p></span></p>

</div>

<div style="margin-bottom:4.5pt">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424"><a href="https://teams.microsoft.com/l/meetup-join/19%3ameeting_MDkwYzgzN2QtYWNmNC00MzJhLTgwMGUtYjViYzg0MGNjZjA2%40thread.v2/0?context=%7b%22Tid%22%3a%22f3308007-477c-4a70-8889-34611817c55a%22%2c%22Oid%22%3a%22685c3f4f-29d5-4141-ada5-0fdeab8480e4%22%7d" target="_blank" title="Meeting join link"><b><span style="font-size:15.0pt;color:#5B5FC7">Join

 the meeting now</span></b></a> <o:p></o:p></span></p>

</div>

<div style="margin-bottom:4.5pt">

<p class="MsoNormal"><span class="me-email-text-secondary"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">Meeting ID:

</span></span><span class="me-email-text"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#242424">257 417 516 414</span></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<o:p></o:p></span></p>

</div>

<div style="margin-bottom:.25in">

<p class="MsoNormal"><span class="me-email-text-secondary"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">Passcode:

</span></span><span class="me-email-text"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#242424">2QY3Bm6U</span></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<o:p></o:p></span></p>

</div>

<div style="margin-bottom:.25in">

<div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<hr size="1" width="100%" align="center">

</span></div>

</div>

<div>

<div style="margin-bottom:4.5pt">

<p class="MsoNormal"><span class="me-email-text"><b><span style="font-family:"Segoe UI",sans-serif;color:#242424">Dial in by phone</span></b></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<o:p></o:p></span></p>

</div>

<div style="margin-bottom:4.5pt">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424"><a href="tel:+16147066572,,510921882"><span style="font-size:10.5pt;color:#5B5FC7">+1 614-706-6572,,510921882#</span></a>

</span><span class="me-email-text"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">United States, Columbus</span></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<o:p></o:p></span></p>

</div>

<div style="margin-bottom:4.5pt">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424"><a href="https://dialin.teams.microsoft.com/8f5f7319-0053-4423-a154-4f8b6e7fb7dd?id=510921882"><span style="font-size:10.5pt;color:#5B5FC7">Find a local number</span></a>

<o:p></o:p></span></p>

</div>

</div>

<div style="margin-bottom:.25in">

<p class="MsoNormal"><span class="me-email-text-secondary"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">Phone conference ID:

</span></span><span class="me-email-text"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#242424">510 921 882#</span></span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span class="me-email-text-secondary"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">For organizers:

</span></span><span style="font-family:"Segoe UI",sans-serif;color:#242424"><a href="https://teams.microsoft.com/meetingOptions/?organizerId=685c3f4f-29d5-4141-ada5-0fdeab8480e4&tenantId=f3308007-477c-4a70-8889-34611817c55a&threadId=19_meeting_MDkwYzgzN2QtYWNmNC00MzJhLTgwMGUtYjViYzg0MGNjZjA2@thread.v2&messageId=0&language=en-US" target="_blank"><span style="font-size:10.5pt;color:#5B5FC7">Meeting

 options</span></a> </span><span style="font-family:"Segoe UI",sans-serif;color:#D1D1D1">|</span><span style="font-family:"Segoe UI",sans-serif;color:#242424">

<a href="https://dialin.teams.microsoft.com/usp/pstnconferencing" target="_blank">

<span style="font-size:10.5pt;color:#5B5FC7">Reset dial-in PIN</span></a> <o:p></o:p></span></p>

</div>

<div style="margin-top:.25in;margin-bottom:4.5pt">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424;mso-ligatures:none"><img border="0" width="188" height="30" style="width:1.9583in;height:.3125in" id="_x0000_i1026" src="https://www.ohio.edu/sites/default/files/2018-11/invite_logo_teams.jpg"></span><span style="font-family:"Segoe UI",sans-serif;color:#242424"><o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#616161">If you encounter issues with this meeting, please visit the Help link. If you are not able to resolve the problems, please contact the meeting organizer to let

 them know you are having difficulty.<o:p></o:p></span></p>

</div>

</div>

<div style="margin-bottom:.25in">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424"><a href="https://www.ohio.edu/oit/services/collaboration/teams/help" target="_blank"><span style="font-size:10.5pt;color:#5B5FC7">Org help</span></a>

</span><span style="font-size:12.0pt;font-family:"Segoe UI",sans-serif;color:#242424"><o:p></o:p></span></p>

</div>

<div style="margin-bottom:.25in;overflow:hidden">

<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif;color:#242424">________________________________________________________________________________<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</body>

</html>