[Eecs_phd] EECS Research Seminar Talk with CS Interview Candidate Dr. Ahmed Tanvir Mahdad-New Frontiers in Authentication and Side-Channels in Emerging Platforms: 2FA Attacks, Sensor Exploits, and AR/VR Security

Hunter, Tiffany huntert1 at ohio.edu
Mon Feb 17 14:05:33 EST 2025 

Title: New Frontiers in Authentication and Side-Channels in Emerging Platforms: 2FA Attacks, Sensor Exploits, and AR/VR Security



Abstract: Emerging mobile platforms, such as modern smartphones and AR/VR devices, bring new challenges in user verification, data protection, and user privacy. In terms of user verification and data protection, it is important to analyze modern authentication systems that use emerging platforms (e.g., smartphones) and state-of-the-art protocols (e.g., FIDO2) to implement Two-Factor Authentication (2FA) systems. To address this, we developed a novel attack framework and evaluated these authentication systems, uncovering vulnerabilities in all of them. Moreover, to explore user privacy risks on these emerging platforms, we analyzed side-channel vulnerabilities exploiting built-in zero-permission motion sensors of smartphones and AR/VR devices, revealing potential severe privacy leaks. Additionally, we leverage this side-channel information to develop potential defenses against known threats, such as unwanted robocalls and better AR/VR authentication systems.



My presentation focuses on two key areas of my research. First, I will present our designed attack framework that uncovers practical vulnerabilities in 2FA systems, revealing how attackers can bypass FIDO2 key-based and push notification authentication mechanisms without compromising the possession-factor device. Next, I will discuss side-channel privacy risks associated with zero-permission motion sensor data in smartphones and AR/VR devices, highlighting how sensitive information (e.g., user's gender, identity, emotion, and biological info such as vital signs and blood pressure) can be extracted. Finally, I will outline future research directions aimed at strengthening authentication security and safeguarding privacy in various emerging platforms.



Bio: Ahmed Tanvir Mahdad is a final-year Ph.D. student in the Computer Science and Engineering Department at Texas A&M University. He is currently conducting research under the supervision of Dr. Nitesh Saxena at the SPIES Lab. His research focuses on exploring and mitigating security and privacy issues in modern authentication systems and smart devices (e.g., smartphones, and AR/VR devices). Many of his works have been published in top-tier security and systems conferences and journals, including ACM CCS, IEEE S&P, ACM Mobicom, WWW, IEEE ICDCS, and ACM TOPS. Additionally, his research has been featured in various news media worldwide.

________________________________________________________________________________
Microsoft Teams Need help?<https://aka.ms/JoinTeamsMeeting?omkt=en-US>
Join the meeting now<https://teams.microsoft.com/l/meetup-join/19%3ameeting_MDkwYzgzN2QtYWNmNC00MzJhLTgwMGUtYjViYzg0MGNjZjA2%40thread.v2/0?context=%7b%22Tid%22%3a%22f3308007-477c-4a70-8889-34611817c55a%22%2c%22Oid%22%3a%22685c3f4f-29d5-4141-ada5-0fdeab8480e4%22%7d>
Meeting ID: 257 417 516 414
Passcode: 2QY3Bm6U
________________________________
Dial in by phone
+1 614-706-6572,,510921882#<tel:+16147066572,,510921882> United States, Columbus
Find a local number<https://dialin.teams.microsoft.com/8f5f7319-0053-4423-a154-4f8b6e7fb7dd?id=510921882>
Phone conference ID: 510 921 882#
For organizers: Meeting options<https://teams.microsoft.com/meetingOptions/?organizerId=685c3f4f-29d5-4141-ada5-0fdeab8480e4&tenantId=f3308007-477c-4a70-8889-34611817c55a&threadId=19_meeting_MDkwYzgzN2QtYWNmNC00MzJhLTgwMGUtYjViYzg0MGNjZjA2@thread.v2&messageId=0&language=en-US> | Reset dial-in PIN<https://dialin.teams.microsoft.com/usp/pstnconferencing>
[https://www.ohio.edu/sites/default/files/2018-11/invite_logo_teams.jpg]
If you encounter issues with this meeting, please visit the Help link. If you are not able to resolve the problems, please contact the meeting organizer to let them know you are having difficulty.
Org help<https://www.ohio.edu/oit/services/collaboration/teams/help>
________________________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.ohio.edu/pipermail/eecs_phd/attachments/20250217/940e392e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 11211 bytes
Desc: not available
URL: <http://listserv.ohio.edu/pipermail/eecs_phd/attachments/20250217/940e392e/attachment.ics>

More information about the eecs_phd mailing list