Category: Uncategorized

SPIES Lab will have 3 papers presented at ASIACCS 2021.

• EchoVib: Exploring Voice Authentication via Unique Non-Linear Vibrations of Short Replayed Speech
  Abhishek Anand, Jian Liu, Chen Wang, Maliheh Shirvanian, Nitesh Saxena and Yingying Chen
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
• Bypassing Push-based Second Factor and Passwordless Authentication with Human-Indistinguishable Notifications
  Mohammed Jubur, Prakash Shrestha, Nitesh Saxena and Jay Prakash
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
• HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks
  Yi Wu, Xiangyu Xu, Payton Walker, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.

Two papers accepted to EuroS&P 2021:

• Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures
  Prakash Shrestha, Nitesh Saxena, Diksha Shukla and Vir Phoha
  In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.
• Countering Concurrent Login Attacks in Just Tap Push-based Authentication: A Redesign and Usability Evaluations
  Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre, Andrei Bytes, Mohammed Jubur, Nitesh Saxena, Lucienne Blessing, Jianying Zhou and Tony Quek
  In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.

Enabling Finger-touch-based Mobile User Authentication via Physical Vibrations on
IoT Devices
Xin Yang, Song Yang, Jian Liu, Chen Wang, Yingying Chen and Nitesh Saxena
In IEEE Transactions on Mobile Computing (TMC), 2020

Two-Factor Password-Authenticated Key Exchange with End-to-End Password Security.
Stanislaw Jarecki, Mohammed Jubur, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena In ACM Transactions on Privacy and Security, 2020.

The acceptance rate for papers accepted in the first cycle = 17.8% (28/157)

• • EchoVib: Exploring Voice Authentication via Unique Non-Linear Vibrations of Short Replayed Speech
    Abhishek Anand, Jian Liu, Chen Wang, Maliheh Shirvanian, Nitesh Saxena and Yingying Chen
    In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2020.
  • HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks
    Yi Wu, Xiangyu Xu, Payton Walker, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
    In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2020.

Dr. Saxena has a new NSF SaTC Medium (Transition to Practice) grant funded:

NSF Secure and Trustworthy Cyberspace Program Medium Grant, “Intrusion-Tolerant Outsourced Storage for Cyber-Infrastructure”, $900,000, Oct 2020 – Sep 2023, Lead PI.  Collaborative project with: UC Irvine.

This project will investigate the design and development of next generation, secure storage and authentication services that will be fully resistant against intrusions onto the services themselves.

• IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables
  Prakash Shrestha, Zengrui Liu and Nitesh Saxena.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.
• Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks
  Maliheh Shirvanian, Manar Mohammed, Abhishek Anand and Nitesh Saxena.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.
• WearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without Training
  Cong Shi, Yan Wang, Yingying Chen, Nitesh Saxena and Chen Wang.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.

Zengrui Liu passed his PhD qualifiers: a systematic exposition of web browser fingerprinting. An important (though rather crowded) area, but with many big missing pieces.

Payton Walker rocked his PhD quals: a synthesization of passive side channel & active command injection attacks on voice interfaces. His work exposes a wide gap–what’s shown via controlled experiments in prior work may not meet the real-world parameterizations of these attacks.