Publications

JOURNALS

2023
- Sound-based Two-Factor Authentication: Vulnerabilities and Redesign
  Prakash Shrestha, Ahmed Tanvir Mahdad and Nitesh Saxena. In ACM Transactions on Privacy and Security (TOPS), 2023.
- A Survey of Threats to Research Literature Dependent Medical AI Solutions
  Shalini Saini and Nitesh Saxena
  In ACM Computing Surveys (CSUR), 2023
  [pdf]
2022
- Chirp-Loc: Multi-Factor Authentication via Acoustically-Generated Location Signatures  
  Prakash Shrestha, Hien Truong, Pupu Toivonen, Nitesh Saxena, Sasu Tarkoma, Petteri Nurmi
  In Pervasive and Mobile Computing (PMC) Journal, November 2022.
  [pdf]
- Enabling Finger-touch-based Mobile User Authentication via Physical Vibrations on
  IoT Devices
  Xin Yang, Song Yang, Jian Liu, Chen Wang, Yingying Chen and Nitesh Saxena
  In IEEE Transactions on Mobile Computing (TMC), 2022
  [pdf]
2021
- Authentication of Voice Commands on Voice Assistance Systems Leveraging Vibrations on Wearables
  Cong Shi, Yan Wang, Yingying Chen, and Nitesh Saxena.
  In IEEE Security and Privacy (Magazine), Special Issue of Selected Papers from ACSAC’20, 2021.
  [pdf]

2020

- Two-Factor Password-Authenticated Key Exchange with End-to-End Password Security.
  Stanislaw Jarecki, Mohammed Jubur, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena. In ACM Transactions on Privacy and Security, 2020.
  [pdf]

2019

- Building and Studying a Password Store that Perfectly Hides Passwords from Itself.
  Maliheh Shirvanian, Nitesh Saxena, Stanislaw Jarecki, and Hugo Krawczyk
  In IEEE Transactions on Dependable and Secure Computing (TDSC), Special Issue on Paradigm Shifts in Cryptographic Engineering, 2019
  [pdf]
- Sensor-based Proximity Detection in the Face of Active Adversaries
  Babins Shrestha, Nitesh Saxena, Hien Truong and N. Asokan.
  In IEEE Transactions on Mobile Computing (TMC), 2019
  [pdf]
- Emerging-Image Motion CAPTCHAs: Vulnerabilities of Existing Designs, and Countermeasures
  Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang
  In IEEE Transactions on Dependable and Secure Computing (TDSC), 2017.
  [pdf]

2018

- Noisy Vibrational Pairing of IoT Devices
  Abhishek Anand, and Nitesh Saxena
  In IEEE Transactions on Dependable and Secure Computing (TDSC), Special Issue on Emerging Attacks and Solutions for Secure Hardware in the Internet of Things, 2018.
  [pdf]
- Good Vibrations: Accessing ‘Smart’ Systems by Touching Any Solid Surface
  Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena,
  Biometric Technology Today, Issue 4, Pages 7-10, 2018.
  [pdf]
- An Offensive and Defensive Exposition of Wearable Computing
  Prakash Shrestha and Nitesh Saxena
  In ACM Computing Surveys (CSUR), 2018.
  [pdf]
- Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones: Defeating Humans and Machines
  Maliheh Shirvanian, Dibya Mukhopadhyay and Nitesh Saxena
  In Journal of Computer Security (JCS), 2018.
  [pdf]

2017

- On the Security and Usability of Dynamic Cognitive Game CAPTCHAs.
  Manar Mohamed, Song Gao, Niharika Sachdeva, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru and Paul van Oorschot
  In Journal of Computer Security (JCS), 2017.
  [pdf]

2016

- SMASheD: Sniffing and Manipulating Android Sensor Data for Offensive Purposes.
  Manar Mohamed, Babins Shrestha and Nitesh Saxena
  In IEEE Transactions on Information Forensics and Security (TIFS), 2016.
  [pdf]
- Neural Markers of Cybersecurity: An fMRI Study of Phishing, and Malware Warnings
  Ajaya Neupane, Nitesh Saxena, Jose O Maximo, and Rajesh K Kana
  IEEE Transactions on Information Forensics and Security (TIFS), 2016.
  [pdf]
- Task-dependent Changes in Frontal-Parietal Activation and Connectivity during Visual Search
  Jose O Maximo, Ajaya Neupane, Nitesh Saxena, Robert M Joseph, and Rajesh K Kana
  Brain Connectivity, 2016.
  [pdf]

2015

- Tap-Wave-Rub: Lightweight Human Interaction Approach to Curb Emerging Smartphone Malware
  Babins Shresth, Di Ma, Yan Zhu, Haoyu Li, and Nitesh Saxena
  IEEE Transactions on Information Forensics and Security (TIFS), to appear, 2015.
  [pdf]
- Consumer Perceptions of Mobile and Traditional Point-Of-Sale Credit or Debit Card Systems
  Nitesh Saxena, John J. Sloan, Manasvee Godbole, Jun Yu Jacinta Cai, Michael Georgescu, Oliver Nick Harper and David C. Schwebel
  In International Journal of Cyber Criminology, Volume 2, Issue 2, 2015.
  [pdf]

2014

- Using Contextual Co-Presence to Strengthen Zero-Interaction Authentication: Design, Integration and Usability
  Hien Thi Thu Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N. Asokan and Petteri Nurmi
  Elsevier Journal of Pervasive and Mobile Computing (PMC), to appear, 2014.
  [pdf]
- Keyboard Acoustic Side Channel Attacks: Exploring Realistic and Security-Sensitive Scenarios
  Tzipora Halevi and Nitesh SaxenaInternational Journal of Information Security, to appear, 2014.[pdf]
- Web Search Query Privacy: Evaluating Query Obfuscation and Anonymizing Networks
  Sai Teja Peddinti and Nitesh Saxena
  Journal of Computer Security, Volume 22, Number 1, 2014.
  [pdf]

2013

- Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks
  Tzipora Halevi, Haoyu Li, Di Ma, Nitesh Saxena, Jonathan Voris, and Tuo Xiang
  IEEE Transactions on Emerging Topics in Computing (TETC), Volume 1, Issue 2, November, 2013.
  [pdf]
- Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing
  Tzipora Halevi and Nitesh Saxena
  IEEE Transactions on Information Forensics and Security (TIFS), Volume:8, Issue: 3, March, 2013.
  [pdf]
- Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing
  Di Ma, Nitesh Saxena, Tuo Xiang, and Yan Zhu
  IEEE Transactions on Dependable and Secure Computing, Vol 10, Issue 2, March 2013.
  [pdf]

2012

- Authenticated Key Exchange with Key Re-Use in the Short Authenticated Strings Model
  Stanislaw Jarecki and Nitesh Saxena
  American Mathematical Society, Special Session on Mathematical Aspects of Cryptography and Cyber Security, Volume 582, December 2012.
  [pdf]
- Secure Initialization of Multiple Constrained Wireless Devices for an Unaided User
  Toni Perkovic, Mario Cagalj, Toni Mastelic, Nitesh Saxena, Dinko Begusic
  IEEE Transactions on Mobile Computing, February, 2011.
  [pdf]

2011

- A Context-Aware Approach to Defend Against Unauthorized Reading and Relay Attacks in RFID Systems
  Di Ma and Nitesh Saxena
  Wiley International Journal of Security and Communication Networks, Special Issue on “Protecting the Internet of Things”, December, 2011.
  [pdf]
- Data Remanence Effects on Memory Based Entropy Collection for RFID Systems
  Nitesh Saxena and Jonathan Voris
  International Journal of Information Security, Volume 10, Number 4, July 2011.
  [pdf]
- Secure Device Pairing based on a Visual Channel: Design and Usability Study
  Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan
  IEEE Transactions on Information Forensics and Security (TIFS), Volume 6, Issue 1, March 2011.
  [pdf]

2010

- Tree-based HB Protocols for Privacy-Preserving Authentication of RFID Tags
  Tzipora Halevi, Nitesh Saxena and Shai Halevi
  Journal of Computer Security — Special Issue on RFID System Security, Volume 19, Issue 2, April 2011.
  [pdf]
- On the Insecurity of Proactive RSA in the URSA Mobile Ad Hoc Network Access Control Protocol
  Stanislaw Jarecki and Nitesh Saxena,
  IEEE Transactions on Information Forensics and Security (TIFS), Volume 5, Issue 4, December 2010
  [pdf]

2009

- Non-Interactive Self-Certification for Long-Lived Mobile Ad Hoc Networks
  Nitesh Saxena, and Jeong H. Yi,
  IEEE Transactions on Information Forensics and Security (TIFS), Volume 4, Issue 4, December 2009
  [pdf]
- A Comparative Study of Secure Device Pairing Methods
  Arun Kumar, Nitesh Saxena, Gene Tsudik and Ersin Uzun
  Elsevier Pervasive and Mobile Computing Journal (PMC), Volume 5, Issue 6, December 2009.
  [pdf]
- Efficient Node Admission and Certificate-less Secure Communication in Short-lived MANETs
  Nitesh Saxena, Gene Tsudik and Jeong H. Yi,
  IEEE Transactions on Parallel and Distributed Systems (TPDS), Volume 20, Issue 2, February 2009
  [pdf]

2007

- Threshold Cryptography in P2P and MANETs: the Case of Access Control
  Nitesh Saxena, Gene Tsudik and Jeong H. Yi,
  Elsevier Computer Networks, Volume 51 , Issue 12, August 2007
  [pdf]
- Robust Self-Keying Mobile Ad Hoc Networks,
  Claude Castellucia, Nitesh Saxena, and Jeong H. Yi,
  Elsevier Computer Networks, Volume 51, Issue 4, March 2007
  [pdf]

CONFERENCES / WORKSHOPS

2024
- Opted Out, Yet Tracked: Are Regulations Enough to Protect Your Privacy?
  Zengrui Liu, Umar Iqbal and Nitesh Saxena
  Privacy Enhancing Technologies Symposium (PETS)/Proceedings on Privacy Enhancing Technologies (PoPETs). July 2024.
  [pdf]

2023
- Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards
  Yi Wu, Cong Shi, Tianfang Zhang, Payton Walker, Jian Liu, Nitesh Saxena and Yingying Chen
  In IEEE Symposium on Security and Privacy (IEEE S&P; Oakland), May 2023.
  [pdf]
- Hidden Reality: Caution, Your Hand Gesture Inputs in the Immersive Virtual World are Visible to All!
  Sindhu Reddy Kalathur Gopal, Diksha Shukla, James Wheelock, and Nitesh Saxena
  In the 32nd USENIX Security Symposium, August 2023.
  [pdf]
- FaceReader: Unobtrusively Mining Vital Signs and Vital Sign Embedded Sensitive Info via AR/VR Motion Sensors
  Tianfang Zhang, Zhengkun Ye, Ahmed Tanvir Mahdad, Md Mojibur Rahman Redoy Akanda, Cong Shi, Yan Wang, Nitesh Saxena and Yingying Chen
  In the ACM Conference on Computer and Communications Security (CCS), November 2023.
- Breaking Mobile Notification-based Authentication with Concurrent Attacks Outside of Mobile Devices
  Tanvir Ahmed Mahdad, Mohammed Jubir and Nitesh Saxena
  In the 29th Annual International Conference on Mobile Computing and Networking (Mobicom), October 2023.
  [pdf]
- Passive Vital Sign Monitoring via Facial Vibrations Leveraging AR/VR Headsets
  Tianfang Zhang, Cong Shi, Payton Walker, Zhengkun Ye, Yan Wang, Nitesh Saxena, Yingying Chen
  In the 21st ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2023.
  [link]
- EmoLeak: Smartphone Motions Reveal Emotions
  Ahmed Tanvir Mahdad, Cong Shi, Zhengkun Ye, Tianming Zhao, Yan Wang, Yingying Chen and Nitesh Saxena
  In the 43 rd IEEE International Conference on Distributed Computing Systems (ICDCS), July 2023.
  [pdf]
- BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers
  Payton Walker, Tianfang Zhang, Cong Shi, Nitesh Saxena and Yinying Chen
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May/June 2023.
  [pdf]
- SoK: An Analysis of End-to-End Encryption and Authentication Ceremonies in Secure Messaging Systems
  Mashari Alatawi and Nitesh Saxena
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.
  [pdf]
- SoK: A Comprehensive Evaluation of 2FA-based Schemes in the Face of Active Concurrent Attacks from User Terminals
  Tanvir Ahmed Mahdad and Nitesh Saxena
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.
  [pdf]
- Speaker Anonymity and Voice Conversion Vulnerability: A Speaker Recognition Analysis
  Shalini Saini, Nitesh Saxena.
  In Conference on Communications and Network Security (CNS), October 2023.
- Ballot Tabulation Using Deep Learning
  Fei Zhao, Chengcui Zhang, Nitesh Saxena, Dan Wallach and Akm Shahariar Azad Rabby
  In the 24th IEEE International Conference on Information Reuse and Integration (IRI). August 2023.
  [pdf]

2022

- Laser Meager Listener: A Scientific Exploration of Laser-based Speech Eavesdropping in Commercial User Space
  Payton Walker and Nitesh Saxena
  In the 7th IEEE European Symposium on Security and Privacy (EuroS&P), June 2022.
  [pdf]
- Hearing Check Failed: Using Laser Vibrometry to Analyze the Potential for Hard Disk Drives to Eavesdrop Speech Vibrations
  Payton Walker, Nitesh Saxena, S. Abhishek Anand, Tzipora Halevi and Shalini Saini
  In the 17th ACM ASIA Conference on Computer and Communications Security (ASIA CCS), May/June 2022.
  [pdf]
- Defending against Thru-barrier Stealthy Voice Attacks via Cross-Domain Sensing on Phoneme Sounds
  Cong Shi, Tianming Zhao, Wenjin Zhang, Ahmed Tanvir Mahdad, Zhengkun Ye, Yan Wang, Nitesh Saxena and Yingying Chen
  In the 42^nd IEEE International Conference on Distributed Computing Systems (ICDCS), July 2022.
  [pdf]
- SoK: Your Mind Tells a Lot About You: On the Privacy Leakage via Brainwave Devices
  Anuradha Mandal and Nitesh Saxena
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2022.
  [pdf]
- BiasHacker: Voice Command Disruption by Exploiting Speaker Biases in Automatic Speech Recognition
  Payton Walker, Nathan McClaran, Zihao Zheng, Nitesh Saxena and Guofei Gu
  In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2022.
  [pdf]
- Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques
  Zengrui Liu, Prakash Shrestha and Nitesh Saxena.
  In International Conference on Applied Cryptography and Network Security (ACNS), June 2022.
  [pdf]
- Beware of Your Vibrating Devices! Vibrational Relay Attacks on Zero-Effort Deauthentication
  Prakash Shrestha and Nitesh Saxena.
  In International Conference on Applied Cryptography and Network Security (ACNS), June 2022.
  [link]
- Human Brains Can’t Detect Fake News: A Neuro-Cognitive Study of Textual Disinformation Susceptibility
  Cagri Arisoy, Anuradha Mandal and Nitesh Saxena
  In the International Conference on Privacy, Security and Trust (PST), 2022.
  [pdf]
- Mobile Mental Health Apps: Alternative Intervention or Intrusion?
  Mobile Mental Health Apps: Alternative Intervention or Intrusion?
  In the International Conference on Privacy, Security and Trust (PST), 2022.
  [pdf]
- Predatory Medicine: Exploring and Measuring the Vulnerability of Medical AI to Predatory Science
  Shalini Saini, Nitesh Saxena.
  In The Conference on Health, Inference, and Learning (CHIL), April 2022.
  [pdf]
- Exploring Encrypted Keyboards to Defeat Client-Side Scanning in End-to-End Encryption Systems
  Mashari Alatawi, Nitesh Saxena.
  International Conference on Information Security and Cryptology (ICISC), November/December 2022.
  [link]

2021
- Face-Mic: Inferring Live Speech and Speaker Identity via Subtle Facial Dynamics Captured by AR/VR Motion Sensors
  Cong Shi, Xiangyu Xu, Tianfang Zhang , Payton Walker, Yi Wu, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
  In the 27th Annual International Conference on Mobile Computing and Networking (Mobicom), Jan/Feb 2022.
  [pdf]
- Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures
  Prakash Shrestha, Nitesh Saxena, Diksha Shukla and Vir Phoha
  In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.
  [pdf]
- Countering Concurrent Login Attacks in Just Tap Push-based Authentication: A Redesign and Usability Evaluations
  Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre, Andrei Bytes, Mohammed Jubur, Nitesh Saxena, Lucienne Blessing, Jianying Zhou and Tony Quek
  In the IEEE European Symposium on Security and Privacy (EuroS&P), Sep 2021.
  [pdf]
- Evaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White Noise
  Payton Walker and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2021.
  [pdf]
- SoK: Assessing the Threat Potential of Vibration-based Attacks against Live Speech using Mobile Sensors
  Payton Walker and Nitesh Saxena
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jun-Jul 2021.
  [pdf]
- Spearphone: A Lightweight Speech Privacy Exploit via Accelerometer-Sensed Reverberations from Smartphone Loudspeakers
  Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jun-Jul 2021.
  [pdf]
- EchoVib: Exploring Voice Authentication via Unique Non-Linear Vibrations of Short Replayed Speech
  Abhishek Anand, Jian Liu, Chen Wang, Maliheh Shirvanian, Nitesh Saxena and Yingying Chen
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
  [pdf]
- Bypassing Push-based Second Factor and Passwordless Authentication with Human-Indistinguishable Notifications
  Mohammed Jubur, Prakash Shrestha, Nitesh Saxena and Jay Prakash
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
  [pdf]
- HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks
  Yi Wu, Xiangyu Xu, Payton Walker, Jian Liu, Nitesh Saxena, Yingying Chen and Jiadi Yu
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2021.
  [pdf]
- Analyzing the Security of OTP 2FA in the Face of Malicious Terminals
  Tanvir Mahdad, Mohammed Jubur, and Nitesh Saxena
  In the International Conference on Information and Communications Security (ICICS), 2021.
  [link]

2020
- IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables
  Prakash Shrestha, Zengrui Liu and Nitesh Saxena.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.
  [link]
- Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks
  Maliheh Shirvanian, Manar Mohammed, Abhishek Anand and Nitesh Saxena.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.
  [link]
- WearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without Training
  Cong Shi, Yan Wang, Yingying Chen, Nitesh Saxena and Chen Wang.
  In Annual Computer Security Applications Conference (ACSAC), December 2020.
  [pdf]
- Hacksaw: Biometric-Free Non-Stop Web Authentication in an Emerging World of Wearables.
  Prakash Shrestha and Nitesh Saxena.
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2020.
  [pdf]
- CREPE: A Privacy-Enhanced Crash Reporting System.
  Kiavash Satvat, Mahshid Hosseini, Maliheh Shirvanian and Nitesh Saxena
  In ACM Conference on Data and Application Security and Privacy (CODASPY), March 2020.
  [pdf]

2019

- The Crux of Voice (In)Security: A Brain Study of Speaker Legitimacy Detection
  Ajaya Neupane, Nitesh Saxena, Leanne Hirshfield and Sarah Bratt
  In the Network and Distributed System Security Symposium (NDSS), February 2019.
  [pdf]
- Quantifying the Breakability of Mobile Assistants
  [Runner Up, The Mark Weiser Best Paper Award]
  Maliheh Shirvanian, Summer Vo and Nitesh Saxena
  International Conference on Pervasive Computing and Communications (PerCom), March 2019.
  [pdf]
- Challenge-Response Behavioral Mobile Authentication: A Comparative Study of Graphical Patterns and Cognitive Games
  Manar Mohamed, Prakash Shrestha and Nitesh Saxena.
  In Annual Computer Security Applications Conference (ACSAC), December 2019.
  [pdf]
- Defeating Hidden Audio Channel Attacks on Voice Assistants via Audio-Induced Surface Vibrations
  Chen Wang, Abhishek Anand, Jian Liu, Payton Walker, Yingying Chen and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2019.
  [pdf]
- Stethoscope: Crypto Phones with Transparent & Robust Fingerprint Comparisons using Inter Text-Speech TransformationsMaliheh Shirvanian, and Nitesh SaxenaInternational Conference on Privacy, Security and Trust (PST), August, 2019
  [pdf]
- ZEMFA: Zero-Effort Multi-Factor Authentication based on Multi-Modal Gait BiometricsBabins Shrestha, Manar Mohamed and Nitesh SaxenaInternational Conference on Privacy, Security and Trust (PST), August, 2019
  [pdf]
- Compromising Speech Privacy under Continuous Masking in Personal SpacesS Abhishek Anand, Payton Walker and Nitesh SaxenaInternational Conference on Privacy, Security and Trust (PST), August, 2019
  [pdf]
- Brain Hemorrhage: When Brainwaves Leak Sensitive Medical Conditions and Personal InformationAjaya Neupane, Kiavash Satvat, Mahshid Hosseini and Nitesh SaxenaInternational Conference on Privacy, Security and Trust (PST), August, 2019
  [pdf]
- CATCHA: When Cats Track Your Movements OnlinePrakash Shrestha, Nitesh Saxena, Ajaya Neupane and Kiavash SatvatInternational Conference on Information Security Practice and Experience (ISPEC), November, 2019
  [pdf]

2018

- Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors.
  Abhishek Anand and Nitesh Saxena
  In IEEE Symposium on Security and Privacy (IEEE S&P; Oakland), May 2018.
  [pdf]
- Do Social Disorders Facilitate Social Engineering? A Case Study of Autism and Phishing Attacks.
  Ajaya Neupane, Kiavash Satvat, Nitesh Saxena, Despina Stavrinos and Haley J. Bishop
  In the 34th Annual Computer Security Applications Conference (ACSAC), December 2018.
  [pdf]
- Listening Watch: Wearable Two-Factor Authentication using Speech Signals Resilient to Near-Far Attacks
  Prakash Shrestha, and Nitesh Saxena
  In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June 2018.
  [pdf]
- Two-Factor Authentication with End-to-End Password Security.
  Stanislaw Jarecki, Hugo Krawczyk, Maliheh Shirvanian and Nitesh Saxena
  In International Conference on Practice and Theory of Public Key Cryptography (PKC), March 2018.
  [pdf]
- Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses.
  Abhishek Anand and Nitesh Saxena
  In ACM Conference on Data and Application Security and Privacy (CODASPY), March 2018..
  [pdf]
- Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity.
  Prakash Shrestha, Babins Shrestha and Nitesh Saxena
  In IEEE Conference on Communications and Network Security (CNS), May/June 2018..
  [pdf]

2017

- CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
  Maliheh Shirvanian and Nitesh Saxena
  ACM Conference on Computer and Communications Security (CCS), October/Novermber 2017.
  [pdf]
- VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration.
  Jian Liu, Chen Wang, Yingying Chen and Nitesh Saxena
  In ACM Conference on Computer and Communications Security (CCS), October/Novermber 2017.
  [pdf]
- On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification.
  Maliheh Shirvanian, Nitesh Saxena and Jesvin James George.
  In Annual Computer Security Applications Conference (ACSAC), December 2017; arXiv preprint arXiv:1707.05285, 2017/7/17.
  [pdf]
- Neural Underpinnings of Website Legitimacy and Familiarity Detection: An fNIRS Study.
  Ajaya Neupane, Nitesh Saxena and Leanne Hirshfield
  In Security and Privacy Track, the World-Wide Web Conference (WWW), 2017.
  [pdf]
- SPHINX: A Password Store that Perfectly Hides Passwords from Itself.
  Maliheh Shirvanian, Stanislaw Jarecki, Hugo Krawczyk and Nitesh Saxena
  In IEEE International Conference on Distributed Computing Systems (ICDCS) , June 2017.
  [pdf]
- YELP: Masking Sound-based Opportunistic Attacks in Zero-Effort Deauthentication
  Prakash Shrestha, Abhishek Anand and Nitesh Saxena
  ACM Conference on Wireless Network Security (WiSec), July 2017.
  [pdf]
- Coresident Evil: Noisy Vibrational Pairing in the Face of Co-located Acoustic Eavesdropping
  Abhishek Anand, and Nitesh Saxena
  ACM Conference on Wireless Network Security (WiSec), July 2017.
  [pdf]
- PEEP: Passively Eavesdropping Private Input via Brainwave Signals
  Ajaya Neupane, Md. Lutfor Rahman and Nitesh Saxena
  In Financial Cryptography and Data Security (FC), April 2017.
  [pdf]

2016

- The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio.
  Babins Shrestha, Maliheh Shirvanian, Prakash Shrestha and Nitesh Saxena
  In ACM Conference on Computer and Communications Security (CCS), October 2016.
  [pdf]
- Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks.
  Otto Huhta, Prakash Shrestha, Swapnil Udar, Mika Juuti, Nitesh Saxena and N. Asokan
  In the Network and Distributed System Security Symposium (NDSS), February 2016.
  [pdf]
- Gametrics: Towards Attack-Resilient Behavioral Authentication with Simple Cognitive Games
  Manar Mohamed and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2016
  [pdf]
- Theft-Resilient Mobile Payments: Transparently Authenticating NFC Users with Tapping Gesture Biometrics
  Babins Shrestha, Manar Mohamed, Sandeep Tamrakar and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2016
  [pdf]
- Device-Enhanced Password Protocols with Optimal Online-Offline Protection.
  Stanislaw Jarecki, Hugo Krawczyk, Maliheh Shirvanian and Nitesh Saxena
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2016.
  [pdf]
- Slogger: Smashing Motion-based Touchstroke Logging with Transparent System Noise
  Prakash Shrestha, Manar Mohamed and Nitesh Saxena
  ACM Conference on Wireless Network Security (WiSec), July 2016
  [pdf]
- Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise
  Abhishek Anand, and Nitesh Saxena
  ACM Conference on Wireless Network Security (WiSec), July 2016
  [pdf]
- A Sound for a Sound: Mitigating Acoustic Side Channel Attacks on Password Keystrokes with Active Sounds.
  Abhishek Anand and Nitesh Saxena
  In Financial Cryptography and Data Security, February, 2016..
  [pdf]
- SMASheD: Sniffing and Manipulating Android Sensor Data.
  Manar Mohamed, Babins Shrestha and Nitesh Saxena
  In ACM Conference on Data and Application Security and Privacy (CODASPY), March 2016.
  [pdf]

2015

- A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
  Ajaya Neupane, Md. Lutfor Rahman, Nitesh Saxena, and Leanne Hirshfield
  In ACM Conference on Computer and Communications Security (CCS), October 2015
  [pdf]
- Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks
  Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang
  In Annual Computer Security Applications Conference (ACSAC), December 2015
  [pdf]
- On the Security and Usability of Crypto Phones
  Maliheh Shirvanian and Nitesh Saxena
  In Annual Computer Security Applications Conference (ACSAC), December 2015
  [pdf]
- All Your Voices Are Belong to Us: Stealing Voices to Fool Humans and Machines
  Dibya Mukhopadhyay, Maliheh Shirvanian and Nitesh Saxena
  European Symposium on Research in Computer Security (ESORICS), September 2015.
  [pdf]
- Bad Sounds Good Sounds: Attacking and Defending Tap-based Rhythmic Passwords using Acoustic Signals
  S Abhishek Anand, Prakash Shrestha, and Nitesh Saxena
  International Conference on Cryptology and Network Security (CANS), December 2015.
  [pdf]
- Curbing Mobile Malware based on User-Transparent Hand Movements
  Babins Shrestha, Manar Mohamed, Anders Borg, Nitesh Saxena and Sandeep Tamrakar.
  International Conference on Pervasive Computing and Communications (PerCom), March 2015.
  [pdf]

2014

- Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones
  Maliheh Shirvanian and Nitesh Saxena
  ACM Conference on Computer and Communications Security (CCS), November 2014.
  [pdf]
- Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings [Distinguished Paper Award]
  Ajaya Neupane, Nitesh Saxena, Keya Kuruvilla, Michael Georgescu, and Rajesh Kana
  The Network and Distributed System Security Symposium (NDSS), February 2014
  [pdf]
- Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices
  Maliheh Shirvanian, Stanislaw Jarecki, Nitesh Saxena and Naveen Nathan.
  The Network and Distributed System Security Symposium (NDSS), February 2014
  [pdf]
- Gaming the Game: Defeating a Game CAPTCHA with Efficient and Robust Hybrid Attacks
  Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang.
  In Security and Forensics Track, IEEE International Conference on Multimedia and Expo (ICME), July 2014.
  [pdf]
- Comparing and Fusing Different Sensor Modalities for Relay Attack Resistance in Zero-Interaction Authentication
  Hien Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N. Asokan, and Petteri Nurmi.
  International Conference on Pervasive Computing and Communications (PerCom), March 2014.
  [pdf]
- A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability.
  Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot and Wei-Bang Chen
  In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June 2014.
  [pdf]
- Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-Sensing
  Babins Shrestha, Nitesh Saxena, Hien Truong and N. Asokan.
  In Financial Cryptography and Data Security, March 2014.
  [pdf]
- Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming
  Manar Mohamed, Song Gao, Nitesh Saxena, and Chengcui Zhang.
  In the Workshop on Usable Security (USEC), co-located with NDSS, February 2014.
  [pdf]

2013

- On the Viability of CAPTCHAs for Use in Telephony Systems: A Usability Field Study
  NIharika Sachdeva, Nitesh Saxena, and Ponnurangam Kumaraguru
  Information Security Conference (ISC), November 2013..
  [pdf]
- Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture
  Babins Shrestha, Nitesh Saxena and Justin Harrison
  International Conference on Cryptology and Network Security, November 2013.
  [pdf]
- Tap-Wave-Rub: Lightweight Malware Prevention for Smartphones using Intuitive Human Gestures
  Di Ma, Nitesh Saxena, Babins Shrestha, Yan Zhu, and Haoyu Li
  ACM Conference on Wireless Network Security (WiSec), April 2013
  [extended version pdf]
- Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices
  Ragib Hasan, Nitesh Saxena, Tzipora Halevi, Shams Zawoad, and Dustin Rinehart
  ACM Symposium on Information, Computer and Communications Security (AsiaCCS), May 2013
  [pdf]
- Exploring Extrinsic Motivation for Better Security: A Usability Study of Scoring-Enhanced Device Pairing
  Alexander Gallego, Nitesh Saxena, and Jonathan Voris
  International Conference on Financial Cryptography and Data Security (FC), April 2013.
  [pdf]
- An Investigation of the Usability of a Game for Secure Wireless Device Association
  Alexander Gallego, Nitesh Saxena, and Jonathan Voris
  6th International Conference on Computer Games, Multimedia and Allied Technology (CGAT), April 2013.
  [pdf]

2012

- Secure Proximity Detection for NFC Devices based on Ambient Sensor Data
  Tzipora Halevi, Di Ma, Nitesh Saxena, and Tuo Xiang
  European Symposium on Research in Computer Security (ESORICS), September 2012
  [pdf]
- Exploring Mobile Proxies for Better Password Authentication
  Nitesh Saxena and Jonathan Voris
  International Conference on Information and Communications Security (ICICS), October 2012
  [pdf]
- A Closer Look at Keyboard Acoustic Emanations: Random Passwords, Typing Styles and Decoding Techniques
  Tzipora Halevi and Nitesh Saxena
  ACM Symposium on Information, Computer and Communications Security (AsiaCCS), May 2012
  [pdf]
- Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing
  Di Ma, Anudath K Prasad, Nitesh Saxena, and Tuo Xiang
  ACM Conference on Wireless Network Security (WiSec), April 2012
  [pdf]
- Sensing-Enabled Defenses to RFID Unauthorized Reading and Relay Attacks without Changing the Usage Model
  Tzipora Halevi, Sein Lin, Di Ma, Anudath K Prasad, Nitesh Saxena, Jonathan Voris and Tuo Xiang
  International Conference on Pervasive Computing and Communications (PerCom), March 2012
  [pdf]
- Estimating Age Privacy Leakage in Online Social Networks
  Ratan Dey, Cong Tang, Keith Ross and Nitesh Saxena
  International Conference on Computer Communications (IEEE INFOCOM), March 2012
  [pdf]

2011

- Password-Protected Secret Sharing
  Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena and Yanbin Liu
  ACM Conference on Computer and Communications Security (CCS), October 2011
  [pdf]
- Cover Locations: Availing Location-Based Services Without Revealing the Location
  Sai Teja Peddinti, Avis Dsouza, and Nitesh Saxena
  Workshop on Privacy in the Electronic Society (WPES 2010), co-located with ACM CCS, October, 2011.
  [pdf]
- On the Limitations of Query Obfuscation Techniques for Location Privacy
  Sai Teja Peddinti and Nitesh Saxena
  International Conference on Ubiquitous Computing (Ubicomp), September 2011.
  [pdf]
- Playful Security: A Computer Game for Secure Pairing of Wireless Devices
  Alexander Gallego, Nitesh Saxena, and Jonathan Voris
  The 16th International Computer Games Conference (CGames): AI, Animation, Mobile, Interactive Multimedia, Educational & Serious Games, July 2011.
  [pdf]
- Accelerometers and Randomness: Perfect Together
  Jonathan Voris, Nitesh Saxena, and Tzipora Halevi
  ACM Conference on Wireless Network Security (WiSec), June 2011.
  [pdf]
- Vibrate-to-Unlock: Mobile Phone Assisted User Authentication to Multiple Personal RFID Tags
  Nitesh Saxena, Md. Borhan Uddin, Jonathan Voris and N. Asokan
  International Conference on Pervasive Computing and Communications (PerCom), March 2011.
  [pdf]
- What’s in a Name: A Study of Names, Gender Inference, and Gender Behavior in Facebook
  Cong Tang, Keith Ross, Nitesh Saxena and Ruichuan Chen
  International Workshop on Social Networks and Social Media Mining on the Web (SNSMW), co-located with DASFAA, April 2011.
  [pdf]
- Pairing Devices for Social Interactions: A Comparative Usability Evaluation
  Ersin Uzun, Nitesh Saxena and Arun Kumar
  ACM Conference on Human Factors in Computing Systems (CHI), May 2011.
  [pdf]
- On the Effectiveness of Anonymizing Networks for Web Search Privacy
  Sai Teja Peddinti and Nitesh Saxena
  ACM Symposium on Information, Computer and Communications Security (AsiaCCS), March 2011.
  [pdf]

2010

- On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping
  Tzipora Halevi and Nitesh Saxena
  ACM Conference on Computer and Communications Security (CCS), October 2010
  [pdf]
- A Comparative Usability Evaluation of Traditional Password Managers
  Ambarish Karole, Nitesh Saxena and Nicolas Christin
  International Conference on Information Security and Cryptology (ICISC), December 2010
  [pdf]
- On the Privacy of Peer-Assisted Distribution of Security Patches
  Di Wu, Cong Tang, Prithula Dhungel, Nitesh Saxena and Keith W. Ross
  IEEE International Conference on Peer-to-Peer Computing (P2P), August 2010
  [pdf]
- Authenticated Key Agreement with Key Re-Use in the Short Authenticated Strings Model
  Stanislaw Jarecki and Nitesh Saxena
  Conference on Security and Cryptography for Networks (SCN), September 2010.
  [pdf]
- Groupthink: Usability of Secure Group Association for Wireless Devices
  Rishab Nithyanand, Nitesh Saxena, Gene Tsudik and Ersin Uzun
  International Conference on Ubiquitous Computing (Ubicomp), September 2010.
  [pdf]
- Still and Silent: Motion Detection for Enhanced RFID Security and Privacy without Changing the Usage Model
  Nitesh Saxena and Jonathan Voris
  Workshop on RFID Security (RFIDSec), June 2010.
  [pdf]
- On the Privacy of Web Search Based on Query Obfuscation: A Case Study of TrackMeNot
  Sai Teja Peddinti and Nitesh Saxena
  Privacy Enhancing Technologies Symposium (PETS), July 2010.
  [pdf]
- Shoulder Surfing Safe Login in a Partially Observable Attacker Model
  Toni Perkovic, Mario Cagalj and Nitesh Saxena
  Financial Cryptography (FC), January 2010.
  [pdf]

2009

- On the Usability of Secure Association of Wireless Devices Based On Distance Bounding
  Mario Cagalj, Nitesh Saxena and Ersin Uzun
  Cryptology and Network Security (CANS), December 2009.
  [pdf]
- Blink ‘Em All: Secure, Scalable and User-Friendly Initialization of Sensor Nodes
  Nitesh Saxena and Md. Borhan Uddin
  Cryptology and Network Security (CANS), December 2009.
  [pdf]
- Authentication Technologies for the Blind or Visually Impaired
  Nitesh Saxena and James Watt
  USENIX Workshop on Hot Topics in Secuirty (HotSec), August 2009.
  [pdf]
- We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags
  Nitesh Saxena and Jonathan Voris
  Workshop on RFID Security (RFIDSec), July 2009.
  [pdf]
- Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population
  Tzipora Halevi, Nitesh Saxena and Shai Halevi
  Workshop on RFID Security (RFIDSec), July 2009.
  [pdf]
- Improving the Robustness of Wireless Device Pairing Using Hyphen-Delimited Numeric Comparison
  Ambarish Karole and Nitesh Saxena
  International Symposium on Emerging Ubiquitous and Pervasive Systems (EUPS), August 2009.
  [pdf]
- Bootstrapping Key Pre-Distribution: Secure, Scalable and User-Friendly Initialization of Sensor Nodes
  Nitesh Saxena and Md. Borhan Uddin
  Applied Cryptography and Network Security (ACNS), Industrial Track paper, June 2009.
  [pdf]
- Secure Pairing of “Interface-Constrained” Devices Resistant Against Rushing User Behavior
  Nitesh Saxena and Md. Borhan Uddin
  Applied Cryptography and Network Security (ACNS), June 2009.
  [pdf]
- Caveat Emptor: A Comparative Study of Secure Device Pairing Methods
  Arun Kumar, Nitesh Saxena, Gene Tsudik and Ersin Uzun
  International Conference on Pervasive Computing and Communications (PerCom), March 2009.
  [pdf]

2008

- Automated Device Pairing for Asymmetric Pairing Scenarios
  Nitesh Saxena and Md. Borhan Uddin
  International Conference on Information and Communications Security (ICICS), October 2008.
  [pdf]
- Universal Device Pairing using an Auxiliary Device
  Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris
  Symposium On Usable Privacy and Security (SOUPS), July 2008.
  [pdf]
- Efficient Device Pairing using Synchronized “Human-Comparable” Audiovisual Patterns
  Ramnath Prasad and Nitesh Saxena
  Applied Cryptography and Network Security (ACNS), June 2008.
  [pdf]
- Pairing Devices with Good Quality Output Interfaces
  Nitesh Saxena and Jonathan Voris
  International Workshop on Wireless Security and Privacy (WISP) (co-located with ICDCS).
  June 2008.
  [pdf]

2007

- The Pollution Attack in P2P Live Video Streaming: Messurement Results and Defenses
  Prithula Dhungel, Xiaojun Hei, Keith W. Ross, and Nitesh Saxena
  Peer-to-Peer Streaming and IP-TV Workshop (P2P-TV) (co-located with SIGCOMM),
  August 2007
  [pdf]

2006 and earlier

- Public Key Cryptography sans Certificates in Ad Hoc Networks (Best Student Paper!)
  Nitesh Saxena
  Applied Cryptography and Network Security (ACNS), June 2006.
  [pdf]
- Secure Device Pairing based on a Visual Channel
  Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan
  IEEE Symposium on Security and Privacy, Oakland, appeared as short paper (6 pages),
  May 2006.
  [full paper: pdf][short paper: pdf]
- Securing Communication in Various Ad Hoc Network Settings
  Nitesh Saxena
  IEEE Infocom Student Workshop, April 2006.
- Efficient Node Admission for Short-lived Mobile Ad Hoc Networks
  Nitesh Saxena, Gene Tsudik, and Jeong H. Yi,
  IEEE Conference on Networking Protocols (ICNP), November 2005.
  [pdf]
- Self-Configurable Key Pre-distribution in Mobile Ad Hoc Networks,
  Claude Castellucia, Nitesh Saxena, and Jeong H. Yi,
  IFIP Networking Conference, May 2005.
  [pdf]
- Futher Simplifications in Proactive RSA Signatures,
  Stanislaw Jarecki, and Nitesh Saxena,
  Theory of Cryptography Conference (TCC), February 2005.
  [pdf]
- Identity-based Access Control for Ad Hoc Groups,
  Nitesh Saxena, Gene Tsudik, and Jeong H. Yi,
  International Conference on Information Security and Cryptology (ICISC), December 2004.
  [pdf]
- An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol,
  Stanislaw Jarecki, Nitesh Saxena, and Jeong Hyun Yi,
  ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), pp.1-9, Washington, DC, USA, October 25, 2004.
  [pdf]
- Access Control in Ad Hoc Groups,
  Nitesh Saxena, Gene Tsudik, and Jeong H. Yi,
  International Workshop on Hot Topics in Peer-to-Peer Systems (HOT-P2P), Volendam, The Netherlands, October 2004.
  [pdf]
- Experimenting with Admission Control in P2P,
  Nitesh Saxena, Gene Tsudik, and Jeong H. Yi,
  International Workshop on Advanced Developments in System and Software Security (WADIS), Taipei, Taiwan, December 2003.
  [pdf]
- Admission Control in Peer-to-Peer: Design and Performance Evaluation,
  Nitesh Saxena, Gene Tsudik, and Jeong H. Yi,
  ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), pp.104-114, Fairfax, VA, USA, October 31, 2003.
  [pdf]

BOOK CHAPTERS

- Towards Sensing-Enabled RFID Security and PrivacyDi Ma and Nitesh Saxena
  Security and Trends in Wireless Identification and Sensing Platform Tags: Advancements in RFID, IGI Global, 2012.
- Expermenting with Admission Control in P2P NetworksNitesh Saxena, Gene Tsudik and Jeong H. Yi,
  Computer Security in the 21st Century, ISBN: 0-387-24005-5, Springer, 2005.

DISSERTATIONS

- Decentralized Security Services (Nominated for the ACM Doctoral Dissertation Award!)Nitesh Saxena,
  Ph.D Dissertation, UC Irvine, August 2006
- Cryptanalysis of the SchlusselzusatzNitesh Saxena,
  M.S. Dissertation, UC Santa Barbara, March 2002
  Also appears in the chapter on “The Emergence of Cipher Machines” of the book Computer Security and Crypgraphy, by Alan G. Konheim

JOURNALS

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2007

CONFERENCES / WORKSHOPS

2024

2023

BOOK CHAPTERS

DISSERTATIONS