[Dec 24] Excited to be serving in the program committee member of ACM CCS 25! |
[Oct 24] I talked about my research on passwords and passkeys at CS@UIUC PhD seminar course. Thanks to Adam Bates and Varun for hosting and inviting me. | [May 24] I returned to Visa research this summer to address security and privacy issues of large language models. |
[April 24] Our paper led by Majed got accepted to IEEE-Euro S&P! |
[Feb 24] I passed my PhD proposal exam. I am a PhD candidate now! |
[Jan 24] My work Compact got accepted to PETs 2024. |
[Sep 23] Excited to participate and be awarded student travel grant from saTML. Thanks sponsors and organizers! |
[Sep 23] Awarded student research grants from UW-Madison. | [May 23] My last summer's internship work at Visa Research "Compact" is on ArXiv. Feedbacks and comments are welcome. |
[Aug 23] Presented our work “Araña" at USENIX Security 23. Here is a TL;DR tweet I made about the paper. | [Jul 23] Got student travel grant from USENIX Security 23. Thanks to USENIX organizers and sponsors! | [May 23] I returned to Visa Research this summer to work on account recovery problem in passwordless user authentication! |
I am a Ph.D. candidate (dissertator) in computer science at the University of Wisconsin——Madison, and my research area is in security and privacy. I am advised by Prof. Rahul Chatterjee, and I frequently collaborate with Prof. Thomas Ristenpart (from Cornell Tech) and Visa Research where I spent the last three summers as a staff research scientist.
I completed my M.Sc. in computer science also from University of Wisconsin-Madison in 2022, and before that completed my B.Sc. in computer science and engineering from Bangladesh University of Engineering and Technology (BUET) in 2017. My resume is available here.Broadly my works are at the intersection of privacy enhancing technologies, deep learning, and web security. My PhD thesis in particular looks at developing detection and prevention techniques to protect passwords, passkey based user authentication from attacks.
Feel free to click on my ongoing and prior research projects below to know details.
User authenticationPublications: USENIX Security '22a, '22b, '23, two under submission
My PhD thesis is in the area of modern user authentication where I investigate how to safeguard users' online accounts against advanced attacks——all while carefully striking a right balance amongst privacy, usability, security, and deployability related crucial issues of the underlying authentication protocol. I have worked on the two most widely used online user authentication protocols: password-based, and passwordless as detailed in the following.Password-based user authentication: Passwords are the most popular, widely used, and convenient form of online user authentication. Unfortunately password based user authentication are prone to be vulnerable against advanced attacks. My work focuses on stopping attackers from launching password guessing attacks, and detecting malicious logins even against advanced attackers.
Passwordless user authentication: We have been observing a major industry led force in transitioning towards passwordless user authentication via passkeys. My ongoing work focuses on solving security problems of passkeys and FIDO2-based user authentication alike.Publications: PETs 2024, one ongoing work
I have also being working at the intersection of machine learning and cryptography to address the problem of secure training, and private inference. My recent work "compact" have addressed how to make complex activation functions used in machine learning secure multi-party computation (MPC) friendly. Currently I working on addressing security and privacy issues of autoregssive large language moels using cryptographic techniques.
Publications: BMC Genomics 2020, Bioinformatics journal 2022
Before starting my PhD, I used to work in the area of computation biology. I developed a dynamic programming based approach to estimate statistically consistent species tree from gene trees via maximizing the triplet consistency score. My another work involved developing a probabilistic method for filling genomic sequence gaps for short sequence reads.
My Master's thesis in BUET was related to security. It focused on developing lightweight cryptography for edge devices (published in MobiQuitous 2019)
Supervisor(s): Prof. Rahul Chatterjee (Advisor) , Prof. Thomas Ristenpart
Lab: MadS&P (Security and Privacy Group at UW-Madison)
Working on enhancing security of password based authentication without sacrificing their usability
Visa Research, Foster City, CA.
Team members: Dr. Coby Wang (Mentor), Dr. Shimaa Ahmed, Dr. Ranjit Kumaresan and Dr. Sunpreet S. Arora
Addressing security and privacy issues of large language models using cryptographic techniques.
Visa Research, Palo Alto, CA.
Team members: Dr. Coby Wang (Mentor), and Dr. Sunpreet S. Arora
Developing solutions to account recovery problem in passwordless user authentication.
Visa Research, Palo Alto, CA.
Team members: Dr. Maliheh Shirvanian (Mentor), Dr. Peter Rindel, and Dr. Sunpreet S. Arora
During the internship, I worked on designing multi-party computation (MPC) friendly complex non-linear functions used in deep neural networks.
United International University (UIU), Dhaka, Bangladesh
Department of Computer Science and Engineering (CSE)
I was the primary instructor for undergraduate level theory courses. Throughout three years I designed and instructed the following undergraduate level courses to more than 300 students:
1. CSE-477: Network Security (Summer-17, Spring-18, Summer-18, Fall-18)
2. CSE-315: Data communications (Spring-18, Summer-18)
iPay Systems Ltd (an e-wallet and secure payment platform based company), Dhaka. Bangladesh
Supervisor: Tahmid Tanzim
1. Designed contact search, profile settings, and money transaction pages into the existing code base using Angular JS - 1.2
2. I developed a firewall manager from scratch on top of a Linux program named iptables using Angular JS-1.2 as frontend and Django as backend. The application was designed to help the network administrators to navigate and manage firewall rules with ease (similar to Cisco firewall manager).
[1] Mazharul Islam, Sunpreet S. Arora, Rahul Chatterjee, Ke Coby Wang
“Detecting Compromise of Remotely Backed up Passkeys (title changed for anonymity)
PDF, Under revision.
[2] Mazharul Islam, Marina Sanusi Bohuk, Thomas Ristenpart, Rahul Chatterjee
“Detecting Malicious logins in the Presence of Adaptive Attackers in Real Time" (title changed for anonymity)
PDF, Under review.
[3] Mazharul Islam, Sunpreet S. Arora, Rahul Chatterjee, Peter Rindal, Maliheh Shirvanian
“Compact: Approximating Complex Activation Functions for Secure Computation".
PDF, Proceedings on Privacy Enhancing Technologies (PETs), 2024
[4] Mazharul Islam*, Marina Sanusi Bohuk*, Paul Chung, Thomas Ristenpart, Rahul Chatterjee (*co-first authors)
“Araña: Discovering and Characterizing Password Guessing Attacks in Practice"
USENIX Security 2023, Acceptance rate = 29%.
PDF,
Source Code
Slides
BibTeX
[5] Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael Swift, Thomas Ristenpart, Rahul Chatterjee
“Gossamer: Securely Measuring Password-based Logins"
USENIX Security 2022, Acceptance rate = 17.2%.
PDF,
Source Code, Media Coverage: USENIX ;login:
BibTeX
[6] Bijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher Wood, Thomas Ristenpart,
Rahul Chattejee
"Might I Get Pwned: A Second Generation Compromised Credential Checking Service"
USENIX Security 2022, Acceptance rate = 17.2%.
PDF,
Source Code, Media Coverage: The Cloudflare Blog.
BibTeX
[7] Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
"Coding Practices and Recommendations of Spring Security for Enterprise Applications".
IEEE Secure Development Conference. Atlanta, GA, September 2020. Acceptance rate = 39%
PDF, Presentation Video
BibTeX
[8] Majed Almansoori, Mazharul Islam, Saptarshi Ghosh, Mainack Mondal, Rahul Chatterjee
"The Web of Abuse: A Comprehensive Analysis of Online Resource in the Context of Technology-Enabled Intimate Partner Surveillance".
IEEE EuroS&P 2024, Vienna, Austria
PDF,
BibTeX
2020 and earlier
Mazharul Islam, Kowshika Sarker, Trisha Das, Rezwana Reaz, Md. Shamsuzzoha Bayzid
STELAR: a statistically consistent coalescent-based species tree estimation method by maximizing triplet consistency".
BMC Genomics 21, 136 (2020). Impact Factor: 3.9
PDF,
Source Code
BibTeX
Sumit Tarafder, Mazharul Islam, Swakkhar Shatabda, Atif Rahman
Figbird: a probabilistic method for filling gaps in genome assemblies".
Bioinformatics, Volume 38, Issue 15, 1 August 2022, Pages 3717–3724.
Impact Factor: 6.9
PDF,
Source Code
BibTeX
Mazharul Islam, Novia Nurain , Mohammad Kaykobad , Sriram Chellappan , A. B. M. Alim Al Islam
"HEliOS: huffman coding based lightweight encryption scheme for data transmission".
Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and ServicesNovember 2019 (MobiQuitous '19), Pages 70–79. H-index: 40, Acceptance Rate = 30%.
PDF Presentation Slides
BibTeX
Mazharul Islam, MD. Nazmuddoha Ansary, Novia Nurain, Salauddin Parvez Shams, A. B. M. Alim Al Islam
A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm".
2018 5th International Conference on Networking, Systems and Security (NSysS)
PDF
BibTeX