[Sep 23] Excited to participate and be awarded student travel grant from saTML. Thanks sponsors and organizers! |
[Sep 23] Awarded student research grants from UW-Madison. | [May 23] My last summer's internship work at Visa Research "Compact" is on ArXiv. Feedbacks and comments are welcome. |
[Aug 23] Presented our work “Araña" at USENIX Security 23. Here is TL;DR tweet I made about the paper. | [Jul 23] Got student travel grant from USENIX Security 23. Thanks to USENIX organizers and sponsors! | [May 23] I returned to Visa Research this summer to work on account recovery problem in passwordless user authentication! |
I am a Ph.D. candidate at the University of Wisconsin-Madison in the department of computer science and a member of the Madison Security and Privacy (MadS&P) research lab . I did my M.Sc. in computer science from University of Wisconsin-Madison in 2022, and before that completed my B.Sc. in computer science and engineering from Bangladesh University of Engineering and Technology (BUET) in 2017.
I am a computer security and privacy researcher. As a researcher, I focus on designing secure systems that can counteract attacks. To achieve this, I develop novel applied cryptography protocols, privacy-preserving machine learning techniques, and derive useful security policies via empirical analysis. Before starting my PhD, I used to do research in the areas of computational biology, software security, and lightweight cryptography for edge devices.
Since 2017, I have been doing research on solving a diverse range of problems. Feel free to click on the following buttons to know details about my past and ongoing research work in different areas.
User authenticationPublications: USENIX Security '22a, '22b, '23, two under submission
My PhD thesis is in the area of modern user authentication. In particular, my work investigates how to safeguard users' online accounts against advanced attacks——all while carefully striking a right balance amongst privacy, usability, security, and deployability related crucial issues of the underlying authentication scheme. I have worked on both password and passwordless user authentication.Password-based user authentication: My ongoing and past works have focused on addressing security, and privacy issues of different types of user authentication widely used today such as password-based, and passwordless (device bound) authentication. My works have focused on stopping attackers from launching password guessing attacks. Currently, I am working on developing robust defenses for malicious login detection. I am been advised by Prof. Rahul Chatterjee (my Ph.D. advisor) and Prof. Thomas Ristenpart (from Cornell Tech) on these projects.
Passwordless user authentication: We have been observing a major force in transitioning towards passwordless user authentication via passkeys. My ongoing work have focused on solving security problems of passkeys and FIDO2-based user authentication alike. I have been collaborating with Visa Research's Identity and Authentication Team —where I have interned twice — for this work.Publications: PETS 2024
I have also being working at the intersection of machine learning and cryptography to address the problem of secure training, and private inference. My recent work "compact" have addressed how to make complex activation functions used in machine learning secure multi-party computation (MPC) friendly.
Publications: BMC Genomics 2020, Bioinformatics journal 2022
Before starting my PhD, I used to work in the area of computation biology. I developed a dynamic programming based approach to estimate statistically consistent species tree from gene trees via maximizing the triplet consistency score. My another work involved developing a probabilistic method for filling genomic sequence gaps for short sequence reads.
My Master's thesis in BUET was related to security. It focused on developing lightweight cryptography for edge devices (published in MobiQuitous 2019)