Research

Conference Proceedings and Journal Articles

  • J. Ceci, J. Stegman, and H. Khan. No Privacy in the Electronics Repair Industry. Accepted to appear at the 44th IEEE Symposium on Security and Privacy, 2023.
  • J. Stegman, P. J. Trottier, C. Hillier, H. Khan, and M. Mannan. "My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software. Accepted to appear at the 32nd USENIX Security Symposium, 2023.
  • S. Habib, H. Khan, A. Hamilton-Wright, and U. Hengartner. Revisiting the Security of Biometric Authentication Systems Against Statistical Attacks. Accepted to appear in ACM Transactions on Privacy and Security, 2022.
  • J. Chen, U. Hengartner, and H. Khan. Sharing without Scaring: Enabling Smartphones to Become Aware of Temporary Sharing. Proc. of 18th USENIX Symposium on Usable Privacy and Security (SOUPS), 2022.
  • J. Ceci, H. Khan, U. Hengartner, and D. Vogel. Concerned but Ineffective: User Perceptions, Methods, and Challenges when Sanitizing Old Devices for Disposal. Proc. of 17th USENIX Symposium on Usable Privacy and Security (SOUPS), 2021.
  • J. Chen, U. Hengartner, H. Khan, and M. Mannan. Chaperone: Real-time Locking and Loss Prevention for Smartphones. Proc. of 29th USENIX Security Symposium, 2020.
  • H. Khan, J. Ceci, J. Stegman, A. J. Aviv, R. Dara, and R. Kuber. Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and Beyond.  Proc. of 36th Annual Computer Security Applications Conference (ACSAC), ACM, 2020.
  • H. Khan, U. Hengartner, and D. Vogel. Mimicry Attacks on Smartphone Keystroke Authentication.  ACM Transactions on Privacy and Security (TOPS), 23(1):2, ACM, 2020.
  • H. Khan, U. Hengartner, and D. Vogel. Augmented Reality-based Mimicry Attacks on Behaviour-Based Smartphone Authentication. Proc. of 16th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), ACM, 2018.
  • H. Khan, U. Hengartner, and D. Vogel. Evaluating Attack and Defense Strategies for Smartphone PIN Shoulder Surfing. Proc. of SIGCHI Annual Conference on Human Factors in Computing Systems (CHI), ACM, 2018.
  • K. Grindrod, H. Khan, U. Hengartner, S. Ong, A. G. Logan, D. Vogel, R. Gebotys, and J. Yang. Evaluating Authentication Options for Mobile Health Applications in Younger and Older Adults. PLoS One, 2018.
  • H. Khan, U. Hengartner, and D. Vogel. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. Proc. of 14th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), ACM, 2016.
  • L. Agarwal, H. Khan, and U. Hengartner. Ask me Again but Don't Annoy me: Evaluating Re-authentication Strategies for Smartphones. Proc. of 12th Symposium On Usable Privacy and Security (SOUPS), Usenix, 2016.
  • H. Khan, U. Hengartner, and D. Vogel. Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying. Proc. of 11th Symposium On Usable Privacy and Security (SOUPS 2015), Usenix, 2015.
  • H. Khan, A. Atwater, and U. Hengartner. A Comparative Evaluation of Implicit Authentication Schemes. Proc. of 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Springer, 2014.
  • H. Khan, A. Atwater, and U. Hengartner. Itus: An Implicit Authentication Framework for Android. Proc. of 20th Annual International Conference on Mobile Computing and Networking (MobiCom), ACM, 2014.
  • H. Khan and U. Hengartner. Towards Application-Centric Implicit Authentication on Smartphones. Proc. of 15th Workshop on Mobile Computing Systems and Applications (HotMobile), ACM, 2014.
  • S. Ali, K. Wu, and H. Khan. Traffic Anomaly Detection in the Presence of P2P Traffic. Proc. of 39th IEEE Conference on Local Computer Networks (LCN), IEEE, 2014.
  • M. Q. Ali, E. Al-Shaer, H. Khan, and S. A. Khayam. Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning. ACM Transactions on Information and System Security (TISSEC), 15(4):17, ACM, 2013.
  • R. Narayanan, S. Kotha, G. Lin, A. Khan, S. Rizvi, W. Javed, H. Khan, and S. A. Khayam. Macroflows and Microflows: Enabling Rapid Network Innovation through a Split SDN Data Plane. In European Workshop on Software Defined Networking (EWSDN), IEEE, 2012.
  • H. Khan, M. Javed, S. A. Khayam, and F. Mirza. Designing a Cluster-based Covert Channel to Evade Disk Investigation and Forensics.Elsevier Computers & Security, 30(1):35-49, Elsevier, 2011.
  • S. Ali, H. Khan, M. Ahmad, and S. A. Khayam. Progressive Differential Thresholding for Network Anomaly Detection. Proc. of International Conference on Communications (ICC), IEEE, 2011.
  • H. Khan, F. Mirza, and S. A. Khayam. Determining Malicious Executable Distinguishing Attributes and Low-Complexity Detection. Springer Journal in Computer Virology, 7(2):95-105, Springer 2011.
  • I. U. Haq, S. Ali, H. Khan, and S. A. Khayam. What is the Impact of P2P Traffic on Anomaly Detection? Proc. of 13th International Symposium on Recent Advances in Intrusion Detection (RAID), Springer, 2010.
  • M. Q. Ali, H. Khan, A. Sajjad, and S. A. Khayam. On Achieving Good Operating Points on an ROC Plane using Stochastic Anomaly Score Prediction. Proc. of 16th ACM Conference on Computer and Communications Security (CCS), ACM, 2009.
  • H. Khan, Y. Javed, F. Mirza, and S. A. Khayam. Embedding a Covert Channel in Active Network Connections. Proc of Global Communications Conference (GlobeCom), IEEE, 2009.

Posters

  • H. Khan, K. Grindrod, U. Hengartner, and D. Vogel. Evaluating Smartphone Authentication Schemes with Older Adults. In 12th Symposium On Usable Privacy and Security (SOUPS), Usenix, 2016.
  • A. Atwater, H. Khan, and U. Hengartner. Poster: When and How to Implicitly Authenticate Smartphone Users. In 21st ACM Conference on Computer and Communications Security (CCS), ACM, 2014.
  • F. Adamsky, H. Khan, M. Rajarajan, S. A. Khayam, and R. Jager. Poster: Destabilizing BitTorrent's Clusters to Attack High Bandwidth Leechers. In 18th ACM Conference on Computer and Communications Security (CCS), ACM, 2011.
  • H. Khan, M. Javed, F. Mirza, and S. A. Khayam. Evading Disk Investigation and Forensics using a Cluster-based Covert Channel. In 16th ACM Conference on Computer and Communications Security (CCS), ACM, 2009.