Research interest

  • Security and privacy
  • Applied cryptography
  • Privacy-enhancing technology
  • Private information retrieval
  • Machine Learning Security and Privacy

External profiles

[Google scholar] [DLBP] [LinkedIn]

Syed Mahbub Hafiz

e-mail: syedhafiz9486 [at] gmail [dot] com

I am super excited to join LG Electronics USA, Inc. as a Staff Security Research Engineer (Cryptography) on Jan 2023 – looking forward to working on amazing projects on lattice-based post-quantum cryptography, elliptic-curve cryptography, and machine learning for safety in vehicle-to-everything communications.

From Feb 2021 to Jan 2023, I worked as a Intel Noyce-Sponsored Postdoctoral Scholar at the Department of Computer Science, at the University of California, Davis. With three PIs, Profs. Chen-Nee Chuah, Zubair Shafiq, and Houman Homayoun, I co-lead the Intel Noyce-sponsored project on security and privacy aspects of ML/DL models on regular platforms as well as IoT/edge/embedded systems. Also, I have been leading projects on secure multi-party computation (MPC)-based privacy-preserving machine learning (PPML) for regular systems as well as the next-generation edge network systems that support in-network computing.

In Jan 2021, I have completed my Ph.D. from the Department of Computer Science at Indiana University-Bloomington under the supervision of Prof. Ryan Henry. We explored Private Information Retrieval (PIR), a cryptography-based Privacy-Enhancing Technology, to turn it from a theoretical construct to a useful tool in the privacy practitioners toolkit.

In 2018, I have pursued a research internship at the International Computer Science Institute, ICSI (affiliated with UC Berkeley). I worked in a Censorship Circumvention project with Dr. Sadia Afroz and Prof. Damon McCoy.

Before that, for May 2012 - Aug 2014, I worked as a Research & Development Engineer in the Offshore R&D Lab of Kona International, South Korea at Dhaka, Bangladesh. The company is specialized as a global provider of Smart Card Technology and Cryptographic Solutions.

Previously, I have earned my BS and Engg. degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET) on April 1, 2012.

My photo taken on 2018
[Education] [Research appointments] [Research Projects] [Publications] [Teaching appointments] [Industrial appointments] [Industrial projects] [Resume] [Contact me]

Recent news:

  • Jan 16, 2023 Joined LG SVL as a Cryptography Research Engineer.
  • Jan 15, 2023 Completed my amazing 2-year postdoc at UC Davis – thanks to Profs. Chuah, Shafiq, and Homayoun for hosting me.
  • Feb 25, 2022 "DNN model fingerprinting attack" paper accepted at EuroS&P 2022.
  • Nov 11, 2021 "Stealthy inference attack on DNN" paper accepted at DATE 2022.
  • Mar 07, 2021 Moved to Davis, CA.
  • Feb 11, 2021 Started the Postdoctoral position (remotely) at the UC Davis with Profs. Chuah, Shafiq, and Homayoun.
  • Jan 31, 2021 Earned Ph.D. degree in CS from IU Bloomington!
  • Jan 05, 2021 Successfully passed the PhD final defense!
  • Aug 25, 2020 Again I started teaching the Mathematics of Cybersecurity (CS-231, INFO-231 sections) of 88 students.
  • Aug 17-21, 2020 (Virtually) attended CRYPTO 2020.
  • Aug 12-14, 2020 (Virtually) attended USENIX Security 2020.
  • Jul 14-18, 2020 (Virtually) attended and gave a rump session talk at PoPETS/PETS 2020.
  • Mar 03, 2020 "A Trusted ML Model Trading Protocol" book chapter published at PPHE 2020.
  • Jan 13, 2020 Again I started teaching the Mathematics of Cybersecurity (CS-231, INFO-231 sections) of 75 students.
  • Dec 02-04, 2019 Got selected to attend Private AI Bootcamp arranged by Microsoft Research at Redmond, WA.
  • Aug 27, 2019 I started teaching the Mathematics of Cybersecurity course (CS-231, INFO-231 sections) of 79 students.
  • Aug 14-16, 2019 Presented a poster at Usenix Security 2019, Santa Clara, CA.
  • Aug 09, 2019 Passed PhD Thesis proposal defense!
  • Aug 01, 2019 Accepted the offer of being an insttructor-of-record for Fall 2019
  • June 10, 2019 My PhD research committee (of Chair: Profs. Henry, Kapadia, Ergun, and Crandall) formed.
  • May 20-22, 2019 Presented a poster at IEEE S&P (Oakland) 2019, San Francisco, CA.
  • May 16, 2019 "Bit-more-than-a-bit" paper accepted at PoPETS (PETS) 2019.
  • Apr 12, 2019 Received IEEE S&P (Oakland) 2019 Student Travel Grant
  • Feb 25-27, 2019 Attended NDSS 2019 at San Diego, CA.
  • Dec 15, 2018 Earned MS degree in CS from IU Bloomington.
  • Nov 09, 2018 Completed 12-weeks-long internship at ICSI, Berkeley, CA.
  • June 25, 2018 My first child, a daughter, was born!
  • Jan 17, 2018 Acquired PhD candidacy.
  • Nov 01, 2017 Presented paper at ACM CCS 2017 in Dallas, TX.
  • Sep 28, 2017 Passed PhD qualification oral and written exams.
  • Aug 02, 2017 "Querying for queries" paper accepted at ACM CCS 2017.
  • July 01, 2017 Elected as the President of Bangladesh Student Association at IU.

(Back to top)

Education:

  • PhD in Computer Science (Aug 2015 - Jan 2021)
    Department of Computer Science,
    Indiana University, Bloomington, IN, USA.

  • MS in Computer Science (Aug 2015 - Dec 2018)
    Department of Computer Science,
    Indiana University, Bloomington, IN, USA.

  • PhD student, transferred afterwards, (Aug 2014 - Jul 2015)
    Department of Computer & Information Science,
    Purdue School of science,
    IUPUI, Indianapolis, IN, USA.

  • BS in Computer Science and Engineering (Jun 2007 - Apr 2012)
    Bangladesh University of Engineering and Technology,
    Dhaka, Bangladesh.

(Back to top)

Research appointments:

  • Staff Security Research Engineer (Cryptography) (Jan 2023 - present)
    LG Silicon Valley R&D Lab.

  • Postdoctoral Research Fellow (Feb 2021 - Jan 2023)
    University of California–Davis.
    Postdoc advisers: Profs. Chen-Nee Chuah, Zubair Shafiq, and Houman Homayoun

  • Graduate research assistant (Aug 2015 - Jan 2021)
    Indiana University–Bloomington.
    PhD adviser: Prof. Ryan Henry

  • Summer research intern (Aug 2018 - Nov 2018)
    International Computer Science Institute, ICSI (affiliated with UC Berkeley.)
    Mentor: Dr. Sadia Afroz and Prof. Damon McCoy

  • Research assistant (Jun 2015 - Jul 2015)
    IUPUI, Indianapolis, IN.
    Adviser: Prof. Xukai Zou

  • Undergrad research assistant (Feb 2011 – Apr 2012)
    Bangladesh University of Engineering & Technology.
    Adviser: Prof. Md Monirul Islam

(Back to top)

Research projects:

  1. Expressive and efficient Information Theoretic Private Information Retrieval (IT-PIR)
    • Topic: It decouples the way users construct their queries from the physical layout of the database by enabling users to retrieve information using contextual queries that specify which data they seek, as opposed to the position-based queries that specify where those data reside.
    • Manuscript published: Syed Mahbub Hafiz and Ryan Henry, "Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR," In the Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17), ACM, New York, NY, USA, 1361-1373. (Acceptance rate: 151/836 = 18.06%)
    • Tools: Shamir's additive secret sharing and ramp scheme
    • Implementation: Nvidia CUDA GPU programming, C/C++

  2. Screaming fast many-server Private Information Retrieval (PIR)
    • Topic: To construct and implement the most efficient computational 1-private PIR protocol proposed to date.
    • Manuscript published: Syed Mahbub Hafiz and Ryan Henry, "A Bit More Than a Bit Is More Than a Bit Better: Faster (essentially) optimal-rate many-server PIR," In the Proceedings of The 19th Privacy Enhancing Technologies Symposium (PoPETS/PETS '19), Volume 2019 (4), Stockholm, Sweden. (Acceptance rate: 67/N=X%)
    • Tools: Distributed point function
    • Implementation: C/C++, AVX2

  3. Tunica: the Defense of the popularity attack on Tor hidden services
    • Topic: To mitigate the risks posed by most known attacks on Tor's hidden services by preventing hidden service directories (HSDirs) from distinguishing among requests for different hidden service descriptors.
    • Manuscript under preparation: Syed Mahbub Hafiz, Ethan Huang, and Ryan Henry, "Protecting Tor Hidden Services with Tunicate Onion Descriptors."
    • Tools: Distributed point function and computational PIR
    • Implementation: Tor source code, C/C++

  4. Systematization of Knowledge of Private Information Retrieval
    • Topic: It critically reviews, evaluates, classifies, and contextualizes work in the area of PIR literature.
    • Manuscript under preparation: Fattaneh Bayatbabolghani, Syed Mahbub Hafiz, and Ryan Henry, "SoK: Private Information Retrieval."
    • Tools: N/A
    • Implementation: N/A

  5. Practical evaluation of proxy distribution mechanisms
    • Topic: Implementation and evaluation of state-of-the-art Tor Bridge distribution methods in real-life Tor to circumvent internet censorship.
    • Manuscript under preparation: Syed Mahbub Hafiz, Sadia Afroz, and Damon McCoy, "Practical evaluation of proxy distribution mechanisms in the wild."
    • Tools: Proxy/Tor bridge distribution policies
    • Implementation: Python, Django

(Back to top)

Publications

  • Book chapter

    1. PPHE 2020
      Gimme That Model!: A Trusted ML Model Trading Protocol.
      Laia Amoros Carafi, Syed Mahbub Hafiz, Keewoo Lee, M Caner Tol and Ryan Henry.
      Protecting Privacy through Homomorphic Encryption (PPHE), first edition.
      [chapter]

  • Peer-reviewed journal paper

    1. PETS 2019
      A Bit More Than a Bit Is More Than a Bit Better: Faster (essentially) optimal-rate many-server PIR.
      Syed Mahbub Hafiz and Ryan Henry.
      The 19th Privacy Enhancing Technologies Symposium (Acceptance rate: 67/N=X%)
      [paper] [tech report] [talk-by-Prof.]

  • Peer-reviewed conference paper

    1. Euro S&P 2022
      DNN Model Architecture Fingerprinting Attack on CPU-GPU Edge Devices.
      Kartik Patwari, Syed Mahbub Hafiz, Han Wang, Houman Homayoun, Zubair Shafiq, and Chen-Nee Chuah.
      The 7th IEEE European Symposium on Security and Privacy (Acceptance rate: 42/141 = 29.78%)


    2. DATE 2022
      Stealthy Inference Attack on {DNN} via Cache-based Side-Channel Attacks.
      Han wang, Syed Mahbub Hafiz, Kartik Patwari, Chen-Nee Chuah, Zubair Shafiq, and Houman Homayoun.
      The 25th Design, Automation \& Test in Europe Conference (DATE) (Acceptance rate: 25%)
      [paper]

    3. CCS 2017
      Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR.
      Syed Mahbub Hafiz and Ryan Henry.
      The 24th ACM SIGSAC Conference on Computer and Communications Security (Acceptance rate: 151/836 = 18.06%)
      [paper] [slides] [talk] [tech report]

    4. ICIEV 2012
      An efficient scanning based learning free algorithm for face detection.
      Syed Mahbub Hafiz, Md. Najmul Hasan, and Md. Monirul Islam.
      The 2nd International Conference on Informatics, Electronics & Vision at Dhaka, Bangladesh.
      [paper]

  • Poster and abstract

    1. Faster Optimal-rate Many-server Private Information Retrieval (PIR).
      Syed Mahbub Hafiz and Ryan Henry.
      Presented in IEEE S&P (Oakland) 2019 and USENIX Security 2019.
      [poster] [abstract]

  • Manuscript under preparation

    1. Protecting Tor Hidden Services with Tunicate Onion Descriptors.
      Syed Mahbub Hafiz and Ryan Henry.

    2. Practical Evaluation of Proxy Distribution Mechanisms in Tor.
      Syed Mahbub Hafiz, Sadia Afroz, and Damon McCoy.

    3. System of Knowledge: Private Information Retrieval.
      Fattaneh Bayatbabolghani, Syed Mahbub Hafiz, and Ryan Henry.

(Back to top)

Teaching appointments

  • Adjunct lecturer, Indiana University-Bloomington (Fall 2020)
    Introduction to the mathematics of cybersecurity (CSCI-C231 and INFO-I231)
    Teaching a class of 75-79 students and managing 3-4 Teaching Assistants.

  • Instructor, Indiana University-Bloomington (Fall 2019 – Spring 2020)
    Introduction to the mathematics of cybersecurity (CSCI-C231 and INFO-I231)
    Teaching a class of 75-79 students and managing 3-4 Teaching Assistants.

  • Graduate Teaching Assistant, Indiana University-Purdue University-Indianapolis, (Fall 2014 – Spring 2015)
    Computer Architecture (Fall 2014), Systems Programming (Spring 2015).
    Holding office hours, grading, and taking recitation class of courses.

(Back to top)

Industrial appointments

  • Software Engineer-R&D, Kona International, (May 2012 – Aug 2014)
    Worked both in Dhaka, Bangladesh R&D Branch (Kona SL) & Seoul, South Korea Head Quarter.
    Followed Scrum Agile Software Development Process.

  • Software Engineer, Structural Data Systems Ltd., (Dec 2011 – May 2012)

(Back to top)

Industrial projects

  1. PKI (Public Key Infrastructure) Middleware
    • Which provides PKI cryptographic operations like encryption, decryption, and digital signing performed inside Smart Card using Android NDK.
    • Role: as a scrum master to analyze, design, and implement the system.
    • System Analysis: RSA Laboratories PKCS#11 Standards.
    • Language: C, C++, JNI wrapper, Java (front end), Scripting for Smart Card Applet.

  2. Kona Secure Minidriver (CSP)
    • To support CryptoAPI operations executed in smart card using Microsoft Base Cryptographic Service Provider (Base CSP) in Windows platform.
    • Role: as a scrum team member to analysis and develop the system.
    • System Analysis: Windows Smart Card Minidriver Specification, Microsoft.
    • Language: C/C++, Scripting for Smart Card Applet.

  3. Trusted Service Manager (TSM)
    • Which acts as a pivotal role in the NFC eco-system with number of Mobile Network Operators, Service Providers, and users to deliver mobile commerce services.
    • Role: as a scrum team member to analysis and develop the system.
    • System Analysis: Global Platform Standards.
    • Technology: J2EE, EJB, JAXB, JPQL, JPA, JDBC, Oracle 11g.
    • Glass Fish Server Tools: Web services, Provider-dispatch, wsdl, xml, xsd, Connection Pool.
    • Logging & Testing: log4j 2.0, Junit.

  4. GP Interpreter
    • To allow Global Platform specified Java Objects accessible from Java Script Fragment among Application Profiles.
    • Role: as a scrum team member to develop the system.
    • System Analysis: Global Platform Standards.
    • Technology: JAVA, JAXB, Rhino Java Scripting Engine.

  5. FreeBeePay
    • This is a coupon management system for merchants and consumers.
    • Role: In Server Team to implement commands. Each command required critical business logic and complex stored procedures in Database.
    • Technology: J2EE, XML, JSON, Java servlet, JDBC, MySQL, Apache Tomcat 6.0.26

(Back to top)

Contact me

Email: syedhafiz9486 [at] gmail [dot] com

Location: Davis, California, USA.

(Back to top)