Syed Rafiul Hussain

Assistant Professor
Department of Computer Science and Engineering, School of EECS
The Pennsylvania State University
W305 Westgate Bldg, University Park, PA 16802
E-mail: hussain1_AT_psu_DOT_edu
Phone: 814-865-6454

About Me

I am an Assistant Professor in the Department of Computer Science and Engineering at Pennsylvania State University. Prior to joining Penn State in fall 2020, I worked as a postdoc at Purdue University from where I received my Ph.D. in fall 2018.

My research interest broadly lies in the areas of network and systems security. I lead the Systems and Network Security (SyNSec) research group, which focuses on improving the security and privacy postures of emerging networks and complex systems, including cellular networks, Internet-of-Things (IoT), embedded devices, software-defined networking, and cloud infrastructures.  I take a holistic approach to fundamentally enhance the security and privacy investigation of a system from the ground up, i.e., starting from analyzing designs, evaluating implementations, monitoring the runtime, and building verified/high-assurance defenses. As part of this process, I combine theory and practice by drawing inspirations from formal methods, program analysis, software testing, signal processing, and cryptography.

My research results have led to a number of changes in the design of 4G and 5G cellular standards. In addition, my work has been discussed by the Federal Communication Council (FCC)  as well as covered by more than 100+ media outlets worldwide, including the New York Times, Forbes, The Washington Post, ACM Technews, and MIT Technology Review. The software artifacts from my research group have also been made open-source.

Recent News


March’21:
Inducted by GSMA in the Mobile Security Research Hall of Fame for identifying design flaws/weaknesses in 4G and 5G networks.
March’21:
Paper on security analysis of 4G LTE protocol implementations has been accepted to ICDCS’21.
February’21:
Paper on defense against 5G fake base station has been accepted to AsiaCCS’21.
January’21:
Gave a talk at Ohio State Cybersecurity Lecture Series.
January’21: Invited to serve on the PC of ICNP’21.
December’20: PHOENIX has been accepted to NDSS’21.
December’20:
Invited to serve on the PC of ESORICS’21 and SACMAT’21.
December’20:
Presented the keynote talk at the IEEE VNC’20.
December’20: Gave an invited talk at the NSysS’20.
November’20:
Intel has awarded $27K for our IoT protocol security work. 
November’20:
Invited to serve on the PC of Usenix Security’21 (fall and winter cycles).
August’20:
ATFuzzer (journal version) has been accepted for publication to Digital Threats: Research and Practice.
August’20: Invited to serve on the PC of NDSS’21-fall.
August’20: Invited to serve on the PC of ASIACCS’21.
August’20: PatrIoT has been conditionally accepted to Runtime Verification’20.
July’20: Invited to serve on the PC of WebConf’21.
April’20: Paper on Zigbee security has been accepted to WiSec’20. Congratulations to Weicheng and Fabrizio!
January’20: Invited to serve on the PC of ESORICS’20.
January’20: PKI based defense against fake base stations has been featured by Wired and News Dio.
December’19: ATFuzzer has been awarded the Best Paper Award at ACSAC’19.
November’19: 5GReasoner has been featured by Wired, TechCrunch, Forbes, MIT Technology Review, Yahoo Finance, and 70+ other media outlets worldwide.
November’19: ATFuzzer has been featured in TechCrunch, Xiaomi, Deep Security News, My Digi Tech, Android Police, and 40+ other media outlets all over the world.
October’19: Intel awarded $72K for our work on IoT security.
October’19: Inducted by GSMA in the Mobile Security Research Hall of Fame for identifying design flaws/weaknesses in 5G network.
October’19: Side Channel Attacks in 4G and 5G Cellular Networks got accepted for presenting in Black Hat Europe’19.
August’19: ATFuzzer got accepted to ACSAC’19. Congrats to Imtiaz and Fabrizio! My first work as a mentor!
August’19: “Protecting the 4G and 5G Cellular Paging Protocols against Security and Privacy Attacks” got accepted to PETS’20. Congrats to Ankush!
July’19: 5GReasoner got accepted to CCS’19.
March’19: “Securing the Insecure Link of Internet-of-Things Using Next-Generation Smart Gateways” got accepted to DCOSS’19.
March’19: “Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil” got accepted to WiSec’19.
February’19: Our NDSS’19 paper has been featured by Washington Post, Wired, TechCrunch, MSN News, The Hacker News, and 100+ other media outlets worldwide.
December’18: Qualcomm awarded $10K for our work on cellular network security.
December’18: Intel awarded $65K for our work on cellular network security.
November’18: “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side-Channel Information” got accepted to NDSS’19. Best Paper Award Honorable Mention.
March 18: Our NDSS’18 paper has been featured by New York Times, Forbes, CNet, ACM Tech News, ZDNet, The Register, and 100+ other media outlets worldwide.

Graduate Research Openings: I am looking for self-motivated students interested in security and privacy to join in fall 2021 (though the official deadline is over,  due to pandemic we are accepting applications until March). Drop me an email with your CV if you want to share your interests with me. If you are not currently at Penn State but are interested in my research, please apply to the program and make sure to mention my name as a faculty member you are interested in working with. The admission requirements on GPA, GRE, and TOEFL/IELTS are flexible for applicants with a strong background in either formal methods, program analysis, compiler, binary analysis, reverse engineering, vulnerability discovery, operating systems, or experience with competitive programming contests or capture-the-flag (CTF). I apologize in advance if I miss your email due to the large volume of emails I receive every day.

Undergraduate Research Openings: I have openings for Penn State undergraduates to take part in research projects and have hands-on experiences. Drop me an email to further discuss.

Honors & Awards

2019

Distinguished Paper Award, ACSAC'19

Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones, The 35th Annual Computer Security Applications Conference (ACSAC), 2019.

2019

Inducted in Mobile Security Research Hall of Fame

Inducted by GSMA in the Mobile Security Research Hall of Fame for identifying security and privacy flaws in 4G and 5G cellular networks.

2019

Distinguished Paper Award Honorable Mention, NDSS'19

Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information, in the 26th Network and Distributed Systems Security (NDSS), 2019

2017

Nominated for the Best Paper Award, ACM SIGBED EWSN'17

SeamBlue: Seamless Bluetooth Low Energy Connection Migration for Unmodified IoT Devices, in ACM SIGBED International Conference on Embedded Wireless Systems and Networks (EWSN).

2017

Intel Security RAship award for Spring 2017.

Supported my research on IoT security

2016

IEEE Symposium on Security & Privacy travel grant

The grant allowed me to attend the conference, meet with great minds, and learn from the senior researchers.

2015

CERIAS Symposium Best Poster Award Runner Up

Presented the work "Monitoring DBMS Activity for Detecting Data Exfiltration by Insiders"

2005-2009

University merit scholarship and Dean's List Award

Bangladesh University of Engineering and Technology

Recent Publications

Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend Against Fake Base-Stations

To appear in the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021.
Ankush Singla, Rouzbeh Behnia, Syed Rafiul Hussain, Attila Yavuz , and Elisa Bertino

PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification

To appear in The Network and Distributed System Security Symposium (NDSS), 2021.
Mitziu Echeverria, Zeeshan Ahmed , Bincheng Wang , M. Fareed Arif , Syed Rafiul Hussain, Omar Chowdhury

Protecting the 4G and 5G Cellular Paging Protocols against Security and Privacy Attacks

To appear in the 20th Privacy Enhancing Technologies Symposium (PETS), 2020
Ankush Singla, Syed Rafiul Hussain, Omar Chowdhury, Ninghui Li, and Elisa Bertino

Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones

The 35th Annual Computer Security Applications Conference (ACSAC), 2019
Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino

5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol

The 26th ACM Conference on Computer and Communications Security (CCS), 2019
Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino

Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil

The 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2019
Syed Rafiul Hussain, Mitziu Echeverria, Ankush Singla, Omar Chowdhury, and Elisa Bertino

Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information

The 26th Network and Distributed System Security Symposium (NDSS), 2019.
Best Paper Award Honorable Mention
Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li, and Elisa Bertino

Securing the Insecure Link of Internet-of-Things Using Next-Generation Smart Gateways

The 5th IEEE International Conference on Distributed Computing in Sensor Systems, (DCOSS), 2019
Syed Rafiul Hussain, Shahriar Nirjon, and Elisa Bertino

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

The 25th Network and Distributed System Security Symposium (NDSS), 2018
Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino

SeamBlue: Seamless Bluetooth Low Energy Connection Migration for Unmodified IoT Devices

ACM SIGBED International Conference on Embedded Wireless Systems and Networks (EWSN), 2017
Best Paper Award Nomination
Syed Rafiul Hussain, Shagufta Mehnaz, Shahriar Nirjon, and Elisa Bertino,

DetAnom: Detecting Anomalous Database Transaction by Insiders

Fifth ACM Conference on Data and Application Security and Privacy (CODASPY), 2015
Syed Rafiul Hussain, Asmaa Sallam, and Elisa Bertino