Research interest

  • Security and privacy
  • Applied cryptography
  • Privacy-enhancing technology
  • Private information retrieval

External profiles

[Google scholar] [DLBP] [LinkedIn]

Syed Mahbub Hafiz

e-mail: shafiz@iu.edu

I am actively looking for a research position in the applied cryptography or privacy track. I am planning to defend my Ph.D. thesis in May 2020.

I am a Ph.D. candidate in the Department of Computer Science at Indiana University-Bloomington and am working as a Research Assistant under the supervision of Prof. Ryan Henry. We are exploring Private Information Retrieval (PIR), a Privacy-Enhancing Technology, to turn it from a theoretical construct to a useful tool in the privacy practitioners toolkit.

Recently, I have pursued a research internship at the International Computer Science Institute, ICSI (affiliated with UC Berkeley). I worked in a Censorship Circumvention project with Dr. Sadia Afroz and Prof. Damon McCoy.

Before that, for May 2012 - Aug 2014, I worked as a Research & Development Engineer in the Offshore R&D Lab of Kona International, South Korea at Dhaka, Bangladesh. The company is specialized as a global provider of Smart Card Technology and Cryptographic Solutions.

Previously, I have earned my BS and Engg. degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET) on April 1, 2012.

My photo taken on 2018


Recent news:

  • Aug 27, 2019 I started teaching the Mathematics of Cybersecurity course (CS-231, INFO-231 sections) of 80 students.
  • Aug 14-16, 2019 Presented a poster at Usenix Security 2019, Santa Clara, CA.
  • Aug 09, 2019 Passed PhD Thesis proposal defense!
  • Aug 01, 2019 Accepted the offer of being an insttructor-of-record for Fall 2019
  • June 10, 2019 My PhD research committee (of Chair: Prof. Henry, Prof. Kapadia, Prof. Ergun, and Prof. Crandall) formed.
  • May 20-22, 2019 Presented a poster at IEEE S&P (Oakland) 2019, San Francisco, CA.
  • May 16, 2019 "Bit-more-than-a-bit" paper accepted at PoPETS (PETS) 2019.
  • Apr 12, 2019 Received IEEE S&P (Oakland) 2019 Student Travel Grant
  • Feb 25-27, 2019 Attended NDSS 2019 at San Diego, CA.
  • Dec 15, 2018 Earned MS degree in CS from IU Bloomington.
  • Nov 09, 2018 Completed 12 weeks long internship at ICSI, Berkeley, CA.
  • June 25, 2018 My first child, a daughter, was born!
  • Jan 17, 2018 Acquired PhD candidacy.
  • Nov 01, 2017 Presented paper at ACM CCS 2017 in Dallas, TX.
  • Sep 28, 2017 Passed PhD qualification oral and written exams.
  • Aug 02, 2017 "Querying for queries" paper accepted at ACM CCS 2017.
  • July 01, 2017 Elected as the President of Bangladesh Student Association at IU.

(Back to top)

Education:

  • PhD candidate (Aug 2015 - May 2020 expected)
    Department of Computer Science,
    Indiana University, Bloomington, IN, USA.

  • MS in Computer Science (Aug 2015 - Dec 2018)
    Department of Computer Science,
    Indiana University, Bloomington, IN, USA.

  • PhD student, transferred afterwards, (Aug 2014 - Jul 2015)
    Department of Computer & Information Science,
    Purdue School of science,
    IUPUI, Indianapolis, IN, USA.

  • BS in Computer Science and Engineering (Jun 2007 - Apr 2012)
    Bangladesh University of Engineering and Technology,
    Dhaka, Bangladesh.

(Back to top)

Research experience:

  • Graduate research assistant (Aug 2015 - July 2019)
    Indiana University–Bloomington.
    PhD adviser: Prof. Ryan Henry

  • Summer research intern (Aug 2018 - Nov 2018)
    International Computer Science Institute, ICSI (affiliated with UC Berkeley.)
    Mentor: Dr. Sadia Afroz and Prof. Damon McCoy

  • Research assistant (Jun 2015 - Jul 2015)
    IUPUI, Indianapolis, IN.
    Adviser: Prof. Xukai Zou

  • Undergrad research assistant (Feb 2011 – Apr 2012)
    Bangladesh University of Engineering & Technology.
    Adviser: Prof. Md Monirul Islam

(Back to top)

Research projects:

  1. Expressive and efficient Information Theoretic Private Information Retrieval (IT-PIR)
    • Topic: It decouples the way users construct their queries from the physical layout of the database by enabling users to retrieve information using contextual queries that specify which data they seek, as opposed to the position-based queries that specify where those data reside.
    • Manuscript published: Syed Mahbub Hafiz and Ryan Henry, "Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR," In the Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17), ACM, New York, NY, USA, 1361-1373. (Acceptance rate: 151/836 = 18.06%)
    • Tools: Shamir's additive secret sharing and ramp scheme
    • Implementation: Nvidia CUDA GPU programming, C/C++

  2. Screaming fast many-server Private Information Retrieval (PIR)
    • Topic: To construct and implement the most efficient computational 1-private PIR protocol proposed to date.
    • Manuscript published: Syed Mahbub Hafiz and Ryan Henry, "A Bit More Than a Bit Is More Than a Bit Better: Faster (essentially) optimal-rate many-server PIR," In the Proceedings of The 19th Privacy Enhancing Technologies Symposium (PoPETS/PETS '19), Volume 2019 (4), Stockholm, Sweden. (Acceptance rate: 67/N=X%)
    • Tools: Distributed point function
    • Implementation: C/C++, AVX2

  3. Tunica: the Defense of the popularity attack on Tor hidden services
    • Topic: To mitigate the risks posed by most known attacks on Tor's hidden services by preventing hidden service directories (HSDirs) from distinguishing among requests for different hidden service descriptors.
    • Manuscript under preparation: Syed Mahbub Hafiz, Ethan Huang, and Ryan Henry, "Protecting Tor Hidden Services with Tunicate Onion Descriptors."
    • Tools: Distributed point function and computational PIR
    • Implementation: Tor source code, C/C++

  4. Systematization of Knowledge of Private Information Retrieval
    • Topic: It critically reviews, evaluates, classifies, and contextualizes work in the area of PIR literature.
    • Manuscript under preparation: Fattaneh Bayatbabolghani, Syed Mahbub Hafiz, and Ryan Henry, "SoK: Private Information Retrieval."
    • Tools: N/A
    • Implementation: N/A

  5. Practical evaluation of proxy distribution mechanisms
    • Topic: Implementation and evaluation of state-of-the-art Tor Bridge distribution methods in real-life Tor to circumvent internet censorship.
    • Manuscript under preparation: Syed Mahbub Hafiz, Sadia Afroz, and Damon McCoy, "Practical evaluation of proxy distribution mechanisms in the wild."
    • Tools: Proxy/Tor bridge distribution policies
    • Implementation: Python, Django

(Back to top)

Publications

  • Peer-reviewed journal paper

    1. PETS 2019
      A Bit More Than a Bit Is More Than a Bit Better: Faster (essentially) optimal-rate many-server PIR.
      Syed Mahbub Hafiz and Ryan Henry.
      The 19th Privacy Enhancing Technologies Symposium (Acceptance rate: 67/N=X%)
      [paper] [tech report] [talk-by-Prof.]

  • Peer-reviewed conference paper

    1. CCS 2017
      Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR.
      Syed Mahbub Hafiz and Ryan Henry.
      The 24th ACM SIGSAC Conference on Computer and Communications Security (Acceptance rate: 151/836 = 18.06%)
      [paper] [slides] [talk] [tech report]

    2. ICIEV 2012
      An efficient scanning based learning free algorithm for face detection.
      Syed Mahbub Hafiz, Md. Najmul Hasan, and Md. Monirul Islam.
      The 2nd International Conference on Informatics, Electronics & Vision at Dhaka, Bangladesh.
      [paper]

  • Poster and abstract

    1. Faster Optimal-rate Many-server Private Information Retrieval (PIR).
      Syed Mahbub Hafiz and Ryan Henry.
      Presented in IEEE S&P (Oakland) 2019 and USENIX Security 2019.
      [poster] [abstract]

  • Manuscript under preparation

    1. Protecting Tor Hidden Services with Tunicate Onion Descriptors.
      Syed Mahbub Hafiz and Ryan Henry.

    2. Practical Evaluation of Proxy Distribution Mechanisms in Tor.
      Syed Mahbub Hafiz, Sadia Afroz, and Damon McCoy.

    3. System of Knowledge: Private Information Retrieval.
      Fattaneh Bayatbabolghani, Syed Mahbub Hafiz, and Ryan Henry.

(Back to top)

Teaching experience

  • Instructor, Indiana University-Bloomington (Aug 2019 – Dec 2019)
    Introduction to the mathematics of cybersecurity (CSCI-C231 and INFO-I231)
    Teaching a class of 80 students and managing 2 Teaching Assistants.

  • Graduate Teaching Assistant, Indiana University-Purdue University-Indianapolis, (Aug 2014 – May 2015)
    Computer Architecture (Fall 2014), Systems Programming (Spring 2015).
    Holding office hours, grading, and taking recitation class of courses.

(Back to top)

Industrial experience

  • Software Engineer-R&D, Kona International, (May 2012 – Aug 2014)
    Worked both in Dhaka, Bangladesh R&D Branch (Kona SL) & Seoul, South Korea Head Quarter.
    Followed Scrum Agile Software Development Process.

  • Software Engineer, Structural Data Systems Ltd., (Dec 2011 – May 2012)

(Back to top)

Industrial projects

  1. PKI (Public Key Infrastructure) Middleware
    • Which provides PKI cryptographic operations like encryption, decryption, and digital signing performed inside Smart Card using Android NDK.
    • Role: as a scrum master to analyze, design, and implement the system.
    • System Analysis: RSA Laboratories PKCS#11 Standards.
    • Language: C, C++, JNI wrapper, Java (front end), Scripting for Smart Card Applet.

  2. Kona Secure Minidriver (CSP)
    • To support CryptoAPI operations executed in smart card using Microsoft Base Cryptographic Service Provider (Base CSP) in Windows platform.
    • Role: as a scrum team member to analysis and develop the system.
    • System Analysis: Windows Smart Card Minidriver Specification, Microsoft.
    • Language: C/C++, Scripting for Smart Card Applet.

  3. Trusted Service Manager (TSM)
    • Which acts as a pivotal role in the NFC eco-system with number of Mobile Network Operators, Service Providers, and users to deliver mobile commerce services.
    • Role: as a scrum team member to analysis and develop the system.
    • System Analysis: Global Platform Standards.
    • Technology: J2EE, EJB, JAXB, JPQL, JPA, JDBC, Oracle 11g.
    • Glass Fish Server Tools: Web services, Provider-dispatch, wsdl, xml, xsd, Connection Pool.
    • Logging & Testing: log4j 2.0, Junit.

  4. GP Interpreter
    • To allow Global Platform specified Java Objects accessible from Java Script Fragment among Application Profiles.
    • Role: as a scrum team member to develop the system.
    • System Analysis: Global Platform Standards.
    • Technology: JAVA, JAXB, Rhino Java Scripting Engine.

  5. FreeBeePay
    • This is a coupon management system for merchants and consumers.
    • Role: In Server Team to implement commands. Each command required critical business logic and complex stored procedures in Database.
    • Technology: J2EE, XML, JSON, Java servlet, JDBC, MySQL, Apache Tomcat 6.0.26

(Back to top)

Contact me

Email: shafiz[at]iu[dot]edu

Office: Luddy Hall 2030,
School of Informatics, Computing, and Engineering,
Indiana University-Bloomington.
700 N Woodlawn Ave, Bloomington, IN 47408.

(Back to top)