Nasir D. Memon

Nasir D. Memon
New York University | NYU · Department of Computer Science and Engineering

About

420
Publications
153,860
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
17,840
Citations
Introduction
Nasir D. Memon currently works at the Department of Computer Science and Engineering, New York University. Nasir does research in Computer Security and Reliability. Their current project is 'automatic detection of lateral movement'.
Additional affiliations
January 2014 - present
New York University
Position
  • Professor (Full)
September 2007 - December 2013
Polytechnic Institute of New York University
Position
  • Professor (Full)

Publications

Publications (420)
Article
Photo Response Non-Uniformity (PRNU) based source camera attribution is an effective method to determine an image or a video’s origin camera. However, modern devices, especially smartphones, capture images and videos at different resolutions using the same sensor array, PRNU attribution can become ineffective as the camera fingerprint and query obj...
Chapter
SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authenti...
Chapter
Business Email Compromise (BEC) is an attack in which a scammer poses as a colleague of the intended victim or vendor of the targeted organization, and where the scammer either asks the intended victim to perform a payment or to send sensitive data. However, even though BEC is an increasing threat, the shape of the underlying scam is not well under...
Preprint
Full-text available
Fig. 1. Overview of 4 months of interaction logs collected from one law enforcement investigator using our visual analytic tool called Beagle. The visualization shows how the analyst transitions from one one state/query to another as the analysis unfolds. Abstract-Forensic data analysts are often faced with the challenge of huge and growing dataset...
Article
We present FiFTy, a modern file-type identification tool for memory forensics and data carving. In contrast to previous approaches based on hand-crafted features, we design a compact neural network architecture, which uses a trainable embedding space. Our approach dispenses with the explicit feature extraction which has been a bottleneck in legacy...
Conference Paper
Detection of photo manipulation relies on subtle statistical traces, notoriously removed by aggressive lossy compression employed online. We demonstrate that end-to-end modeling of complex photo dissemination channels allows for codec optimization with explicit provenance objectives. We design a lightweight trainable lossy image codec, that deliver...
Preprint
We assess the variability of PRNU-based camera fingerprints with mismatched imaging pipelines (e.g., different camera ISP or digital darkroom software). We show that camera fingerprints exhibit non-negligible variations in this setup, which may lead to unexpected degradation of detection statistics in real-world use-cases. We tested 13 different pi...
Preprint
Full-text available
PRNU based camera recognition method is widely studied in the image forensic literature. In recent years, CNN based camera model recognition methods have been developed. These two methods also provide solutions to tamper localization problem. In this paper, we propose their combination via a Neural Network to achieve better small-scale tamper detec...
Conference Paper
In this paper, we assess vulnerability of speaker verification systems to dictionary attacks. We seek master voices, i.e., adversarial utterances optimized to match against a large number of users by pure chance. First, we perform menagerie analysis to identify utterances which intrinsically hold this property. Then, we propose an adversarial optim...
Preprint
Full-text available
Photo Response Non-Uniformity (PRNU) based camera attribution is an effective method to determine the source camera of visual media (an image or a video). To apply this method, images or videos need to be obtained from a camera to create a "camera fingerprint" which then can be compared against the PRNU of the query media whose origin is under ques...
Preprint
We present FiFTy, a modern file type identification tool for memory forensics and data carving. In contrast to previous approaches based on hand-crafted features, we design a compact neural network architecture, which uses a trainable embedding space, akin to successful natural language processing models. Our approach dispenses with explicit featur...
Preprint
As the convenience and cost benefits of Natural User Interface (NUI) technologies are hastening their wide adoption, computing devices equipped with such interfaces are becoming ubiquitous. Used for a broad range of applications, from accessing email and bank accounts to home automation and interacting with a healthcare provider, such devices requi...
Preprint
Full-text available
Photo Response Non-Uniformity (PRNU) based source camera attribution is an effective method to determine the origin camera of visual media (an image or a video). However, given that modern devices, especially smartphones, capture images, and videos at different resolutions using the same sensor array, PRNU attribution can become ineffective as the...
Article
Full-text available
Studies have shown that children can be exposed to smart devices at a very early age. This has important implications on research in children–computer interaction, children online safety and early education. Many systems have been built based on such research. In this work, we present multiple techniques to automatically detect the presence of a ch...
Preprint
Forensic analysis of digital photographs relies on intrinsic statistical traces introduced at the time of their acquisition or subsequent editing. Such traces are often removed by post-processing (e.g., down-sampling and re-compression applied upon distribution in the Web) which inhibits reliable provenance analysis. Increasing adoption of computat...
Article
In this study, we address the problem of forensic photo carving, which serves as one of the key sources of digital evidence in modern law enforcement. We propose efficient algorithms for assembling meaningful photographs from orphaned photo fragments, carved without access to file headers, metadata or compression settings. The addressed problem rai...
Article
Full-text available
ENF is a time-varying signal of the frequency of mains electricity in a power grid. It continuously fluctuates around a nominal value (50/60 Hz) due to changes in supply and demand of power over time. Depending on these ENF variations, the luminous intensity of a mains-powered light source also fluctuates. These fluctuations in luminance can be cap...
Article
As the convenience and cost benefits of Natural User Interface (NUI) technologies are hastening their wide adoption, computing devices equipped with such interfaces are becoming ubiquitous. Used for a broad range of applications, from accessing email and bank accounts to home automation and interacting with a healthcare provider, such devices requi...
Preprint
Forensic analysis of digital photo provenance relies on intrinsic traces left in the photograph at the time of its acquisition. Such analysis becomes unreliable after heavy post-processing, such as down-sampling and re-compression applied upon distribution in the Web. This paper explores end-to-end optimization of the entire image acquisition and d...
Conference Paper
The strength of an anonymity system depends on the number of users. Therefore, User eXperience (UX) and usability of these systems is of critical importance for boosting adoption and use. To this end, we carried out a study with 19 non-expert participants to investigate how users experience routine Web browsing via the Tor Browser, focusing particu...
Preprint
Full-text available
Studies have shown that children can be exposed to smart devices at a very early age. This has important implications on research in children-computer interaction, children online safety and early education. Many systems have been built based on such research. In this work, we present multiple techniques to automatically detect the presence of a ch...
Preprint
Full-text available
This paper presents TapMeIn, an eyes-free, two-factor authentication method for smartwatches. It allows users to tap a memorable melody (tap-password) of their choice anywhere on the touchscreen to unlock their watch. A user is verified based on the tap-password as well as her physiological and behavioral characteristics when tapping. Results from...
Preprint
Full-text available
This paper presents TapMeIn, an eyes-free, two-factor authentication method for smartwatches. It allows users to tap a memorable melody (tap-password) of their choice anywhere on the touchscreen to unlock their watch. A user is verified based on the tap-password as well as her physiological and behavioral characteristics when tapping. Results from...
Article
Full-text available
This paper presents TapMeIn, an eyes-free, two-factor authentication method for smartwatches. It allows users to tap a memorable melody (tap-password) of their choice anywhere on the touchscreen to unlock their watch. A user is verified based on the tap-password as well as her physiological and behavioral characteristics when tapping. Results from...
Article
This paper proposes three measures to quantify the characteristics of online signature templates in terms of distinctiveness, complexity and repeatability. A distinctiveness measure of a signature template is computed from a set of enrolled signature samples and a statistical assumption about random signatures. Secondly, a complexity measure of the...
Conference Paper
Full-text available
Recent research has demonstrated the possibility of generating "Masterprints" that can be used by an adversary to launch a dictionary attack against a fingerprint recognition system. Masterprints are fingerprint images that fortuitously match with a large number of other fingerprints thereby compromising the security of a fingerprint-based biometri...
Conference Paper
Full-text available
Although some remarkable advancements have been made in image carving for forensics applications, even in the presence of fragmentation, existing methods are not effective when parts (fragments) of an image are missing. This paper addresses this problem and proposes a PRNU (Photo Response Non-Uniformity)-based image carving method. The proposed met...
Article
Full-text available
Increasing cyber-security presents an ongoing challenge to security professionals. Research continuously suggests that online users are a weak link in information security. This research explores the relationship between cyber-security and cultural, personality and demographic variables. This study was conducted in four different countries and pre...
Conference Paper
Recent hardware advances, called gate camouflaging, have opened the possibility of protecting integrated circuits against reverse-engineering attacks. In this paper, we investigate the possibility of provably boosting the capability of physical camouflaging of a single Boolean gate into physical camouflaging of a larger Boolean circuit. We first pr...
Conference Paper
Full-text available
Many network intrusion detection systems use byte sequences to detect lateral movements that exploit remote vulnerabilities. Attackers bypass such detection by stealing valid credentials and using them to transmit from one computer to another without creating abnormal network traffic. We call this method Credential-based Lateral Movement. To detect...
Article
Full-text available
ENF (Electrical Network Frequency) instantaneously fluctuates around its nominal value (50/60 Hz) due to a continuous disparity between generated power and consumed power. Consequently, luminous intensity of a mains-powered light source varies depending on ENF fluctuations in the grid network. Variations in the luminance over time can be captured f...
Article
Full-text available
Photo Response Non-Uniformity (PRNU) noisebased source attribution is a well known technique to verify the camera of an image or video. Researchers have proposed various countermeasures to prevent PRNU-based source camera attribution. Forced seam-carving is one such recently proposed counter forensics technique. This technique can disable PRNUbased...
Conference Paper
Full-text available
Smartwatches are rapidly emerging to be the next generation of personal devices from the smartphone era due to their novel form factor and broad applications. However, their emergence also poses new challenges to securing user information. An important challenge is preventing unauthorized access to private information stored on the watch, for which...
Article
Full-text available
We address the problem of shoulder-surfing attacks on authentication schemes by proposing IllusionPIN (IPIN), a PIN-based authentication method that operates on touchscreen devices. IPIN uses the technique of hybrid images to blend two keypads with different digit orderings in such a way, that the user who is close to the device is seeing one keypa...
Article
Discusses the challenges that face biometric authentication in the areas of privacy and network security. The use of biometric data — an individual’s measurable physical and behavioral characteristics — isn’t new. Government and law enforcement agencies have long used it. The Federal Bureau of Investigation (FBI) has been building a biometric recog...
Article
Full-text available
We present two related methods for creating MasterPrints, synthetic fingerprints that a fingerprint verification system identifies as many different people. Both methods start with training a Generative Adversarial Network (GAN) on a set of real fingerprint images. The generator network is then used to search for images that can be recognized as mu...
Conference Paper
Full-text available
Anti-phishing techniques intended to reduce the delivery rate of phishing emails, and anti-phishing trainings meant to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subset of the chal- lenges that e...
Conference Paper
Full-text available
The goal of anti-phishing techniques is to reduce the delivery rate of phishemails, and anti-phishing training aims to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subclass of phishing attacks that...
Article
Full-text available
This paper presents Draw-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, Draw-A-PIN could offer better security by utilizing drawing traits or behavioural biometrics as a...
Conference Paper
Full-text available
Although PRNU (Photo Response Non-Uniformity)-based methods have been proposed to verify the source camera of a non-stabilized video, these methods may not be adequate for stabilized videos. The use of video stabilization has been increasing in recent years with the development of novel stabilization software and the availability of stabilization i...
Conference Paper
Full-text available
Increasing cyber-security presents an ongoing challenge to security professionals. Research continuously suggests that online users are a weak link in information security. This research explores the relationship between cyber-security and cultural, personality and demographic variables. This study was conducted in four different countries and pres...
Article
This paper presents the main results of a large-scale survey on cybersecurity competition participants in the past decade. 588 participants of the Cybersecurity Awareness Week (CSAW) competition were surveyed with measures of personality, interests, culture, decision-making and attachment styles in an exploratory study designed to identify the char...
Article
Full-text available
SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authenti...
Article
Full-text available
Large email data sets are often the focus of criminal and civil investigations. This has created a daunting task for investigators due to the extraordinary size of many of these collections. Our work offers an interactive visual analytic alternative to the current, manually intensive methodology used in the search for evidence in large email data s...
Article
Utilizing qualitative data gleaned from focus groups with adolescent girls participating in a cybersecurity summer program (N = 38, mean age = 16.3), this study examines the following research questions: (a) How do adolescent girls perceive the cybersecurity field? (b) What are the promising practices that engage girls in cybersecurity education? G...
Conference Paper
Full-text available
Major Internet service providers deploy SMS-based verification mechanisms to fortify the security of users' accounts for critical actions such as password reset and logging in from a new computer. In this paper, we describe a new type of phishing attack where an attacker triggers the delivery of a verification code from a service provider to a user...
Conference Paper
Full-text available
With the increased popularity of smart phones, there is a greater need to have a robust authentication mechanism that handles various security threats and privacy leakages effectively. This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is pre...
Article
As a first step in a larger research program, the authors surveyed Cybersecurity Awareness Week participants. By better understanding the characteristics of those who attend such events, they hope to design competitions that will inspire students to pursue cybersecurity careers.
Conference Paper
Full-text available
The Leap Motion controller is a consumer gesture sensor aimed to augment a user’s interactive experience with their computer. Using infrared sensors, it is able to collect data about the position and motions of a user’s hands. This data allows the Leap to be used as an authentication device. This study explores the possibility of performing both lo...
Conference Paper
Full-text available
Android Pattern, form of graphical passwords used on Android smartphones, is widely adopted by users. In theory, Android Pattern is more secure than a 5-digit PIN scheme. Users’ graphical passwords, however, are known to be very skewed. They often include predictable shapes (e.g., Z and N), biases in selection of starting point, and predictable seq...
Article
Full-text available
Biometric-based authentication is a growing trend. While this trend is enabled by the introduction of supporting technology, the use of biometrics introduces new privacy and ethical concerns about the direction of authentication. This paper explores willingness of users to share biometric information and therefore take advantage of these technologi...
Article
Full-text available
This paper proposes a metric to measure the quality of an online signature template derived from a set of enrolled signature samples in terms of its distinctiveness against random signatures. Particularly, the proposed quality score is computed based on statistical analysis of histogram features that are used as part of an online signature represen...
Patent
A peer-to-peer (P2P) bot(s) in a network is identified using an already identified P2P bot. More specifically, such embodiments may facilitate determining a candidate set of computers, which may be potential P2P bots, by identifying computers in a network that have a private mutual contact with a seed bot, which is a computer identified as a P2P bo...