ImtiazKarim

Imtiaz Karim

Postdoctoral Research Associate

Department of Computer Science

Purdue University

Lawson Computer Science Building,

West Lafayette, IN 47907

Email: karim7@purdue.edu, imtiazkarimik@gmail.com;

My PGP Public Key

I am a Postdoctoral Research Associate in the Department of Computer Science at Purdue University . I completed my Ph.D. from the same department in Spring 2023 under the supervision of Professor Elisa Bertino.

My research interests lie in analyzing the security and privacy of wireless communication protocols (e.g., 4G, 5G, Bluetooth, VoWiFi, vehicular, WiFi, and IoT), their implementations, networked systems, and mobile computing. My research aim is to develop tools that systematically analyze real-world systems and widely used protocols using formal verification, program analysis, machine learning, natural language processing, and software testing techniques. Furthermore, with the advent of the next generation of networks (6G and beyond), my future goal is to ensure the resilience (reliability, adaptability, and security) of future network generations and develop systems that are secure by design.

My research focuses on the following themes:

NLP-based protocol analysis

[AACL 2023]

Protocol noncompliance checking

[IEEE S&P 2023] [CCS 2021]

Systematic implementation analysis

[ICDCS 2021] [ACSAC 2019]

Formal analysis of protocol standards

[CCS 2019] [AsiaCCS 2022]

My research has led to several changes in the design of 4G and 5G cellular standards. Also, I have found numerous security and privacy issues in various protocols and system implementations. Due to this, I have been inducted into the GSMA Mobile Security Research Hall of Fame three times and have received numerous bug bounties, CVDs, and CVEs. I received the Best Paper award at ACSAC 2019 and the Best Paper award nomination at ICDCS 2021. For outstanding security research, I received the Maurice H. Halstead Memorial Award and the Bilsland Dissertation Fellowship Award from Purdue University in 2020 and 2022, respectively.

I got the opportunity to work as an Applied Scientist Intern at Amazon (Summer 2021) and a Security Researcher Intern at Intel (Summer 2020, 2019).

I completed my B.Sc. from the Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, in September 2017.

Selected Publications: (full list)

SPEC5G: A Dataset for 5G Cellular Network Protocol Analysis

Imtiaz Karim, Kazi Samin Mubasshir, Mirza Masfiqur Rahman, Elisa Bertino, The 13th International Joint Conference on Natural Language Processing and the Conference of the Asia-Pacific Chapter of the Association for Computational Linguistics, (IJCNLP-AACL), 2023.

BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations

Imtiaz Karim, Abdullah Al Ishtiaq, Syed Rafiul Hussain, and Elisa Bertino, IEEE Symposium on Security and Privacy (IEEE S&P), 2023.

Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices

Imtiaz Karim, Syed Rafiul Hussain, Abdullah Al Ishtiaq, Omar Chowdhury, and Elisa Bertino, ACM Conference on Computer (CCS), 2021.

ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations

Imtiaz Karim, Syed Rafiul Hussain, and Elisa Bertino, IEEE International Conference on Distributed Computing Systems (ICDCS), 2021.

Best Paper Award nomination

Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones

Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino, Annual Computer Security Applications Conference (ACSAC), 2019.

Distinguished Paper Award

Recent News:

[November'23] Our paper on WiFi fragmentation and PSM verification has been accepted to AsiaCCS 2024. Congratulations Zilin!
[November'23] I will give a talk at the CECS seminar at UC Irvine.
[October'23] Gave a talk at Intel Labs about my research on cellular network security.
[September'23] SPEC5G has been accepted to AACL 2023.
[March'23] Serving on the PC of NDSS'24
[March'23] Defended Ph.D. thesis!
[February'23]: BLEDiff awarded 10,000$ USD on bug bounties from Google.
[January'23]: Serving on the PC of RAID'23
[December'22]: Serving on the PC of ICDCS'23
[December'22]: BLEDiff has been accepted to IEEE S&P 2023.
[August'22]: Serving on the Artifact Evaluation Committee of EuroSys'23 and Usenix Sec'23.
[July'22]: Proposal to conduct experimental research on the Platforms for Advanced Wireless Research (PAWR) for securing next-generation networks has been funded by NSF!
[April'22]: Google acknowledged a DIKEUE vulnerability as high severity issue and awarded $5000 USD reward.
[April'22]: Received the prestigious Bilsland Dissertation Fellowship award from Purdue University Graduate School.
[March'22]: Serving on the Artifact Evaluation Committee of Wisec 2022.
[February'22]: Passed Ph.D. preliminary exam. Officially a Ph.D. candidate!
[February'22]: VWAnalyzer has been accepted to AsiaCCS 2022!
[October'21]: Serving on the Artifact Evaluation Committee of Usenix Sec 2022.
[September'21]: DIKEUE-Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices, has been accepted to CCS 2021!

[August'21]: Inducted in GSMA Mobile Security Research Acknowledgements (previously known GSMA Mobile Security Hall of Fame) for the third time for uncovering and fixing implementation flaws/weaknesses in 4G/5G networks.
[July'21]: ProChecker has been nominated for the best paper award at ICDCS 2021!
[March'21]: Inducted in GSMA Mobile Security Research Hall of Fame, again for finding vulnerabilities and suggesting improvements in the 4G/5G cellular network protocol (CVD-2021-0043).
[March'21]: ProChecker has been accepted to ICDCS 2021!
[January'21]: I will be joining Amazon Automated Reasoning Group as an Applied Scientist Intern for summer 2021.
[December'20]: Two papers based on my last 2 year's internships have been accepted in Intel SWPC (Software Practitioners Conference) 2020, an industrial conference organized by Intel.
[October'20]: Intel renewed the funding of $72K for our work on the analysis of Intel's Bluetooth implementation for 2021!
[October'20]: Presented my last 2 year's internship work at the second annual Side Channel Academic Program (SCAP) workshop, Intel 2020.
[September'20]: ATFuzzer (journal version) has been accepted for publication to ACM Digital Threats: Research and Practice.
[August'20]: Completed Summer '20 Internship at Intel as a Security Researcher Intern
[April'20]: Received Maurice H. Halstead Memorial Award for system security and software engineering research from Purdue CS!
[December'19]: ATFuzzer won the best paper award at ACSAC'19
[December'19]: Got Samsung Bug Bounty Reward.
[November'19]: Intel awarded $72K for our work on Bluetooth, WiFi analysis.
[November'19]: Inducted in GSMA Mobile Security Research Hall of Fame for finding vulnerabilities and suggesting improvements in the 5G cellular network specification (CVD-2019-0029).
[October'19]: Got CCS 2019 Student Travel Grant Award
[October'19]: Got CVE-2019-16400 and CVE-2019-16401 for detecting issues in AT command interface of Samsung Smartphones.
[September'19]: ATFuzzer got accepted to ACSAC’19.
[August'19]: Completed Summer '19 Internship at Intel.
[May'19]: 5GReasoner got accepted to CCS’19.

Awards and Honors:

[2022-23]: Bilsland Dissertation Fellowship award from Purdue University Graduate School.
[2021]: Best paper award nomination, ICDCS.
[2021, 2019]: Inducted three times in the Mobile Security Research Hall of Fame by GSMA for identifying security & privacy flaws and coordinating mitigation in the 4G LTE/5G cellular network standards and implementations.
[2020]: Maurice H. Halstead Memorial Award for outstanding research in Software Engineering, Purdue University.
[2019]: Distinguished Paper Award, ACSAC.
[2019]: ACM CCS Student Travel Grant Award.