Publication

Publications:

(The authors in blue are graduate students mentored by me.)

Pre-prints:

• TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments.

Joshua Groen, Simone Di Valerio, Imtiaz Karim, Davide Villa, Yiwei Zhang, Leonardo Bonati, Michele Polese, Salvatore D'Oro, Tomasso Melodia, Elisa Bertino, Francesca Cuomo, and Kaushik Chowdhury 

Conference:

• Standing Firm in 5G: A Single-Round, Dropout-Resilient Secure Aggregation for Federated Learning

Yiwei Zhang, Rouzbeh Behnia,  Imtiaz Karim,  Attila A Yavuz  and Elisa Bertino

The 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2025.

• How Feasible is Augmenting Fake Nodes with Learnable Features as a counter-strategy against Link Stealing Attacks?

Mir Imtiaz Mostafiz,  Imtiaz Karim and Elisa Bertino

The 15th ACM Conference on Data and Application Security and Privacy (CODASPY), 2025.

• AKMA+: Privacy-Enhanced and Standard-Compatible AKMA for 5G Communications

Yang Yang, Guomin Yang, Yingjiu Li, Minming Huang, Zilin Shen, Imtiaz Karim, Ralf Sasse, David Basin, Elisa Bertino, Jian Weng, Hwee Hwa Pang, and Robert H. Deng

The 34th USENIX Security Symposium (Usenix Sec), 2025

• Gotta Detect ’Em All: Fake Base Station and Multi-Step Attack Detection in Cellular Networks

Imtiaz Karim*, Kazi Samin Mubasshir*, and Elisa Bertino  (*joint first authors)

The 34th USENIX Security Symposium (Usenix Sec), 2025

• CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications

Imtiaz Karim*, Mirza Masfiqur Rahman*, and Elisa Bertino  (*joint first authors)

The 33rd USENIX Security Symposium (Usenix Sec), 2024.

• Security Attacks to the Name Management Protocol in Vehicular Networks

Sharika Kumar, Imtiaz Karim, Elisa Bertino, and Anish Arora

Symposium on Vehicle Security and Privacy (VehicleSec), 2024 (co-located with NDSS).

• Segment-Based Formal Verification of WiFi Fragmentation and Power Save Mode

Zilin Shen, Imtiaz Karim, and Elisa Bertino 

The 19th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2024.

• SPEC5G: A Dataset for 5G Cellular Network Protocol Analysis

Imtiaz Karim, Kazi Samin Mubasshir, Mirza Masfiqur Rahman, and Elisa Bertino 

The 13th International Joint Conference on Natural Language Processing and the Conference of the Asia-Pacific Chapter of the Association for Computational Linguistics (IJCNLP-AACL), 2023. [github] [dataset]

• BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations

Imtiaz Karim, Abdullah Al Ishtiaq, Syed Rafiul Hussain, and Elisa Bertino 

The 44th IEEE Symposium on Security and Privacy (IEEE S&P), 2023. [github] [website] [teaser] [full talk]

• VWAnalyzer: A Systematic Security Analysis Framework for the Voice over WiFi Protocol

Hyunwoo Lee, Imtiaz Karim, Ninghui Li, and Elisa Bertino 

The 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2022. [github]

• AI-powered Network Security: Approaches and Research Directions

Elisa Bertino and Imtiaz Karim 

The 8th International Conference on Networking, Systems, and Security (NSysS), 2021 (Research directional paper).

• Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices

Imtiaz Karim*,  Syed Rafiul Hussain*, Abdullah Al Ishtiaq, Omar Chowdhury, and Elisa Bertino  (*joint first authors)

The 28th ACM Conference on Computer (CCS), 2021  [github] [full talk]

• ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations 

Imtiaz Karim, Syed Rafiul Hussain, and Elisa Bertino 

The 41st IEEE International Conference on Distributed Computing Systems (ICDCS), 2021.  

Best Paper Award nomination 

• ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones 

Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino 

ACM Digital Threats: Research and Practice (DTRAP), 2020.  [github]

• Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones 

Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino 

The 35th Annual Computer Security Applications Conference (ACSAC), 2019. [github] 

Distinguished Paper Award 

• 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol 

Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino 

The 26th ACM Conference on Computer and Communications Security (CCS), 2019. [github] 

• Maximizing Heterogeneous Coverage in Over and Under Provisioned Visual Sensor Networks 

Abdullah Al Zishan, Imtiaz Karim, Sudipta Saha Shubha, Ashikur Rahman 

The Journal of Network and Computer Applications, Elsevier (JNCA), Volume 124, 15 December 2018, Pages 44-62. 

Book:

• Imtiaz Karim et al., including Elisa Bertino, Machine Learning Techniques for Cybersecurity

Part of the book series: Synthesis Lectures on Information Security, Privacy, and Trust (SLISPT), Springer Nature, May 2023.

Thesis:

• Imtiaz Karim,  A Systematic Framework for Analyzing The Security And Privacy of Wireless Communication 

Purdue University, West Lafayette, IN.

Industrial Conference:

• ProChecker:  An Automated Security and Privacy Analysis Framework for Communication Protocol Implementations

Imtiaz Karim, Sayak Ray, Arun Kanuparthi, and Jason M. Fung 

Intel Software Practitioners Conference (Intel SWPC) 2020.

• Utilizing Symbolic Execution for Property-Guided Security and Privacy Testing in Communication Protocol Implementations

Imtiaz Karim, Sayak Ray, Arun Kanuparthi, Stephan Heuser and Jason M. Fung 

Intel Software Practitioners Conference (Intel SWPC) 2020

Invited Talks:

• Systematic Security Analysis of Cellular Network Specifications and Implementations, AI/ML Research Seminar,  Northern Illinois University, April 2025.

• Systematic Security Analysis of Cellular Network Specifications and Implementations, University of California, Irvine, December 2023.

• ML and NLP for Cellular Network Security, Intel Labs, October 2023.

• Noncompliance as Deviant Behavior:  An Automated Black-box Noncompliance Checker for 4G LTE Cellular  Devices, The third Annual Side Channel Academic Program (SCAP) workshop, Intel 2021.

• Automated Security and Privacy Analysis for Communication Protocol Implementation, invited talk to the Second Annual Side Channel Academic Program (SCAP) workshop, Intel 2020.

Conference and Other Talks:

• O-RAN-enabled Intelligent, Secure, Efficient, and Resilient Resource Allocation, NSF AI-EDGE Year-3 Annual Meeting, Northeastern University, Boston, October, 2024.

• SPEC5G: A Dataset for 5G Cellular Network Protocol Analysis, AACL, Bali, Indonesia, November, 2023.

• ML and NLP for Cellular Network Security, NSF AI Institute for Future Edge Networks and Distributed Intelligence, Northeastern University, Boston, 2023.

• BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations, 44th IEEE Symposium on Security and Privacy (IEEE S&P), 2023.

• A White-box Learning Approach to Generate Formal Models of Communication Protocols, AI-EDGE all hands-on workshop, June 2022.

• Noncompliance as Deviant Behavior:  An Automated Black-box Noncompliance Checker for 4G LTE Cellular  Devices, CCS 2021.

• ProChecker:  An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations, ICDCS 2021.

• Automated Security and Privacy Analysis for Communication Protocol Implementation, invited talk to the Second Annual Side Channel Academic Program (SCAP) workshop, Intel 2020.

• Opening Pandora’s Box through ATFuzzer:  Dynamic Analysis of AT Interface for Android Smartphones, ACSAC 2019.

Bug reports and CVDs/CVEs:

• VWAttacker: A Systematic Security Testing Framework for Voice over WiFi Implementations

  • CVE-2025-20667

• TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments.

  • O-RAN-CVD-002, O-RAN-CVD-003

• BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations, (IEEE S&P), 2023

• Google/Android Security bug bounty reward of $10,000 USD, CVE-2024-34722

• Huawei Security bug bounty and acknowledgments: HWPSIRT-2022-56262, HWPSIRT-2022-13244, HWPSIRT-2022-96208

• Security advisory from STMicroelectronics (TN1436-ST-PSIRT)

• High and medium-severity CVE's assigned to some of the implementation issues we found in different BLE implementations: CVE-2022-40480, CVE-2022-41768, CVE-2022-45190, CVE-2022-45192, CVE-2022-45191, CVE-2025-26438

• Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices, (CCS), 2021

• Inducted to GSMA Mobile Security  Research Acknowledgements (formerly Hall of Fame) [GSMA CVD-2021-0050]

• Google Bug Bounty Reward, Samsung Bug Bounty Reward, MediaTek Security Acknowledgements, Qualcomm Security Bulletins

• High-severity CVE's assigned to some of the implementation issues we found in different UE implementations: CVE-2021-25471, CVE-2021-25480, CVE-2021-40148, CVE-2021-30344,  SVE-2021-22327, SVE-2021-22324, CVE-2022-25685, CVE-2022-22091

• ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations, (ICDCS), 2021. 

• Inducted to GSMA Mobile Security Research Hall of Fame [GSMA CVD-2021-0043]

• Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones, 2019. [github]

• Samsung Bug Bounty Reward

• CVE: CVE-2019-16401, CVE-2019-16400

• 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol, (CCS), 2019. 

• Inducted to GSMA Mobile Security Research Hall of Fame [GSMA CVD-2019-0029]

Grant Applications:

• Senior personnel - Detection of GenAI generated malware variants and Sandbox evasion using GenAI, awarded $150K by Cisco Research, 2024.

• Author of the proposal- Systematic LLM Based Protocol Analysis, awarded $109,372 by Cisco Research, 2023.

• Author of the proposal- (NSF 2223452) - Detecting fake and compromised base stations using the platforms for Advanced Wireless Research (PAWR)., Funded by NSF, 2022.

•  Helped with the write-up of thrust 4: AI-Powered Network Security (NSF 2112471) - AI Institute for Future Edge Networks and Distributed Intelligence (AI-EDGE). 

• Author of the proposal - Principled Security Analysis of Intel's Bluetooth implementation through enhanced Symbolic Execution, awarded $72,000 by Intel for 2021.

• Co-author of the proposal - Principled Security and Privacy Analysis of Intel’s Implementation of Bluetooth, Bluetooth Low Energy, and Wi-Fi Protocols,  awarded $72,000 by Intel for 2020.