I am an Assistant Professor at the University of Guelph. I have a Ph.D from the University of Waterloo and an MSc from the University of Southern California. I conduct research in Security, Systems and HCI domains and have published at prestigious venues including IEEE S&P (Oakland), ACM CCS, USENIX Security, ACM MobiCom, ACM MobiSys, and ACM CHI. Some of my research work has been featured by The Globe and Mail, Bruce Schneier's blog, Time Magazine's Techland, Ars Technica, and the New Scientist magazine. My non-academic ventures include my industrial work as the Co-Founder and Chief Scientist at Penfield.AI and the Co-Founder and Technical Lead at xFlow Research, where I led the development of software defined networking solutions for Marvell Technology, Netgear, Dell, and Cavium Networks.
Usable Security and Privacy
Applied Machine Learning
J. Ceci, J. Stegman, and H. Khan. No Privacy in the Electronics Repair Industry. Proc. of the 44th IEEE Symposium on Security and Privacy, 2023.
J. Stegman, P. J. Trottier, C. Hillier, H. Khan, and M. Mannan. "My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software. Proc. of the 32nd USENIX Security Symposium, 2023.
S. Habib, H. Khan, A. Hamilton-Wright, and U. Hengartner. Revisiting the Security of Biometric Authentication Systems Against Statistical Attacks. In ACM Transactions on Privacy and Security, 2022.
H. Khan, U. Hengartner, and D. Vogel. Augmented Reality-based Mimicry Attacks on Behaviour-Based Smartphone Authentication. Proc. of the 16th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2018), ACM, 2018.
H. Khan, U. Hengartner, and D. Vogel. Evaluating Attack and Defense Strategies for Smartphone PIN Shoulder Surfing. Proc. of the SIGCHI Annual Conference on Human Factors in Computing Systems (CHI 2018), ACM, 2018.
H. Khan, U. Hengartner, and D. Vogel. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. Proc. of the 14th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2016), ACM, 2016.
H. Khan, A. Atwater, and U. Hengartner. Itus: An Implicit Authentication Framework for Android. Proc. of the 20th Annual International Conference on Mobile Computing and Networking (MobiCom 2014), ACM, 2014.