Ehsan Toreini, PhD

Lecturer in Software Security
e DOT toreini AT surrey DOT ac DOT uk, | | | |

I am a lecturer in software security in Surrey Centre for Cyber Security (SCCS) in University of Surrey and visiting academic in department of computer science at Durham University.

My research interests are centered around designing secure architecture and system security. My research projects have bene published in major security conferences and journal (such as USENIX, ACM TOPS, ACM TIFS and ACM FacCt) have been featured in esteemed media outlets such as the Economist and Wall Street Journal). Additionally, I hold two US patents (I and II).

As a white hat, I have also led sidekick projects that resulted in two significant improvements in the security of the web ecosystem. JavaScript-based side-channel attacks to motion and orientation sensors using the leakages in Same-Origin-Policy caused major security patches in all mainstream browsers (Mozilla Firefox, Google Chrome and Apple Safari, and iOS), making W3C dedicate a section on privacy and security of deviceorientation API in the documentation (now deprecated) . Also, the privacy leakages of private browsing caused major updates in Apple Safari and Google Chrome. Look into my research page for more detail.

Future opportunities:

Student project? If you're a Surrey University student looking for a final year projects or research positions, please refer to this page.
Join my lab? If you are looking for a PhD, Postdoc or visiting scholar positions, please send an email to me with your proposal and CV (I usually respond within a week)

Projects

For more detail on my research projects and interests, see my research page.

Publications

List of all citations: Google Scholar

Bibtex Representation: Bibtex

2023

IJIS "Fairness as a Service (FaaS): verifiable and privacy-preserving fairness auditing of machine learning systems". Ehsan Toreini, Maryam Mehrnezhad, Aad van Moorsel. International Journal of Information Security, 2023
ePrint
ESORICS Workshop "Verifiable Fairness: Privacy-preserving Computation of Fairness for Machine Learning Systems". Ehsan Toreini, Maryam Mehrnezhad, Aad van Moorsel. Workshop on Private,Secure, and Trustworthy AI, 2023
ePrint
ACM Transactions "Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments.". James Clarke, Maryam Mehrnezhad, and Ehsan Toreini. ACM Transactions on Accessible Computing.
ePrint
EuroS&P Workshop "A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards.". Joshua Harrison, Ehsan Toreini, Maryam Mehrnezhad. IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2023
ePrint | Source Code | (Listed as top 5% of all research outputs scored by Altmetric) | more info inc. abstract, media coverage, and BibTeX

2022

USENIX Security "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country". Kovila Coopamootoo, Maryam Mehrnezhad, Ehsan Toreini. 31st USENIX Security Symposium 2022
ePrint
PoPETS "How Can and Would People Protect From Online Tracking?.". Maryam Mehrnezhad, Kovila Coopamootoo, Ehsan Toreini. Proceedings on Privacy Enhancing Technologies (PETS) 2022
ePrint
NordiCHI "Bodies Like Yours: Enquiring Data Privacy in FemTech". Teresa Almeida, Laura Shipp, Maryam Mehrnezhad, Ehsan Toreini. Nordic Human-Computer Interaction Conference 2022
ePrint
EuroUSEC "Vision: Too Little too Late? Do the Risks of FemTech already Outweigh the Benefits?". Maryam Mehrnezhad, Laura Shipp, Teresa Almeida, Ehsan Toreini. European Symposium on Usable Security 2022
ePrint
"In Private, Secure, Conversational FinBots We Trust". Magdalene Ng, Kovila PL Coopamootoo, Tasos Spiliotopoulos, Dave Horsfall, Mhairi Aitken, Ehsan Toreini, Karen Elliott, Aad van Moorsel. Arxiv
ePrint

2021

TIFS "Anti-Counterfeiting for Polymer Banknotes Based on Polymer Substrate Fingerprinting". Shen Wang, Ehsan Toreini, Feng Hao. IEEE Transactions on Information Forensics and Security (TIFS)
ePrint
"On Secure E-Voting over Blockchain". Patrick Mccorry, Maryam Mehrnezhad, Ehsan Toreini, Siamak F Shahandashti, Feng Hao. ACM journal of Digital Threats: Research and Practice (DTRAP)
ePrint

2020

ESORICS "Keeping it Human: A Focus Group Study of Public Attitudes Towards AI in Banking". Mhairi Aitken, Magdalene Ng, Ehsan Toreini, Aad van Moorsel, Kovila Coopamootoo, Karen Elliott. European Symposium on Research in Computer Security
ePrint
"Technologies for Trustworthy Machine Learning: A Survey in a Socio-Technical Context" . Ehsan Toreini, Mhairi Aitken, Kovila PL Coopamootoo, Karen Elliott, Vladimiro Gonzalez Zelaya, Paolo Missier, Magdalene Ng, Aad van Moorsel.
ePrint
EuroUSEC "Simulating the Effects of Social Presence on Trust, Privacy Concerns & Usage Intentions in Automated Bots for Finance" . Magdalene Ng, Kovila PL Coopamootoo, Ehsan Toreini, Mhairi Aitken, Karen Elliot, Aad van Moorsel. EuroUSEC 2020, The 5th European Workshop on Usable Security.
ePrint
IEEE S&P "End-to-End Verifiable E-Voting Trial for Polling Station Voting at Gateshead" .Feng Hao, Shen Wang, Samiran Bag, Rob Procter, Siamak F Shahandashti, Maryam Mehrnezhad, Ehsan Toreini, Roberto Metere, Lana Liu. IEEE Security & Privacy Journal, 2020
ePrint

2019

ACM FacCT "The relationship between trust in AI and trustworthy machine learning technologies" .Ehsan Toreini, Mhari Aitken, Aad van Moorsel, Karen Elliot, Kovila Koopamootoo. ACM conference on Fairness, Accountability and Transparency in Machine Learning (ACM FAT*), Spain, 2020.
ePrint | Presentation | Video
IJIS "DOMtegrity: Ensuring Web Page Integrity against Malicious Browser Extensions" . Ehsan Toreini, Siamak F. Shahandashti, Maryam Mehrnezhad, Feng Hao. International Journal of Information Security.
ePrint | Source Code | More
"What Is This Sensor and Does This App Need Access to It?" . Maryam Mehrnezhad, Ehsan Toreini. Informatics Journal.

2018

STAST "Making sense of sensors: mobile sensor security awareness and education" . Maryam Mehrnezhad, Ehsan Toreini, Sami Alajrami. 7th Workshop on Socio-Technical Aspects in Security and Trust (STAST)

ePrint
IJIS "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception" . Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. International Journal of Information Security.
ePrint | Source Code | (Listed as top 5% of all research outputs scored by Altmetric)

2017

ACM TOPS "Texture to the Rescue: Practical Paper Fingerprinting based on Texture Patterns" . Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. ACM Transactions on Privacy and Security (TOPS), ACM, 2017.
ePrint | more info inc. abstract, media coverage, and BibTeX

2016

JISA "Touchsignatures: identification of user touch actions and pins based on mobile sensor data via javascript" . Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. Journal of Information Security and Applications 26, 23-38.
Publication | Source Code |
IJIS "PiSHi: click the images and I tell if you are a human" . Maryam Mehrnezhad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. International Journal of Information Security, 1-17.
Publication |
"Removing Trusted Tallying Authorities" . Patrick McCorry, Ehsan Toreini, Maryam Mehrnezhad. Newcastle University.
Technical Report

2015

"Determining User Passwords From Partial Information" . Dylan Clarke, Ehsan Toreini, Feng Hao. Newcastle University.
Technical Report
"An acoustic side channel attack on enigma" . Ehsan Toreini, Brian Randell, Feng Hao. Newcastle University.
Technical Report

2014

"Analysis Of The Usage Of Chaotic Theory In Data Clustering Using Particle Swarm Optimization" . Saman Poursiah Navi, Ehsan Toreini, Maryam Mehrnejad, Seyyed Kazem Shekofteh. Indian Journal of Scientific Research 4 (3), 335-353.
Publication
"On the privacy of private browsing–a forensic approach" . Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini. Data Privacy Management and Autonomous Spontaneous Security, 380-389.
ePrint

2012

Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. "SEIMCHA: a new semantic image CAPTCHA using geometric transformations" . The ISC International Journal of Information Security 4 (1), 63-76.
ePrint

2011

"Multiple seimcha: multiple semantic image captcha" . Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint
"A novel method in fuzzy data clustering based on chaotic PSO" . Ehsan Toreini, Maryam Mehrnejad. International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint
"Security analyzing and designing GUI with the resources model" . Maryam Mehrnejad, Ehsan Toreini, Abbas Ghaemi Bafghi. International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint
"Clustering Data with Particle Swarm Optimization using a new fitness" . Ehsan Toreini, Maryam Mehrnejad. Data Mining and Optimization (DMO), 2011 3rd Conference on, 266-270.
ePrint
"A novel fuzzy metric to evaluate clusters for prolonging lifetime in wireless sensor networks" . Peyman Neamatollahi, Hoda Taheri, Ehsan Toreini, Mahmoud Naghibzadeh, Mohhamad Hossein Yaghmaee. Artificial Intelligence and Signal Processing (AISP), 2011 International.
ePrint
"A new image based CAPTCHA based on geometric transformations" . Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. 8th International ISC Conference on Information Security and Cryptology, FUM.
ePrint

Teaching

I have many teaching experiences in different roles such as module leader, module coordinator and module designer for security related (and unrelated) courses. I will keep everyone posted on my teaching responsibilities in Surrey University in near future.

Year 2023 - 2024 (@Surrey University)

COMM047 - Secure Systems and Applications (Module Lead)

Year 2022 - 2023 (@Surrey University and @Durham University)

COMM047 - Secure Systems and Applications

Year 2021 - 2022 (@Durham University)

Security Engineering (Module Designer and Lead): This module is proposed in Durham University Curriculum for the first time. Teaching Goal: available here.
Bias in AI: continuation of the module taught in previous year with minor modifications.

Year 2020 - 2021 (@Durham University)

Bias in AI (Module Designer): This module is proposed in Durham University Curriculum for the first time. Teaching Goal: available here.
Probability (Module Designer): This module is proposed in Durham University Curriculum for the first time. Teaching Goal: available here.

Misc.

Other bits and pieces that I am proud of include nominations, public outreach presentations and impacts. Some are:

Nominated by Dep. of Computer Science at DU for “Blavatnik award for young scientists in the UK”, 2022
Shortlisted in EPSRC Connected Nation Pioneers Competition, 2018
Winner ($3k) of The Kaspersky Lab Cyber Security Case Study Competition Hosted by The Economist on blockchain for e-voting, 2016.
Invited Talk, Sutton Trust Summer School 2021, A Discussion on Trust, and Security
Invited Panel Member, Dynamo 20, FinTrust: A discussion of tech, social & ethical approaches to establish trust in FinTech
What Your Sensors Say about You, Thinking Digital, Newcastle, 2016 and 2018.