About

Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before joining UCI in 2000, he worked at IBM Zurich Research Laboratory from 1991 to 1996 and at USC/ISI from 1996 to 2000. His research interests include many topics in security, privacy, and applied cryptography. Tsudik is a Fulbright Scholar, a Fulbright Specialist (twice), and a fellow of ACM, IEEE, and AAAS. He is also a foreign member of Academia Europaea. From 2009 to 2015, he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). He received the 2017 ACM SIGSAC Outstanding Contribution Award. His contributions include authoring the first crypto-poem published as a refereed paper. His research spans a broad range of timely and important topics in security, privacy, and cryptography.

Research topics

• Computer Science
• Embedded system
• Computer Security
• Operating system
• Computer architecture
• Computer hardware
• Distributed computing
• Mathematics
• Programming language
• Software engineering

Selected publications

• DuoLungo: Usability Study of Duo 2FA

  ArXiv.org · 2026-02-01

  articleOpen accessSenior author

  Multi-Factor Authentication (MFA) enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its usability has not been examined thoroughly or recently. Earlier studies focused on technical challenges during initial deployment but did not measure core usability metrics such as task completion time or System Usability Scale (SUS) scores. These results are also outdated, originating from a time when MFA was less familiar to typical users. We conducted a long-term, large-scale Duo usability study at the University of California Irvine during the 2024-2025 academic year, involving 2559 participants. Our analysis uses authentication log data and a survey of 57 randomly selected users. The average overhead of a Duo Push task is nearly 8 seconds, which participants described as short to moderate. Overhead varies with time of day, field of study, and education level. The rate of authentication failures due to incomplete Duo tasks is 4.35 percent, and 43.86 percent of survey respondents reported at least one Duo login failure. The Duo SUS score is 70, indicating good usability. Participants generally find Duo easy to use but somewhat annoying, while also reporting an increased sense of account security. They also described common issues and offered suggestions for improvement.

  PublisherOA PDF

• DuoLungo: Usability Study of Duo 2FA

  Open MIND · 2026-02-01

  preprintSenior author

  Multi-Factor Authentication (MFA) enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its usability has not been examined thoroughly or recently. Earlier studies focused on technical challenges during initial deployment but did not measure core usability metrics such as task completion time or System Usability Scale (SUS) scores. These results are also outdated, originating from a time when MFA was less familiar to typical users. We conducted a long-term, large-scale Duo usability study at the University of California Irvine during the 2024-2025 academic year, involving 2559 participants. Our analysis uses authentication log data and a survey of 57 randomly selected users. The average overhead of a Duo Push task is nearly 8 seconds, which participants described as short to moderate. Overhead varies with time of day, field of study, and education level. The rate of authentication failures due to incomplete Duo tasks is 4.35 percent, and 43.86 percent of survey respondents reported at least one Duo login failure. The Duo SUS score is 70, indicating good usability. Participants generally find Duo easy to use but somewhat annoying, while also reporting an increased sense of account security. They also described common issues and offered suggestions for improvement.

  DOI

• Scoop: Mitigation of Recapture Attacks on Provenance-Based Media Authentication

  GetMobile Mobile Computing and Communications · 2026-04-23

  articleSenior author

  Today, digital media is constantly produced and consumed in enormous volumes. We rely heavily on smartphone images and videos from daily social sharing and entertainment to critical tasks, such as verifying a new Uber driver's identity, online banking operations, or providing evidence in legal proceedings. However, continuous advances in digital media manipulation, especially with the introduction of generative AI, yield increasingly sophisticated deepfakes [14]. This poses a massive threat to society, facilitating the spread of fake news, misinformation, and personal slander that greatly endanger our perception of reality. Restoring trust in visual content has immense societal benefits, ensuring that organizations, institutions, and individuals can once again safely rely on the digital media they consume, restoring the principle of ''seeing is believing.'' A good solution must provide a reliable way to verify where, when, and how a piece of media was created, rather than relying solely on deepfake detection algorithms, which is unfortunately shaping up to be a never-ending arms race.

  PublisherDOI

• Congested by the Past: The Dataset Lag in Network Traffic Analysis

  2025-11-05 · 1 citations

  article

  Network traffic analysis (NTA) remains a central research area, underpinning advances in both security and performance optimization. Recent years have seen a surge of machine learning-based approaches for NTA, supported by widely used public datasets, such as ISCX-VPN, ISCX-ToR and USTCTFC. While these benchmarks provide reproducibility, many were collected prior to 2018, thus, fail to reflect contemporary protocols, such as TLS 1.3 and HTTP/3 over QUIC. By reviewing NTA studies published in 2024 and 2025 across premier venues in security, networking, and artificial intelligence, we find that 13 out of 15 studies continue to utilize datasets collected before 2018, underscoring a persistent misalignment between academic practice and today’s network traffic. This reliance on outdated datasets risks producing models that do not generalize, embed invalid assumptions, and report misleading performance. We call for the adoption and public release of up-to-date datasets and outline a research agenda that emphasizes evaluating classifiers across diverse downstream tasks using modern traffic traces.

  PublisherDOI

• DB-PAISA: Discovery-Based Privacy-Agile IoT Sensing+Actuation

  Proceedings on Privacy Enhancing Technologies · 2025-03-07

  articleOpen accessSenior author

  Internet of Things (IoT) devices are becoming increasingly commonplace in both public and semi-private settings. Currently, most such devices lack mechanisms that allow for their discovery by casual (nearby) users who are not owners or operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This triggers privacy, security, and safety issues. To address this problem, some recent work explored device transparency in the IoT ecosystem. The intuitive approach is for each device to periodically and securely broadcast (announce) its presence and capabilities to all nearby users. While effective, when no new users are present, this 𝑃𝑢𝑠ℎ-based approach generates a substantial amount of unnecessary network traffic and needlessly interferes with normal device operation. In this work, we construct DB-PAISA which addresses these issues via a 𝑃𝑢𝑙𝑙-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if fully compromised by malware) based on a small active Root-of-Trust (RoT). DB-PAISA requires no hardware modifications and is suitable for a range of current IoT devices. To demonstrate its feasibility and practicality, we built a fully functional and publicly available prototype. It is implemented atop a commodity MCU (NXP LCP55S69) and operates in tandem with a smartphone-based app. Using this prototype, we evaluate energy consumption and other performance factors.

  PublisherOA PDFDOI

• EILID: Execution Integrity for Low-end IoT Devices

  2025-03-31 · 1 citations

  articleSenior author

  Prior research yielded many techniques to mitigate software compromise for low-end Internet of Things (IoT) devices. Some of them detect software modifications via remote attestation and similar services, while others preventatively ensure software (static) integrity. However, achieving runtime (dynamic) security, e.g., control-flow integrity (CFI), remains a challenge. Control-flow attestation (CFA) is one approach that minimizes the burden on devices. However, CFA is not a real-time counter-measure against runtime attacks since it requires communication with a verifying entity. This poses significant risks if safety- or time-critical tasks have memory vulnerabilities. To address this issue, we construct EILID - a hybrid architecture that ensures software execution integrity by actively monitoring control-flow violations on low-end devices. EILID is built atop CASU [1], a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability. EI LID achieves fine-grained backward-edge and function-level forward-edge CF I via semi-automatic code instrumentation and a secure shadow stack.

  PublisherDOI

• Oblivious Digital Tokens

  ArXiv.org · 2025-03-05

  preprintOpen access

  A computing device typically identifies itself by exhibiting unique measurable behavior or by proving its knowledge of a secret. In both cases, the identifying device must reveal information to a verifier. Considerable research has focused on protecting identifying entities (provers) and reducing the amount of leaked data. However, little has been done to conceal the fact that the verification occurred. We show how this problem naturally arises in the context of digital emblems, which were recently proposed by the International Committee of the Red Cross to protect digital resources during cyber-conflicts. To address this new and important open problem, we define a new primitive, called an Oblivious Digital Token (ODT) that can be verified obliviously. Verifiers can use this procedure to check whether a device has an ODT without revealing to any other parties (including the device itself) that this check occurred. We demonstrate the feasibility of ODTs and present a concrete construction that provably meets the ODT security requirements, even if the prover device's software is fully compromised. We also implement a prototype of the proposed construction and evaluate its performance, thereby confirming its practicality.

  PublisherOA PDFDOI

• TOCTOU Resilient Attestation for IoT Networks

  2025-05-04

  articleOpen accessSenior author

  Internet-of-Things (IoT) devices are increasingly common in both consumer and industrial settings, often performing safety-critical functions. Although securing these devices is vital, manufacturers typically neglect security issues or address them as an afterthought. This is of particular importance in IoT networks, e.g., in the industrial automation settings.

  PublisherDOI

• SoK: Decoding the Enigma of Encrypted Network Traffic Classifiers

  2025-05-12 · 9 citations

  article

  The adoption of modern encryption protocols such as TLS 1.3 has significantly challenged traditional network traffic classification (NTC) methods. As a consequence, researchers are increasingly turning to machine learning (ML) approaches to overcome these obstacles. This paper analyses ML-based NTC studies by developing a taxonomy of their design choices, benchmarking suites, and prevalent assumptions impacting classifier performance. Through this systematization, we demonstrate widespread reliance on outdated datasets, oversights in design choices, and the consequences of unsubstantiated assumptions. Our evaluation reveals that the majority of proposed encrypted traffic classifiers have mistakenly utilized unencrypted traffic due to the use of legacy datasets. Furthermore, by conducting 348 feature occlusion experiments on state-of-the-art classifiers, we show how oversights in NTC design choices lead to overfitting and validate or refute prevailing assumptions with empirical evidence. By highlighting lessons learned, we offer strategic insights, identify emerging research directions, and recommend best practices to support the development of real-world applicable NTC methodologies.

  PublisherDOI

• URL Inspection Tasks: Helping Users Detect Phishing Links in Emails

  ArXiv.org · 2025-02-27

  preprintOpen access

  The most widespread type of phishing attack involves email messages with links pointing to malicious content. Despite user training and the use of detection techniques, these attacks are still highly effective. Recent studies show that it is user inattentiveness, rather than lack of education, that is one of the key factors in successful phishing attacks. To this end, we develop a novel phishing defense mechanism based on URL inspection tasks: small challenges (loosely inspired by CAPTCHAs) that, to be solved, require users to interact with, and understand, the basic URL structure. We implemented and evaluated three tasks that act as ``barriers'' to visiting the website: (1) correct click-selection from a list of URLs, (2) mouse-based highlighting of the domain-name URL component, and (3) re-typing the domain-name. These tasks follow best practices in security interfaces and warning design. We assessed the efficacy of these tasks through an extensive on-line user study with 2,673 participants from three different cultures, native languages, and alphabets. Results show that these tasks significantly decrease the rate of successful phishing attempts, compared to the baseline case. Results also showed the highest efficacy for difficult URLs, such as typo-squats, with which participants struggled the most. This highlights the importance of (1) slowing down users while focusing their attention and (2) helping them understand the URL structure (especially, the domain-name component thereof) and matching it to their intent.

  PublisherOA PDFDOI

Recent grants

• WiFiUS: Collaborative Research: SELIOT: Securing Lifecycle of Internet-of-Things

  NSF · $150k · 2017–2019

• CT-ISG: User-Aided Secure Association of Wireless Devices

  NSF · $300k · 2008–2014

• FIA: Collaborative Research: Named Data Networking (NDN)

  NSF · $703k · 2010–2015

• Defending Electronic Frontiers: PhD Fellowships in Information Assurance

  NSF · $1.1M · 2007–2014

Frequent coauthors

• Emiliano De Cristofaro

  University of California, Riverside

  40 shared

• Paolo Gasti

  New York Institute of Technology

  33 shared

• Ersin Uzun

  Palo Alto Research Center

  31 shared

• Ivan De Oliveira Nunes

  Rochester Institute of Technology

  30 shared

• Norrathep Rattanavipanon

  30 shared

• Mauro Conti

  28 shared

• Cesar Ghali

  Google (United States)

  23 shared

• Claudio Soriente

  21 shared

Awards & honors

• Fulbright Scholar
• Fulbright Specialist (twice)
• Fellow of ACM
• Fellow of IEEE
• Fellow of AAAS