My research interests lie at the confluence of networks, security and privacy research. My research goal is to design, build and deploy secure and privacy-preserving technologies that are scalable and usable. My past and current research efforts can be divided into the following broad areas:


1. Empirically studying Internet privacy laws (e.g., GDPR [1]). (link)
2. Studying large-scale Internet filtering and circumvention techniques. (link)
3. Building and studying deep packet inspection (DPI) [2] enabled routing infrastructure. (link)
4. Developing anonymous communication schemes (Tor [3], Mixnets [4], etc.). (link)
5. Studying security properties of end-to-end encryption offered by protocols like Signal. (link)

Studying Data Privacy Regulations: Online services (e.g., websites) monetize their audience through advertising and data collection without prior consent. They use trackers, i.e., third-party services which profile users’ sensitive information (e.g., browsing activity) to display targeted ads and personalized content. Numerous such tracking platforms exist, with many of them gathering information from almost all netizens. This has led to the creation of regulatory bodies that have started governing the scenario. General Data Protection Regulation (GDPR) [1] enforced in Europe is the most comprehensive law to protect the privacy of data related to all its citizens. There are numerous studies that explore how effective such laws are [11, 12, 13, 14, 15]. In our recent work, we further show the myriad factors that can influence the efficacy of such laws [7]. However, many countries (including India) do not have privacy regulations to date. I wish to study the challenges in developing and implementing such laws (e.g., in a diverse country like India), along with their technical feasibility and broader impact on organizations and citizens.
Characterizing Internet Structure, Topology, and Filtering: With the ever-evolving Internet and proliferation of content distribution networks (CDNs), developing novel techniques for mapping and studying the present Internet structure becomes vital [16, 17]. Moreover, technological advancements like Internet exchange points (IXP) further complicate the peering relationships between Internet service providers (ISPs) and the existing model of the Internet. Thus, I intend to explore questions like how effective IXPs are in improving the Internet. Is there any strategic high ground on the Internet that, if controlled by an adversary, can lead to network-wide attacks? Answering such questions is essential for national governments because the Internet is both a blessing and a headache for them. On the one hand, it unlocks great economic and strategic opportunities. On the other hand, government, military, or emergency services become vulnerable to scans (Shodan), attacks (DDoS from botnets like Mirai), etc. Thus, individual nation-states can utilize the knowledge of network structure to make the Internet more robust, accessible, and secure [17].

Characterizing Internet Filtering: The knowledge of Internet topology can also aid the study of
Internet filtering [16]. Determining the network “choke points” is essential as they are the preferred locations for installing the firewalls [18]. In general, Internet filtering is a double-edged sword. On the one hand, it is used to suppress the free flow of information (e.g., in China), and on the other, it is essential to eradicate online evils, e.g., illegal drug markets [19]. Thus it becomes crucial to study the filtering techniques, ways to bypass them, and user perception towards blocking web content. Therefore, following my existing work [5, 16], I plan to conduct measurement studies with which one can find the middleboxes/firewalls deployed by different countries to achieve large-scale filtering. In my recent work [9], we demonstrated that using programmable switches (e.g., P4), firewalls can be made that achieve effective deep packet inspection. 
Additionally, I am also interested in answering questions like can one route around these middleboxes? If yes, can the adversary further improve the filtering techniques? For this research, I intend to use publicly available (Autonomous Systems) AS datasets, traceroute measurements from the RIPE atlas project, etc. 
Building Anonymous Communication Systems: Anonymity is the state of being not identifiable within a set of subjects. Studying and quantifying anonymity is a hard problem, especially over the Internet. The user’s identity can be leaked at different layers, e.g., application and network layers. Deployed solutions like Tor provide network layer anonymity to some extent but do not safeguard users against stronger global passive adversaries. In such scenarios, mixnets provide stronger anonymity guarantees [4]. The privacy group at KU Leuven has researched these systems for more than two decades. Very recently, a mixnet-based system called Nym (with hundreds of Nym relays) [24] was deployed over the Internet, where our group members contributed heavily. I plan to conduct research fostering such anonymous communication systems in cooperation with internationally recognized experts in this domain. 

Anonymity offered by cryptocurrencies: Another different ecosystem where anonymity is not well researched is cryptocurrency. Since a cryptocurrency client is associated with a public key (a pseudonymous identity), there is a notion that they provide anonymity to the users and the
transactions. But academic works show that this is not the case [25, 26], and proposed solutions to enhance the anonymity of these crypto schemes [27, 28]. Our recent work demonstrates that even the proposed solutions do not offer an acceptable anonymity guarantee [10]. Thus I plan to build effective anonymity-enhancing schemes for cryptocurrency networks.
Examining Authentication Properties of End-to-End (E2E) Encryption: Secure messaging
applications provide billions of users with E2E encryption to ensure message privacy. A long list
of applications provides this service, including WhatsApp, iMessage, Facebook Messenger, Skype, Signal, etc. The application’s underlying encryption protocols vary, though many use the Signal protocol or some derivation. These protocols offer many security properties, including confidentiality, deniability, forward and future secrecy, etc. 
Our recent work demonstrates that Signal (and its derivative) protocols are susceptible to man-in-the-middle (MITM) attacks, and thus we propose automatic techniques to defend against them [8]. Similarly, other security properties offered by Signal also warrant attention. For instance, cryptographic deniability allows the sender of a message to deny they sent it with no cryptographic evidence to refute their claim. However, deniability requires social and legal acceptance to be effective. Senders unaware of whether a system supports deniability will be unable to use it. Moreover, users aware that an app supports deniability may have a false sense of security if they do not understand deniability’s social or legal acceptance. This can lead to a conundrum where Aisha claims that she received a message ‘m’ from Dinesh, but he denies sending the message. In our initial multi-perspective, multi-methods study of user perceptions and expectations of deniability, we highlight such inconsistencies that can lead to different social engineering attacks [29]. I aim to pursue research in usability security, with a special focus on the Indian population, given the vast number of heterogeneous Internet users in terms of language, creed, and culture. For an ordinary user, understanding security properties heavily depends on different social factors.
References:

  1. European Commission, “The general data protection regulation (gdpr) in eu.” https://commission.europa.eu/law/law-topic/data-protection_en, 2023.
  2. J. Sherry, C. Lan, R. A. Popa, and S. Ratnasamy, “Blindbox: Deep packet inspection over encrypted traffic,” in Proceedings of the 2015 ACM conference on special interest group on data communication, pp. 213–226, 2015.
  3. R. Dingledine, N. Mathewson, P. F. Syverson, et al., “Tor: The second-generation onion router.,” in USENIX security symposium, vol. 4, pp. 303–320, 2004.
  4. I. Ben Guirat, Gosain, Devashish, and C. Diaz, “Mixim: Mixnet design decisions and empirical evaluation,” in Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society (WPES), co-located with CCS, pp. 33–37, 2021.
  5. T. K. Yadav*, A. Sinha*, Gosain*, Devashish, P. K. Sharma, and S. Chakravarty, “Where The Light Gets In: Analyzing Web Censorship Mechanisms in India,” in Proceedings of the Internet Measurement Conference (IMC) 2018, pp. 252–264, 2018. *Authors contributed equally.
  6. Gosain, Devashish, A. Agarwal, S. Shekhawat, H. B. Acharya, and S. Chakravarty, “Mending wall: On the implementation of censorship in India,” in International Conference on Security and Privacy in Communication Systems (SecureComm), pp. 418–437, Springer, 2017. Best Student Paper Award.
  7. A. Rasaii, S. Singh, Gosain, Devashish, and O. Gasser, “Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies,” in International Conference on Passive and Active Network Measurement (PAM), pp. 623–651, Springer, 2023.
  8. T. K. Yadav, Gosain, Devashish, A. Herzberg, D. Zappala, and K. Seamons, “Automatic Detection of Fake Key Attacks in Secure Messaging,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 3019–3032, 2022.
  9. S. Gupta, Gosain, Devashish, M. Kwon, and H. B. Acharya, “DeeP4R: Deep Packet Inspection in P4 using Packet Recirculation,” in IEEE INFOCOM 2023-IEEE Conference on Computer Communications, IEEE, 2023.
  10. P. Kumar Sharma, Gosain, Devashish, and C. Diaz, “On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies,” in The Network and Distributed System Security Symposium (NDSS), Internet Society, 2023.
  11. V. Morel, C. Santos, Y. Lintao, and S. Human, “Your Consent Is Worth 75 Euros A Year—Measurement and Lawfulness of Cookie Paywalls,” in Proceedings of the 21st Workshop on Privacy in the Electronic Society, pp. 213–218, 2022.
  12. C. Utz, M. Degeling, S. Fahl, F. Schaub, and T. Holz, “(Un) Informed Consent: Studying GDPR Consent Notices In The Field,” in Proceedings of the 2019 acm sigsac conference on computer and communications security, pp. 973–990, 2019.
  13. Z. Yang and C. Yue, “A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments,” Proceedings on Privacy Enhancing Technologies, vol. 2020, no. 2, 2020.
  14. A. Cahn, S. Alfeld, P. Barford, and S. Muthukrishnan, “An Empirical Study of Web Cookies,” in Proceedings of the 25th international conference on world wide web, pp. 891–901, 2016.
  15. T. Linden, R. Khandelwal, H. Harkous, and K. Fawaz, “The Privacy Policy Landscape After the GDPR,” Proceedings on Privacy Enhancing Technologies, vol. 2020, no. 1, 2020.
  16. Gosain, Devashish, M. Mohindra, and S. Chakravarty, “Too close for comfort: Morasses of (anti-) censorship in the era of cdns.,” Proceedings of Privacy Enhancing Technologies Symposium (PoPETS), vol. 2021, no. 2, pp. 173–193, 2021.
  17. Gosain, Devashish, M. Rawat, P. K. Sharma, and H. B. Acharya, “Maginot lines and tourniquets: on the defendability of national cyberspace,” in 2020 IEEE 45th LCN Symposium on Emerging Topics in Networking (LCN Symposium), pp. 19–30, IEEE, 2020.
  18. H. B. Acharya*, S. Chakravarty*, and Gosain*, Devashish, “Few throats to choke: On the current structure of the internet,” in 2017 IEEE 42nd conference on local computer networks (LCN), pp. 339–346, IEEE, 2017. *Authors equally contributed.
  19. D. S. Dolliver, “Evaluating drug trafficking on the Tor Network: Silk Road 2, the sequel,” International Journal of Drug Policy, vol. 26, no. 11, pp. 1113–1123, 2015.
  20. J.-P. Verkamp and M. Gupta, “Inferring mechanics of web censorship around the world.,” in USENIX workshop on Free and Open Communications on the Internet, 2012.
  21. A. A. Niaki, S. Cho, Z. Weinberg, N. P. Hoang, A. Razaghpanah, N. Christin, and P. Gill, “IClab: a global, longitudinal internet censorship measurement platform,” in IEEE Symposium on Security and Privacy (SP), pp. 135–151, 2020.
  22. R. Clayton, S. J. Murdoch, and R. N. Watson, “Ignoring the Great Firewall of China,” in International workshop on privacy enhancing technologies, pp. 20–35, Springer, 2006.
  23. R. Sundara Raman, P. Shenoy, K. Kohls, and R. Ensafi, “Censored planet: An internet-wide, longitudinal censorship observatory,” in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020.
  24. C. Diaz, H. Halpin, and A. Kiayias, “The nym network,” 2021.
  25. A. Biryukov, D. Khovratovich, and I. Pustogarov, “Deanonymisation of clients in bitcoin p2p network,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29, 2014.
  26. G. Fanti and P. Viswanath, “Deanonymization in the bitcoin p2p network,” in Proceedings of the 31st International Conference on Neural Information Processing Systems, pp. 1364–1373, 2017.
  27. S. Bojja Venkatakrishnan, G. Fanti, and P. Viswanath, “Dandelion: Redesigning the bitcoin network for anonymity,” Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 1, no. 1.
  28. G. Fanti, S. B. Venkatakrishnan, S. Bakshi, B. Denby, S. Bhargava, A. Miller, and P. Viswanath, “Dandelion++ lightweight cryptocurrency networking with formal anonymity guarantees,” Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 2, no. 2, pp. 1–35, 2018.
  29. T. K. Yadav, Gosain, Devashish, and K. Seamons, “Cryptographic deniability: A multi-perspective study of user perceptions and expectations,” in 32nd USENIX Security Symposium (USENIX Security 22), 2023.

Free AI Website Software