Research Areas
Members of the group carry out research in a number of applied and theoretical areas.
-
Auditing Enterprise Security
-
Effective metrics for trustworthiness of computer systems is a hard problem. In order to manage security in the complex setting of enterprises, both small and large, we seek to develop a framework of metrics to quantify the progress made in various areas. This is further made difficult by rapid changes in technology and the focus of adversarial action. For instance, intrusion detection and patch management might be the top priority in one year while data loss prevention from social malware attacks are the priority the next year due to shifts in online crime markets. Much work has been conducted in these areas. We are working to push the boundaries much further in the following ways.
Current lines of enquiry:- * Metrics quantifying an adversary's inclination to attempt a particular attack, in response to a defensive posture adopted by the enterprise.
- * Metrics to quantify the impact of security recommendations for enterprise systems of the public and private sector.
- * Exploring the relevance of evaluation methodologies from social and cognitive domains to the security of computer systems.
-
Effective metrics for trustworthiness of computer systems is a hard problem. In order to manage security in the complex setting of enterprises, both small and large, we seek to develop a framework of metrics to quantify the progress made in various areas. This is further made difficult by rapid changes in technology and the focus of adversarial action. For instance, intrusion detection and patch management might be the top priority in one year while data loss prevention from social malware attacks are the priority the next year due to shifts in online crime markets. Much work has been conducted in these areas. We are working to push the boundaries much further in the following ways.
-
Botnets
-
Malware is an extremely serious threat to modern networks. In recent years, a new form of general-purpose malware known as bots has arisen. Bots are unique in that they collectively maintain communication structures across nodes to resiliently distribute commands from a command and control (C&C) node. The ability to coordinate and upload new commands to bots gives the botnet owner vast power when performing criminal activities, including the ability to orchestrate surveillance attacks, perform DDoS extortion, sending spam for pay, and phishing. This problem has worsened to a point where modern botnets control hundreds of thousands of hosts and generate revenues of millions of dollars per year for their owners. Various mechanisms of electronic communication from the WWW to email are emerging as new vectors of malware propagation. Beyond its nuisance value, malware can have serious economic and political consequences. Adversary control of critical computing resources of the nation can lead to disruption, destabilisation and manipulation of markets. The increasing sophistication of malware has rendered Anti-Virus based approaches largely ineffective as signature generation and distribution are simply unable to keep up with the scale of the problem.
Current lines of enquiry:- * Graph theoretic approaches to botnet detection
- * Automatic detection of command and control structure of a malware sample
- * Internet scale malware emulation and analysis
-
Malware is an extremely serious threat to modern networks. In recent years, a new form of general-purpose malware known as bots has arisen. Bots are unique in that they collectively maintain communication structures across nodes to resiliently distribute commands from a command and control (C&C) node. The ability to coordinate and upload new commands to bots gives the botnet owner vast power when performing criminal activities, including the ability to orchestrate surveillance attacks, perform DDoS extortion, sending spam for pay, and phishing. This problem has worsened to a point where modern botnets control hundreds of thousands of hosts and generate revenues of millions of dollars per year for their owners. Various mechanisms of electronic communication from the WWW to email are emerging as new vectors of malware propagation. Beyond its nuisance value, malware can have serious economic and political consequences. Adversary control of critical computing resources of the nation can lead to disruption, destabilisation and manipulation of markets. The increasing sophistication of malware has rendered Anti-Virus based approaches largely ineffective as signature generation and distribution are simply unable to keep up with the scale of the problem.
-
Cryptology
-
Cryptology serves as the backbone of most security solutions. These solutions use cryptographic primitives such as block ciphers, stream ciphers and hash functions. In one part of our work, we are working on the cryptanalysis of some of these primitives. One the other hand, there are some theoretically important and challenging problems in building useful cryptographic protocols and methods using these primitives. One of them is building secure multi-party computation solutions. In the other part of our work we are developing methods to solve some multi-party computation problems using cryptography.
Current lines of enquiry:- * Cryptanalysis of primitives such as SHA-3 candidate hash functions.
- * Solving some problems using secure multi party computation framework.
-
Cryptology serves as the backbone of most security solutions. These solutions use cryptographic primitives such as block ciphers, stream ciphers and hash functions. In one part of our work, we are working on the cryptanalysis of some of these primitives. One the other hand, there are some theoretically important and challenging problems in building useful cryptographic protocols and methods using these primitives. One of them is building secure multi-party computation solutions. In the other part of our work we are developing methods to solve some multi-party computation problems using cryptography.
-
Dependable Software Systems
-
Many software companies approach quality control with an ISO 900x/Six-Sigma perspective. This is inherently inadequate given the fluid nature of risks associated with an intelligent adversary. Our goal is to develop a system of metrics that gives a perspective about the security of code written within an organisation.
Current lines of enquiry:- * Metrics of secure code in the software development life cycle
- * Developing a comprehensive analysis framework using a composed hierarchy of metrics.
- * Methods of evaluation of secure code as a function of the interactions in the physical or cognitive domains?
-
Many software companies approach quality control with an ISO 900x/Six-Sigma perspective. This is inherently inadequate given the fluid nature of risks associated with an intelligent adversary. Our goal is to develop a system of metrics that gives a perspective about the security of code written within an organisation.
-
Digital Forensic for admissible Computer Frauds and Cyber Crimes Investigation
-
Information Security is a cat and mouse race between the good guys and the bad guys. To support the good guy the very interesting field of digital forensic has gained popularity in recent past. Digital Forensics is the admissible way of developing and applying efficient scientific techniques to detect computer frauds and cyber crimes and then link the crime to criminal.
Current lines of enquiry:- * Development of methodology for the handling information overload in large cyber forensic investigation.
- * Development of parameters for detection of digitized document frauds and linking the crime to criminals by developing authorship analysis.
- * Development of intrinsic support in the file system to help digital forensic investigation.
- * Development of solutions to tackle digital frauds involving small scale digital devices (embedded system based devices).
- * Study and development of proactive digital forensic solutions i.e.scalable and efficient solutions to tackle rapidly changing technology.
- * Development of methodology form forensic perspective to tackle Image and Video based forgeries.
- * Live Forensics
-
Information Security is a cat and mouse race between the good guys and the bad guys. To support the good guy the very interesting field of digital forensic has gained popularity in recent past. Digital Forensics is the admissible way of developing and applying efficient scientific techniques to detect computer frauds and cyber crimes and then link the crime to criminal.
-
Privacy
-
Our program of research on privacy includes several closely related topics such as, anonymity, pseudo-anonymity, traffic-analysis, and privacy perceptions of users. Presently, privacy in information security involves a mix of legal, policy and techological considerations. Our group is mainly concerned with the technological considerations, as we strive to provide the necessary tools to express and implement trade-offs between competing goals in the protection of private information.
Current lines of enquiry:- * Selective disclosure of private information
- * Privacy preserving numerical analysis
- * Community detection and community hiding
- * Developing privacy Red Teams
-
Our program of research on privacy includes several closely related topics such as, anonymity, pseudo-anonymity, traffic-analysis, and privacy perceptions of users. Presently, privacy in information security involves a mix of legal, policy and techological considerations. Our group is mainly concerned with the technological considerations, as we strive to provide the necessary tools to express and implement trade-offs between competing goals in the protection of private information.
-
Security and Usablility
-
Security is widely acknowledged as important part of modern information systems. However it is often percieved as a hindrance to efficiency. Misaligned incentives exacerbate the situation further as the worst effects might not be felt by those responsible for security decisions. Presently, the effective use of security technology requires users to understand the details of various system interactions very carefully. Users however expect security decisions to be transparent. Thus a fundamental problem exists: users do not wish to be constantly badgered about configuring security technology.
As with security, usability properties needs to be designed into the system from the start. Strap-on solutions do not work. Hence, one of the goals of the security group is to help programmers learn how to provide security and usability simultaneously.
Current lines of enquiry:- * Developing a framework for the systematic evaluation of usability as it relates to security in the context of the user.
- * Developing usable interfaces that are robust to social engineering.
- * Reflecting physical-world security cues in computer systems.
- * Developing a set of best practices in security and usability for the software industry.
- * Usable MAC/MLS systems.
-
Security is widely acknowledged as important part of modern information systems. However it is often percieved as a hindrance to efficiency. Misaligned incentives exacerbate the situation further as the worst effects might not be felt by those responsible for security decisions. Presently, the effective use of security technology requires users to understand the details of various system interactions very carefully. Users however expect security decisions to be transparent. Thus a fundamental problem exists: users do not wish to be constantly badgered about configuring security technology.
Projects
-
Sponsored / Consultancy Projects
-
Virtual Centre of Excellence for Research in Violent Online Political Extremism. 7th Framework Programme for Research (FP7). PI: Dr. Maura Conway, Dublin City University. Co-PI: Ponnurangam Kumaraguru along with 8 other universities around the world (2 in UK, 2 in Netherlands, 1 in the US, 2 in Denmark, 1 in Hungary). Funding: 5,980,704 Euros (INR 41,56,58,928) Duration: Five years
Automated Detection of Security and Privacy Threats in Peer-to-Peer networks. PI: Prof. Chittattaranjan Hota, BITS Pilani Hyderabad. I am an external advisor for the project; funds have been allocated for my cost. Funding: INR 61,95,000 Duration: Four years.
Under Indo-Ireland Cooperative Science Programme. An inter-disciplinary approach towards building ontology for online extremism by Department of Science & Technology. PI: P. Kumaraguru Funding: INR 8,36,000 Duration: 2011 - 2013.
Hemant Bharat Ram Fellowship. To conduct research in the area of security and privacy. 2011 - 2015. To support one Ph.D. student for 4 years. PI. INR 14,00,000.
“Performance metrics for short sequence generation systems” from CAIR, DRDO, Banaglore PI: Somitra Sanadhya Funding: ` 9.5 lakhs Duration: 18 months.
“Design and analysis of cryptographic primitives” from NRB, Ministry of Defence, New Delhi PI: Somitra S Sanadhya Funding: Rs 25.2 lakhs Duration: Three years
User Controlled Information Dissemination for Privacy in Location-based Services by Department of Science and Technology, India PI: Vikram Goyal Funding: `5,16,000 Duration: Three Years.
-
-
Technologies Developed / Deployed
-
MIOSphere:
Monitoring Information in the Online Social Media Sphere. MIOSphere is a system to collect, analyze and visualize the diffusion of information in popular Online Social Media services. Our main objective is to build a rich, updated, and representative data set containing several types of information that users are sharing in Online Social Media services. We plan to include using MIOSphere technology to provide data for other scientific projects and for Web applications which might help users to manage and analyze information diffused in the Online Social Media Sphere.#Ponnurangam Kumaraguru
ChaMAILeon:
Simplified email sharing like never before!While passwords, by definition, are meant to be secret, recent trends in the Internet usage have witnessed an increasing number of people sharing their email passwords for both personal and professional purposes. As sharing passwords increases the chances of your passwords being compromised, leading websites like Google strongly advise their users not to share their passwords with anyone. To cater to this conflict of usability versus security and privacy, we introduce ChaMAILeon, an experimental service, which allows users to share their email passwords while maintaining their privacy and not compromising their security. ChaMAILeon provides users with a unique capability to define access control on their emails. Now you can control who can see which emails and who can send emails to whom from your account, by having multiple passwords for your email.#Ponnurangam Kumaraguru
PhishAri:
Detecting Phishing in Twitter. PhishAri is a Chrome browser extension for Twitter which detects phishing tweets in realtime. PhishAri provides a clean, easy to use interface to display phishing tweets on your Twitter timeline. PhishAri makes realtime decisions to save you from risky clicks on those Phish URLs. No link previews, no browser warning pages but instant, realtime indications. PhishAri will show a legitimate or phish indicator (next to the URL) for tweets with URLs. Phishing URLs will have a red indicator, warning users not to click on the same. The legitimate links on other hand will have a green indicator. One can download PhishAri (beta version) from the Chrome Web store.#Ponnurangam Kumaraguru
SMSAssassin:
Detecting SMS Spams using Crowd Sourcing Approach. Due to exponential increase in use of Short Message Service (SMS) over mobile phones in developing countries, there has been a burst of spam SMSes. The main goal for this research is to build algorithms and solutions to reduce the SMS spams in developing nations like India. We use crowd-sourcing approach, apply machine learning techniques and keep the user preferences in our solutions. We are currently evaluating the effectiveness of the system in real-world among some volunteers (thanks for their time and efforts!).#Ponnurangam Kumaraguru
“Performance metrics for short sequence generation systems” from CAIR, DRDO, Banaglore PI: Somitra Sanadhya Funding: ` 9.5 lakhs Duration: 18 months.
“Design and analysis of cryptographic primitives” from NRB, Ministry of Defence, New Delhi PI: Somitra S Sanadhya Funding: Rs 25.2 lakhs Duration: Three years
User Controlled Information Dissemination for Privacy in Location-based Services by Department of Science and Technology, India PI: Vikram Goyal Funding: `5,16,000 Duration: Three Years.
-