Shishir Nagaraja

	Visiting Assistant Professor Electrical and Communications Engineering University of Illinois at Urbana-Champaign	Assistant Professor Security and Privacy Group Indraprastha Institute of Information Technology, Delhi (IIIT-D)
	Email: sn275 [at] illinois [dot] edu Phone: +1 217 333 7191 Office: CSL 342 Information Trust Institute 1308 West Main Street Urbana IL 61801 USA	Email: nagaraja [at] iiitd [dot] ac [dot] in Office: 3rd Floor, Library Building NSIT Campus Dwarka, Sector 3 New Delhi 110078 India

About me

I am currently a Visiting Assistant Professor at the ECE department at UIUC and an Assistant Professor at IIIT, Delhi (from May 15th). A full list of all my papers and activities can be found here.

What's new

• Botgrep: Finding P2P Bots with Structured Graph Analysis accepted at the USENIX Security 2010 Symposium.
  This is a paper on botnet detection that I co-authored with Prateek Mittal, Chi-Yao Hong, Matt Caesar and Nikita Borisov. Starting with the Storm botnet a few years ago, a number of new botnets have moved away from a centralized command and control (C&C) design to a P2P design. This lets them carry out sophisticated coordination activities whilst being resilient to the loss of infected machines. However the use of structured P2P design can also be used to defend against botnets. We show that this increase is resilience also leads to a loss of stealth. This allows one to localize a majority of botnet traffic with low false positive rate.


• The impact of unlinkability on adversarial community detection: effects and countermeasures accepted at the Privacy Enhancing Technologies Symposium(PETS) 2010.
  This is a paper on community detection and anonymity where I consider the threat model of a mobile adversary. The adversary gathers information by spying on victims' address books whilst being limited by the number of people she can simultaneously spy on. The attackers goal is to carry out community detection i.e. detect clusters of users that are more densely connected among themselves than with the rest of the network. For an attacker faced with the task of analyzing hundreds of terabytes of traffic, this would be an important pre-analysis exercise in order to concentrate traffic analysis efforts on a subset of data rather than grappling with the entire mass of data at once. I show that such attacks are devastatingly effective even when the victims are communicating using an anonymous communications network such as Tor. Finally I propose and analyze community hiding techniques that allow a privacy conscious community of users to induce unacceptably high rates of error in in the adversary's detection efforts.


• P3CA: Privacy Preserving Traffic Anamoly Detection for ISP Networks is an ongoing project where we are trying to balance privacy requirements of ISPs with their desire to cooperatively detect malicious traffic. Often the trail of a malicious traffic is distributed across ISPs such that a single ISP might not be able to perform the job of classifying malicious traffic effectively. This is because a single small ISP analyzing local traffic trends, would not have enough information about the 'normal' subspace to make confident classification decisions. However multiple collaborating small ISPs can come together to share traffic information and determine common global trends that helps them to clearly delineate 'normal' traffic from malicious traffic. A poster on this project will be up at NSDI (the 7th USENIX Symposium on Networked Systems Design and Implementation).


• I am looking for research students (PhD and MS) to conduct research in the area of privacy and traffic analysis. I am also looking for PhD students for botnet research with specific focus on Internet scale botnet detection and mitigation. If you are interested in applying, please send me a research proposal. The proposal should identify a relevant challenging problem and potential approaches to solving it. Your write-up should demonstrate your interest in the area and your awareness of relevant prior research work.

Research Interests

My main interest is in network resilience, and privacy and traffic analysis. These extend into various other areas such as botnets, social networks, adhoc networks, the economics of information security, and usable security.

Conference Affiliations

Program committee member for 10th Privacy Enhancing Technologies Symposium 2010
External reviewer for IEEE Security and Privacy 2010
External reviewer for ACM Usenix Security 2010
External reviewer for ACM Computer and Communications Security 2009
External reviewr for Workshop on Privacy Enhancing Technologies 2004

Teaching

I am teaching ECE 428 in spring 2010, my office hours are on Monday 4-5pm in CSL #342. Please see the course website for additional details.

Publications

Social Malware Surveillance of the Tibetan Movement ( Slides )
This is a paper on social-malware surveillance that I co-authored with Ross Anderson. We introduce the term social malware to refer to malware attacks where the dispersion mechanism involves masquerading as an entity in the close proximity of the intended target's social network. The attacks are devastatingly effective and in this report. The implications are significant, for the corporate world, for governments, for non-governmental organisations and for individuals too. Developing low cost measures for resisting these attacks is a serious information security challenge.

The economics of community hiding presented at the Workshop on the Economics of Information Security 2008 A paper on the economics of surveillance and counter-surveillance, that examines the extent of network topology information an attacker must gather, in order to uncover the existence of communities within a network. Our results support the assertion that while the privacy of the general public is easily compromised with a small surveillance budget, a covert group that makes a small investment in counter-surveillance can escape detection even when the adversary has a very high surveillance budget covering a majority of the population. Hence, government initiatives on detecting terrorist networks with large scale privacy invasion of the public are doomed to failure.

Anonymity in the wild: Mixes on unstructured networks ( slides ) at PET 2007
Current anonymous communication systems suffer from a vital incentive design failure. How you design a robust mix network where the mix operator has incentives to keep her mixes running in the face of direct adversarial challenges in the form of cease and desist. Previous approaches have incorporated the property of plausible deniability in order to design compulsion resistant systems. We take an alternate approach of having "friends mix traffic for friends", whose main advantage is that the incentive model is very well understood by the public. This paper establishes the theoretical anonymity bounds of various low latency mix network topologies with expander graph topology as a baseline to compare with. We established the feasibility and detail the challenges thrown up by a mix deployment on the Live-Journal network of friendship ties.

Incentives and Information Security in Algorithmic Game Theory, N. Nisan, T. Roughgarden, E. Tardos, and V. Vazirani (editors), ISBN-13: 9780521872829, Cambridge University Press, 2007. Along with Ross Anderson, Tyler Moore and Andy Ozment, I co-authored a book chapter that surveys several live research challenges in the economics of information security. We discuss the persistent problem of misaligned incentives, how network topology has a significant impact on emerging user incentives, auctions as a way of measuring security risk, and finally, asymmetric information and the capacity for hidden action.

the topology of covert conflict (slides) published at Workshop on the Economics of Information Security 2006

In this paper we illustrate how network structure can influence the evolution of user incentives in the context of security economics. This work shows several rounds of interplay between attack and defence strategies, between an attacker out to minimize the value of the network by reducing the average shortest path length or the size of the biggest connected component and defenders fighting back by reorganizing themselves to maximize the same parameters. Also available as Technical Report 637 .

On a dynamic topology of covert groups presented this year at Sunbelt XXVII , a social networks conference.
Suppose you are designing a covert network that is hidden in a large social network, with incomplete knowledge of the host network's topology. What should your covert group's topology look like? This paper discusses the interplay of attack and defense in the context of detection and hiding of covert groups in large networks. The global passive adversary uses a series of high level traffic analysis measures in the form of graph partitioning algorithms while the covert group must rewire/add a small number of edges. We analyze a number of strategies of hiding covert networks and offer suggestions on how to protect your secret group from the eyes of the "global passive adversary".

New Strategies for Revocation in Ad-Hoc Networks won the best paper award at ESAS 2007.
This paper discusses decentralized strategies for removing misbehaving nodes in adhoc-networks. It turns out that reelection turns out to be a better strategy than blackballing. We then propose a more radical strategy, namely suicide where both the alleged misbehavior and the behavior detector die, which we find to be even more efficient.

Privacy amplification with social networks ( slides ) at SPW 2007
Often, users in a network wishing to communicate, share a weak secret. We propose protocols for privacy amplification based on exploiting the topological properties of the social network connecting the users. After presenting an initial scheme based on random walks, we propose a number of modifications that exploit the presence of communities in such networks to make our protocols efficient with practical bounds. This paper is currently undergoing substantial revision currently, a new version should be available soon.

Evaluation Framework of Location Privacy of Wireless Mobile Systems with Arbitrary Beam Pattern was published in Communication Networks and Services Research Conference (CNSR 2007).
In this paper, we counter location privacy compromise by proposing a low level countermeasure that we call adaptive beam-forming, to prevent position location of transmitters in mobile wireless systems. We propose a new antenna design, discuss its radio characteristics and perform a high level security analysis to measure the privacy enhancing features as compared to previous antenna designs.

Time-sync independent Kerberos Authentication Protocol is a standards draft of a time synchronization independent kerberos protocol suite. This was originally written for Novell's directory services in order to provide alternate access to the proprietary nonce based challenge response protocol, however I left the company soon after to pursue my PhD and don't know what actually happened to it.

An Algorithm to cluster directory users into user communities based on similarity in access is a patent on a dynamic clustering technique I proposed with Ravi Kiran UVS, a former colleague at Novell . The basic idea is that you can group one or more interesting objects in a directory server based on corresponding access patterns with regard to other objects, instead of an administrator coming along and performing complex manual configuration and often getting it wrong. This leads to a storage cache management system that massively improves access times on remote filtered replica servers while reducing administrator effort.

Security and Policy Integrity in multilateral authorization systems was a patent issued in November 2006, is a system for implementing multilateral authorization using quorums. First, stakeholders of a directory object split a quorum private key, the shares of which for each stakeholder in all access sets is determined. The shares of the private key held by the stakeholders in any one access set add up to a number directly related to the private key. One or more secret keys of the stakeholders are further determined for each access set. One or more polynomials for the access sets are then generated by using the shares of the private key and the secret keys of the object's stakeholders.

Method and System for Amassed Authorization and An adaptive method and system for user empowered management based on Dynamic Quorums are still pending with the US patent office.

Previous Work

I obtained my B.E. majoring in computer science from Bangalore University in 1999. I joined the network security group at Novell Research at Bangalore, and worked there for about four years in various secure distributed computing projects. Some of the patents related to those pieces of work were issued recently, which you can see in the list above.

Personal

I play the Sitar an instrument popular in India, Pakistan, Afghanistan and Bangladesh. I belong to the Maihar Gharana of Hindustani classical music. Mountaineering is also an active hobby, my current practise ground are the lovely fourteerners of the Colorado Rockies of which I've successfully hiked up around twelve, following the 3000ft rule. Previously, I played tennis in the 3rd team at Cambridge LTC and was on the varsity mens second team at the University of Cambridge Gymnastics Club. I love cycling, my favourite bicycle is the classic Dawes Galaxy Tour capable of taking you hundreds of kilometers out of town before you realise it.

© 2010 Shishir Nagaraja Page last updated on March 21st 2010