
WordCloud representation of paper abstracts.
Research Interests
- Online privacy
- Network traffic analysis
- Privacy in IoT
- Privacy enhancing technologies
- Inference attacks
- Usable security and privacy
- Machine Learning+Privacy
- Anonymity networks
Research Topics
Security and Privacy in IoT
Today, with the rapid adoption of the Internet of Things (IoT), we face a new world, where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors, sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through large volume of personal data, at times collected without our awareness or consent. Such personal data can reveal a lot about ourselves like our habits and lifestyles, which not only has great commercial value to advertisers to serve targeted ads, but can also be misused by repressive governments and cybercriminals. In my research, I look at developing novel frameworks to help identify and mitigate the security and privacy risks that arise from emerging IoT systems.

Please visit our IoTLab page for more details on projects we are currently working on.
Relevant publications:
- Hey Alexa, is this Skill Safe?: Taking a Closer Lookat the Alexa Skill Ecosystem. Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das and William Enck. Network and Distributed System Security Symposium (NDSS), 2021.
- ''Did you know this camera tracks your mood?'': Understanding Privacy Expectations and Preferences in the Age of Video Analytics. Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Cranor, Anupam Das and Norman Sadeh. Proceedings on Privacy Enhancing Technologies (PoPETs), 2021.
- Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), 2018.
- Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice. Anupam Das, Martin Degeling, Daniel Smullen and Norman Sadeh. IEEE Pervasive Computing: The Spectre of Malicious Computing, 2018.
- A Scalable and Privacy-Aware IoT Service for Live Video Analytics. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Multimedia Systems Conference (MMSys), 2017.
- Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes. Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das and Limin Jia. International World Wide Web Conference (WWW), 2017.
- Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications. Anupam Das, Martin Degeling, Xiaoyou Wang, Junjue Wang, Norman Sadeh and Mahadev Satyanarayanan. Workshop on the Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS, co-located with IEEE CVPR), 2017.
- Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences. Primal Pappachan,, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh and Nalini Venkatasubramanian. International Workshop on the Internet of Things Computing and Applications (IoTCA, co-located with ICDCS), 2017.
Online Tracking
When we interact with the Internet, we leave behind traces of our interactions, called digital footprints. These footprints reveal a lot about ourselves; our identity, our personal habits, and our desires. Such intensely personal information has great commercial value to advertisers in the form of serving targeted ads, but at the same time it can also be misused by employers and repressive governments. To protect users, privacy tools such as ad- and tracker-blocking extensions have been developed. In turn advertisers have begun leveraging more advanced tracking techniques that reduce the effectiveness of these approaches. In my research, I have developed novel techniques to uniquely fingerprint smartphones by exploiting manufacturing imperfections of their embedded sensors. I have also designed countermeasures that are simple yet effective, and can attain acceptable tradeoffs between privacy and utility.

Relevant publications:
- Understanding the Privacy Implications of Adblock Plus’s Acceptable Ads. Ahsan Zafar, Aafaq Sabir, Dilawer Ahmed and Anupam Das. ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021.
- The Web’s Sixth Sense: A Study of Scripts Accessing Smartphone Sensors. Anupam Das, Gunes Acar, Nikita Borisov and Amogh Pradeep. ACM Conference on Computer and Communications Security (CCS), 2018.
- Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures. Anupam Das, Nikita Borisov and Edward Chou. Privacy Enhancing Technologies Symposium (PETS), 2018.
- Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses. Anupam Das, Nikita Borisov and Matthew Caesar. Network and Distributed System Security Symposium (NDSS), 2016.
- Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components. Anupam Das, Nikita Borisov and Matthew Caesar. ACM Conference on Computer and Communications Security (CCS), 2014.
Password Analysis
Today’s Internet services rely heavily on text-based passwords for user authentication. The pervasiveness of these services coupled with the difficulty of remembering large numbers of secure passwords tempts users to reuse or modify existing passwords at multiple sites. My research looks at analyzing and identifying different ways in how users reuse or modify passwords using real-world large-scale leaked data sets.

Relevant publications:
- The Tangled Web of Password Reuse. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang. Network and Distributed System Security Symposium (NDSS), 2014.
- Password Correlation: Quantification, Evaluation and Application. Shouling Ji, Shukun Yang, Anupam Das, Xin Hu and Raheem Beyah. IEEE International Conference on Computer Communications (INFOCOM), 2017.
Securing Anonymity Networks (Tor)
Many people use anonymity networks like Tor to hide their digital footprints on the Internet. Tor is a distributed overlay network comprised of volunteer relays (also known as routers). To anonymize TCP connections, a Tor user constructs a circuit comprised typically of three Tor relays: any individual relay cannot reconstruct the whole circuit and link the source to the destination. However, users’ anonymity can be compromised by active and passive attackers in the network. My research looked at analyzing the security guarantees provided by Tor in the presence of active and passive attackers.

Relevant publications:
- Defending Tor from Network Adversaries: A Case Study of Network Path Prediction. Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov and Matthew Caesar. Privacy Enhancing Technologies Symposium (PETS), 2015.
- Re^3: Relay Reliability Reputation for Anonymity Systems. Anupam Das, Nikita Borisov, Prateek Mittal and Matthew Caesar. ACM Symposium on Information, Computer and Communications Security (ASIA CCS), 2014.
- Analyzing an Adaptive Reputation Metric for Anonymity Systems. Anupam Das, Nikita Borisov and Matthew Caesar. Symposium and Bootcamp on the Science of Security (HotSoS), 2014.
- Securing Anonymous Communication Channels under the Selective-DoS Attack. Anupam Das and Nikita Borisov. International Conference on Financial Security and Data Security (FC) 2013.