WordCloud representation of paper abstracts.

Research Interests

• Online privacy
• Network traffic analysis
• Privacy in IoT
• Privacy enhancing technologies
• Inference attacks
• Usable security and privacy
• Machine Learning+Privacy
• Anonymity networks

Today, with the rapid adoption of the Internet of Things (IoT), we face a new world, where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors, sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through large volume of personal data, at times collected without our awareness or consent. Such personal data can reveal a lot about ourselves like our habits and lifestyles, which not only has great commercial value to advertisers to serve targeted ads, but can also be misused by repressive governments and cybercriminals. In my research, I look at developing novel frameworks to help identify and mitigate the security and privacy risks that arise from emerging IoT systems.

Please visit our IoTLab page for more details on projects we are currently working on.

Relevant publications:

• Hey Alexa, is this Skill Safe?: Taking a Closer Lookat the Alexa Skill Ecosystem. Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das and William Enck. Network and Distributed System Security Symposium (NDSS), 2021. PDF » BibTex »
  ×

  BibTex

  @inproceedings{Lentzsch-NDSS2021,
  	  author    = {Christopher Lentzsch and
  	               Sheel Jayesh Shah and
  	               Benjamin Andow and
  	               Martin Degeling and
  	               Anupam Das and
  	               William Enck},
  	  title     = {Hey {Alexa}, is this Skill Safe?: Taking a Closer Lookat the {Alexa} Skill Ecosystem},
  	  booktitle = {Proceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS)},
  	  year      = {2021},
  }
  							  		

  Website »
• ''Did you know this camera tracks your mood?'': Understanding Privacy Expectations and Preferences in the Age of Video Analytics. Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Cranor, Anupam Das and Norman Sadeh. Proceedings on Privacy Enhancing Technologies (PoPETs), 2021. PDF » BibTex »
  ×

  BibTex

  @article{Shikun2021,
  	author  = {Shikun Zhang and
                  Yuanyuan Feng and
                  Lujo Bauer and
                  Lorrie Cranor and
                  Anupam Das and
                  Norman Sadeh},
  	title   = {``{D}id you know this camera tracks your mood?'': Understanding Privacy Expectations and Preferences in the Age of Video Analytics},
  	journal = {Proceedings on Privacy Enhancing Technologies},
  	year    = {2021},
  	volume  = {2021},
  	number  = {2},
  }
  							  		

• Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), 2018. PDF » BibTex »
  ×

  BibTex

  @article{Wang:2018:ELV:3233173.3209659,
  	author 	  = {Junjue Wang and Brandon Amos and Anupam Das and Padmanabhan Pillai and Norman Sadeh and Mahadev Satyanarayanan},
  	title 	  = {Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework},
  	journal   = {ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM)},
  	volume 	  = {14},
  	number 	  = {3s},
  	month 	  = jun,
  	year 	  = {2018},
  	pages 	  = {64:1--64:24},
  	url 	  = {http://doi.acm.org/10.1145/3209659},
  	doi 	  = {10.1145/3209659},
  	publisher = {ACM},
  }
  							  		

• Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice. Anupam Das, Martin Degeling, Daniel Smullen and Norman Sadeh. IEEE Pervasive Computing: The Spectre of Malicious Computing, 2018. PDF » BibTex »
  ×

  BibTex

  @ARTICLE{8490188,
  	author={Anupam Das and Martin Degeling and Daniel Smullen and Norman Sadeh},
  	journal={IEEE Pervasive Computing},
  	title={Personalized Privacy Assistants for the {I}nternet of {T}hings: {P}roviding Users with Notice and Choice},
  	year={2018},
  	volume={17},
  	number={3},
  	pages={35--46},
  	doi={10.1109/MPRV.2018.03367733},
  }
  							  		

  Website »
• A Scalable and Privacy-Aware IoT Service for Live Video Analytics. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Multimedia Systems Conference (MMSys), 2017. PDF » BibTex »
  ×

  BibTex

  @inproceedings{Wang:2017:SPI:3083187.3083192,
  	author 	  = {Junjue Wang and Brandon Amos and Anupam Das and Padmanabhan Pillai and Norman Sadeh and Mahadev Satyanarayanan},
  	title 	  = {A Scalable and Privacy-Aware {IoT} Service for Live Video Analytics},
  	booktitle = {Proceedings of the 8th ACM on Multimedia Systems Conference (MMSys)},
  	year      = {2017},
  	pages 	  = {38--49},
  	numpages  = {12},
  	url 	  = {http://doi.acm.org/10.1145/3083187.3083192},
  	doi 	  = {10.1145/3083187.3083192},
  	publisher = {ACM},
  } 
  							  		

• Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes. Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das and Limin Jia. International World Wide Web Conference (WWW), 2017. PDF » BibTex »
  ×

  BibTex

  @inproceedings{Surbatovich:2017:RMS:3038912.3052709,
  	author 	  = {Milijana Surbatovich and Jassim Aljuraidan and Lujo Bauer and Anupam Das and Limin Jia},
  	title 	  = {Some Recipes Can Do More Than Spoil Your Appetite: {A}nalyzing the Security and Privacy Risks of {IFTTT} Recipes},
  	booktitle = {Proceedings of the 26th International Conference on World Wide Web (WWW)},
  	year 	  = {2017},
  	pages 	  = {1501--1510},
  	numpages  = {10},
  	url 	  = {https://doi.org/10.1145/3038912.3052709},
  	doi 	  = {10.1145/3038912.3052709},
  	publisher = {International World Wide Web Conferences Steering Committee},
  } 
  							  		

• Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications. Anupam Das, Martin Degeling, Xiaoyou Wang, Junjue Wang, Norman Sadeh and Mahadev Satyanarayanan. Workshop on the Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS, co-located with IEEE CVPR), 2017. PDF » BibTex »
  ×

  BibTex

  @INPROCEEDINGS{8014915, 
  	author 	  = {A. Das and M. Degeling and X. Wang and J. Wang and N. Sadeh and M. Satyanarayanan}, 
  	booktitle = {IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)}, 
  	title     = {Assisting Users in a World Full of Cameras: {A} Privacy-Aware Infrastructure for Computer Vision Applications}, 
  	year	  = {2017},  
  	pages	  = {1387--1396},
  	doi       = {10.1109/CVPRW.2017.181}, 
  }
  							  		

• Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences. Primal Pappachan,, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh and Nalini Venkatasubramanian. International Workshop on the Internet of Things Computing and Applications (IoTCA, co-located with ICDCS), 2017. PDF » BibTex »
  ×

  BibTex

  @INPROCEEDINGS{7979816, 
  	author    = {P. Pappachan and M. Degeling and R. Yus and A. Das and S. Bhagavatula and W. Melicher and P. E. Naeini and S. Zhang and L. Bauer and A. Kobsa and S. Mehrotra and N. Sadeh and N. Venkatasubramanian}, 
  	booktitle = {IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW)}, 
  	title     = {Towards Privacy-Aware Smart Buildings: {C}apturing, Communicating, and Enforcing Privacy Policies and Preferences}, 
  	year	  = {2017}, 
  	pages	  = {193--198}, 
  	doi       = {10.1109/ICDCSW.2017.52},
  }
  							  		

When we interact with the Internet, we leave behind traces of our interactions, called digital footprints. These footprints reveal a lot about ourselves; our identity, our personal habits, and our desires. Such intensely personal information has great commercial value to advertisers in the form of serving targeted ads, but at the same time it can also be misused by employers and repressive governments. To protect users, privacy tools such as ad- and tracker-blocking extensions have been developed. In turn advertisers have begun leveraging more advanced tracking techniques that reduce the effectiveness of these approaches. In my research, I have developed novel techniques to uniquely fingerprint smartphones by exploiting manufacturing imperfections of their embedded sensors. I have also designed countermeasures that are simple yet effective, and can attain acceptable tradeoffs between privacy and utility.

Relevant publications:

• Understanding the Privacy Implications of Adblock Plus’s Acceptable Ads. Ahsan Zafar, Aafaq Sabir, Dilawer Ahmed and Anupam Das. ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021. PDF » BibTex »
  ×

  BibTex

  @inproceedings{ahsan-asiaccs2021,
  	  author    = {Ahsan Zafar and Aafaq Sabir and Dilawer Ahmed and Anupam Das},
  	  title     = {Understanding the Privacy Implications of {Adblock Plus’s} Acceptable Ads},
  	  booktitle = {Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS)},
  	  year      = {2021},
  }
  							  		

• The Web’s Sixth Sense: A Study of Scripts Accessing Smartphone Sensors. Anupam Das, Gunes Acar, Nikita Borisov and Amogh Pradeep. ACM Conference on Computer and Communications Security (CCS), 2018. PDF » BibTex »
  ×

  BibTex

  @inproceedings{sensor-js-2018,
  	author    = {Anupam Das and Gunes Acar and Nikita Borisov and Amogh Pradeep},
  	title     = {The {Web's} Sixth Sense: A Study of Scripts Accessing Smartphone Sensors},
  	booktitle = {Proceedings of the 25th ACM Conference on Computer and Communication Security (CCS)},
  	year      = {2018},
  	publisher = {ACM},
  	doi       = {10.1145/3243734.3243860},
  	url       = {https://doi.org/0.1145/3243734.3243860}
  }
  							  		

  Website » Code »
• Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures. Anupam Das, Nikita Borisov and Edward Chou. Privacy Enhancing Technologies Symposium (PETS), 2018. PDF » BibTex »
  ×

  BibTex

  @article{EveryMoveYouMake,
  	author  = {Anupam Das and Nikita Borisov and Edward Chou},
  	title   = {Every Move You Make: {E}xploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures},
  	journal = {Proceedings on Privacy Enhancing Technologies},
  	year    = {2018},
  	volume  = {2018},
  	number  = {1},
  	pages   = {88--108},
  	url     = {https://content.sciendo.com/view/journals/popets/2018/1/article-p88.xml}
  }
  							  		

  Website » Dataset 1 » Dataset 2 »
• Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses. Anupam Das, Nikita Borisov and Matthew Caesar. Network and Distributed System Security Symposium (NDSS), 2016. PDF » BibTex »
  ×

  BibTex

  @inproceedings{DasBC16,
  	author    = {Anupam Das and
  	             Nikita Borisov and
  	             Matthew Caesar},
  	title     = {Tracking Mobile Web Users Through Motion Sensors: {A}ttacks and Defenses},
  	booktitle = {Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS)},
  	year      = {2016},
  	url       = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/tracking-mobile-web-users-through-motion-sensors-attacks-defenses.pdf},
  }	
  							  		

  Website » Dataset »
• Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components. Anupam Das, Nikita Borisov and Matthew Caesar. ACM Conference on Computer and Communications Security (CCS), 2014. PDF » BibTex »
  ×

  BibTex

  @inproceedings{Das:2014:YHI:2660267.2660325,
  	author 	  = {Anupam Das and Nikita Borisov and Matthew Caesar},
  	title 	  = {Do You Hear What I Hear?: {F}ingerprinting Smart Devices Through Embedded Acoustic Components},
  	booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
  	year 	  = {2014},
  	pages 	  = {441--452},
  	numpages  = {12},
  	url 	  = {http://doi.acm.org/10.1145/2660267.2660325},
  	doi 	  = {10.1145/2660267.2660325},
  	publisher = {ACM},
  }
  							  		

  Website »

Today’s Internet services rely heavily on text-based passwords for user authentication. The pervasiveness of these services coupled with the difficulty of remembering large numbers of secure passwords tempts users to reuse or modify existing passwords at multiple sites. My research looks at analyzing and identifying different ways in how users reuse or modify passwords using real-world large-scale leaked data sets.

Relevant publications:

• The Tangled Web of Password Reuse. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang. Network and Distributed System Security Symposium (NDSS), 2014. PDF » BibTex »
  ×

  BibTex

  @inproceedings{DasBCBW14,
  	author    = {Anupam Das and
  	           Joseph Bonneau and
  	           Matthew Caesar and
  	           Nikita Borisov and
  	           XiaoFeng Wang},
  	title     = {The Tangled Web of Password Reuse},
  	booktitle = {Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS)},
  	year      = {2014},
  	url       = {https://www.ndss-symposium.org/ndss2014/tangled-web-password-reuse},
  }
  							  		

  Website » Dataset »
• Password Correlation: Quantification, Evaluation and Application. Shouling Ji, Shukun Yang, Anupam Das, Xin Hu and Raheem Beyah. IEEE International Conference on Computer Communications (INFOCOM), 2017. PDF » BibTex »
  ×

  BibTex

  @INPROCEEDINGS{8057067, 
  	author	  = {S. Ji and S. Yang and A. Das and X. Hu and R. Beyah}, 
  	booktitle = {Proceedings of the 36th IEEE International Conference on Computer Communications (INFOCOM)}, 
  	title     = {Password correlation: {Q}uantification, evaluation and application}, 
  	year	  = {2017},  
  	pages	  = {1--9},
  	doi       = {10.1109/INFOCOM.2017.8057067}, 
  } 
  							  		

Many people use anonymity networks like Tor to hide their digital footprints on the Internet. Tor is a distributed overlay network comprised of volunteer relays (also known as routers). To anonymize TCP connections, a Tor user constructs a circuit comprised typically of three Tor relays: any individual relay cannot reconstruct the whole circuit and link the source to the destination. However, users’ anonymity can be compromised by active and passive attackers in the network. My research looked at analyzing the security guarantees provided by Tor in the presence of active and passive attackers.

Relevant publications:

• Defending Tor from Network Adversaries: A Case Study of Network Path Prediction. Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov and Matthew Caesar. Privacy Enhancing Technologies Symposium (PETS), 2015. PDF » BibTex »
  ×

  BibTex

  @article { DefendingTor,
  	author 	= {Joshua Juen and Aaron Johnson and Anupam Das and Nikita Borisov and Matthew Caesar},
  	title 	= {Defending {T}or from Network Adversaries: {A} Case Study of Network Path Prediction},
  	journal = {Proceedings on Privacy Enhancing Technologies},
  	year 	= {2015},
  	volume 	= {2015},
  	number 	= {2},
  	pages 	= {171--187},
  	url 	= {https://content.sciendo.com/view/journals/popets/2015/2/article-p171.xml}
  }	
  							  		

  Website »
• Re^3: Relay Reliability Reputation for Anonymity Systems. Anupam Das, Nikita Borisov, Prateek Mittal and Matthew Caesar. ACM Symposium on Information, Computer and Communications Security (ASIA CCS), 2014. PDF » BibTex »
  ×

  BibTex

  @inproceedings{DasBMC14,
  	author    = {Anupam Das and
  	           Nikita Borisov and
  	           Prateek Mittal and
  	           Matthew Caesar},
  	title     = {Re\({}^{\mbox{3}}\): {R}elay Reliability Reputation for Anonymity Systems},,
  	booktitle = {Proceedings of the 9th Symposium on Information, Computer and Communications Security (ASIA CCS)},
  	pages     = {63--74},
  	year      = {2014},
  	url       = {http://doi.acm.org/10.1145/2590296.2590338},
  	doi       = {10.1145/2590296.2590338},
  	publisher = {ACM}
  }
  							  		

• Analyzing an Adaptive Reputation Metric for Anonymity Systems. Anupam Das, Nikita Borisov and Matthew Caesar. Symposium and Bootcamp on the Science of Security (HotSoS), 2014. PDF » BibTex »
  ×

  BibTex

  @inproceedings{DasBC14,
  	author    = {Anupam Das and
  	           Nikita Borisov and
  	           Matthew Caesar},
  	title     = {Analyzing an adaptive reputation metric for anonymity systems},
  	booktitle = {Proceedings of the 1st Symposium and Bootcamp on the Science of Security (HotSoS)},
  	pages     = {11:1--11:11},
  	articleno = {11},
  	numpages  = {11},
  	year      = {2014},
  	url       = {http://doi.acm.org/10.1145/2600176.2600187},
  	doi       = {10.1145/2600176.2600187},
  	publisher = {ACM},
  }
  							  		

• Securing Anonymous Communication Channels under the Selective-DoS Attack. Anupam Das and Nikita Borisov. International Conference on Financial Security and Data Security (FC) 2013. PDF » BibTex »
  ×

  BibTex

  @inProceedings{10.1007/978-3-642-39884-1_31,
  	author    = {Anupam Das and Nikita Borisov},
  	title     = {Securing Anonymous Communication Channels under the Selective {DoS} Attack},
  	booktitle = {Proceedings of the 17th International Conference on Financial Security and Data Security (FC)},
  	year      = {2013},
  	publisher = {Springer},
  	doi       = {10.1007/978-3-642-39884-1_31},
  	url       = {https://doi.org/10.1007/978-3-642-39884-1_31},
  	pages     = {362--370},
  }