Anupam Das: Personal Webpage

WordCloud representation of paper abstracts.

Research Interests

Online privacy
Network traffic analysis
Privacy in IoT
Privacy enhancing technologies
Inference attacks
Usable security and privacy
Machine Learning+Privacy
Anonymity networks

Today, with the rapid adoption of the Internet of Things (IoT), we face a new world where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors, sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through a large volume of personal data, at times collected without our awareness or consent. Such personal data can reveal a lot about ourselves, like our habits and lifestyles, which not only have great commercial value to advertisers to serve targeted ads but can also be misused by repressive governments and cybercriminals. In my research, I look at developing novel frameworks to help identify and mitigate the security and privacy risks that arise from emerging IoT systems.

Please visit our IoTLab page for more details on projects we are currently working on.

Relevant publications:

Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills. Aafaq Sabir, Evan Lafontaine and Anupam Das. Proceedings of the 2022 ACM Conference on Human Factors in Computing Systems (CHI) , 2022.

BibTex

@inproceedings{aafaq-chi2022,
		author  = {Aafaq Sabir and Evan Lafontaine and Anupam Das},
		title   = {Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills},
		book = {Proceedings of the 2022 ACM Conference on Human Factors in Computing Systems (CHI)},
		year ={2022}
	}

Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices. Dilawer Ahmed, Anupam Das and Fareed Zaffar. Proceedings on Privacy Enhancing Technologies (PoPETs), 2022.

BibTex

@article{dilawer2021,
		author  = {Dilawer Ahmed and
	                Anupam Das and
	                Fareed Zaffar},
		title   = {Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices},
		journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
		year    = {2022},
		volume  = {2022},
		number  = {2},
	}

HandLock: Enabling 2-FA for Smart Home Voice Assistants using Inaudible Acoustic Signal. Shaohu Zhang and Anupam Das. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2021.

BibTex

@inproceedings{shaohu2021,
	  author    = {Shaohu Zhang and Anupam Das},
	  title     = {HandLock: Enabling {2-FA} for Smart Home Voice Assistants using Inaudible Acoustic Signal},
	  booktitle = {Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)},
	  year      = {2021},
}

Understanding People's Attitude and Concerns towards Adopting IoT Devices. Evan Lafontaine, Aafaq Sabir, and Anupam Das. CHI Conference on Human Factors in Computing Systems Extended Abstracts (CHI ’21 Extended Abstracts), 2021.

BibTex

@inproceedings{evan-chi2021,
	  author    = {Evan Lafontaine and Aafaq Sabir and Anupam Das},
	  title     = {Understanding People's Attitude and Concerns towardsAdopting {IoT} Devices},
	  booktitle = {Proceedings CHI Conference on Human Factors in Computing Systems Extended Abstracts (CHI ’21 Extended Abstracts)},
	  year      = {2021},
}

Hey Alexa, is this Skill Safe?: Taking a Closer Lookat the Alexa Skill Ecosystem. Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das and William Enck. Network and Distributed System Security Symposium (NDSS), 2021.

BibTex

@inproceedings{Lentzsch-NDSS2021,
	  author    = {Christopher Lentzsch and
	               Sheel Jayesh Shah and
	               Benjamin Andow and
	               Martin Degeling and
	               Anupam Das and
	               William Enck},
	  title     = {Hey {Alexa}, is this Skill Safe?: Taking a Closer Lookat the {Alexa} Skill Ecosystem},
	  booktitle = {Proceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS)},
	  year      = {2021},
}

''Did you know this camera tracks your mood?'': Understanding Privacy Expectations and Preferences in the Age of Video Analytics. Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Cranor, Anupam Das and Norman Sadeh. Proceedings on Privacy Enhancing Technologies (PoPETs), 2021.

BibTex

@article{Shikun2021,
	author  = {Shikun Zhang and
                Yuanyuan Feng and
                Lujo Bauer and
                Lorrie Cranor and
                Anupam Das and
                Norman Sadeh},
	title   = {``{D}id you know this camera tracks your mood?'': Understanding Privacy Expectations and Preferences in the Age of Video Analytics},
	journal = {Proceedings on Privacy Enhancing Technologies},
	year    = {2021},
	volume  = {2021},
	number  = {2},
}

Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), 2018.

BibTex

@article{Wang:2018:ELV:3233173.3209659,
	author 	  = {Junjue Wang and Brandon Amos and Anupam Das and Padmanabhan Pillai and Norman Sadeh and Mahadev Satyanarayanan},
	title 	  = {Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework},
	journal   = {ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM)},
	volume 	  = {14},
	number 	  = {3s},
	month 	  = jun,
	year 	  = {2018},
	pages 	  = {64:1--64:24},
	url 	  = {http://doi.acm.org/10.1145/3209659},
	doi 	  = {10.1145/3209659},
	publisher = {ACM},
}

Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice. Anupam Das, Martin Degeling, Daniel Smullen and Norman Sadeh. IEEE Pervasive Computing: The Spectre of Malicious Computing, 2018.

BibTex

@ARTICLE{8490188,
	author={Anupam Das and Martin Degeling and Daniel Smullen and Norman Sadeh},
	journal={IEEE Pervasive Computing},
	title={Personalized Privacy Assistants for the {I}nternet of {T}hings: {P}roviding Users with Notice and Choice},
	year={2018},
	volume={17},
	number={3},
	pages={35--46},
	doi={10.1109/MPRV.2018.03367733},
}

A Scalable and Privacy-Aware IoT Service for Live Video Analytics. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh and Mahadev Satyanarayanan. ACM Multimedia Systems Conference (MMSys), 2017. Best paper award

BibTex

@inproceedings{Wang:2017:SPI:3083187.3083192,
	author 	  = {Junjue Wang and Brandon Amos and Anupam Das and Padmanabhan Pillai and Norman Sadeh and Mahadev Satyanarayanan},
	title 	  = {A Scalable and Privacy-Aware {IoT} Service for Live Video Analytics},
	booktitle = {Proceedings of the 8th ACM on Multimedia Systems Conference (MMSys)},
	year      = {2017},
	pages 	  = {38--49},
	numpages  = {12},
	url 	  = {http://doi.acm.org/10.1145/3083187.3083192},
	doi 	  = {10.1145/3083187.3083192},
	publisher = {ACM},
}

Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes. Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das and Limin Jia. International World Wide Web Conference (WWW), 2017.

BibTex

@inproceedings{Surbatovich:2017:RMS:3038912.3052709,
	author 	  = {Milijana Surbatovich and Jassim Aljuraidan and Lujo Bauer and Anupam Das and Limin Jia},
	title 	  = {Some Recipes Can Do More Than Spoil Your Appetite: {A}nalyzing the Security and Privacy Risks of {IFTTT} Recipes},
	booktitle = {Proceedings of the 26th International Conference on World Wide Web (WWW)},
	year 	  = {2017},
	pages 	  = {1501--1510},
	numpages  = {10},
	url 	  = {https://doi.org/10.1145/3038912.3052709},
	doi 	  = {10.1145/3038912.3052709},
	publisher = {International World Wide Web Conferences Steering Committee},
}

Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications. Anupam Das, Martin Degeling, Xiaoyou Wang, Junjue Wang, Norman Sadeh and Mahadev Satyanarayanan. Workshop on the Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS, co-located with IEEE CVPR), 2017.

BibTex

@INPROCEEDINGS{8014915, 
	author 	  = {A. Das and M. Degeling and X. Wang and J. Wang and N. Sadeh and M. Satyanarayanan}, 
	booktitle = {IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)}, 
	title     = {Assisting Users in a World Full of Cameras: {A} Privacy-Aware Infrastructure for Computer Vision Applications}, 
	year	  = {2017},  
	pages	  = {1387--1396},
	doi       = {10.1109/CVPRW.2017.181}, 
}

Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences. Primal Pappachan,, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh and Nalini Venkatasubramanian. International Workshop on the Internet of Things Computing and Applications (IoTCA, co-located with ICDCS), 2017.

BibTex

@INPROCEEDINGS{7979816, 
	author    = {P. Pappachan and M. Degeling and R. Yus and A. Das and S. Bhagavatula and W. Melicher and P. E. Naeini and S. Zhang and L. Bauer and A. Kobsa and S. Mehrotra and N. Sadeh and N. Venkatasubramanian}, 
	booktitle = {IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW)}, 
	title     = {Towards Privacy-Aware Smart Buildings: {C}apturing, Communicating, and Enforcing Privacy Policies and Preferences}, 
	year	  = {2017}, 
	pages	  = {193--198}, 
	doi       = {10.1109/ICDCSW.2017.52},
}

When we interact with the Internet, we leave behind traces of our interactions, called digital footprints. These footprints reveal a lot about ourselves; our identity, our habits, and our desires. Such intensely personal information has great commercial value to advertisers in the form of serving targeted ads, but at the same time, it can also be misused by employers and repressive governments. To protect users, privacy tools such as ad- and tracker-blocking extensions have been developed. In turn, advertisers have begun leveraging more advanced tracking techniques that reduce the effectiveness of these approaches. In my research, I have developed novel techniques to uniquely fingerprint smartphones by exploiting manufacturing imperfections of their embedded sensors. I have also designed countermeasures that are simple yet effective and can attain acceptable tradeoffs between privacy and utility.

Relevant publications:

Analyzing the Impact and Accuracy of Facebook Activity on Facebook's Ad-Interest Inference Process. Aafaq Sabir, Evan Lafontaine and Anupam Das. Proceedings of the 25th ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW), 2022.

BibTex

@article{aafaq2022,
		author  = {Aafaq Sabir and Evan Lafontaine and Anupam Das},
		title   = {Analyzing the Impact and Accuracy of Facebook Activity on Facebook's Ad-Interest Inference Process},
		journal = {Proceedings of the ACM on Human-Computer Interaction (PACM HCI)},
		volume = {CSCW1},
		article ={76},
		year ={2022}
	}

Understanding the Privacy Implications of Adblock Plus’s Acceptable Ads. Ahsan Zafar, Aafaq Sabir, Dilawer Ahmed and Anupam Das. ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021.

BibTex

@inproceedings{ahsan-asiaccs2021,
	  author    = {Ahsan Zafar and Aafaq Sabir and Dilawer Ahmed and Anupam Das},
	  title     = {Understanding the Privacy Implications of {Adblock Plus’s} Acceptable Ads},
	  booktitle = {Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS)},
	  year      = {2021},
}

The Web’s Sixth Sense: A Study of Scripts Accessing Smartphone Sensors. Anupam Das, Gunes Acar, Nikita Borisov and Amogh Pradeep. ACM Conference on Computer and Communications Security (CCS), 2018.

BibTex

@inproceedings{sensor-js-2018,
	author    = {Anupam Das and Gunes Acar and Nikita Borisov and Amogh Pradeep},
	title     = {The {Web's} Sixth Sense: A Study of Scripts Accessing Smartphone Sensors},
	booktitle = {Proceedings of the 25th ACM Conference on Computer and Communication Security (CCS)},
	year      = {2018},
	publisher = {ACM},
	doi       = {10.1145/3243734.3243860},
	url       = {https://doi.org/0.1145/3243734.3243860}
}

Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures. Anupam Das, Nikita Borisov and Edward Chou. Privacy Enhancing Technologies Symposium (PETS), 2018.

BibTex

@article{EveryMoveYouMake,
	author  = {Anupam Das and Nikita Borisov and Edward Chou},
	title   = {Every Move You Make: {E}xploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures},
	journal = {Proceedings on Privacy Enhancing Technologies},
	year    = {2018},
	volume  = {2018},
	number  = {1},
	pages   = {88--108},
	url     = {https://content.sciendo.com/view/journals/popets/2018/1/article-p88.xml}
}

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses. Anupam Das, Nikita Borisov and Matthew Caesar. Network and Distributed System Security Symposium (NDSS), 2016.

BibTex

@inproceedings{DasBC16,
	author    = {Anupam Das and
	             Nikita Borisov and
	             Matthew Caesar},
	title     = {Tracking Mobile Web Users Through Motion Sensors: {A}ttacks and Defenses},
	booktitle = {Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS)},
	year      = {2016},
	url       = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/tracking-mobile-web-users-through-motion-sensors-attacks-defenses.pdf},
}

Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components. Anupam Das, Nikita Borisov and Matthew Caesar. ACM Conference on Computer and Communications Security (CCS), 2014.

BibTex

@inproceedings{Das:2014:YHI:2660267.2660325,
	author 	  = {Anupam Das and Nikita Borisov and Matthew Caesar},
	title 	  = {Do You Hear What I Hear?: {F}ingerprinting Smart Devices Through Embedded Acoustic Components},
	booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
	year 	  = {2014},
	pages 	  = {441--452},
	numpages  = {12},
	url 	  = {http://doi.acm.org/10.1145/2660267.2660325},
	doi 	  = {10.1145/2660267.2660325},
	publisher = {ACM},
}

Today’s Internet services rely heavily on text-based passwords for user authentication. The pervasiveness of these services coupled with the difficulty of remembering large numbers of secure passwords tempts users to reuse or modify existing passwords at multiple sites. My research looks at analyzing and identifying different ways in how users reuse or modify passwords using real-world large-scale leaked data sets.

Relevant publications:

The Tangled Web of Password Reuse. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang. Network and Distributed System Security Symposium (NDSS), 2014.

BibTex

@inproceedings{DasBCBW14,
	author    = {Anupam Das and
	           Joseph Bonneau and
	           Matthew Caesar and
	           Nikita Borisov and
	           XiaoFeng Wang},
	title     = {The Tangled Web of Password Reuse},
	booktitle = {Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS)},
	year      = {2014},
	url       = {https://www.ndss-symposium.org/ndss2014/tangled-web-password-reuse},
}

Password Correlation: Quantification, Evaluation and Application. Shouling Ji, Shukun Yang, Anupam Das, Xin Hu and Raheem Beyah. IEEE International Conference on Computer Communications (INFOCOM), 2017.

BibTex

@INPROCEEDINGS{8057067, 
	author	  = {S. Ji and S. Yang and A. Das and X. Hu and R. Beyah}, 
	booktitle = {Proceedings of the 36th IEEE International Conference on Computer Communications (INFOCOM)}, 
	title     = {Password correlation: {Q}uantification, evaluation and application}, 
	year	  = {2017},  
	pages	  = {1--9},
	doi       = {10.1109/INFOCOM.2017.8057067}, 
}

Many people use anonymity networks like Tor to hide their digital footprints on the Internet. Tor is a distributed overlay network comprised of volunteer relays (also known as routers). To anonymize TCP connections, a Tor user constructs a circuit comprised typically of three Tor relays: any individual relay cannot reconstruct the whole circuit and link the source to the destination. However, users’ anonymity can be compromised by active and passive attackers in the network. My research looked at analyzing the security guarantees provided by Tor in the presence of active and passive attackers.

Relevant publications:

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction. Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov and Matthew Caesar. Privacy Enhancing Technologies Symposium (PETS), 2015.

BibTex

@article { DefendingTor,
	author 	= {Joshua Juen and Aaron Johnson and Anupam Das and Nikita Borisov and Matthew Caesar},
	title 	= {Defending {T}or from Network Adversaries: {A} Case Study of Network Path Prediction},
	journal = {Proceedings on Privacy Enhancing Technologies},
	year 	= {2015},
	volume 	= {2015},
	number 	= {2},
	pages 	= {171--187},
	url 	= {https://content.sciendo.com/view/journals/popets/2015/2/article-p171.xml}
}

Re^3: Relay Reliability Reputation for Anonymity Systems. Anupam Das, Nikita Borisov, Prateek Mittal and Matthew Caesar. ACM Symposium on Information, Computer and Communications Security (ASIA CCS), 2014. Best paper award

BibTex

@inproceedings{DasBMC14,
	author    = {Anupam Das and
	           Nikita Borisov and
	           Prateek Mittal and
	           Matthew Caesar},
	title     = {Re\({}^{\mbox{3}}\): {R}elay Reliability Reputation for Anonymity Systems},,
	booktitle = {Proceedings of the 9th Symposium on Information, Computer and Communications Security (ASIA CCS)},
	pages     = {63--74},
	year      = {2014},
	url       = {http://doi.acm.org/10.1145/2590296.2590338},
	doi       = {10.1145/2590296.2590338},
	publisher = {ACM}
}

Analyzing an Adaptive Reputation Metric for Anonymity Systems. Anupam Das, Nikita Borisov and Matthew Caesar. Symposium and Bootcamp on the Science of Security (HotSoS), 2014.

BibTex

@inproceedings{DasBC14,
	author    = {Anupam Das and
	           Nikita Borisov and
	           Matthew Caesar},
	title     = {Analyzing an adaptive reputation metric for anonymity systems},
	booktitle = {Proceedings of the 1st Symposium and Bootcamp on the Science of Security (HotSoS)},
	pages     = {11:1--11:11},
	articleno = {11},
	numpages  = {11},
	year      = {2014},
	url       = {http://doi.acm.org/10.1145/2600176.2600187},
	doi       = {10.1145/2600176.2600187},
	publisher = {ACM},
}

Securing Anonymous Communication Channels under the Selective-DoS Attack. Anupam Das and Nikita Borisov. International Conference on Financial Security and Data Security (FC) 2013.

BibTex

@inProceedings{10.1007/978-3-642-39884-1_31,
	author    = {Anupam Das and Nikita Borisov},
	title     = {Securing Anonymous Communication Channels under the Selective {DoS} Attack},
	booktitle = {Proceedings of the 17th International Conference on Financial Security and Data Security (FC)},
	year      = {2013},
	publisher = {Springer},
	doi       = {10.1007/978-3-642-39884-1_31},
	url       = {https://doi.org/10.1007/978-3-642-39884-1_31},
	pages     = {362--370},
}

Research Interests

Research Topics

Security and Privacy in IoT

Online Tracking

Password Analysis

Securing Anonymity Networks (Tor)