Nilesh Chakraborty

Nilesh Chakraborty, Mohammad Zulkernine, Burak Kantarci

Reliable and secure human-machine communication is fundamental to IoT and cyber-physical ecosystems, where smartphones and wearables commonly serve as authentication controllers. PIN-based authentication can be viewed as a low-bandwidth communication channel through which users transmit numeric credentials under practical constraints. However, conventional evaluations adopt a binary view of security-treating such channels as either fully secure or fully compromised-thereby overlooking the progressive reliability degradation caused by partial information leakage in real-world IoT settings. In this paper, we model the PIN entry process as a stochastic human-IoT communication system and propose a context-conditioned probabilistic inference framework to quantify reliability loss and Quality-of-Service degradation under partial symbol exposure. The proposed approach treats missing digits as latent variables and estimates them using smoothed conditional probability distributions with fallback priors. Unlike traditional sequential models that assume contiguous positional dependencies, the method does not explicitly parameterize hidden-state transitions or emissions; instead, it performs context-driven probabilistic inference to approximate latent dependencies across digit positions. Using over one million real-world four-digit PIN samples, we evaluate single-, double-, and triple-digit leakage scenarios and derive position-dependent reliability metrics. The proposed model achieves up to 55.31% prediction accuracy for one missing digit and 12.12% for three missing digits, while consistently outperforming a standard sequence-model baseline and classical machine learning models in terms of precision, recall, and F1-score. These results formalize PIN entry as a noisy human--IoT communication channel and demonstrate substantial reliability degradation under realistic partial exposure conditions.

Nilesh Chakraborty, Denis Lukovnikov, Gaurav Maheshwari et al.

Question answering has emerged as an intuitive way of querying structured data sources, and has attracted significant advancements over the years. In this article, we provide an overview over these recent advancements, focusing on neural network based question answering systems over knowledge graphs. We introduce readers to the challenges in the tasks, current paradigms of approaches, discuss notable advancements, and outline the emerging trends in the field. Through this article, we aim to provide newcomers to the field with a suitable entry point, and ease their process of making informed decisions while creating their own QA system.

Denis Lukovnikov, Nilesh Chakraborty, Jens Lehmann et al.

Translating natural language to SQL queries for table-based question answering is a challenging problem and has received significant attention from the research community. In this work, we extend a pointer-generator and investigate the order-matters problem in semantic parsing for SQL. Even though our model is a straightforward extension of a general-purpose pointer-generator, it outperforms early works for WikiSQL and remains competitive to concurrently introduced, more complex models. Moreover, we provide a deeper investigation of the potential order-matters problem that could arise due to having multiple correct decoding paths, and investigate the use of REINFORCE as well as a dynamic oracle in this context.

Gaurav Maheshwari, Priyansh Trivedi, Denis Lukovnikov et al.

In this paper, we conduct an empirical investigation of neural query graph ranking approaches for the task of complex question answering over knowledge graphs. We experiment with six different ranking models and propose a novel self-attention based slot matching model which exploits the inherent structure of query graphs, our logical form of choice. Our proposed model generally outperforms the other models on two QA datasets over the DBpedia knowledge graph, evaluated in different settings. In addition, we show that transfer learning from the larger of those QA datasets to the smaller dataset yields substantial improvements, effectively offsetting the general lack of training data.

Nilesh Chakraborty, Shreya Singh, Samrat Mondal

Modern trend sees a lot usage of \textit{honeywords} (or fake password) for protecting the original passwords in the password file. However, the usage of \textit{honeywords} has strongly been criticized under the different security and usability parameters. Though many of these issues have been successfully resolved, research in this domain is still facing difficulties in \textit{achieving flatness} (or producing the equally probable \textit{honeywords} with reference to the original password). Though recent studies have made a significant effort to meet this criterion, we show that they either fall short or are based on some unrealistic assumptions. To practically fulfill this flatness criterion, we propose a questionnaire-oriented authentication system based on the episodic (or long term) memory of the users. Our study reveals that proposed mechanism is capable of generating significantly improved flatter list of \textit{honeywords} compared to the existing protocols. The subsequent discussion shows that the proposed system also overcomes all the limitations of the existing state of arts with no lesser than $95\%$ goodness.

Nilesh Chakraborty, Samrat Mondal

Using password based authentication technique, a system maintains the login credentials (username, password) of the users in a password file. Once the password file is compromised, an adversary obtains both the login credentials. With the advancement of technology, even if a password is maintained in hashed format, then also the adversary can invert the hashed password to get the original one. To mitigate this threat, most of the systems nowadays store some system generated fake passwords (also known as honeywords) along with the original password of a user. This type of setup confuses an adversary while selecting the original password. If the adversary chooses any of these honeywords and submits that as a login credential, then system detects the attack. A large number of significant work have been done on designing methodologies (identified as $\text{M}^{\text{DS}}_{\text{OA}}$) that can protect password against observation or, shoulder surfing attack. Under this attack scenario, an adversary observes (or records) the login information entered by a user and later uses those credentials to impersonate the genuine user. In this paper, we have shown that because of their design principle, a large subset of $\text{M}^{\text{DS}}_{\text{OA}}$ (identified as $\text{M}^{\text{FODS}}_{\text{SOA}}$) cannot afford to store honeywords in password file. Thus these methods, belonging to $\text{M}^{\text{FODS}}_{\text{SOA}}$, are unable to provide any kind of security once password file gets compromised. Through our contribution in this paper, by still using the concept of honeywords, we have proposed few generic principles to mask the original password of $\text{M}^{\text{FODS}}_{\text{SOA}}$ category methods. We also consider few well-established methods like S3PAS, CHC, PAS and COP belonging to $\text{M}^{\text{FODS}}_{\text{SOA}}$, to show that proposed idea is implementable in practice.

Nilesh Chakraborty, Samrat Mondal

Designing an efficient protocol for avoiding the threat of recording based attack in presence of a powerful eavesdropper remains a challenge for more than two decades. During authentication, the absence of any secure link between the prover and verifier makes things even more vulnerable as, after observing a threshold challenge-response pair, users' secret may easily get derived due to information leakage. Existing literature only present new methodologies with ensuring superior aspects over previous ones, while ignoring the aspects on which their proposed schemes cope poorly. Unsurprisingly, most of them are far from satisfactory - either are found far from usable or lack of security features. To overcome this issue, we first introduce the concept of "leakage control" which puts a bar on the natural information leakage rate and greatly helps in increasing both the usability and security standards. Not just prevention, but also, by introducing the threat detection strategy (based on the concept of honeyword), our scheme "lights two candles". It not only eliminates the long terms security and usability conflict under the practical scenario, but along with threat detection from the client side, it is capable of protecting the secret at the server side under the distributed framework, and thus, guaranteeing security beyond the conventional limit.

Nilesh Chakraborty, Samrat Mondal

Inverting the hash values by performing brute force computation is one of the latest security threats on password based authentication technique. New technologies are being developed for brute force computation and these increase the success rate of inversion attack. Honeyword base authentication protocol can successfully mitigate this threat by making password cracking detectable. However, the existing schemes have several limitations like Multiple System Vulnerability, Weak DoS Resistivity, Storage Overhead, etc. In this paper we have proposed a new honeyword generation approach, identified as Paired Distance Protocol (PDP) which overcomes almost all the drawbacks of previously proposed honeyword generation approaches. The comprehensive analysis shows that PDP not only attains a high detection rate of 97.23% but also reduces the storage cost to a great extent.