Devashish Gosain

Saltanat Firdous Allaqband, Deepanjali S, Rohit Srinivas R G et al.

Trusted Execution Environments (TEEs) have emerged as a cornerstone for securing sensitive computations by providing isolated enclaves protected from untrusted software. However, their security guarantees are undermined by vulnerabilities in both the enclave code and the underlying hardware design, which can allow sensitive data to leak despite strong isolation guarantees. This paper presents KINGSGUARD, a novel TEE design that systematically monitors and controls the propagation of sensitive data within an enclave. By enforcing fine-grained data flow tracking and checks in hardware, our approach ensures that sensitive data does not leave the enclave boundary, thus bridging the gap between the idealized threat models of TEEs and their practical realizations. Additionally, to balance security with practical functionality, we introduce controlled declassification at enclave boundaries, allowing intentional release of data to the outside world. Our implementation of KINGSGUARD on a RISC-V processor has a 10.8% hardware area overhead when synthesized on FPGA and a 5.69% performance overhead.

Piyush Kumar Sharma, Devashish Gosain, Claudia Diaz

Cryptocurrency systems can be subject to deanonimization attacks by exploiting the network-level communication on their peer-to-peer network. Adversaries who control a set of colluding node(s) within the peer-to-peer network can observe transactions being exchanged and infer the parties involved. Thus, various network anonymity schemes have been proposed to mitigate this problem, with some solutions providing theoretical anonymity guarantees. In this work, we model such peer-to-peer network anonymity solutions and evaluate their anonymity guarantees. To do so, we propose a novel framework that uses Bayesian inference to obtain the probability distributions linking transactions to their possible originators. We characterize transaction anonymity with those distributions, using entropy as metric of adversarial uncertainty on the originator's identity. In particular, we model Dandelion, Dandelion++ and Lightning Network. We study different configurations and demonstrate that none of them offers acceptable anonymity to their users. For instance, our analysis reveals that in the widely deployed Lightning Network, with 1% strategically chosen colluding nodes the adversary can uniquely determine the originator for about 50% of the total transactions in the network. In Dandelion, an adversary that controls 15% of the nodes has on average uncertainty among only 8 possible originators. Moreover, we observe that due to the way Dandelion and Dandelion++ are designed, increasing the network size does not correspond to an increase in the anonymity set of potential originators. Alarmingly, our longitudinal analysis of Lightning Network reveals rather an inverse trend -- with the growth of the network the overall anonymity decreases.

Devashish Gosain, Soubhik Chakraborty, Mohit Sajwan

Semi Natural Algorithmic composition (SNCA) is the technique of using algorithms to create music note sequences in computer with the understanding that how to render them would be decided by the composer. In our approach we are proposing an SNCA2 algorithm (extension of SNCA algorithm) with an illustrative example in Raga Bageshree. For this, Transition probability matrix (tpm) was created for the note sequences of Raga Bageshree, then first order Markov chain (using SNCA) and second order Markov chain (using SNCA2) simulations were performed for generating arbitrary sequences of notes of Raga Bageshree. The choice between first and second order Markov model, is best left to the composer who has to decide how to render these music notes sequences. We have confirmed that Markov chain of order of three and above are not promising, as the tpm of these become sparse matrices.

Devashish Gosain, Anshika Agarwal, Sahil Shekhawat et al.

This paper presents a study of the Internet infrastructure in India from the point of view of censorship. First, we show that the current state of affairs---where each ISP implements its own content filters (nominally as per a governmental blacklist)---results in dramatic differences in the censorship experienced by customers. In practice, a well-informed Indian citizen can escape censorship through a judicious choice of service provider. We then consider the question of whether India might potentially follow the Chinese model and institute a single, government-controlled filter. This would not be difficult, as the Indian Internet is quite centralized already. A few "key" ASes (approx 1% of Indian ASes) collectively intercept approx 95% of paths to the censored sites we sample in our study, and also to all publicly-visible DNS servers. 5,000 routers spanning these key ASes would suffice to carry out IP or DNS filtering for the entire country; approx 70% of these routers belong to only two private ISPs. If the government is willing to employ more powerful measures, such as an IP Prefix Hijacking attack, any one of several key ASes can censor traffic for nearly all Indian users. Finally, we demonstrate that such federated censorship by India would cause substantial collateral damage to non-Indian ASes whose traffic passes through Indian cyberspace (which do not legally come under Indian jurisdiction at all).

Devashish Gosain, Anshika Agarwal, Sambuddho Chakravarty et al.

Decoy Routing, the use of routers (rather than end hosts) as proxies, is a new direction in anti-censorship research. Decoy Routers (DRs), placed in Autonomous Systems, proxy traffic from users; so the adversary, e.g., a censorious government, attempts to avoid them. It is quite difficult to place DRs so the adversary cannot route around them for example, we need the cooperation of 850 ASes to contain China alone. In this paper, we consider a different approach. We begin by noting that DRs need not intercept all the network paths from a country, just those leading to Overt Destinations, i.e., unfiltered websites hosted outside the country (usually popular ones, so that client traffic to the OD does not make the censor suspicious. Our first question is; How many ASes are required for installing DRs to intercept a large fraction of paths from, e.g., China to the top n websites (as per Alexa)? How does this number grow with n? Few ASes (approx. 30) intercept over 90% of paths to the top n sites, for n = 10, 20...200. Our first contribution is to demonstrate with real paths that the number of ASes required for a world-wide DR framework is small (approx. 30). Further, censor nations attempts to filter traffic along the paths transiting these 30 ASes will not only block their own citizens, but others residing in foreign ASes. Our second contribution in this paper is to consider the details of DR placement: not just in which ASes DRs should be placed to intercept traffic, but exactly where in each AS. We find that even with our small number of ASes, we still need a total of about 11,700 DRs.We conclude that, even though a DR system involves far fewer ASes than previously thought, it is still a major undertaking. For example, the current routers cost over 10.3 billion USD, so if DR at line speed requires all new hardware, the cost alone would make such a project unfeasible for most actors.