Rajat Tandon

Abhinav Palia, Rajat Tandon, Carl Mathis

Privacy is an individual choice to determine which personal details can be collected, used and shared. Individual consent and transparency are the core tenets for earning customers trust and this motivates the organizations to adopt privacy enhancing practices while creating the systems. The goal of a privacy-aware design is to protect information in a way that does not increase an adversary's existing knowledge about an individual beyond what is permissible. This becomes critical when these data elements can be linked with the wealth of auxiliary information available outside the system to identify an individual. Privacy regulations around the world provide directives to protect individual privacy but are generally complex and vague, making their translation into actionable and technical privacy-friendly architectures challenging. In this paper, we utilize Shannon's Entropy to create an objective metric that can help simplify the state-of-the-art Privacy Design Strategies proposed in the literature and aid our key technical design decisions to create privacy aware architectures.

Rajat Tandon

A distributed denial-of-service (DDoS) attack is an attack wherein multiple compromised computer systems flood the bandwidth and/or resources of a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems. This paper presents a literature review of DDoS attacks and the common defense mechanisms available. It also presents a literature review of the defenses for low-rate DDoS attacks that have not been handled effectively hitherto.

Abhinav Palia, Rajat Tandon

With the tremendous increase in the number of smart phones, app stores have been overwhelmed with applications requiring geo-location access in order to provide their users better services through personalization. Revealing a user's location to these third party apps, no matter at what frequency, is a severe privacy breach which can have unpleasant social consequences. In order to prevent inference attacks derived from geo-location data, a number of location obfuscation techniques have been proposed in the literature. However, none of them provides any objective measure of privacy guarantee. Some work has been done to define differential privacy for geo-location data in the form of geo-indistinguishability with l privacy guarantee. These techniques do not utilize any prior background information about the Points of Interest (PoIs) of a user and apply Laplacian noise to perturb all the location coordinates. Intuitively, the utility of such a mechanism can be improved if the noise distribution is derived after considering some prior information about PoIs. In this paper, we apply the standard definition of differential privacy on geo-location data. We use first principles to model various privacy and utility constraints, prior background information available about the PoIs (distribution of PoI locations in a 1D plane) and the granularity of the input required by different types of apps, in order to produce a more accurate and a utility maximizing differentially private algorithm for geo-location data at the OS level. We investigate this for a particular category of apps and for some specific scenarios. This will also help us to verify that whether Laplacian noise is still the optimal perturbation when we have such prior information.

Rishabh Jain, Rupanta Rwiteej Dutta, Rajat Tandon

The most important aspect of any Software is the operability for the intended audience. This factor of operability is encompassed in the user interface, which serves as the only window to the features of the system. It is thus essential that the User Interface provided is robust, concise and lucid. Presently there are no properly defined rules or guidelines for user interface design enabling a perfect design, since such a system cannot be perceived. This article aims at providing suggestions in the design of the User Interface, which would make it easier for the user to navigate through the system features and also the developers to guide the users towards better utilization of the features.