Siddharth Prakash Rao

Mete Harun Akcay, Buse Gul Atli, Siddharth Prakash Rao et al.

As the volume of stored data continues to grow, identifying and protecting sensitive information within large repositories becomes increasingly challenging, especially when shared with multiple users with different roles and permissions. This work presents a system architecture for trusted data sharing with policy-driven access control, enabling selective protection of sensitive regions while maintaining scalability. The proposed architecture integrates four core modules that combine automated detection of sensitive regions, post-correction, key management, and access control. Sensitive regions are secured using a hybrid scheme that employs symmetric encryption for efficiency and Attribute-Based Encryption for policy enforcement. The system supports efficient key distribution and isolates key storage to strengthen overall security. To demonstrate its applicability, we evaluate the system on visual datasets, where Privacy-Sensitive Objects in images are automatically detected, reassessed, and selectively encrypted prior to sharing in a data repository. Experimental results show that our system provides effective PSO detection, increases macro-averaged F1 score (5%) and mean Average Precision (10%), and maintains an average policy-enforced decryption time of less than 1 second per image. These results demonstrate the effectiveness, efficiency and scalability of our proposed solution for fine-grained access control.

Siddharth Prakash Rao, Silke Holtmanns, Tuomas Aura

Due to the complex nature of mobile communication systems, most of the security efforts in its domain are isolated and scattered across underlying technologies. This has resulted in an obscure view of the overall security. In this work, we attempt to fix this problem by proposing a domain-specific threat modeling framework. By gleaning from a diverse and large body of security literature, we systematically organize the attacks on mobile communications into various tactics and techniques. Our framework is designed to model adversarial behavior in terms of its attack phases and to be used as a common taxonomy matrix. We also provide concrete examples of using the framework for modeling the attacks individually and comparing them with similar ones.

Thanh Bui, Siddharth Prakash Rao, Markku Antikainen et al.

Internet users increasingly rely on commercial virtual private network (VPN) services to protect their security and privacy. The VPN services route the client's traffic over an encrypted tunnel to a VPN gateway in the cloud. Thus, they hide the client's real IP address from online services, and they also shield the user's connections from perceived threats in the access networks. In this paper, we study the security of such commercial VPN services. The focus is on how the client applications set up VPN tunnels, and how the service providers instruct users to configure generic client software. We analyze common VPN protocols and implementations on Windows, macOS and Ubuntu. We find that the VPN clients have various configuration flaws, which an attacker can exploit to strip off traffic encryption or to bypass authentication of the VPN gateway. In some cases, the attacker can also steal the VPN user's username and password. We suggest ways to mitigate each of the discovered vulnerabilities.

Siddharth Prakash Rao

In this paper we discuss Bitcoin, the leader among the existing cryptocurrencies, to analyse its trends, success factors, current challenges and probable solutions to make it even better. In the introduction section, we discuss the history and working mechanism of Bitcoin. In the background section, we develop the ideas that evolved in the process of making a stable cryptocurrency. We also analyze the survey matrices of the present day cryptocurrencies. This survey clearly shows that Bitcoin is the clear winner among its kind. Section 3 is about the success factors of Bitcoin and the proceeding sections are a discussion about current challenges which pose as hurdles in making Bitcoin a better currency in the digital world. We finally discuss the balance between anonymity and reduced trust in the cryptocurrency world, before concluding the survey.