Shishir Nagaraja
Researcher in Network Security
- E-mail
- shishir [dot] nagaraja [at] cl [dot] cam [dot] ac [dot] uk
- Phone
- +44 1223 763565
- +44 7913 594019
- Office
- GE17, William Gates Building, Computer Laboratory
Curriculum Vitae
My current C.V. is available here.
Application materials
Research statement
Teaching statement
What's new
A paper on the economics
of surveillance and counter-surveillance, that examines the
extent of network topology information an attacker must gather, in
order to uncover the existence of communities within a network. We
show that anonymous communication channels promising unlinkability
between sender and reciever actions, do not make the attacker's job
substantially , and that counter-surveillance strategies can induce an
exponential false negative rate in the attacker's calculations. Our
results support the assertion that while the privacy of the general
public is easily comprimised with a small surveillance budget, a
covert group that makes a small investment in counter-surveillance can
escape detection even when the adversary has a very high surveillance
budget covering a majority of the population. Hence, government
initiatives on detecting terrorist networks with large scale privacy
invasion of the public are rather doomed to fail.
Here are the
slides from my lectures on anonymity and privacy to final year
undergraduates at Cambridge in 2007.
.
I spend some of my time working for the OpenNet Initiative. In a lead technical role, I am a part of the
team that monitors the Internet and investigates censorship
incidents. This year, we are monitoring 63 countries from Asia, former
Soviet republics, Middle East and North Africa, and a few countries in
Europe.
Research Interests
My main interest is in the intersection of network resilience, and,
traffic analysis and anonymous communications. I am also interested in
various other areas such as adhoc and sensor networks, economics of
information security and usable security.
Publications
Anonymity in the
wild: Mixes on unstructured networks
( slides )
at PET 2007
Current anonymous communication systems suffer from a vital
incentive design failure. How you design a robust mix network
where the mix operator has incentives to keep her mixes running
in the face of direct adversarial challenges in the form of cease
and desist. Previous approaches have incorporated the property of
plausible deniability in order to design compulsion resistant
systems. We take an alternate approach of having "friends mix
traffic for friends", whose main advantage is that the incentive
model is very well understood by the public. This paper
establishes the theoretical anonymity bounds of various low
latency mix network topologies with expander graph topology as a
baseline to compare with. We established the feasibility and
detail the challenges thrown up by a mix deployment on the
Live-Journal network of friendship ties.
Incentives and
Information Security in
Algorithmic Game Theory, N. Nisan, T. Roughgarden, E. Tardos,
and V. Vazirani (editors), ISBN-13: 9780521872829, Cambridge
University Press, 2007.
Along with Ross Anderson, Tyler Moore and Andy Ozment, I
co-authored a book chapter that surveys several live research
challenges in the economics of information security. We discuss
the persistent problem of misaligned incentives, how network
topology has a significant impact on emerging user incentives,
auctions as a way of measuring security risk, and finally,
asymmetric information and the capacity for hidden action.
the topology of covert conflict
(slides)
illustrates how network structure can influence the evolution of
user incentives in the context of security economics. This work
shows several rounds of interplay between attack and defence
strategies, between an attacker out to minimize the value of the
network by reducing the average shortest path length or the size
of the biggest connected component and defenders fighting back by
reorganizing themselves to maximize the same parameters. Also
available as Technical Report 637 .
On a dynamic topology of covert groups
presented this year at
Sunbelt XXVII , a social networks conference.
Suppose you are designing a covert network that is hidden in a
large social network, with incomplete knowledge of the host
network's topology. What should your covert group's topology
look like? This paper discusses the interplay of attack and
defense in the context of detection and hiding of covert groups
in large networks. The global passive adversary uses a series of
high level traffic analysis measures in the form of graph
partitioning algorithms while the covert group must rewire/add a
small number of edges. We analyze a number of strategies of
hiding covert networks and offer suggestions on how to protect
your secret group from the eyes of the "global passive
adversary".
New Strategies for Revocation in Ad-Hoc Networks
won the best paper award at ESAS 2007.
This
paper discusses decentralized strategies for removing misbehaving
nodes in adhoc-networks. It turns out that reelection turns out
to be a better strategy than blackballing. We then propose a more
radical strategy, namely suicide where both the alleged
misbehavior and the behavior detector die, which we find to be
even more efficient.
Privacy amplification with social networks
( slides ) at
SPW 2007
Often, users in a network wishing to communicate, share a weak
secret. We propose protocols for privacy amplification based on
exploiting the topological properties of the social network
connecting the users. After presenting an initial scheme based on
random walks, we propose a number of modifications that exploit
the presence of communities in such networks to make our
protocols efficient with practical bounds. This paper is
currently undergoing substantial revision currently, a new
version should be available soon.
Evaluation Framework of Location Privacy of Wireless Mobile Systems
with Arbitrary Beam Pattern
was accepted at
Communication Networks and Services Research Conference (CNSR
2007).
In this paper, we counter location privacy compromise by
proposing a low level countermeasure that we call adaptive
beam-forming, to prevent position location of transmitters in
mobile wireless systems. We propose a new antenna design, discuss
its radio characteristics and perform a high level security
analysis to measure the privacy enhancing features as compared to
previous antenna designs.
Time-sync independent Kerberos Authentication Protocol
is a standards draft of a time synchronization independent
kerberos protocol suite. This was originally written for Novell's directory services in order
to provide alternate access to the proprietary nonce based
challenge response protocol, however I left the company soon
after to pursue my PhD and don't know what actually happened to
it.
An Algorithm to cluster directory users into user communities
based on similarity in access is a patent on a
dynamic clustering technique I proposed with Ravi Kiran UVS, a
former colleague at Novell . The
basic idea is that you can group one or more interesting
objects in a directory server based on corresponding access
patterns with regard to other objects, instead of an
administrator coming along and performing complex manual
configuration and often getting it wrong. This leads to a
storage cache management system that massively improves access
times on remote filtered replica servers while reducing administrator
effort.
Security and Policy Integrity in multilateral authorization
systems
was a patent
issued in November 2006, is a system for implementing
multilateral authorization using quorums. First, stakeholders of
a directory object split a quorum private key, the shares of
which for each stakeholder in all access sets is determined. The
shares of the private key held by the stakeholders in any one
access set add up to a number directly related to the private
key. One or more secret keys of the stakeholders are further
determined for each access set. One or more polynomials for the
access sets are then generated by using the shares of the private
key and the secret keys of the object's stakeholders.
Method and System for Amassed Authorization and
An adaptive method and system for user empowered management
based on Dynamic Quorums are still pending with the US patent
office.
Previous Work
I obtained my B.E. majoring in computer science from Bangalore
University in 1999. I joined the network security group at Novell
Research at Bangalore, and worked there for about four years in
various secure distributed computing projects. Some of the patents
related to those pieces of work were issued recently, which you can
see in the list above.
Personal
When not doing research work, I am usually dabbling with my camera. I
try taking pictures with cultural or political messages. Recently, I
have been doing photoshoots in wild life reserves which has been very
exciting!
I also play the
Sitar an instrument popular in North India, Pakistan and
Afghanistan, and belongs to the Hindustani school of music. I belong
to the Maihar
Gharana of music.The Maihar Gharana is a new instrumental khyal
gharana, born in the early 20th century, but it has had tremendous
influence on the Hindustani instrumental music in the last fifty
years.
I play tennis in the 3rd team at Cambridge LTC, enjoy the odd
weekend hike, practise yoga and do gymnastics at the University
Gymnastics Club. I have also recently taken to cycling with a
maiden attempt at a multi-day tour from Cardiff to Cambridge taking
the following
route . I finished the ride in 21 hours and 35 minutes over a
two day period whilst managing not to get run over ;)