Publications

2025

2025

1. S&P 2025

   GuardAIn: Protecting Emerging Generative AI Workloads on Heterogeneous NPU

   Aritra Dhar, Clément Thorens, Lara Magdalena Lazier, and Lukas Cavigelli

   2025

   Abs

   Driven by recent advances in large language models (LLM), generative AI applications have become the dominant workload for the modern cloud. Specialized hardware accelerators, such as GPUs, NPUs, and TPUs, play a key role in AI adoption due to their superior performance over general-purpose CPUs. AI models and the data are often highly sensitive and come from mutually distrusting parties. Existing industry-standard CPU-based TEEs, such as Intel SGX or AMD SEV, do not adequately protect these accelerators. Device-TEEs like Nvidia-CC only address tightly coupled CPU-GPU systems with a proprietary solution requiring TEE on the host CPU side. On the other hand, existing academic proposals target specific CPU-TEE platforms.

   To address this gap, we propose GuardAIn, a confidential computing architecture for discrete NPU devices that requires no trust in the host system. GuardAIn secures data, model parameters, and operator binaries through authenticated encryption. GuardAIn uses delegation-based memory semantics to ensure isolation from the host software stack, and task attestation guarantees strong model integrity. Our GuardAIn implementation and evaluation with state-of-the-art LLMs such as Llama2 and Llama3 shows that GuardAIn introduces minimal overhead with no changes in the AI software stack.

2024

2024

1. ACSAC 2024

   Confidential Computing with Heterogeneous Devices at Cloud-Scale

   Aritra Dhar, Supraja Sridhara, Shweta Shinde, Srdjan Capkun, and Renzo Andri

   ACSAC 2024, 2024

   Abs HTML

   Cloud-centric workloads increasingly leverage domain-specific accelerators (DSAs) such as GPU, NPU, FPGA, etc., to achieve massive speedup over general-purpose CPUs. These workloads compute sensitive data; furthermore, the programs can be proprietary business secrets such as high-performance AI models. Therefore, several confidential cloud solutions have recently emerged to protect against the attacker-controlled software stack (OS/VMM) and the cloud service providers or CSPs themselves. CPU-centric trusted execution environments, or TEEs, have been around for decades and are deployed commercially. However, despite some recent proposals, most nodes lack TEE capability and, therefore, are unprotected against malicious CSP and software stack.

   We address this gap by proposing a new dedicated hardware module, the security controller (SC), that acts as the TEE proxy for the legacy non-TEE DSA nodes in a data center across racks. SC enforces access control and attestation mechanisms and protects the non-TEE nodes even from a physical attacker. This way, SC enables new-generation TEE-enabled nodes and legacy non-TEE nodes to be used in a data center simultaneously while ensuring security. We implement and synthesize SC hardware and evaluate it with real-world cloud-centric workloads with heterogeneous DSAs. Our evaluation shows that, on average, SC introduces 1.5-5% overhead while running AI, Redis, and file system workloads and scales well with an increasing number of DSA nodes (up to 2236 concurrent NPUs running CNNs).
2. arXiv 2024

   Ascend-CC: Confidential Computing on Heterogeneous NPU for Emerging Generative AI Workloads

   Aritra Dhar, Clément Thorens, Lara Magdalena Lazier, and Lukas Cavigelli

   2024

   Abs HTML PDF

   Cloud workloads have dominated generative AI based on large language models (LLM). Specialized hardware accelerators, such as GPUs, NPUs, and TPUs, play a key role in AI adoption due to their superior performance over general-purpose CPUs. The AI models and the data are often highly sensitive and come from mutually distrusting parties. Existing CPU-based TEEs such as Intel SGX or AMD SEV do not provide sufficient protection. Device-centric TEEs like Nvidia-CC only address tightly coupled CPU-GPU systems with a proprietary solution requiring TEE on the host CPU side. On the other hand, existing academic proposals are tailored toward specific CPU-TEE platforms.

   To address this gap, we propose Ascend-CC, a confidential computing architecture based on discrete NPU devices that requires no trust in the host system. Ascend-CC provides strong security by ensuring data and model encryption that protects not only the data but also the model parameters and operator binaries. Ascend-CC uses delegation-based memory semantics to ensure isolation from the host software stack, and task attestation provides strong model integrity guarantees. Our Ascend-CC implementation and evaluation with state-of-the-art LLMs such as Llama2 and Llama3 shows that Ascend-CC introduces minimal overhead with no changes in the AI software stack.
3. DAC 2024 WIP

   Confidential Computing with Heterogeneous Devices at Cloud-Scale

   Aritra Dhar, Supraja Sridhara, Shweta Shinde, Srdjan Capkun, and Renzo Andri

   DAC 2024 (Work-in-Progress Poster), 2024

   Abs HTML

   Cloud-centric workloads are increasingly moving towards leveraging domain-specific accelerators (DSAs) such as GPU, NPU, FPGA, etc. to achieve massive speedup over general-purpose CPUs. These workloads compute sensitive data; furthermore, the programs themselves can be proprietary business secrets such as high-performance AI models. Therefore, several confidential cloud solutions have recently emerged to protect not only the attacker-controlled software stack (OS/VMM) but also the cloud service providers or CSPs themselves. CPU-centric trusted execution environments or TEEs have been around for some time and are deployed commercially. However, despite some recent proposals, most nodes do not have any TEE capability and, therefore, are unprotected against malicious CSP and software stack.

   In this paper, we address this gap by proposing a new dedicated hardware module, which we call the security controller (SC) that acts as the TEE proxy for the legacy non-TEE DSA nodes in a data center rack. SC enforces access control and attestation mechanisms and protects the non-TEE nodes even from a physical attacker. We implement and synthesize SC hardware and evaluate it with real-world cloud-centric workloads with heterogeneous DSAs. Our evaluation shows that on average, SC introduces 1.5-4.5% overhead while running AI, Redis, and file system workloads and scales well with an increasing number of DSA nodes (up to 2236 concurrent NPUs running CNNs). We implement and synthesize SC hardware and evaluate it with real-world cloud-centric workloads with heterogeneous DSAs. Our evaluation shows that, on average, SC introduces 1.5-5% overhead while running AI, Redis, and file system workloads and scales well with an increasing number of DSA nodes (up to 2236 concurrent NPUs running CNNs).
4. DAC 2024 WIP

   Principles for Enabling TEEs on Domain-Specific Accelerators

   Aritra Dhar, Supraja Sridhara, Shweta Shinde, Srdjan Capkun, and Renzo Andri

   DAC 2024 (Work-in-Progress Poster), 2024

   Abs HTML

   Modern disaggregated data centers have grown beyond CPU nodes to provide their customers with domain-specific accelerators (DSAs) such as GPUs, NPUs, and FPGAs. Existing CPU-based TEEs such as Intel SGX or AMD SEV does not provide sufficient protection. DSA-TEE such as Nvidia CC only addresses tightly coupled CPU-DSA systems with a propriety solution. On the other hand, existing academic proposals are tailored toward specific CPU-TEE platforms.

   To bridge this lack of generality, in this paper, we investigate the feasibility of \textitenclaved execution across multi-tenant heterogeneous nodes, extending beyond TEE-enabled CPUs. Wide-scale TEE support for accelerators seems a straightforward solution but is far from being a reality. In this paper, we investigate the fundamental design principles for enabling hardware-backed isolated and attestable instances, a.k.a., enclaves that provide isolation of code and data from attacker-controlled host software stack (OS/VMM). We prototype custom TEE hardware support for two kinds of accelerators: NPU and SSD with low overhead, that show the feasibility of adding TEE support to existing accelerators. Moreover, we evaluated our prototype with real-world AI and storage workload and observed 1-16% overhead.

2022

2022

1. arXiv 2022

   Empowering Data Centers for Next Generation Trusted Computing

   Aritra Dhar, Supraja Sridhara, Shweta Shinde, Srdjan Capkun, and Renzo Andri

   2022

   Abs HTML PDF

   Modern data centers have grown beyond CPU nodes to provide domain-specific accelerators such as GPUs and FPGAs to their customers. From a security standpoint, cloud customers want to protect their data. They are willing to pay additional costs for trusted execution environments such as enclaves provided by Intel SGX and AMD SEV. Unfortunately, the customers have to make a critical choice—either use domain-specific accelerators for speed or use CPU-based confidential computing solutions. To bridge this gap, we aim to enable data-center scale confidential computing that expands across CPUs and accelerators. We argue that having wide-scale TEE support for accelerators presents a technically easier solution, but is far away from being a reality. Instead, our hybrid design provides enclaved execution guarantees for computation distributed over multiple CPU nodes and devices with/without TEE support. Our solution scales gracefully in two dimensions—it can handle a large number of heterogeneous nodes and it can accommodate TEE-enabled devices as and when they are available in the future. We observe marginal overheads of 0.42% - 8% on real-world AI data center workloads that are independent of the number of nodes in the data center. We add custom TEE support to two accelerators (AI and storage) and integrate it into our solution, thus demonstrating that it can cater to future TEE devices.

2. CHES 2022

   Composite Enclaves: Towards Disaggregated Trusted Execution

   Moritz Schneider, Aritra Dhar, Ivan Puddu, Kari Kostiainen, and Srdjan Capkun

   CHES 2022, 2022

   Abs HTML PDF

   The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

2021

2021

1. Thesis 2021

   Building Trust in Modern Computing Platforms

   Aritra Dhar

   ETH Zurich, 2021

   Abs HTML PDF

   User interfaces (UI) are essential parts of modern complex computing platforms as it dictates how humans provide inputs to these systems and interpret output from them. Many remote safety and security-critical cyber-physical systems such as industrial PLCs (in manufacturing, power plants, etc.), medical implants are accessible through rich UIs over browsers or dedicated applications that are running on commodity systems or hosts. Similarly, e-banking, e-voting, social networks, and many other remote applications and services are critically dependent on UIs for user authentication and IO. An attacker-controlled host can not only observe user’s IO data but also can modify them undetected. Loss of integrity and confidentiality of user inputs can lead to catastrophic failure of critical infrastructures, loss of human lives, leakage of sensitive data. The problem of secure communication between a user and an end-system is known as trusted path. Such attacks are not far-fetched as modern software and hardware systems are incredibly complex and span over millions of lines of code. Hence the users are bound to trust a massive trusted computing base or TCB. Exploiting software vulnerabilities of the OS, hypervisors, database systems are very prevalent. Recent technologies such as Trusted execution environments (TEEs) address this problem by reducing the TCB by running isolated environments on the CPU cores, known as enclaves, that are isolated from the OS or hypervisor. However, TEEs do not solve the trusted path problem as TEEs depend on the OS to communicate to the external IO devices. Moreover, the remote attestation mechanism by which a verifier can ensure that she is communicating with the proper enclave is vulnerable to relay attack. In the context of disaggregated computing architecture in modern data centers, the security properties of traditional TEE are insufficient as the trusted path application involves sensitive data not only on the CPU cores but also on the specialized external hardware like accelerators.

   In this thesis, we propose mechanisms to build trust in modern computing platforms by addressing the trusted path problem, and we make the following contributions. First, we analyze existing trusted path systems and found several attacks that compromise user IO data integrity and confidentiality. We are the first to analyze the trusted path problem to find a set of essential security properties and implement them in a system named ProtectIOn using a trusted embedded device as an intermediary. This trusted device intercepts all IO data and overlays secure UI on the display signal. Next, we look into Intel SGX and investigate how one can integrate a trusted path solution to TEEs. We notice that the relay attack on the SGX remote attestation can be detrimental to the trusted path security properties. We design ProximiTEE, a system that uses distance bounding to verify physical proximity to an SGX processor. We also show how the distance bounding mechanism can be used in a high frequency to allocate or revoke platforms in data centers without relying on an online PKI. Finally, we look into the disaggregated computing model of the modern data centers where the TEEs are insufficient as the computation is no longer limited to the CPU cores but several external devices such as GPUs, accelerators, etc. We propose our system PIE based on RISC-V architecture that combines the enclaves running on the CPU and firmware external hardware to a single attestable domain that we call platform-wide enclaves. Inside these platform-wide enclaves, individual binaries (enclaves and firmware) can be remotely attested.

2020

2020

1. S&P Mag 2020

   Dedicated Security Chips in the Age of Secure Enclaves

   Kari Kostiainen, Aritra Dhar, and Srdjan Capkun

   IEEE Security and Privacy, Sep 2020

   Abs DOI HTML PDF

   Secure enclave architectures have become prevalent in modern CPUs. Enclaves provide a flexible way to implement various hardware-assisted security services. But special-purpose security chips can still have advantages. Interestingly, dedicated security chips can also assist enclaves and improve their security.

2. CODASPY 2020

   ProximiTEE: Hardened SGX Attestation by Proximity Verification

   Aritra Dhar, Ivan Puddu, Kari Kostiainen, and Srdjan Capkun

   CODASPY ’20 (Best Paper Award), New Orleans, LA, USA, Sep 2020

   Abs DOI HTML PDF

   Intel SGX enables protected enclaves on untrusted computing platforms. An important part of SGX is its remote attestation mechanism that allows a remote verifier to check that the expected enclave was correctly initialized before provisioning secrets to it. However, SGX attestation is vulnerable to relay attacks where the attacker, using malicious software on the target platform, redirects the attestation and therefore the provisioning of confidential data to a platform that he physically controls. Although relay attacks have been known for a long time, their consequences have not been carefully examined. In this paper, we analyze relay attacks and show that redirection increases the adversary’s abilities to compromise the enclave in several ways, enabling for instance physical and digital side-channel attacks that would not be otherwise possible.We propose ProximiTEE, a novel solution to prevent relay attacks. Our solution is based on a trusted embedded device that is attached to the target platform. Our device verifies the proximity of the attested enclave, thus allowing attestation to the intended enclave regardless of malicious software, such as a compromised OS, on the target platform. The device also performs periodic proximity verification which enables secure enclave revocation by detaching the device. Although proximity verification has been proposed as a defense against relay attacks before, this paper is the first to experimentally demonstrate that it can be secure and reliable for TEEs like SGX. Additionally, we consider a stronger adversary that has obtained leaked SGX attestation keys and emulates an enclave on the target platform. To address such emulation attacks, we propose a second solution where the target platform is securely initialized by booting it from the attached embedded device.

3. NDSS 2020

   ProtectIOn: Root-of-Trust for IO in Compromised Platforms

   Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, and Srdjan Capkun

   27th Annual Network and Distributed System Security Symposium, NDSS, Sep 2020

   Abs HTML PDF

   Security and safety-critical remote applications such as e-voting, online banking, industrial control systems and medical devices rely upon user interaction that is typically performed through web applications. Trusted path to such remote systems is critical in the presence of an attacker that controls the computer that the user operates. Such an attacker can observe and modify any IO data without being detected by the user or the server. We investigate the security of previous research proposals and observe several drawbacks that make them vulnerable to attacks. Based on these observations we identify novel requirements for secure IO operation in the presence of a compromised host.

   As a solution, we propose ProtectIOn, a system that ensures IO integrity using a trusted low-TCB device that sits between the attacker-controlled host and the IO devices. ProtectIOn intercepts the display signal and user inputs from the keyboard and mouse, and overlays secure UI on top of the HDMI frames generated by the untrusted host. The guiding design principles of ProtectIOn are that (i) integrity of user input and output cannot be considered separately, (ii) all user input modalities need to be protected simultaneously, and (iii) integrity protection should not rely on error prone user tasks like checking the presence of security indicators. By following these guidelines, ProtectIOn achieves strong protection for IO integrity. We also propose an extension of ProtectIOn for IO confidentiality and implement a plug-and-play prototype and evaluate its performance.
4. NDSS 2020

   Snappy: Fast On-chain Payments with Practical Collaterals

   Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, and Srdjan Capkun

   In , Sep 2020

   Abs HTML PDF

   Permissionless blockchains offer many advantages but also have significant limitations including high latency. This prevents their use in important scenarios such as retail payments, where merchants should approve payments fast. Prior works have attempted to mitigate this problem by moving transactions off the chain. However, such Layer-2 solutions have their own problems: payment channels require a separate deposit towards each merchant and thus significant locked-in funds from customers; payment hubs require very large operator deposits that depend on the number of customers; and side-chains require trusted validators.

   In this paper, we propose Snappy, a novel solution that enables recipients, like merchants, to safely accept fast payments. In Snappy, all payments are on the chain, while small customer collaterals and moderate merchant collaterals act as payment guarantees. Besides receiving payments, merchants also act as statekeepers who collectively track and approve incoming payments using majority voting. In case of a double-spending attack, the victim merchant can recover lost funds either from the collateral of the malicious customer or a colluding statekeeper (merchant). Snappy overcomes the main problems of previous solutions: a single customer collateral can be used to shop with many merchants; merchant collaterals are independent of the number of customers; and validators do not have to be trusted. Our Ethereum prototype shows that safe, fast (<2 seconds) and cheap payments are possible on existing blockchains.
5. arXiv 2020

   IntegriScreen: Visually Supervising Remote User Interactions on Compromised Clients

   Ivo Sluganovic, Enis Ulqinaku, Aritra Dhar, Daniele Lain, Srdjan Capkun, and Ivan Martinovic

   CoRR, Sep 2020

   Abs HTML PDF

   Remote services and applications that users access via their local clients (laptops or desktops) usually assume that, following a successful user authentication at the beginning of the session, all subsequent communication reflects the user’s intent. However, this is not true if the adversary gains control of the client and can therefore manipulate what the user sees and what is sent to the remote server. To protect the user’s communication with the remote server despite a potentially compromised local client, we propose the concept of continuous visual supervision by a second device equipped with a camera. Motivated by the rapid increase of the number of incoming devices with front-facing cameras, such as augmented reality headsets and smart home assistants, we build upon the core idea that the user’s actual intended input is what is shown on the client’s screen, despite what ends up being sent to the remote server. A statically positioned camera enabled device can, therefore, continuously analyze the client’s screen to enforce that the client behaves honestly despite potentially being malicious. We evaluate the present-day feasibility and deployability of this concept by developing a fully functional prototype, running a host of experimental tests on three different mobile devices, and by conducting a user study in which we analyze participants’ use of the system during various simulated attacks. Experimental evaluation indeed confirms the feasibility of the concept of visual supervision, given that the system consistently detects over 98% of evaluated attacks, while study participants with little instruction detect the remaining attacks with high probability.

6. JBA 2020

   Privacy preserving targeted advertising and recommendations

   Theja Tulabandhula, Shailesh Vaya, and Aritra Dhar

   Journal of Business Analytics, Sep 2020

   Abs HTML PDF

   Recommendation systems form the centerpiece of a rapidly growing trillion dollar online advertisement industry. Curating and storing profile information of users on web portals can seriously breach their privacy. Modifying such systems to achieve private recommendations without extensive redesign of the recommendation process typically requires communication of large encrypted information, making the whole process inefficient due to high latency. In this paper, we present an efficient recommendation system redesign, in which user profiles are maintained entirely on their device/web-browsers, and appropriate recommendations are fetched from web portals in an efficient privacy-preserving manner. We base this approach on precomputing compressed data structures from historical data and running low latency lookups when providing recommendations in real-time.

2019

2019

1. NSDI 2019

   Deniable Upload and Download via Passive Participation

   David M. Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, Daniel Ronzani, and Srdjan Capkun

   16th USENIX Symposium on Networked Systems Design and Implementation, NSDI, Sep 2019

   Abs HTML PDF

   Downloading or uploading controversial information can put users at risk, making them hesitant to access or share such information. While anonymous communication networks (ACNs) are designed to hide communication meta-data, already connecting to an ACN can raise suspicion. In order to enable plausible deniability while providing or accessing controversial information, we design CoverUp: a system that enables users to asynchronously upload and download data. The key idea is to involve visitors from a collaborating website. This website serves a JavaScript snippet, which, after user’s consent produces cover traffic for the controversial site / content. This cover traffic is indistinguishable from the traffic of participants interested in the controversial content; hence, they can deny that they actually up- or downloaded any data.

   CoverUp provides a feed-receiver that achieves a downlink rate of 10 to 50 Kbit/s. The indistinguishability guarantee of the feed-receiver holds against strong global network-level attackers who control everything except for the user’s machine. We extend CoverUp to a full upload and download system with a rate of 10 up to 50 Kbit/s. In this case, we additionally need the integrity of the JavaScript snippet, for which we introduce a trusted party. The analysis of our prototype shows a very small timing leakage, even after half a year of continual observation. Finally, as passive participation raises ethical and legal concerns for the collaborating websites and the visitors of the collaborating website, we discuss these concerns and describe how they can be addressed.

2018

2018

1. RV 2018

   METIS: Resource and Context-Aware Monitoring of Finite State Properties

   Garvita Allabadi, Aritra Dhar, Ambreen Bashir, and Rahul Purandare

   Runtime Verification - 18th International Conference, RV, Sep 2018

   Abs HTML PDF

   Runtime monitoring of finite state properties may incur large and unpredictable overheads in terms of memory and execution time, which makes its deployment in a production environment challenging. In this work, we present a monitoring approach that investigates the trade-offs between memory overheads of monitoring, execution times of monitoring operations, and error reporting. Our approach is motivated by two key observations. First, there is a prominent behavioral redundancy among monitors. Second, the events on the same or related objects are often temporally segregated. We have implemented our approach in a prototype tool, Metis. Its evaluation indicates that it can reduce the memory footprint effectively and provide compact worst-case execution time bounds to monitoring operations with little to no compromise in error reporting.

2017

2017

1. ePrint Arch. 2017

   IntegriKey: End-to-End Integrity Protection of User Input

   Aritra Dhar, Der-Yeuan Yu, Kari Kostiainen, and Srdjan Capkun

   IACR Cryptol. ePrint Arch., Sep 2017

   Abs HTML PDF

   Various safety-critical devices, such as industrial control systems, medical devices, and home automation systems, are configured through web interfaces from remote hosts that are standard PCs. The communication link from the host to the safety-critical device is typically easy to protect, but if the host gets compromised, the adversary can manipulate any user-provided configuration settings with severe consequences including safety violations. In this paper, we propose INTEGRIKEY, a novel systemforuserinputintegrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device observes user input events and sends a trace of them to the server that compares the trace to the application payload received from the untrusted host. To prevent subtle attacks where the adversary exchanges values from interchangeable input fields, we propose a labeling scheme where the user annotates input values. We built a prototype of INTEGRIKEY, using an embedded USB bridge, and our experiments show that such integrity protection adds only minordelay. WealsodevelopedaUI analysis toolthathelpsdeveloperstoprotecttheirservices and evaluated it on commercial safety-critical systems.

2. USENIX 2017

   ROTE: Rollback Protection for Trusted Execution

   Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun

   26th USENIX Security Symposium (USENIX Security), Sep 2017

   Abs HTML PDF

   Security architectures such as Intel SGX need protection against rollback attacks, where the adversary violates the integrity of a protected application state by replaying old persistently stored data or by starting multiple application instances. Successful rollback attacks have serious consequences on applications such as financial services. In this paper, we propose a new approach for rollback protection on SGX. The intuition behind our approach is simple. A single platform cannot efficiently prevent rollback, but in many practical scenarios, multiple processors can be enrolled to assist each other. We design and implement a rollback protection system called ROTE that realizes integrity protection as a distributed system. We construct a model that captures adversarial ability to schedule enclave execution and show that our solution achieves a strong security property: the only way to violate integrity is to reset all participating platforms to their initial state. We implement ROTE and demonstrate that distributed rollback protection can provide significantly better performance than previously known solutions based on local non-volatile memory.

2016

2016

1. W4A 2016

   TactBack: VibroTactile braille output using smartphone and smartwatch for visually impaired

   Aritra Dhar, Aditya Nittala, and Kuldeep Yadav

   Proceedings of the 13th Web for All Conference, W4A, Sep 2016

   Abs DOI HTML

   In this paper, we present TactBack, a novel way to haptically represent braille characters on a off-the-shelf mobile device and a smartwatch using vibration. TactBack can be used for a wide variety of scenarios such as training braille characters to the deaf-blind, providing secure non-audio feedback for pin/password entry, and as an educational tool for learning braille. We discuss the details of design and implementation of TactBack, and report on a preliminary user study with 15 participants. Our evaluation shows that participants could recognize individual braille characters with minimal training using TactBack. We present some of the scenarios where TactBack could provide substantial benefit over traditional talkback.

2015

2015

1. FSE 2015

   CLOTHO: saving programs from malformed strings and incorrect string-handling

   Aritra Dhar, Rahul Purandare, Mohan Dhawan, and Suresh Rangaswamy

   Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE, Sep 2015

   Abs DOI HTML

   Software is susceptible to malformed data originating from untrusted sources. Occasionally the programming logic or constructs used are inappropriate to handle the varied constraints imposed by legal and well-formed data. Consequently, softwares may produce unexpected results or even crash. In this paper, we present CLOTHO, a novel hybrid approach that saves such softwares from crashing when failures originate from malformed strings or inappropriate handling of strings. CLOTHO statically analyses a program to identify statements that are vulnerable to failures related to associated string data. CLOTHO then generates patches that are likely to satisfy constraints on the data, and in case of failures produces program behavior which would be close to the expected. The precision of the patches is improved with the help of a dynamic analysis. We have implemented CLOTHO for the JAVA String API, and our evaluation based on several popular open-source libraries shows that CLOTHO generates patches that are semantically similar to the patches generated by the programmers in the later versions. Additionally, these patches are activated only when a failure is detected, and thus CLOTHO incurs no runtime overhead during normal execution, and negligible overhead in case of failures.

2014

2014

1. FC 2014

   Increasing Anonymity in Bitcoin

   Amitabh Saxena, Janardan Misra, and Aritra Dhar

   Financial Cryptography and Data Security - FC 2014 Workshops, BITCOIN, Sep 2014

   Abs DOI PDF

   Bitcoin prevents double-spending using the blockchain, a public ledger kept with every client. Every single transaction till date is present in this ledger. Due to this, true anonymity is not present in bitcoin. We present a method to enhance anonymity in bitcoin-type cryptocurrencies. In the blockchain, each block holds a list of transactions linking the sending and receiving addresses. In our modified protocol the transactions (and blocks) do not contain any such links. Using this, we obtain a far higher degree of anonymity. Our method uses a new primitive known as composite signatures. Our security is based on the hardness of the Computation Diffie-Hellman assumption in bilinear maps.

2013

2013

1. ICT-EurAsia 2013

   Code Based KPD Scheme with Full Connectivity: Deterministic Merging

   Pinaki Sarkar, and Aritra Dhar

   Information and Communicatiaon Technology - International Conference, ICT-EurAsia, Sep 2013

   DOI
2. MobiHoc 2013

   Connecting, scaling and securing RS code and TD based KPDs in WSNs: deterministic merging

   Pinaki Sarkar, Brijesh Kumar Rai, and Aritra Dhar

   The Fourteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing, MobiHoc, Sep 2013

   DOI

2012

2012

1. ISC 2012

   100% Connectivity for Location Aware Code Based KPD in Clustered WSN: Merging Blocks

   Samiran Bag, Aritra Dhar, and Pinaki Sarkar

   Information Security - 15th International Conference, ISC, Sep 2012

   DOI