I have now moved to

Having got my basic academic bearings from Fatima High School, Mumbai, India and Swami Vivekananda Junior College, Mumbai, I landed at the doorstep of Indian Institute of Technology - Madras, Chennai, India for my B.Tech. in Electrical Engineering. The four-year long drill catapulted me to Iowa State University, USA for my MS/PhD in Computer Engineering. As I trudged along, I have been fortunate to have visited CHiPES, Nanyang Technological University, Singapore and Lucent Bell Labs, USA, to hone my skills and to undertake research on cutting-edge technologies with some of the greatest minds, in the industry and academia. Currently I am part of the Google family, with the sole mission of organizing the world's information, making it universally accessible and useful.

Born in Pondicherry, India, brought up in Mumbai, with a brief stay in Chennai and Iowa, and currently in the Bay Area, I have had a taste of different societies, different kinds of people and the ever-lasting memories. If you are one of those gud 'ol friends, I did very much cherish our association and would like to stay in touch ... that you know I am the laziest person around is reason why I might not have reciprocated or replied back in time :)

A few organizations that I have been contributing to, in my free time include Sankalp (volunteer) and Indian Students' Association (Treasurer) at ISU. Please help us in helping other people by supporting this cause.

The main focus of my research to date has been in detecting and mitigating the effects of large scale distributed denial of service attacks and other security incidents on the Internet. We have looked at the problem of high speed deep packet content inspection at the core of the network as a means of eliminating virus/worm spreads and tried to address the problem of zero-day attack detection using novel runtime signature extraction techniques. We have also tried to develop efficient IP Traceback techniques that not only trace the true attack sources but also help in effective attack mitigation. We have also worked on design of secure routing protocols from first principles. I have also extended a course project to address the problem of SQL injection attacks on web servers.


  High Speed Deep Packet Content Inspection

The past few years have witnessed a tremendous increase in the frequency and sophistication of attacks on the Internet including notorious viruses like Slammer and other denial-of-service attacks. 10G ethernet speeds in metro and enterprise access networks, and up to 40G line speeds at the core of the network require design of line speed packet filtering techniques with no data buffering. The increasing number and complexity of virus signatures requires design of fast pattern matching algorithms that can easily be implemented in hardware and allow advanced regular expression searches. We have designed a compressed state machine for pattern matching, similar to the one used by the Aho-Corasick algorithm, to achieve higher speeds. We have also proposed very efficient memory optimization techniques to significantly reduce the memory requirements of the proposed algorithm. We also propose hardware architecture for the content inspection module using TCAMs, to provide necessary speed guarantees. In addition, we have provided additional support for regular expression search in the state machine, to support a whole range of search queries. A hardware prototype is being developed. This would eventually be incorporated as an integral part of the RouterShield product being developed at Bell Labs.

  IP Traceback

The stateless nature of the Internet combined with the destination-oriented routing that IP supports have made it easy to use source address spoofing as an effective attack tool in today's Internet. Simple and/or distributed flooding attacks have been used as effective means of paralyzing systems in the Internet in the past. There is an urgent need to design efficient traceback mechanisms that can identify the true source of the attacks and also to identify the routing paths of the attack packets to initiate efficient mitigation strategies closer to the source of the attack. We propose an elegant IP Traceback technique by viewing the traceback-enabled routers as an overlay graph and using advanced graph coloring techniques to achieve reliable traceback using very few packets and bits/packet marked. This solves the scalability and deployability problems of traditional techniques due to the graph theoretic properties. Additionally we also propose a multi-level traceback mechanism by using connectivity graphs as an efficient but slightly inexact means of traceback, to achieve traceback real fast. The salient features of the solution include ability of the ISP operators to hide their internal topology from malicious attackers who could have used the traditional traceback systems to reverse-engineer the topology of various ISP networks. We also extend these concepts in achieving higher spatial and temporal reuse of the different traceback identifier labels both locally and globally, resulting in faster attack detection and mitigation. Additionally, we define a new metric called utility factor to systematically analyze traceback techniques, and propose an optimal traceback scheme that can achieve near zero-delay attack detection and mitigation, for deployment in today's high speed networks.

  Secure Routing Protocols

Routing is one of the key functions of the Internet and routing protocols form an inseparable part of the Internet infrastructure. Without accurate routing information, packet transmission in the Internet can be drastically affected and could possibly bring the Internet to a grinding halt. Various schemes have been proposed in literature to secure distance vector routing protocols but they do not ensure the factual correctness of the routing updates, which we believe is the most critical aspect in securing any protocol against compromised routers. The distance vector routing updates are essentially distributed computational results of the nodes in the network and they carry only the distance information for every reachable destination. Hence it becomes difficult, if not impossible, to determine the factual correctness of the distance vector update messages. We exploit the distributed nature of this class of protocols to provide us the much needed factual correctness guarantees using a distributed route computation model. We use novel concepts like neighbor update propagation and distance vector tree rotations along with simple cryptographic primitives to satisfy the various security requirements. The proposed protocols impose very little extra overhead in terms of message size, number of update packets and hence bandwidth requirements when compared to the traditional distance vector protocols.

  SQL Injection Attack Prevention

The extensive use of SQL queries as a means of generating dynamic web-pages has lead to many security considerations regarding their use. SQL Injection attacks have had the most profound effect as they enable attackers to bypass all security mechanisms and have access to entire databases at the server side without leaving any traces behind. The flaw is enabled due to insecure code written by naive programmers, who failed to understand the security implications then. Preventing this attack today has involved poring over the entire software all over again trying to iron out all possible flaws and has taken considerable man hours to do so. We have developed a novel structural modification to the Web Server architecture to avoid these attacks in the first place. The solution proposes simple installation of a package, similar to a patch that modifies the data flow in a Web Server in a seamless fashion that breaks no functionality. It however helps to filter out all malicious code from being executed on the Web Server using techniques like query randomization and query automaton construction and verification. We are currently building a prototype and hope to release the software package in near future.