Rishit Saiya

Puppeteer: Leveraging a Large Language Model for Scambaiting

Scambaiting is a defense that engages with scammers to waste their resources and gain information about their fraud campaigns. This defense needs automation to scale to the vast number of scams we see today. In this paper, we propose a scalable, automated scambaiting system, Puppeteer, which leverages a large language model for response generation and state machines for conversation tracking. We measure Puppeteer's effectiveness via a user study, where participants play a role of a scammer in two scam scenarios. Puppeteer convinced more than 72% of the participants that they were interacting with a human, and was able to extract information from 68% of participants. In comparison, using the same large language model without conversation tracking convinced only 54% of the participants that they were interacting with a human and obtained information from 54% of participants. Our results show potential for real-world use of Puppeteer. To the best of our knowledge, we are also the first to systematically evaluate a large language model for a scambaiting task.

• ScholarSpace - Research Paper
• Repository

SANNA: Secure Acceleration of Neural Network Applications

The threat of Hardware Trojans looms large on safety-critical systems. A Design-For-Trust technique to mitigate this threat without significant loss in performance is to implement these systems as a Heterogeneous Secure System - HSS. An HSS is built using an array of trustworthy home-grown cores and untrusted but fast third-party cores in a way that prevents unverified results from third-party cores reaching IO peripherals and devices. In this work, we propose to use the unverified results to initiate a speculative execution of subsequent layers of a Neural Network (NN) application on trustworthy cores. Our experiments on six popular NN applications show that on an average, the secure execution on an HSS is slower than the corresponding untrusted execution by up to 6.26% as compared to the slowdown of 80.89% experienced by a conventional trustworthy system.

• IEEE Xplore - Research Paper
• Repository

Fake Packet Generation, Detection and its analysis using Network Security

The threat of network Trojans looms largely on mission-critical applications. This research work illustrates the generation of fake packets distinct from general conventional network traffic and their detection using tools like Scapy, Snort, and simulation of an IDS (Intrusion Detection System). It caters to the execution of the Payload (packet generation) and its real-time analytical understanding based on MITM (Man-in-the-middle) attack and its illustration using Scapy, Wireshark & Snort, thus utilizing the network analysis techniques. Furthermore, Port Security strategies to mitigate the most-vulnerable threats are also defined, possible DNA cryptographic techniques, and state-of-the-art Quantum Cryptography is also explored comprehensively.

• IEEE Xplore - Research Paper
• I2CT - Conference Presentation Certificate
• Final Research Demo Video
• Repository

Reliability and Security of Edge Computing Devices for Smart Cities

In today's modern and developing world, security and privacy are essential ingredients for ensuring data safety and the legitimate access of one's information for most of the real-time applications they utilize, be it using smartphones, laptops, tablets, or electronic gadgets which are connected through the Internet thus making it an easy target to leverage the security of that device, resulting in enabling the attackers getting access to the sensitive and confidential data of the individual or organization. With the progression of technology at such a rapid pace, it may be frequent to conclude that drones will be delivering goods and merchandise, thus catering to the accessibility of mobile hotspots and ensuring the security & surveillance of smart cities. Considering the long-term utility of drones for smart cities, there also comes the threat of cyber-attacks like Deauthentication Attacks, GPS Spoofing, etc., which will lead to the disclosure of sensitive information. The smart devices consist of various embedded SoCs (System-On-Chip), which are integrated to sustain a large amount of user data by focusing primarily on avoiding the trade-off between the complexity of the machine learning implemented model and the available compatible edge devices (Hardware SoCs). Thus, it is essential to enhance the security of edge devices on a large scale, specifically from the perspective of smart cities. Several researchers have also proposed methodologies to improve and sustain the security of smart devices using optimized blockchain-based security frameworks using physical parameters like temperature, light, etc. This chapter defines an insight towards ensuring the security (focuses majorly on the Edge computing devices) of the smart devices, which are the prime source to enhance and maximize privacy, thus enabling the smart cities to be more secure from any cyberattack.

• Springer - Journal Chapter

CSAW - Embedded Security Challenge, 2020

Our team had to hack into the HiFive1-revB IoT board by exploiting the firmware of a Wi-Fi Access Point and corresponding firmware binary running on a RISC-V based Architecture on IoT platform using OSINT & other Open-Source Reverse Engineering tools like Ghidra.

• Problem Statement here
• Official CSAW-ESC, 2020 - GitHub Repository

• Understand the working of a Wi-Fi Access Point on a RISC-V platform.
• Explore all the security vulnerabilities on this RISC-V platform.
• Try out the Reverse Engineering Reconnaissance Techniques using Ghidra.
• Explain the details of the solutions to the three preliminary challenges.
• Qualification Research Paper/Report

• Reverse Engineered various Binary firmwares using techniques like Buffer Overflow, Port Scan in LAN using Nmap, Data Type Manipulation by Buffer Overflow, Simulation, Exploiting Assembly Language Code, etc.
• Final Research Paper/Report

• Official Credential
• Official CSAW Result
• IIT Dharwad Website Feature here

Securing Neural Networks against Hardware Trojans through Assisted Parallelization

Our research introduces a technique to improve the performance of a Neural-Network based application on a Heterogenous Secure System - a system that uses fast but untrusted third-party cores along with trusted but slow home-grown cores. The untrusted third-party cores serve to accelerate the execution of the NN on the home-grown cores through assisted parallelization. The work further proposes an ILP-based technique that groups NN layers into batches in a way that balances the execution latency of each batch across cores as well as minimizes the communication overhead incurred when sending the results from third-party cores to home-grown cores (for verification as well as ahead-of-time execution).

• Official Repository Here

Fake Packet Generation and Detection in Computer Networks

This research was originally designed to cater upon fake packet generation and their detection using Snort, simulation of a IDS (Intrusion Detection System). This is a base for understanding the Man in the Middle Attacks and their working using Scapy, Wireshark & Snort and networking techniques.

• Final Research Demo Video
• Final Research Paper/Report
• Repository

Reliability and Security of Edge Computing Devices for Smart Cities

This chapter defines an insight into the implemented and optimized approach towards ensuring the security (focuses majorly on the Edge computing devices) of the intelligent devices, which are the prime source to enhance and maximize privacy, thus enabling the smart cities to be more secure from any cyberattacks.
The work also further proposes on how security and privacy are essential ingredients for ensuring data safety and the legitimate access of one's information for most of the real-time applications they incur, be it using devices which are connected through the Internet thus making it an easy target to leverage the security of that device, resulting in enabling the attackers to get access to the sensitive and confidential data of the individual or organization.

Performance and Security Comparison of Security and Separation Kernels in High-Assurance Systems

• Conducted a comparative analysis of security and separation kernels using TCSEC and SKPP frameworks, evaluating high-assurance systems GEMSOS and Integrity-178B to assess performance, security policies, and covert channel mitigation techniques.
• Found that security kernels offer superior reference validation as a Trusted Computing Base (TCB) but face compatibility challenges with modern OS and third-party applications.
• Highlighted trade-offs between kernel models, emphasizing the security kernel's potential for high-assurance systems and the need to overcome integration barriers for broader adoption.
• Final Research Project/Paper

Secure Decentralized Audit System for Electronic Health Records

Developed and prototyped a secure audit logging system for Electronic Health Record (EHR) platforms, ensuring privacy, user identification, and immutability while meeting functional and regulatory requirements, including HIPAA compliance. The system utilized advanced features like decentralized design with Merkle Trees, AES encryption, and hashing to secure audit logs, preventing unauthorized access, tampering, or deletion, and enabling robust detection of any internal threats or unauthorized modifications. By providing immutable, detailed audit trails and leveraging decentralized mechanisms, the solution enhanced the security and integrity of EHR audit logs, supporting both operational efficiency and regulatory compliance in modern healthcare environments.

• Final Research Demo Video
• Final Research Project/Paper
• Repository

Patient Data Protection Strategy under HIPAA/HITECH: A Compliance and Security Framework

• Developed a comprehensive security policy for a bioinformatics center, ensuring HIPAA and HITECH compliance by addressing critical threats such as unauthorized access, data breaches, and insider threats, while safeguarding patient data throughout its lifecycle with strategies aligned to NIST 800-66r1 guidelines.
• The policy incorporated a robust role-based access control (RBAC) model that combined Mandatory Access Control (MAC) and Discretionary Access Control (DAC) mechanisms to enforce the principle of least privilege, restricting access to sensitive data based on predefined roles and responsibilities.
• By balancing stringent security measures with operational flexibility, the policy mitigated risks, protected patient privacy, and maintained data integrity within the bioinformatics environment.
• Final Research Project/Paper

Resume Builder

Developed a Spring Boot Web-Application, Resume Builder where user is authenticated using Spring Security to create their personal shareable resume/personal web-page bridged by Thymeleaf in the front-end which provides user data to HTML & CSS templates.
Spring Boot application was integrated with JPA-Hibernate as Object-Relation mapping tool with Relational Database system - Postgres & Deployed on AWS.

• Deployed Website
• Code Available Here

CTF Writeups

I commenced maintaining Writeups bit late since I started. But for all beginners, this consise list of all writeups will avail them to kickstart in CTFs. My current worldwide rank is 41^st out of over 40,000 participants on CTFlearn.

• ByteCTF-2020
  Writeups: ByteCTF-2020
• CTFlearn
  Writeups: CTFlearn
• CSICTF-2020
  Writeups: CSICTF-2020
• Hackthebox
  Writeups: Hackthebox
• ASIS CTF - 2020
  Writeups: ASIS CTF - 2020
• TryHackMe
  Writeups: CTF collection Vol.1
Writeups: c4ptur3-th3-fl4g

Ethereum Based TodoList

A ToDo list powered by Ethereum smart contracts using Truffle Framework created with the Solidity programming language. Finally a client side application using Node JS is created and deployed on Blockchain (using Ganache). The transactions will be monitored on Blockchain Network on browsers using MetaMask Ethereum Wallet.

• Project Code

MICRO Compiler

A compiler for MICRO language using Flex for Scanner and Bison for Parser to build where Flex/Bison being C++ based.

• Compiler

Assembly BCD Packing

As a part of Computer Architecture Course Project, our team had to procure simulation of packing BCD Numbers on NXP's ARM Cortex M3-LPC1768. Using Keil's Emulator to simulate this process we produced packing of BCD numbers with and without usage of THUMB instructions. Further analysis like time of computations, total numbers of steps required as per instructions was also made.

• Code available here

CodeShinobi

As a part of Database Management Systems Course Project, our team had to make a project which could essentially display on the concepts grasped in the course and display its implementation in an application. We built a Django based coding practice platform for students. With a profile with proper analysis of correct vs incorrect code execution for a given user, we have provided in-built code editor with C, C++ and Python with syntax highlighting.

• Code available here

D.R.D.O. SASE's UAV Fleet Challenge

A UAV Drone Swarm to spot a target amongst a clutter of different objects spread randomly over a grassy land and subsequently communicate the location of the target to their remaining two drones using swarm technology only.

• Built the swarm focused on low-speed stability using Pixhawk as the flight controller and Ardupilot firmware.
• Using a flooding based communication approach, drones publish their current GPS coordinates for Collision Avoidance and box location to all drones for cross-referencing.
• GPS coordinates were obtained and appropriate movement commands were sent by Dronekit API which has access to all Ardupilot parameters in real-time.
• The team used basic OpenCV for object detection instead of a Deep Learning frameworks like Tensorflow, due to heavy processing power of RPI and that was taken into consideration.
• Our Team finished 4^th in absolute scoring in D.R.D.O. SASE's UAV Fleet Challenge at Inter IIT Tech Meet 8.0, IIT Roorkee.

• Problem Statement here
• IIT Dharwad Feature here

Lumberjack (Domino Effect)

A bot that makes best decisions for lumberjack's route to make highest profits in given time span for different specifications of trees on grid.

• Optimization using algorithms and STL in C++.
• Implemented structures to refine the code and STL to improve the readability of the code.
• Introspected the intricacies of the problem statement and calculated the best profits for any given grid scenario.

• Problem available here
  
• Code available here

Moodle

A secure web application that serves as an Academic Portal for college.

• Clean UI/UX design with CSS & JS.
• Used PHP for server side scripting and MySQL, XAMPP for DBMS.
• Registration and login features with bifurcative services given to Admin, Instructors and Students respectively.
• Appropiate pages and services to respective designations in institution.

• Code available here

TCTD Challenge

A machine which can be used to transplant rice on smaller farms, a demographic that is often overlooked.

• Keeping in mind the financial conditions of most of the small scale farmers, we planned to keep the cost of our device as low as possible.
• We also aimed to keep our transplanting mechanism simple and robust so that it can be easily repaired by even an amateur mechanic.
• Our Team finished 4^th in relative scoring in TCTD Challenge Event at Inter IIT Tech Meet 7.0, IIT Bombay.

Course Management System

A simple management system which enables the instructor & students of course to manage courses and participants.

• A structured file handling project in C.
• Implemented structures to refine the code and STL to improve the readability of the code.

• Code available here