Genomic Security

Mainstream genomic tests have become a reality with the improvements on the sequencing technology and increasing number of direct-to-consumer services. The discovery of the relation between DNA with important health factors further increased the importance of these tests. Storage and computation costs have reduced; allowing individuals to perform complex operations on their personal computers, even on mobile devices.

These factors have enabled a future (and a reality) where individuals obtain their digitized DNA from a sequencing facility and perform the tests they desire later by engaging with genomic testing facilities. These tests often queries various locations and ranges on the DNA. Due to the sensitivity of the genetic material and often proprietary tests, to date main focus has been the privacy aspects of genomic material and tests. Although often security and privacy go hand in hand, genomic security has
drawn less attention.

In this project, we focus on tying security with privacy in the genomics domain and focus especially on providing authentication and integrity of DNA and its subparts.

This problem is initially discussed here (also available here).

Symmetric Non-repudiation for TLS

This project focuses on the following question:

“Given the need to reliably track any communication mishap in private networks such as banks and data centers, and the need to regulate and record access from increasing number of IoT devices and mobile applications to servers, can a TLS-based symmetric non-repudiation solution be developed to provide robustness as well as security?”

An initial non-repudiation solution for TLS (namely TLS-N) was proposed in this work. Our main purpose is to extend on these ideas to provide symmetricity and robustness for their reliable use in diverse security-critical applications.

Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry

Thermanator is a post factum thermal imaging attack that allows an adversary recover full password key sets up to 30 seconds and partial password key sets up to 1 minute after password entry. The attack uses a mid-range thermal imaging camera.

Full paper available on arxiv.

An example thermal timelapse is given below. More information about the project and media coverage can be found on the project website:

Thermal Timelapse

Password “passw0rd” thermal residue 0, 15,
30, 45 and 60 seconds after entry, left to right.

A Password Extractor Framework for Thermal Images

The password extractor framework uses image processing with Python and OpenCV to recover passwords given thermal images. It is open source at (under development).

Attached images are from the 4-step thermal image password recovery process:

  1. Detection of key regions on the thermal image,
  2. Key labeling,
  3. Detection of residues,
  4. Password recovery and password guessing.


BFTKV is a Byzantine Fault-Tolerant distributed Key-Value storage that leverages GPG’s Web of Trust mechanism to build trust and b-masking quorums to provide fault tolerance.

I worked on BFTKV  during my internship at 256-256-2e98fdedcf402e199ae595ad4bb0a06b-yahoo. The project is open-source at .

A few gifs on how this storage works (more details in the design document):

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close