Note: I am open to Software/Security Engineering Full-time positions.
My name is Himanshu Goyal (How to pronounce?).
I am a graduate student at Georgia Tech pursuing a Master of Science in Computer Science with a specialization in Computing Systems.
Before this, I proudly earned a Dual Degree in Computer Science (B.S./M.S.) from the Indian Institute of Technology (IIT) Bhubaneswar .
My thesis was centered around the development of large-scale smart systems, with a strong emphasis on Trust, Security, and Privacy guarantees. This work was conducted under the supervision of Prof. Sudipta Saha.
I am also an active member of the Decentralized and Smart Systems Research Group (DSSRG) at IIT Bhubaneswar.
As a skilled software engineer, my passion lies in developing large-scale secure software systems that leverage the power of robust systems architecture, modern cryptographic methodologies, and essential open-source tools.
I have worked on several disciplines ranging from Systems & Networking, Blockchain, Trustworthy distributed computing, Zero-Knowledge Proofs (ZKPs), and Privacy Preserving Machine Learning (PPML), Deep learning,. I truly enjoy applying modern cryptographic techniques in building secure software systems.
I maintain a list of cryptographic resources under the
Crypto Resources tab. It mostly contains references to the security related courses taught at several universities along with some additional useful information. If you feel to contribute, I welcome you to contact me for the same. I also occasionally
blog to distill out my understanding from the readings I do. Well, you can find me reading, lurking reddit and twitter in my spare time. Nevertheless, I am an ardent Cricket fan and love talking about it.
CV / Resume: [pdf]
Last Updated: Sept 2023
Email ID: hgoyal33@gatech.edu
Updates
Motivation: This research work investigates the significant threat of do-
main impersonation attacks, wherein attackers create do-
mains that resemble legitimate ones to deceive users into
disclosing sensitive information. The effectiveness of existing
security measures in detecting and preventing such attacks is
analyzed. Specifically, the warning messages in the browsers
and the Safe Browsing API, a prevalent browser-based se-
curity mechanism, are examined in identifying potentially
harmful websites. Our Chrome-based browser study states
that around 45% of look-alike domains are available to buy,
and the browser application only shows warning messages
for only 1%, providing an open area for attackers to launch
malicious webpages. Our research also demonstrates the lim-
itations of relying solely on these mechanisms, as attackers
can easily obtain certificates for look-alike domains through
free certificate authorities such as Let’s Encrypt. We find
that majority of the look-alike domains in our dataset have
valid TLS certificates and that RPKI validity cannot be used
to distinguish these sites. To address this issue, we propose
a solution that combines tools such as DNSTwist and CT
Monitors, which can assist domain owners in identifying
potentially malicious look-alike domains. This solution can
help mitigate the risks of domain impersonation attacks and
improve the security of popular domains on the internet.
The findings of this research work contribute to a more com-
prehensive understanding of the security risks associated
with popular domains and inform the development of more
effective security measures.
Keywords: Domain Typosquatting, Google Chrome, Safe
Browsing, RPKI, TLS Certificates
Acknowledgement: This work was done in collaboration with Samina Mulani at Georgia Tech.
Project Report [pdf]
Project Presentation [ppt]
Motivation: Industrial control systems (ICS) are used to automate and
monitor processes and equipment in various industries, such
as energy, transportation, and manufacturing. These systems
provide many benefits, but they can also be vulnerable to se-
curity threats if not properly protected. Most ICS networks
use protocols designed for controlled environments and do
not have built-in security mechanisms. However, the increas-
ing connectivity of ICS devices to networks and the internet
creates opportunities for malicious actors to cause disruptions
and malfunctions. In this study, we employed an empirical
methodology to assess the potential vulnerabilities in existing
ICS networks. Using network scanning techniques, we identi-
fied vulnerable ICS devices according to the Purdue model,
which considers the hierarchical structure of ICS networks
and the different services that devices run on. Our evaluation
showed that this method could effectively identify high-risk
devices and prioritize them for security measures.
Acknowledgement: This work was done under the guidance of Prof. Saman Zonouz, and Prof. Paul Pearce at Georgia Tech.
Project Report [pdf]
Project Presentation [ppt]
LiPI: Lightweight Privacy-Preserving Data Aggregation in IoT
Himanshu Goyal, Krishna Kodali, and Sudipta Saha
Accepted in the 22nd IEEE International Conference on Trust, Security Privacy in Computing and Communications (TrustCom), 2023, Exeter, UK.
Abstract: In the modern digital world, a user of a smart system remains surrounded with as well as observed by a number of tiny IoT devices round the clock almost everywhere. Unfortunately, the ability of these devices to sense and share various physical parameters, although play a key role in these smart systems but also causes the threat of breach of the privacy of the users. Existing solutions for privacy-preserving computation for decentralized systems either use too complex cryptographic techniques or exploit an extremely high degree of message passing and hence, are not suitable for the resource-constrained IoT devices that constitute a significant fraction of a smart system. In this work, we propose a novel lightweight strategy LiPI for Privacy-Preserving Data Aggregation in low-power IoT systems. The design of the strategy is based on decentralized and collaborative data obfuscation and does not exploit any dependency on any trusted third party. In addition, besides minimizing the communication requirements, we make appropriate use of the recent advances in Synchronous-Transmission (ST)-based protocols in our design to accomplish the goal efficiently. Extensive evaluation based on comprehensive experiments in both simulation platforms and publicly available WSN/IoT testbeds demonstrates that our strategy works up to at least 51.7% faster and consumes 50.5% lesser energy compared to the existing state-of-the-art strategies.
ReLI: Real-Time Lightweight Byzantine Consensus in Low-Power IoT-Systems
Himanshu Goyal, Manish Kausik H, and Sudipta Saha
Accepted in the 18th IEEE International Conference on Networks and Service Management (CNSM), 2022, Thessaloniki, Greece.
Abstract: IoT/WSN assisted smart-systems are making our living easier and more comfortable in various aspects. However, there is always a chance of malfunctioning in such massive decentralized systems in crucial moments because of one or more components of the system getting compromised. For instance, monitoring systems installed to watch the status of a bridge may unknowingly suppress the recent deterioration in the status because of some compromised sensing devices. Byzantine fault tolerance support is highly essential in combating the presence of such smart devices with malicious intentions. However, existing solutions for consensus or data aggregation in IoT/WSN systems either assume non-Byzantine node failures or use only simulation/theoretical models to address the existence of Byzantine nodes. Theoretically, a decentralized system can effectively tolerate Byzantine characteristics of up to a certain fraction of the nodes. However, to achieve even that, the nodes need to interact extensively and share data with each other which makes it challenging for such solutions to get practically realized and produce outcomes in real-time, especially in resource-constrained IoT systems. In this work, we adopt Synchronous-Transmission based mechanisms and propose a framework ReLI to efficiently achieve Byzantine consensus in low-power IoT systems. We show that ReLI can operate up to 80% faster and consume up to 78% lesser radio-on time compared to the traditional implementation of the strategy in a publicly available IoT/WSN testbed containing 45 nodes.
Paper Reviews
Remark: The final draft incorporates several suggestions provided in the reviews.
Review 1:
- What are major strengths?
- The paper exhibits sufficient novelty.
- The work is properly presented and the text is well-written.
- Sufficient evaluation and technical depth are exhibited.
- What are shortcomings?
- There are no noteworthy drawbacks for this paper.
Review 2:
- What are major strengths?
- This paper proposes a framework ReLI to efficiently achieve Byzantine Consensus in Low-Power IoT-Systems.
- The proposed scheme leverages Synchrous Transmission (ST) based communication mechanism among IoT devices.
- The performance of the proposed scheme was evaluated by implementations in Cooja as well as IoT/WSN testbeds DCube and FlockLab composed of 45 and 24 TelosB motes, where the algorithms were implemented in Contiki OS for TelosB motes.
- The paper shows that ReLI can operate up to 80% faster and consume up to 78% less radio-on time compared to the traditional implementation of the strategy in a publicly available IoT/WSN testbed containing 45 nodes.
- What are shortcomings?
- The performance analysis was done for relatively small number of IoT nodes, just up to 45 nodes.
Analysis on scalability is required with increased IoT nodes.
Review 3:
- What are major strengths?
- This paper proposes a framework named ReLI to achieve Byzantine consensus in low-power IoT systems.
Its performance is well demonstrated by implementation.
- What are shortcomings?
- Readability is low because of paper organization.
For example, although Fig. 1 appears in p.5 (Section IV), it is referred in p.3 (Section III).
</details>
A Step Towards
Building Trustworthy
Wireless Sensor Network (Synopsis)
Himanshu Goyal
(under guidance of
Prof. Sudipta Saha)
IIT Bhubaneswar (2020-2022)
In this work, we conceptualize an Internet of Things (IoT) system as a vast network of
low-power devices distributed over a large geographical area. Each device is capable of performing tasks,
communicating with other devices, and operates under limited energy resources. We also take into account
the possibility of some devices being manipulated by adversaries with intentions to gain control over the network or to cause the network to deviate from its intended function. The primary
limitation of an IoT system is the resource constraints of the devices. However, we interpret the extensive number of devices in IoT as an advantage. We consider it as a highly distributed system and propose to offset the resource limitation in the devices with collaborative computing, where device-to-device communication is crucial. To effectively leverage the potential of such a large-scale network, we propose a shift from the traditional asynchronous transmission-based communication strategies to time-slotted parallel communication strategies. The primary focus of this research is to achieve Byzantine fault tolerance in IoT networks and to implement privacy-preserving data-aggregation among the participating nodes using the developed synchronous communication strategies.
ZoneSync: Real-Time Identification of Zones in IoT-Edge.
Manish Kaushik, Jagnyashini Debadarshini, Himanshu Goyal , Sudipta Saha.
In Proceedings of the IEEE 15th International Conference on COMmunication Systems & NETworkS (COMSNETS), 2023, Bengaluru, India.
Abstract: With the advancement in hardware technology, IoT-edge systems are getting well-equipped with a variety of types of sensing devices. The massive decentralized sensing capability of IoT-edge can be used not only for monitoring purposes but also for automated detection and even prediction of anomalous behavior in the area covered by the IoT-edge. However, as a prerequisite to anomaly detection, what is very essential is a clear understanding of the usual nature of the region where the IoT -edge system is deployed. The existing solutions in this direction mostly take the help of the cloud to serve the purpose. We endeavor to carry out the task of understanding the characteristics of the zones/regions in the edge itself through in-network distributed computing. In this work, we derive a simple lightweight strategy based on Synchronous-Transmission to enable every node in an IoT-edge to gain knowledge about the zone it belongs to and identify its surrounding zones in real-time. Through extensive simulation and testbed-based study, we show that our proposed solution can accomplish the goals quite accurately and up to 12.5 times faster than the traditional strategy.
Paper Reviews
Coming Soon!
Multi-Party Computation in IoT for Privacy-Preservation
Himanshu Goyal, and Sudipta Saha
Accepted in 42nd IEEE International Conference on Distributed Computing Systems (ICDCS), 2022, Bologna, Italy.
Abstract: Preservation of privacy has been a serious concern with the increasing use of IoT-assisted smart systems and their ubiquitous smart sensors. To solve the issue, the smart systems are being trained to depend more on aggregated data instead of directly using raw data. However, most of the existing strategies for privacy-preserving data aggregation, either depend on computation-intensive Homomorphic Encryption based operations or communication-intensive collaborative mechanisms. Unfortunately, none of the approaches are directly suitable for a resource-constrained IoT system. In this work, we leverage the concurrent-transmission-based communication technology to efficiently realize a Multi-Party Computation (MPC) based strategy, the well-known Shamir's Secret Sharing (SSS), and optimize the same to make it suitable for real-world IoT systems.
Paper Reviews
Remark: The final draft incorporates several suggestions provided in the reviews.
Review 1:
- What are major strengths?
- The studied problem is important.
- What are shortcomings?
- The key novelty of this paper could be better elaborated.
Review 2:
- What are major strengths?
- It is relevant to this conference.
- The presentation is good.
- The performance of the proposed scheme was evaluated by implementations in Cooja as well as IoT/WSN testbeds DCube and FlockLab composed of 45 and 24 TelosB motes, where the algorithms were implemented in Contiki OS for TelosB motes.
- The paper shows that ReLI can operate up to 80% faster and consume up to 78% less radio-on time compared to the traditional implementation of the strategy in a publicly available IoT/WSN testbed containing 45 nodes.
- What are shortcomings?
- In abstract, too many backgrounds are described.
- In introduction, too many backgrounds are described. To the work of the author, it does not declare clearly.
- In introduction, too much introductions are about SSS and MiniCast, but to how to integrate them are not clear.
- There is not significant contribution of this work. It is just an attempt to integrate SSS and MiniCast, and the results show that it is just can afford few nodes. It is not practical.
</details>