About me

I am an enthusiastic individual deeply passionate about various aspects of cybersecurity. With a focus on Web security, System Security, Network security, and Usable security, I thrive in creating a safe digital environment for everyone.

My journey in the world of cybersecurity has been an exciting one, as I am constantly exploring and working across different domains of security. This unique approach allows me to gain diverse perspectives and invaluable learnings from each area, enriching my expertise and problem-solving abilities.

The topics I've explored

  • design icon

    Network measurement

    Censorship mechanisms,
    Email validation - SPF, DKIM, DMARC

  • design icon

    Authentication

    Post Quantum Crypto in FIDO2,
    FIDO2 defenses against local attacks,
    Secure key distribution,
    2nd factor authenticaton manager

  • design icon

    E2EE

    User controlled application-independent OS-to-OS encryption

  • design icon

    User studies

    Deniability,
    FIDO2 local attacks

Resume

Education

  1. Brigham Young University

    2020 — Present

    Ph.D. in Computer science

  2. Brigham Young University

    2018 — 2019

    M.S. in Computer science

  3. IIIT Delhi

    2014 — 2018

    B.Tech in Computer Science with Honors, Minor in economics

Experience

  1. Brigham Young University

    Research Assistant
    Sep 2018 — Present

    Mentored 19 undergraduate students and collaborated with researchers from different research institutes on security research projects. Some of the projects are described in the Publication section below.

  2. SandboxAQ

    Ph.D. resident - Security engineer
    May 2023 — Sep 2023

    Post-quantum FIDO2: Designed and implemented post-quantum cryptography (PQC) in FIDO2 protocol. Benchmarking end-to-end PQC in FIDO2.

  3. Microsoft

    Security Research Intern
    Aug 2022 — Nov 2023

    DevOps lifecycle security: Detected gaps in security and compliance policies on artifacts (repos, builds) in Azure DevOps lifecycle over more than 1000 repositories. Redesigned security policies enforcement system to decrease the false negatives by 83\% on Azure DevOps artifacts.

  4. Brigham Young University

    College Instructor
    Apr 2022 — Jun 2022

    Computer Security (CS 465): Taught undergraduate and graduate students; concepts of cryptography, network security, system security, and usable security.

  5. IIIT Delhi

    Research Assistant
    Jan 2017 — Jul 2018

    Censorship and Connectivity of the Internet: Demonstrated erratic behavior of reachability of nodes based on geographical locations over the Internet. Crafted various packets (HTTP, DNS, IP, ICMP) in Python scripts to show the inconsistency of reachability of nodes over the internet depending on location. Utilized network protocols, Wireshark, crafting approaches, and packets to fingerprint devices over the internet.

  6. IIIT Delhi

    Teaching Assistant
    Aug 2017 — Dec 2017

    System Design course: Organized installation and configuration process of server operating systems for labs. Assisted professor with lessons for class computer system management. Evaluated homework, tests, labs and held office hours to ensure students understood course concepts.

  7. TeamMates (Google Summer of Code)

    Java Developer
    May 2017 — Aug 2016

    Collaborated on GUI improvement and cron jobs configurations on the app engine. Created unit test and integration tests through Selenium and TestNG. Accomplished internal design improvement to reduce latency. Developed better stats visualization, new question types, session templates, and preview features.

Publications

  1. A Security and Usability Analysis of Local Attacks Against FIDO2

    2024, NDSS

    T Yadav, K Seamons

  2. Cryptographic Deniability – A Multi-perspective Study of User Perception and Expectation

    2023, USENIX security

    T Yadav, D Gosain, K Seamons

  3. The Design and Evaluation of a Secondary Authentication Factor Manager

    2023, USENIX security

    G Smith, T Yadav, J Dutson, S Ruoti, K Seamons

  4. Automatic Detection and Prevention of Fake Key Attacks in Secure Messaging

    2022, CCS

    T Yadav, D Gosain, A Herzberg, D Zappala, K Seamons

  5. Measuring email sender validation in the wild

    2021, CoNext

    C Deccio, T Yadav , N Bennett, A Hilton, M Howe, T Norton, J Rohde, E Tan, B Taylor

  6. Where The Light Gets In: Analyzing Web Censorship Mechanisms in India

    2018, IMC

    T Yadav, A Sinha, D Gosain, P Sharma, S Chakravarty

Curent Projects

  1. Post Quantum FIDO2

    Designed, implemented and benchmarking post quantum cryptography for signing in webAuthn and for KEM in CTAP2.

  2. InfoGuard: User-Controlled Application-Independent Encryption

    Designed an application-independent user-controlled E2EE system that allows users to enable E2EE on any app preventing plaintext access to apps.
    Implemented the system for benchmarking.

  3. A Security and Usability Analysis of Local Attacks Against FIDO2

    Demonstrated eight attacks on FIDO2 protocol assuming malicious browser extensions and verified these attacks on ten popular web services that use FIDO2.
    Discovered 105,381 Chrome extensions that have sufficient permissions to compromise a WebAuthn client and execute these attacks.
    Conducted two user studies confirming that participants do not detect these attacks.

  4. Mitigations for Local Attacks Against FIDO2

    Mitigated attacks on the FIDO2 protocol's implementation architecture by leveraging Intel-SGX (Trusted execution environment).
    Mitigated some attacks by modifying webAuthn request and response flow in browser.

  5. Securing Password Entry Using Password Managers

    Developed and assessed five potential designs to mitigate password exfiltration threats, considering tradeoffs between security and deployability.
    Implemented a design in the Firefox browser, conducting experiments to validate its effectiveness in countering malicious scripts and extensions while maintaining compatibility with the Alexa top 1000 websites' authentication mechanisms.