Assistant Professor Rahul Chatterjee receives NSF CAREER Award

By Rachel Robey

With MadS&P and DAIS, Chatterjee develops solutions for the growing concern of technology-facilitated abuse.

Assistant Professor Rahul Chatterjee.

Recently, Professor Rahul Chatterjee received the National Science Foundation’s (NSF) CAREER Award for his proposal “Account Security Against Interpersonal Attacks.” Awarded within the Secure & Trustworthy Cyberspace category, Chatterjee’s proposal asks a startling question: What if everything we’ve learned about system security over the last several decades no longer applies?

“This project is about improving account security for survivors of domestic and intimate partner violence,” explains Chatterjee. “It’s a common misconception that attackers always live in some far away land. With intimate partner violence, that presumption is broken; therefore, so are all of the security systems we’ve built in the last 30 years.”

With MadS&P (UW–Madison’s security and privacy research group) and the Madison-based Domestic Abuse Intervention Services (DAIS), Chatterjee develops solutions for the growing concern of technology-facilitated abuse.

“My work revolves around understanding technologies that can be used by abusers to spy, stalk, or harass survivors. I also work on designing interventions and tools to help survivors cope with this kind of abuse,” says Chatterjee. For him, receiving the CAREER Award is both a validation and a necessary source of support: “It’s an attestation of all the work my lab and I have been trying to do for the last seven years. These problems are important, and this award will help us impact real people who are struggling to protect themselves.”

Where current security systems fail

Troubling as it may be, intimate partners present unique threats when it comes to account security. “Threat modeling in computer security is about understanding the capabilities of an attacker and then designing systems to protect us from that threat,” says Chatterjee. “However, current systems do not work when intimate partners act adversarially.”

Chatterjee in 2023, “working frantically to finish this grant while enjoying the beautiful Madison summer!”

That’s partially because abusers often have account access, either through shared passwords or the devices themselves. Another problem is that abusers typically live near or with the partner they’re abusing, making it even easier for them to access accounts without detection. Websites like Facebook, Google, and Instagram are more concerned with far-off hackers, so their login histories provide only rough geographic information about each login attempt. In the case of intimate partner violence (IPV), it’s not conclusive.

“It might say something like, ‘Someone logged into your account from Madison, WI,’ but that’s not enough,” says Chatterjee. “The attacker is also living in Madison, WI — they’re probably living in the same house.”

Chatterjee’s award-winning NSF CAREER proposal presents a possible solution.

“The whole project is about embedding identifiers into the login history so that it’s easy to recognize fraudulent logins,” says Chatterjee. Using what he loosely defines as “crypto-mathematical magics,” these identifiers are made robust to the point that no one but the real user is able to produce them. The result is a definitive indicator whether a login was genuine or fraudulent, giving survivors a sense of safety and control over their private information. 

Supporting survivors at Madison Tech Clinic

Chatterjee credits his PhD advisor, Dr. Thomas Ristenpart, with introducing him to his area of research. While exploring the intersection of spyware and intimate partner violence as a graduate student, “I realized that it’s a unique direction that we haven’t been looking at. Things that would otherwise be completely safe may actually be very dangerous,” he says. 

When he joined the CS faculty in 2019, Chatterjee described the core goal of his research as simply “trying to make authentication systems seamless for the legitimate user but harder for an attacker.” That’s exactly what he does with Madison Tech Clinic, a free community resource that borrows its model from a tech clinic Chatterjee established while working with Ristenpart at Cornell. 

We are a group of trained volunteers with technology expertise who conduct free, confidential consultations in partnership with local domestic abuse advocacy groups to help survivors who are facing stalking or harassment via technology,” explains the Madison Tech Clinic website. In addition to tech consultations and free scans of iPhones, Android phones, and iPads, the clinic provides information, support, and personal account auditing to inform survivors of IPV and bolster their protections.

Students are eager to support such a worthy endeavor. “I don’t have to worry about students. They always come — they feel this is important work, therefore they’re self-motivated,” he says. This is particularly fortunate, Chatterjee explains, as neither the work nor the NSF CAREER Award would be possible without his students and Tech Clinic volunteers.

Chatterjee understands their desire to support the initiative. “It’s so satisfying to be able to use your knowledge to help someone rather than just publishing papers about it,” he explains. Now, with the funding and support from the NSF CAREER Award, he’ll be able to take this research further and do just that.

Congratulations again to Dr. Chatterjee!