top of page

Projects

Security Analysis of the SecureDNA Protocol

Role: Team Leader | National Security Agency

As part of the INSuRE research program supported by the National Security Agency (NSA), I led a team and we conducted a comprehensive security analysis of the SecureDNA protocol, a cryptographic protocol designed to screen DNA synthesis requests securely without revealing sensitive data.

Our research focused on the following:

  • Registration & Authentication: Analyzed the protocol’s registration process and cryptographic certificate handling to ensure proper access control and resistance to impersonation.

  • Exception Handling: Evaluated Exemption List Tokens (ELTs) and their management through the ELGUI web application, identifying risks in email notifications, token subsetting, and user impersonation.

  • Web Application Security: Performed manual and automated penetration testing of the ELGUI platform, uncovering and validating vulnerabilities related to input sanitization and token integrity.

  • Security Goals & CPSA Modeling: Assessed the protocol’s alignment with its stated security goals, and applied the Cryptographic Protocol Shapes Analyzer (CPSA) to analyze the cryptographic robustness of the protocol under formal models.

Key Findings:

  • The ELGUI email field lacks proper validation, risking undetected misuse of tokens

  • Subsetting attempts with modified ELTs are blocked, indicating strong signature enforcement

  • Recommendations include improving key management, monitoring, and validation mechanisms

This work contributed to strengthening the SecureDNA protocol and was acknowledged by NSA mentors and faculty at UMBC. The final report was submitted in December 2024.

Drafting Security Policies for University System of Maryland

Role: Team Member| University of Maryland, Baltimore County

As part of an independent research project under the UMBC Cybersecurity Clinic, I collaborated on a cybersecurity governance initiative to support public institutions in Maryland. The project focused on strengthening compliance, reducing risk, and improving audit readiness through targeted policy development.

Project Highlights:

  • Security Policy Development: Authored 5 institutional security policies by crosswalking requirements from NIST SP 800-171, NIST SP 800-53 Rev. 5, NIST CSF 2.0, and the Maryland IT Security Manual — directly improving compliance readiness and reducing gaps by 13%.

  • Foundational Training: Completed the MIT xPRO “Cybersecurity for Critical Urban Infrastructure” course to build expertise in securing public systems.

  • Strategic Impact: Selected as 1 of only 5 student assistants for the UMBC Cybersecurity Clinic, contributing to governance efforts that improved the University System of Maryland’s security posture by 15%.

  • Thought Leadership: Authored an official blog post for the Consortium of Cybersecurity Clinics, highlighting insights on AI, cybersecurity leadership, and national defense across 30+ academic institutions.

This project deepened my experience with real-world policy design and its role in public sector cybersecurity governance.

Automated Vehicle using OpenCV (Self Driving Car)

Role: Team Leader | Rashtrasant Tukadoji Maharaj Nagpur University

  • Led a team in the development of a small-scale self-driving car to explore the fundamentals of autonomous vehicle technology

  • Utilized OpenCV and machine learning to enable the vehicle to detect traffic lights, recognize road signs, change lanes, and execute start/stop actions, improving safety by avoiding potential collisions.

  • Worked with key algorithms, including Lane Detection and Following System (LDFS), Traffic Light Detection System (TLDS), and Real-Time Object Detection System (RTODS).

  • Conducted research and analysis on essential components for the project, including Raspberry Pi, Arduino UNO, PCB, L298 H Bridge, and Raspberry Pi Camera.

  • Delegated coding tasks based on team expertise and co-authored a research paper on the project’s findings.

Spotify Clone

Independent

  • Developed a Spotify clone using Next.js and JavaScript,  and deployed it on Microsoft Azure.

  • Designed the web application to consume data from the Spotify API, closely mimicking the UI and frontend behaviors of the official Spotify Web Player.

  • Designed the model from scratch, mainly to get some hands-on experience with NextJs Development.

  • Engineered the project from scratch to gain hands-on experience with Next.js development, utilizing tools and techniques such as Tailwind CSS, Recoil, NextAuth, Middleware, React, Debounce, and OAuth JWT for authentication.

bottom of page