Hi, I'm Rathan Appana

I worked as a Visiting Scholar Researcher at KU Leuven, Belgium, worked under Prof. Mathy Vanhoef in the DistriNet Research Unit. I hold an MSc in Information and Network Engineering, specialized in Networked System Security, from KTH Royal Institute of Technology.

My work focuses on Wireless Security, Secure Network Protocols, and Linux Kernel Development. During my MSc thesis, I developed a Dynamic MAC Re-randomization protocol to improve WiFi privacy by preventing device tracking in personal networks, while ensuring minimal performance overhead. Building on that foundation, my current research at KU Leuven explores privacy-enhancing mechanisms and secure protocol designs for enterprise networks.

I’m passionate about solving complex challenges in Linux-based systems and developing secure, resilient, and privacy-focused network infrastructures.

Recent Role - Visiting Scholar Researcher

As a Visiting Scholar Researcher at KU Leuven in the DistriNet Research Unit, I’m working under the supervision of Prof. Mathy Vanhoef. My research focuses on privacy and security enhancements for enterprise wireless networks.

This role allows me to contribute to cutting-edge security research while collaborating with a team dedicated to addressing modern challenges in network privacy and security.

Publications

Measuring and Preventing Certificate Misconfigurations in Enterprise WPA2/3 Networks
Rathan Appana, Mathy Vanhoef
International Conference on Communication Systems and Networks (CSNet), 2025
To be appear

Education

Master of Science in Networked System Security

KTH Royal Institute of Technology, Stockholm, Sweden Aug 2022 – Nov 2024

Specializing in Networked Systems with a focus on Wireless Security and Privacy-Enhancing Technologies. Key courses included Building Networked Systems Security, Wireless Networks, and Ethical Hacking, which provided a comprehensive understanding of secure communication protocols and privacy challenges in modern networks.

Bachelor of Technology in Electronics and Communication Engineering

Amrita Vishwa Vidyapeetham, Bangalore, India Jul 2019 – Jul 2023

Gained a solid foundation in Wireless Communication and Network Protocols, complemented by hands-on projects. Key courses included Wireless Communication, Computer Networks, and Radio Frequency Engineering.

Projects

Enhancing Privacy in Wireless Communications: AP-Initiated Dynamic MAC Address Re-Randomization

MSc Thesis, KTH Royal Institute of Technology, Stockholm, Sweden Mar 2024 – Nov 2024

Modern wireless networks rely on MAC addresses for device identification, but once a device completes authentication, its MAC address remains static, making it susceptible to long-term tracking. Existing MAC randomization techniques only protect devices before association and fail to provide privacy during an active connection. My research proposes an AP-triggered MAC re-randomization protocol, ensuring that MAC addresses change dynamically even after key negotiation, mitigating tracking risks in real-time while preserving seamless connectivity.

To validate this approach, I implemented kernel-level modifications in mac80211 and conducted extensive simulations using Mininet-WiFi, mac80211_hwsim, and wmediumd. Results showed that without re-randomization, devices were 100% trackable in all network conditions. With the proposed AP-triggered scheme, MAC linkability was reduced from 100% (1 station) to 15% (11 stations), making large-scale device tracking infeasible. Performance evaluations demonstrated minimal overhead, with an average UDP packet loss below 0.1% and stable throughput (~30 Mbps), confirming the protocol's practical feasibility.

This work bridges the gap between security research and real-world implementation, providing a lightweight, scalable solution to improve WiFi privacy at scale. Future work includes hardware validation, adaptive re-randomization intervals, and exploring AI-driven anomaly detection to counter evolving tracking techniques.

Enterprise Network Penetration Testing (Capture The Flag)

Course Project, KTH Royal Institute of Technology Aug 2023 – Oct 2023

Conducted a penetration test on a simulated corporate network, exploiting vulnerabilities in web applications, databases, and network services. Captured 20+ security flags by performing reconnaissance, password cracking, SQL injection, remote code execution, and privilege escalation. Successfully compromised Windows and Linux environments using Metasploit, Hydra, Burp Suite, SQLMap, and Mimikatz, demonstrating real-world offensive security techniques. The project emphasized post-exploitation tactics, lateral movement, and credential dumping, reflecting industry-standard red teaming methodologies.

Scalable and Secure Network Infrastructure for Distributed Offices

Course Project, KTH Royal Institute of Technology Jan 2023 – Mar 2023

As part of the Building Networked Systems Security (BNSS) course at KTH, this project involved designing and implementing a robust, enterprise-level secure network infrastructure for ACME Scandinavia. The goal was to provide secure remote access, identity-based authentication, intrusion detection, and encrypted communication across distributed office branches.

The solution utilized a layered security approach by integrating multiple security components. A site-to-site OpenVPN tunnel was deployed to establish a secure connection between Stockholm and London branches, ensuring encrypted traffic between the two locations. Additionally, remote workers were provided certificate-based authentication via FreeRADIUS, preventing unauthorized access.

To protect against network intrusions, an Intrusion Detection System (IDS) using SNORT was implemented. Two separate SNORT instances were deployed to monitor both the physical network traffic and VPN connections, allowing real-time detection of malicious activity. All alerts were logged and could be further analyzed using Wireshark.

The system also featured a reverse proxy with strict firewall rules, ensuring that only authorized users could access internal resources. Secure file exchange and communication were facilitated through a self-hosted Nextcloud instance, which was protected by two-factor authentication (2FA) to prevent unauthorized access. Additionally, Secure DNS (DoH via Cloudflare) was implemented to mitigate DNS spoofing attacks.

Key Outcomes: The designed architecture successfully established a scalable, high-security enterprise network that prevented unauthorized access, secured sensitive data, and allowed seamless remote access without compromising security.

Facial Recognition-Based Classroom Attendance System

B.Tech Thesis, Amrita Vishwa Vidyapeetham, Bangalore, India Feb 2022 – Jul 2022

Developed an automated attendance system using facial recognition and OpenCV. The system was implemented as a product within the university to streamline attendance tracking efficiently.

Skills

Programming Languages

C, C++, Python

Networking & Protocols

Linux, VMware, Bash, Network Protocols, Network Configuration, Network Troubleshooting

Network Security

Firewalls, VPNs, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Encryption, Penetration Testing, Risk Management

Tools & Platforms

Wireshark, SSH, Git, Docker, VirtualBox, Cisco Packet Tracer, Mininet-WiFi, wmediumd

Other Skills

Team Collaboration, Project Management, Technical Documentation

Get In Touch

I'd love to hear from you! Whether you have a question, feedback, or just want to connect, feel free to send me a message below.