Hi, I'm Rathan Appana
Junior Research Fellow, NeWS Lab — IIT Hyderabad
I'm a Junior Research Fellow in the Network and Systems Security (NeWS) Lab, Department of CSE, IIT Hyderabad, working on network security and cybersecurity research.
Previously, I was a Visiting Scholar Researcher at KU Leuven, Belgium, in the DistriNet Research Unit under Prof. Mathy Vanhoef, and I hold an MSc in Information and Network Engineering (Networked Systems Security) from KTH Royal Institute of Technology.
I'm passionate about wireless security, secure network protocols, and Linux kernel development, and about building privacy-focused, resilient network infrastructure.
Current Role — Junior Research Fellow, NeWS Lab, IIT Hyderabad
I work in the Network and Systems Security (NeWS) Lab, Department of Computer Science and Engineering at IIT Hyderabad, under Prof. Bheemarjuna Reddy Tamma. My research centers on network security and cybersecurity, along two main threads:
- Network-aware teleoperation: studying how underlying network conditions (latency, jitter, packet loss) affect teleoperated systems, and how to improve robustness against them.
- Campus network hardening: building a ransomware testbed to study detection and response on IITH's network, alongside fuzzing of Wi-Fi protocol implementations to uncover vulnerabilities in enterprise wireless deployments.
Previously — Visiting Scholar Researcher, KU Leuven
I worked under Prof. Mathy Vanhoef in the DistriNet Research Unit on privacy and security enhancements for enterprise WPA2/3 networks, including certificate validation issues and Trust-On-First-Use authentication for enterprise Wi-Fi.
Publications
Education
Specializing in Networked Systems with a focus on Wireless Security and Privacy-Enhancing Technologies. Key courses included Building Networked Systems Security, Wireless Networks, and Ethical Hacking, providing a comprehensive understanding of secure communication protocols and privacy challenges in modern networks.
Gained a solid foundation in Wireless Communication and Network Protocols, complemented by hands-on projects. Key courses included Wireless Communication, Computer Networks, and Radio Frequency Engineering.
Projects
Enhancing Privacy in Wireless Communications: AP-Initiated Dynamic MAC Address Re-Randomization
Modern wireless networks rely on MAC addresses for device identification, but once a device completes authentication, its MAC address remains static, making it susceptible to long-term tracking. My research proposes an AP-triggered MAC re-randomization protocol, ensuring that MAC addresses change dynamically even after key negotiation, mitigating tracking risks while preserving seamless connectivity.
Read more
To validate this approach, I implemented kernel-level modifications in mac80211 and conducted extensive simulations using Mininet-WiFi, mac80211_hwsim, and wmediumd. Results showed that without re-randomization, devices were 100% trackable in all network conditions. With the proposed AP-triggered scheme, MAC linkability was reduced from 100% (1 station) to 15% (11 stations), making large-scale device tracking infeasible. Performance evaluations demonstrated minimal overhead, with an average UDP packet loss below 0.1% and stable throughput (~30 Mbps), confirming the protocol's practical feasibility.
This work bridges the gap between security research and real-world implementation, providing a lightweight, scalable solution to improve WiFi privacy at scale. Future work includes hardware validation, adaptive re-randomization intervals, and exploring AI-driven anomaly detection to counter evolving tracking techniques.
Enterprise Network Penetration Testing (Capture The Flag)
Conducted a penetration test on a simulated corporate network, exploiting vulnerabilities in web applications, databases, and network services. Captured 20+ security flags through reconnaissance, password cracking, SQL injection, remote code execution, and privilege escalation. Compromised Windows and Linux environments using Metasploit, Hydra, Burp Suite, SQLMap, and Mimikatz, reflecting industry-standard red teaming methodologies including post-exploitation, lateral movement, and credential dumping.
Scalable and Secure Network Infrastructure for Distributed Offices
As part of the Building Networked Systems Security (BNSS) course at KTH, this project involved designing and implementing a robust, enterprise-level secure network infrastructure for ACME Scandinavia — providing secure remote access, identity-based authentication, intrusion detection, and encrypted communication across distributed office branches.
Read more
The solution used a layered security approach. A site-to-site OpenVPN tunnel connected the Stockholm and London branches with encrypted traffic, while remote workers used certificate-based authentication via FreeRADIUS to prevent unauthorized access.
To protect against network intrusions, two SNORT instances monitored both physical network traffic and VPN connections for real-time detection of malicious activity, with alerts logged and analyzed via Wireshark.
The system also featured a reverse proxy with strict firewall rules, a self-hosted Nextcloud instance protected by two-factor authentication for secure file exchange, and Secure DNS (DoH via Cloudflare) to mitigate DNS spoofing.
Key outcome: a scalable, high-security enterprise network that prevented unauthorized access, secured sensitive data, and allowed seamless remote access without compromising security.
Facial Recognition-Based Classroom Attendance System
Developed an automated attendance system using facial recognition and OpenCV, implemented as a product within the university to streamline attendance tracking efficiently.
Skills
Research Areas
Programming Languages
Networking & Security
Tools & Platforms
Other
Get In Touch
I'd love to hear from you! Whether you have a question, feedback, or just want to connect, feel free to send me a message below.