About

Bharat K. Bhargava is a professor in the Department of Computer Science at Purdue University, with a courtesy appointment in the School of Electrical & Computer Engineering. His research focuses on security and privacy issues in distributed systems, including host authentication, key management, secure routing, dealing with malicious hosts, and adaptability to attacks. His recent work involves Intelligent Autonomous Systems, data analytics, machine learning, cognitive autonomy, reflexivity, deep learning, and knowledge discovery. He has contributed to privacy-preserving data dissemination in cross-domains and has studied vulnerabilities in large organizational systems to assess threats impacting areas such as nuclear waste transport, bio-security, disaster management, and homeland security. Bhargava has received multiple awards, including seven best paper awards, the IEEE Technical Achievement Award, and recognition as a Fellow of the IEEE and the Institute of Electronics and Telecommunication Engineers. He is also known for his active mentorship of minority students, his support for women and differently-abled students, and his service on various editorial boards and professional committees.

Research topics

• Computer science
• Computer network
• Distributed computing
• Computer security
• Database

Selected publications

• VLMS: Verifiable Lattice-Based Encryption With Multi-Keyword Search in Cloud Storage

  IEEE Transactions on Dependable and Secure Computing · 2026-01-01

  articleSenior author
  PublisherDOI

• Semi-Automated Threat Modeling of Cloud-Based Systems Through Extracting Software Architecture from Configuration and Network Flow

  arXiv (Cornell University) · 2026-03-23

  preprintOpen access

  Traditional threat modeling occurs during design, but cloud deployments introduce unanticipated threats, especially multi-stage attacks chaining vulnerabilities across trust boundaries. Existing security tools analyze components in isolation, cannot detect architectural threats from system composition, and cannot validate runtime behavior against configured policies. This gap leaves organizations vulnerable to attacks exploiting architectural weaknesses. This paper addresses this gap through a key innovation: automatically inferring system architecture from runtime observations to enable continuous threat modeling. Our methodology combines static configuration analysis with observed network flows to construct architecture graphs reflecting actual operational behavior, then applies systematic threat detection using platform-agnostic abstractions (components, domains, interfaces, access policies, flows). This enables consistent threat identification across bare metal, Kubernetes, and cloud infrastructure without manual diagram maintenance. We validate the methodology using a supply-chain system with ML components deployed on all three platforms, injecting 17 infrastructure and ML threats. Results show detection of all 17 threat types across all platforms, while existing security tools detected only 6-47% with zero ML threat coverage, confirming the necessity of runtime aware, architecture-level threat analysis.

  PublisherDOI

• Intelligent Computational Paradigms for Next-Gen Vehicular Networks

  WORLD SCIENTIFIC eBooks · 2026-03-23

  book
  PublisherDOI

• Semi-Automated Threat Modeling of Cloud-Based Systems Through Extracting Software Architecture from Configuration and Network Flow

  ArXiv.org · 2026-03-23

  articleOpen access

  Traditional threat modeling occurs during design, but cloud deployments introduce unanticipated threats, especially multi-stage attacks chaining vulnerabilities across trust boundaries. Existing security tools analyze components in isolation, cannot detect architectural threats from system composition, and cannot validate runtime behavior against configured policies. This gap leaves organizations vulnerable to attacks exploiting architectural weaknesses. This paper addresses this gap through a key innovation: automatically inferring system architecture from runtime observations to enable continuous threat modeling. Our methodology combines static configuration analysis with observed network flows to construct architecture graphs reflecting actual operational behavior, then applies systematic threat detection using platform-agnostic abstractions (components, domains, interfaces, access policies, flows). This enables consistent threat identification across bare metal, Kubernetes, and cloud infrastructure without manual diagram maintenance. We validate the methodology using a supply-chain system with ML components deployed on all three platforms, injecting 17 infrastructure and ML threats. Results show detection of all 17 threat types across all platforms, while existing security tools detected only 6-47% with zero ML threat coverage, confirming the necessity of runtime aware, architecture-level threat analysis.

  PublisherOA PDF

• STARFed: Link-Aware Defense Against Poisoning Attacks in Satellite–Terrestrial Federated Learning

  IEEE Transactions on Network Science and Engineering · 2025-10-27

  article

  Satellite-ground integrated computation where ma chine learning models trained on satellites and aggregated on Earth offers novel opportunities for federated learning (FL). While satellites in space provide isolated computing environments, satellite-terrestrial (S-T) communication links are exposed to spoofing and hijacking attacks, making transmitted models vulnerable to poisoning attacks. To address this paradigm specific threat, we introduce STARFed, a novel framework that enhances robustness of satellite-based FL by leveraging S-T link characteristics during model transmission. It comprises three components: (1) crowdsourcing-based link authentication, (2) hybrid poison model detection based on both S-T link and model characteristics, and (3) reputation-based model filtering against adaptive adversaries. Our link-aware defense is of independent interest and can be combined with various FL robust aggregation schemes. We evaluate the framework's resilience through com prehensive experiments spanning five dataset-model settings and five attacks, including both model and data poisoning attacks. The framework's performance is compared with six state-of-the-art robust FL aggregation schemes in scenarios with varying degrees of non-IID data distribution, client dropout, and adversarial participation. STARFed demonstrates robust performance across all test scenarios, standing as the only defense mechanism to maintain effectiveness throughout. In the most favorable case, it achieves an increase in FL accuracy of 15.6% compared to the best link-unaware aggregation scheme, with minimal overhead introduced.

  PublisherDOI

• QPCASIN: A Quantum-Defended Privacy-Aware Preemptive Handover-Enabled Continuous Authentication in Space Information Networks

  IEEE Transactions on Information Forensics and Security · 2025-01-01 · 2 citations

  articleSenior author

  The Space Information Network (SIN) plays a crucial role in terrestrial communication, delivering time-bound services from ground stations to users. It relies on moving low-orbit earth (LEO) satellites for uninterrupted coverage. However, untrustworthy connectivity poses several security challenges during handover services for users maintained by the satellites. While traditional cryptographic techniques provide a degree of security, the advent of quantum computing exposes significant vulnerabilities. This work proposes a quantum-safe and continuous authentication mechanism with handover provision. The proposed authentication protocol uses post-quantum primitives of the Frodo key encapsulation mechanism, currently an approved mechanism under ISO/IEC 18033-2. It ensures privacy and ensures users’ anonymity. The security of the proposed protocol is analyzed using the quantum random oracle (QROM) model. Formal verification confirms its safety for practical adoption as a post-quantum candidate. Further, the performance evaluation shows an authentication delay and energy consumption of the proposed protocol within practical limits, making it a suitable candidate for privacy-preserved post-quantum adoption for SIN.

  PublisherDOI

• Big Data Analytics-Envisioned Quantum-Safe Lattice-Based Three-Party Authenticated Key Agreement Protocol for Cloud IoT-Enabled Healthcare Applications

  IEEE Transactions on Dependable and Secure Computing · 2025-09-03 · 1 citations

  article

  Cloud-based Internet of Things (IoT)-enabled smart healthcare plays a vital role in modern society, yet security and privacy challenges remain unavoidable. The authenticated key agreement (AKA) process, which serves as the foundation of secure communication, is widely recognized as a key solution to these challenges. However, many existing AKA methods in the literature either involve high communication and computational costs or fail to withstand quantum attacks. Post-quantum cryptography (PQC) introduces a new class of cryptographic algorithms designed to resist future quantum computer threats. In this article, we present a quantum-secure, lattice-based three-party AKA scheme for smart IoT healthcare applications, leveraging the computationally complex Ring-Learning With Errors (Ring-LWE) problem. Our approach integrates secure big-data analytics with blockchain technology by utilizing authentication procedures for secure data aggregation before storing it in the blockchain. A comprehensive security evaluation including formal and informal analysis, demonstrates the scheme's strong resilience against both classical and quantum attacks. Additionally, experimental results confirm that the proposed scheme is well-suited for real-time smart healthcare applications.

  PublisherDOI

• Intelligent Security Solutions for Cyber-Physical Systems

  2024-03-08 · 8 citations

  book
  PublisherDOI

• ABAUS: Active Bundle AUthentication Solution Based on SDN for Vehicular Networks

  IEEE Access · 2024-01-01 · 3 citations

  articleOpen accessSenior author

  Vehicular ad hoc networks (VANETs) are gaining more and more interest in intelligence transportation system research fields. They allow optimized traffic management due to improved vehicle resource usage and real-time information exchanges. However, being in an open environment introduces different security and privacy challenges. Attackers can sniff radio signals and forge the transmitted information leading to sensitive data leaking or compromising. This paper examines the preservation of privacy information in VANET communications. We use the Active Bundle (AB) for vehicle authentication and data preservation based on software-defined networks (SDNs). Our proposal benefits from the SDN infrastructure to guarantee fluent centralized management while using the AB guarantees data integrity and confidentiality throughout its entire lifecycle. Analytical studies and simulations show that our solution efficiently preserves VANET users’ privacy with minimal effects on network transmission quality.

  PublisherOA PDFDOI

• RUDOLF: An Efficient and Adaptive Defense Approach Against Website Fingerprinting Attacks Based on Soft Actor-Critic Algorithm

  IEEE Transactions on Information Forensics and Security · 2024-01-01 · 6 citations

  articleSenior author

  Although Tor is designed to provide anonymity, website fingerprinting (WF) attacks have posed significant threats to user privacy. In response, various defense approaches have been developed. Randomization and regularization-based defenses are criticized to be inefficient due to their bandwidth-consuming nature. Some adversarial learning-based defenses are impractical because the generation of perturbation depends on the complete traffic traces. Other adversarial learning-based defenses have weaknesses of lacking adaptability because their perturbations are input-agnostic. To overcome these shortcomings, we propose RUDOLF, an efficient and adaptive WF defense based on the soft actor-critic (SAC) algorithm of reinforcement learning (RL). We train the agent that can incrementally output perturbations synchronously following each burst of real-time traffic. Different from previous defenses, RUDOLF’s perturbation does not depend on the integrity of the traffic and concerns the actual real-time traffic, which ensures the practicality of implementation and adaptability. Besides, we take advantage of the exploratory characteristics of the SAC algorithm to obtain the optimal policy of adding perturbations that can efficiently balance defense effects and bandwidth consumption. Experiments on synthetic datasets show that with less than 30% bandwidth overhead (BWO), RUDOLF can reduce the average attack accuracy to around 15%–20%, which is superior to previous works. We also have implemented RUDOLF as a Tor pluggable transport. The performance in the real Tor network shows that RUDOLF can reduce the average accuracy of WF classifier to around 24% with about 25% BWO and almost no time delay.

  PublisherDOI

Recent grants

• ITR: Scalable Edge Router for Differentiated Services Networks

  NSF · $430k · 2002–2008

• Vulnerability Analysis and Threat Assessment/Avoidance

  NSF · $217k · 2003–2009

• Secure Mobile Systems

  NSF · $334k · 2000–2007

Frequent coauthors

• Rajnish Sharma

  Chitkara University

  36 shared

• Ajay Sharma

  Griffith University

  36 shared

• Shabana Urooj

  Princess Nourah bint Abdulrahman University

  36 shared

• Sunder Shyam

  36 shared

• Jaiprakash Gaur

  Jaypee University of Information Technology

  36 shared

• Chandigarh Pattnaik

  GLA University

  36 shared

• Suresh Shanmugasundaram

  36 shared

• Shri Manoj

  36 shared

Education

• Ph.D, Electrical and Computer Engineering

  Purdue University

  1974

• B.E., Electrical Communication Engineering

  Indian Institute of Science

  1969

Awards & honors

• IEEE Technical Achievement Award (1999)
• Gold Core Member distinction by the IEEE Computer Society
• Outstanding Instructor Awards from the Purdue chapter of the…
• Induction into Purdue's Book of Great Teachers (2003)
• Helen Schleman Gold Medallion Award (2017)