I am a Research Fellow in the EzPC team at Microsoft Research, and work with Dr.Rahul Sharma, Dr. Divya Gupta and Dr.Nishanth Chandran on Secure Multi-party Computation and ML security. My interests broadly include System security and AI safety & security.

Previously I completed my Bachelors (B.Tech) in Computer Science from IIIT Delhi in 2023 where I worked under Dr.Mukulika Maity and Dr.Arani Bhattacharya in the Network Research Lab on my thesis project titled NATIVE: Network Aggregation based Tiled Live Video Streaming. Further I have also extensively worked with Dr.Sambuddho Chakravarty on VPNs (Virtual Private Network) fingerprintability and security in the Cryptography & Network Security Lab. In addition, in the Computer Architecture domain, I have worked on projects for Designing a Network on chip (NOC) simulator and FPGA based 100 Gigabits/sec Network cards.

Email ~ tanmayrajore at gmail dot com (tanmayrajore@gmail.com)

PGP / GPG Key

Fingerprint: FA1D 73F7 FF19 68B0 156F 492B FE59 FAD0 D3CF CD9B

Download
ASCII‑armored key

Keybase Proof
keybase.txt

Import & Verify

curl -s https://trajore.github.io/assets/keys/tanmay.asc | gpg --import
gpg --fingerprint tanmayrajore@gmail.com

Expected fingerprint:

FA1D 73F7 FF19 68B0 156F  492B FE59 FAD0 D3CF CD9B

Usage Examples Encrypt a file for me:

gpg --encrypt --recipient tanmayrajore@gmail.com secret.pdf

Sign a message (you to me):

gpg --clear-sign message.txt

Verify a signature I made:

gpg --verify signed.txt

Publications

2025

Enterprise AI Must Enforce Participant-Aware Access Control

Shashank Shreedhar Bhatt, Tanmay Rajore, Khushboo Aggarwal, and 10 more authors

2025

Abs PDF

Large language models (LLMs) are increasingly deployed in enterprise settings where they interact with multiple users and are trained or fine-tuned on sensitive internal data. While fine-tuning enhances performance by internalizing domain knowledge, it also introduces a critical security risk: leakage of confidential training data to unauthorized users. These risks are exacerbated when LLMs are combined with Retrieval-Augmented Generation (RAG) pipelines that dynamically fetch contextual documents at inference time. We demonstrate data exfiltration attacks on AI assistants where adversaries can exploit current fine-tuning and RAG architectures to leak sensitive information by leveraging the lack of access control enforcement. We show that existing defenses, including prompt sanitization, output filtering, system isolation, and training-level privacy mechanisms, are fundamentally probabilistic and fail to offer robust protection against such attacks. We take the position that only a deterministic and rigorous enforcement of fine-grained access control during both fine-tuning and RAG-based inference can reliably prevent the leakage of sensitive data to unauthorized recipients. We introduce a framework centered on the principle that any content used in training, retrieval, or generation by an LLM is explicitly authorized for all users involved in the interaction. Our approach offers a simple yet powerful paradigm shift for building secure multi-user LLM systems that are grounded in classical access control but adapted to the unique challenges of modern AI workflows. Our solution has been deployed in Microsoft Copilot Tuning, a product offering that enables organizations to fine-tune models using their own enterprise-specific data.
VPN or Vpwn? How Afraid Should You be of VPN Traffic Identification?

Tanmay Rajore, Jithin S, Arnav Gupta, and 3 more authors

In 2025 9th Network Traffic Measurement and Analysis Conference (TMA), 2025

Abs PDF

Several governments are gradually choosing to monitor VPN traffic. In this paper, we explore how hard or easy it would be for large ISP-scale adversaries to identify and block VPN traffic. More specifically, we try to answer questions like should ordinary netizens fear such decisions or whether it is not as trivial to identify and block all sorts of VPNs. A recent study found that blocking and identifying OpenVPN endpoints is feasible for small ISPs. We explored detecting OpenVPN and alternatives like TLS, SSH, IPSec/IKEv2, Wireguard, and proprietary VPNs. Analyzing seven popular commercial and open-source VPN services, we identified patterns for detection. While OpenVPN is easily spotted, many alternatives resist identification, some using tactics like obscure TLS ClientHello SNI strings. We demonstrated evasion methods, including altering packet sizes, sending dummy traffic to confuse middleboxes, and obscuring plaintext strings. We also proposed a scalable mechanism for OpenVPN services to hide identifiable plaintext without affecting user or gateway scalability.
COMPACT: Content-aware Multipath Live Video Streaming for Online Classes using Video Tiles

Shubham Chaudhary, Navneet Mishra, Keshav Gambhir, and 3 more authors

In Proceedings of the 16th ACM Multimedia Systems Conference, Stellenbosch, South Africa, 2025

Abs PDF Code

The growing popularity of live online classes, even in remote areas, stresses the need for a good and seamless quality of experience to enhance learning. However, these bandwidth-hungry applications challenge the current cellular networks to maintain consistent bandwidth and latency. In this work, we, therefore, propose using the collaboration of multiple devices with their individual cellular networks to support such live video streaming. We design a content-aware system Compact that splits video into foreground and background using video tiles (independently encoded spatial blocks) and streams them over different paths. Compact depends on its scheduler, which exhaustively searches for the best quality based on the network estimates. We extensively evaluate our system using network traces while walking and traveling on the bus or car. Compared to the single path, Compact manages to reduce the median stall and E2E lag by 70.6% and 28.57%, and the tail stall and lag by 83.9% and ≈ 80% on a bus trace. Furthermore, we performed a live experiment to test Compact on the actual cellular network.

2024

TRUCE: Private Benchmarking to Prevent Contamination and Improve Comparative Evaluation of LLMs

Tanmay Rajore, Nishanth Chandran, Sunayana Sitaram, and 4 more authors

2024

PDF Code

2023

NATIVE: Network Aggregation based Tiled Live Video Streaming

Keshav Gambhir, Tanmay Rajore, Shubham Chaudhary, and 4 more authors

In 2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS), 2023

PDF