Research and Selected Publications

(Currently incomplete and outdated; more information coming soon! A full list of research publications, which provides a much more accurate view of what I work on, is available here.)

Foundations of Cryptography

Research in this area focuses on definitions and cryptographic primitives, as well as research regarding secure two-party and multi-party computation.

Authentication and Key Exchange

Protocols for authentication and for the generation of cryptogaphically-strong keys among a set of parties in a larger (and insecure) network underlie most secure interactions taking place on the Internet. Mutual authentication protocols ensure that the intended partners are indeed talking to each other, while key exchange protocols are used to establish a common key which may then be used to protect the confidentiality and integrity of the subsequent conversation.

I am interested in a number of topics within this area, including: password-based authentication, protocols for group key exchange, and feasibility results in generalized network settings.

Cryptographic Systems Resistant to Exposure of Secret Keys

Exposure of secret keys can be a devastating attack on a cryptosystem since such an attack typically implies that all security guarantees are lost. Indeed, standard notions of securty offer no protection whatsoever once the secret key is exposed. With the threat of key exposure becoming more acute as cryptographic algorithms are increasingly deployed on small, mobile, and easily compromised devices, new techniques are needed to deal with this concern.

I am working on modeling different ways to protect against key exposure, and on designing provably-secure systems which are resilient to such attacks.

Security in Distributed Systems

Some relevant papers... (more info coming soon!)

Protocols Preventing "Man-in-the-Middle" Attacks

In the analysis of many cryptographic protocols, it is useful to distinguish between passive attacks in which an adversary eavesdrops on messages sent between honest users and active attacks (i.e., ``man-in-the-middle'' attacks) in which --- in addition to eavesdropping --- the adversary inserts, deletes, or arbitrarily modifies messages sent from one user to another. Passive attacks are well understood; indeed, much work in the 1970's and 1980's dealt with formalizing notions of security and providing provably-secure solutions for this setting. On the other hand, active attacks are not well characterized and precise modeling has been difficult. In addition, few techniques exist for dealing with active attacks; it is fair to say that designing practical protocols secure against such attacks remains a challenge.

My research has focused on active attacks in a variety of settings and has led to new, provably-secure protocols preventing such attacks. I have especially concentrated on the design and analysis of efficient and practical protocols which may be proven secure in the standard cryptographic model. (For other research focused on preventing man-in-the-middle attacks, see the section on "Authentication and Key-Exchange". Research aimed at exploiting man-in-the-middle attacks on some real-world systems appears in the section "Cryptanalysis of Real-World Protocols".)

Private-Key Cryptography

Some relevant papers (more info coming soon!)

Cryptanalysis of Real-World Protocols

Some relevant papers (more info coming soon!)