http://avirubin.com/
rubin@jhu.edu

Address:

Date, Place of Birth

Contents

• Academic Degrees
• Academic Appointments
• Industry Experience
• Books
• Refereed Journal Publications
• Refereed Conference Publications
• Patents
• Miscellany
• Professional Activities
• Awards
• Technical Advisory Boards
• Invited Addresses

Academic Degrees

• 1994, Ph.D., Computer Science and Engineering, University of Michigan, Ann Arbor
  
• 1991, M.S.E., Computer Science and Engineering, University of Michigan, Ann Arbor
  
• 1989, B.S., Computer Science (Honors), University of Michigan, Ann Arbor
  

Academic Appointments

• 2005 - 2010
  Director and Principal Investigator (PI), National Science Foundation's ACCURATE Center

• 2003 - present
  Technical Director, Johns Hopkins University Information Security Institute

• April, 2004 - present
  Professor, Johns Hopkins University

• 2003 - April, 2004
  Associate Professor, Johns Hopkins University

• 1995 - 1999
  Adjunct Professor, New York University
  • Internet and Web Security Spring, 1999 (with Dave Kormann)
  • Privacy in Networks: Attacks and Defenses Spring, 1998 (with Dave Kormann and Mike Reiter)
  • Design and Analysis of Cryptographic Protocols Fall, 1996 & Spring, 1997 (with Matt Franklin)
  • Cryptography and Computer Security Fall, 1995 & Spring, 1996

• Summer, 1999
  Visiting Professor, École Normale Supérieure, Paris, France

• 1988 - 1993
  Teaching Assistant, University of Michigan
  • 1993 Intro. to Cryptography
  • 1992 Assembler Language Programming
  • 1991 Software Engineering
  • 1990 IVHS Seminar
  • 1989-1990 Head TA, Intro. to Computer Science
  • 1988-1989 Intro. to Computer Science

• Doctoral Committees
  • Doctoral Thesis Advisor: Matthew Pagano
  • Doctoral Thesis Advisor: Ryan Gardner (August, 2009)
  • Doctoral Thesis Advisor: Sam Small (May, 2009)
  • Doctoral Thesis Advisor: Sujata Doshi (May, 2009)
  • Doctoral Thesis Advisor: Joshua Mason (June, 2009)
  • Dissertation Committee: J. Alex Halderman, Princeton University (May, 2009)
  • Dissertation Committee: Sophie Qiu (May, 2007).
  • Doctoral Thesis Advisor: Adam Stubblefield (April, 2005).
  • Dissertation Committee: Kevin FU, MIT (February, 2005).
  • Dissertation Committee: Robert Fischer, Harvard University (June, 2003).
  • Dissertation Committee: Marc Waldman, New York University, (April, 2003).
  • Dissertation Committee: Patrick McDaniel, University of Michigan (September, 2001).
  • Doctoral Thesis Advisor: Fabian Monrose, New York University (April, 1999).
  • Dissertation Committee: Mike Just, Carleton University (November, 1998).
  • Dissertation Committee: Trent Jaeger, University of Michigan (October, 1996).

Industry Experience

• 1997 - 2002
  AT&T Labs - Research , Secure Systems Research Department
• 1994 - 1996
  Bellcore, Cryptography and Network Security Research Group
• Summer, 1990
  Great Lakes Software Co., Programmer, Howell, MI
• Summer, 1989
  IBM , Programmer, Meyers Corners Lab, Poughkeepsie, NY

Books

• Aviel D. Rubin, Brave New Ballot, Random House, (September, 2006).
• William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin, Firewalls and Internet Security: Repelling the Wily Hacker (2e), Addison Wesley Publishing Company, Inc., (February, 2003).
• Chapter 4, Communications Policy and Information Technology: Promises, Problems, Prospects, MIT Press, Lorrie Faith Cranor and Shane Mitchell Greenstein, eds., (2002).
• Aviel D. Rubin, White-hat Security Arsenal, Addison Wesley Publishing Company, Inc., (June, 2001).
• Chapter 8, Publius and Chapter 14, Trust in Distributed Systems,
  Marc Waldman, Lorrie Faith Cranor, and Aviel D. Rubin, Peer-to-Peer, O'Reilly & Associates, Inc., (February, 2001).
• Aviel D. Rubin, Daniel Geer, Marcus J. Ranum, Web Security Sourcebook, John Wiley & Sons, Inc , (June, 1997).
• Ph.D. dissertation: Nonmonotonic Cryptographic Protocols (ps.gz, pdf), University of Michigan, Ann Arbor (April, 1994).

Refereed Journal Publications

• Ryan Gardner, Sujata Garera, and Aviel D. Rubin, Detecting Code Alteration by Creating a Temporary Memory Bottleneck, IEEE Transactions on Information Forensics and Security: Special Issue on Electronic Voting, (December, 2009).
• Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, Avi Rubin, Anonymity in Wireless Broadcast Networks, International Journal of Network Security (IJNS), (January, 2008).
• Stephen Bono, Aviel Rubin, Adam Stubblefield, and Matthew Green, Security Through Legality, Communications of the ACM (June, 2006).
• Adam Stubblefield, Dan S. Wallach, and Aviel D. Rubin, Managing the Performance Impact of Web Security, Electronic Commerce Research Journal, February, 2005.
• David Jefferson, Aviel D. Rubin, Barbara Simons, David Wagner, Analyzing Internet Voting Security, Communications of the ACM (October, 2004).
• Simon Byers, Aviel D. Rubin, and David Kormann, Defending Against an Internet-based Attack on the Physical World, ACM Transactions on Internet Technology (TOIT), August, 2004.
• Adam Stubblefield, John Ioannidis, and Aviel D. Rubin, A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP) (pdf), ACM Transactions on Information and System Security, May, 2004.
• Aviel D. Rubin, Security Considerations for Remote Electronic Voting, Communications of the ACM (December, 2002).
• Marc Waldman, Aviel D. Rubin, and Lorrie F. Cranor, The Architecture of Robust Publishing Systems, ACM Transactions on Internet Technology (TOIT), (November, 2001).
• David P. Kormann and Aviel D. Rubin, Risks of the Passport Single Signon Protocol, Computer Networks, (July, 2000).
• Christian Gilmore, David P. Kormann, and Aviel D. Rubin, Secure Remote Access to an Internal Web Server, IEEE Network, (November, 1999).
• Fabian Monrose and Aviel D. Rubin, Keystroke Dynamics as a Biometric for Authentication, (pdf) Future Generation Computer Systems, (March, 2000).
• Michael K. Reiter and Aviel D. Rubin, Anonymity Loves Company: Anonymous Web Transactions with Crowds (ps.gz, pdf) Communications of the ACM (February, 1999).
• Aviel D. Rubin and Daniel E. Geer, Jr., Mobile Code Security (ps.gz, pdf), IEEE Internet Computing (November/December, 1998).
• Aviel D. Rubin and Daniel E. Geer, Jr., A Survey of Web Security, IEEE Computer, (September, 1998).
• Michael K. Reiter and Aviel D. Rubin, Crowds: Anonymity for Web Transactions (ps.gz, pdf), ACM Transactions on Information and System Security, (June, 1998).
• Aviel D. Rubin, An Experience Teaching a Graduate Course in Cryptography (ps, pdf), Cryptologia (April, 1997).
• Aviel D. Rubin, Extending NCP for public Key Protocols, Mobile Networks and Applications (ACM/Balzer), 2(3) (April, 1997).
• Aviel D. Rubin, Independent One-Time Passwords, (ps.gz, pdf) USENIX Journal of Computer Systems (February, 1996).
• Aviel D. Rubin, Secure Distribution of Documents in a Hostile Environment, Computer Communications (June, 1995).

Refereed Conference Publications

• Ryan Gardner, Sujata Garera, Aviel D. Rubin, Designing for Audit: A Voting Machine with a Tiny TCB, Financial Cryptography Conference, (January , 2010).
• Ryan Gardner, Sujata Garera, Matthew W. Pagano, Matthew D. Green, Aviel D. Rubin, Securing Medical Records on Smart Phones, Workshop on Security and Privacy in Medical and Home-Care Systems, (November, 2009).
• Ryan Gardner, Sujata Garera, Aviel D. Rubin, Coercion Resistant End-to-end Voting, Financial Cryptography Conference, (February, 2009).
• Ryan Gardner, Sujata Garera, Anand Rajan, Carols Rozas, Aviel D. Rubin, Manoj Sastry, Protecting Patient Records from Unwarranted Access, Future of Trust in Computing, (July, 2008).
• Sujata Garera, Niels Provos, Monica Chew and Aviel D. Rubin, A Framework for Detection and Measurement of Phishing Attacks, 5th ACM Workshop on Recurring Malcode (WORM 2007), (November, 2007).
• Sujata Garera and Aviel D. Rubin, An Independent Audit Framework for Software Dependent Voting Systems, 14th ACM Conference on Computer and Communications Security, (November, 2007).
• Ryan Gardner, Sujata Garera, and Aviel D. Rubin, On the Difficulty of Validating Voting Machine Software with Software, In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT '07), (August, 2007).
• Sujata Doshi, Fabian Monrose, and Aviel D. Rubin, Efficient Memory Bound Puzzles using Pattern Databases, 4th International Conference on Applied Cryptography and Network Security (ACNS'06), (June, 2006).
• Sophie Qiu, Patrick McDaniel, Fabian Monrose, and Avi Rubin, Characterizing Address Use Structure and Stability of Origin Advertisement in Interdomain Routing, 11th IEEE Symposium on Computers and Communications, (June 2006).
• Zachary Peterson, Randal Burns, Joseph Herring, Adam Stubblefield, and Aviel D. Rubin, Secure Deletion for a Versioning Filesystem , Proc. USENIX Conference on File and Storage Technologies (FAST '05), (December, 2005).
• Stephen C. Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin, Michael Szydlo, Security Analysis of a Cryptographically-Enabled RFID Device 14th USENIX Security Symposium, (August, 2005).
• Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, Analysis of an Electronic Voting System, Proc. IEEE Symposium on Security and Privacy (May, 2004).
• Nathanael Paul, David Evans, Aviel D. Rubin and Dan Wallach, Authentication for Remote Voting, ACM Workshop on Human-Computer Interaction and Security Systems (April, 2003).
• Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Aviel Rubin, Protocols for Anonymity in Wireless Networks Proc. 11th International Workshop on Security Protocols (April, 2003).
• Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick McDaniel, Aviel Rubin, Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing , Proc. ISOC Symposium on Network and Distributed System Security (February, 2003).
• Simon Byers, Aviel D. Rubin, David Kormann, Defending Against an Internet-based Attack on the Physical World (pdf), ACM Workshop on Privacy in the Electronic Society (November, 2002).
• Adam Stubblefield, John Ioannidis, and Aviel D. Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, Proc. ISOC Symposium on Network and Distributed System Security (February, 2002).
• Aviel D. Rubin, Security Considerations for Remote Electronic Voting, 29th Research Conference on Communication, Information and Internet Policy (TPRC2001), (October, 2001).
• Aviel D. Rubin and Rebecca N. Wright, Off-line generation of limited-use credit card numbers, (ps.gz, pdf) Financial Cryptography Conference, (February, 2001).
• Marc Waldman, Aviel D. Rubin, and Lorrie F. Cranor, Publius, A robust, tamper-evident and censorship-resistant web publishing system, 9th USENIX Security Symposium, (August, 2000).
• David P. Kormann and Aviel D. Rubin, Risks of the Passport Single Signon Protocol, 9th International World Wide Web Conference, (May, 2000).
• Patrick McDaniel and Aviel D. Rubin, A Response to "Can we Eliminate Certificate Revocation Lists?", (ps.gz, pdf), Financial Cryptography Conference, (February, 2000).
• William A. Aiello, Aviel D. Rubin, and Martin J. Strauss, Using smartcards to secure a personalized gambling device (ps.gz, pdf), 6th ACM Conference on Computer and Communications Security, (November, 1999).
• Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin, The Design and Analysis of Graphical Passwords (ps.gz, pdf) 8th USENIX Security Symposium, (August, 1999).
• Christian Gilmore, David Kormann, and Aviel D. Rubin, Secure Remote Access to an Internal Web Server, (ps.gz, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1999).
• Fabian Monrose, Peter Wykoff, and Aviel D. Rubin, Distributed Execution with Remote Audit (ps.gz, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1999).
• Dahlia Malkhi, Michael K. Reiter and Aviel D. Rubin, Secure Execution of Java Applets using a Remote Playground (ps, pdf) Proc. IEEE Symposium on Security and Privacy (May, 1998).
• Aviel D. Rubin, Dan Boneh, and Kevin Fu, Revocation of Unread E-mail in an Untrusted Network (ps.gz, pdf), Second Australasian Conference on Information Security and Privacy (July, 1997).
• Fabian Monrose and Aviel D. Rubin, Authentication via Keystroke Dynamics (ps, pdf), 4th ACM Conference on Computer and Communications Security (April, 1997).
• David M. Martin, Siviramakrishnan Rajagopalan, and Aviel D. Rubin, Blocking Java Applets at the Firewall (ps, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1997).
• Trent Jaeger, Aviel D. Rubin and Atul Prakash, A System Architecture for Flexible Control of Downloaded Executable Content, 5th International Workshop on Object-Orientation in Operating Systems (October, 1996).
• Trent Jaeger, Aviel D. Rubin and Atul Prakash, Building Systems that Flexibly Control Downloaded Executable Content, Proc. 6th USENIX Security Symposium (July, 1996).
• Victor Shoup and Aviel D. Rubin, Session Key Distribution Using Smart Cards, (ps, pdf), Proc. of Eurocrypt '96 (May, 1996).
• Trent Jaeger & Aviel D. Rubin, Preserving Integrity in Remote File Location and Retrieval, Proc. ISOC Symposium on Network and Distributed System Security (February, 1996).
• Aviel D. Rubin, Extending NCP for Public Key Protocols, Proc. IEEE 4th International Conference on Computer Communications and Networks (September, 1995).
• Aviel D. Rubin, Pseudo-Random Functions for One-Time Passwords, Proc. 5th USENIX UNIX Security Symposium (June, 1995).
• Aviel D. Rubin, Trusted Distribution of Software Over the Internet, Proc. ISOC Symposium on Network and Distributed System Security (February, 1995).
• Aviel D. Rubin & Peter Honeyman, Nonmonotonic Cryptographic Protocols, Proc. IEEE Computer Security Foundations Workshop VII (June, 1994).
• Aviel D. Rubin & Peter Honeyman, Long Running Jobs in an Authenticated Environment, Proc. 4th USENIX UNIX Security Symposium (October, 1993).

Patents

Miscellany

• Aviel D. Rubin, Lead article: Kerberos Versus the Leighton and Micali Protocol, Dr. Dobb's Journal (November, 2000).
• Aviel D. Rubin, Feature article: How to perform a secure remote backup over an insecure network, Sunworld (August, 2000).
• Aviel D. Rubin, Feature article: None of your E-business - Protecting Your Privacy in Cyberspace Web Techniques Magazine (April, 2000).
• Aviel D. Rubin, Cryptography, Microsoft Encarta Encyclopedia, 2000.
• Michael K. Reiter and Aviel D. Rubin Privacy on the Web: How to Be Just a Face in the Crowd, The Journal of Electronic Commerce (EDI FORUM) (January, 1999).
• Aviel D. Rubin and Daniel E. Geer, Jr., Safe CGI Scripting, Software Development magazine (January, 1999).
• Aviel D. Rubin Bellcore Bulletin article: Commentary, The World Wide Web: A Challenging Security Retrofit (December, 1996).
• Dan Sills, Aviel Rubin, and Howard Lemberg, Security Implications of Dynamically Downloadable Executable Objects, Advanced Network Architecture Initiative, Deliverable 5.2 (September, 1996).
• Aviel D. Rubin, IETF: Network Working Group, RFC 1805, Location-Independent Data/Software Integrity Protocol (June, 1995).
• Chapter: Design Document for Internet Billing System, Security Considerations (December, 1994).
• Chapter: Design Document for Broadband Systems Controller, Security Issues (October, 1994).
• Newsletter article: CITI Lights, Kerberos Support for Long Running Jobs (November 2, 1993).

Professional Activities

• Board of Directors
  • Director, USENIX Organization, elected by popular vote.
    - 2 year term: 2002-2004
    - 2 year term: 2000-2002

• Editorial and Committees
  • Associate Editor: IEEE Transactions on Information Forensics and Security (2009-2011).
  • Associate Editor: Communications of the ACM (CACM), 2009 - present.
  • Guest Co-Editor: IEEE Transactions on Information Forensics and Security: Special Issue on Electronic Voting, December 1, 2009.
  • Guest Co-Editor: IEEE Security & Privacy Magazine, Special Issue on Electronic Voting, October/November, 2007.
  • Associate Editor: IEEE Transactions on Software Engineering (2005-2006).
  • Editorial and Advisory Board: International Journal of Information and Computer Security (IJICS) (2004-2006).
  • Guest Co-Editor: IEEE Computer Networks, Special Issue on Web Security, January, 2005.
  • Editorial Board: Journal of Privacy Technology (2004-2006).
  • Guest Co-Editor: IEEE Security & Privacy Magazine, Special Issue on Electronic Voting Security, January/February, 2004.
  • Member: Security Peer Review Group (SPRG) of the Federal Voting Assistance Program's (FVAP) Secure Electronic Registration and Voting Experiment (SERVE) Project, 2003-2004.
  • Member: DARPA Information Science And Technology Study Group (2003-2006).
  • Associate Editor: IEEE Security & Privacy Magazine (2003-present).
  • Guest Editor: Communications of the ACM, Special Issue on Wireless Networking Security, May, 2003.
  • Associate Editor: ACM Transactions on Internet Technology (2002-2005).
  • Executive Committee Member: DIMACS Workshop Series with Special Focus on Network Security (2002-2004).
  • Advisory Board Member: Information Security and Cryptography Book Series, Springer, 2001-2006.
  • Member: Steering Group, ISOC Symposium on Network and Distributed System Security, 2001-2004.
  • Member: Government Infosec Science and Technology Study Group on malicious code, 1999 - 2000.
  • Member: AT&T Internet Intellectual Property Review Team, 1999 - 2001.
  • Associate Editor: Electronic Commerce Research Journal, Baltzer Science Publishers, 1999 - 2002.
  • Co-Editor: Electronic Newsletter of the IEEE Technical Committee on Security & Privacy, with Paul Syverson, 1998.
  • Editorial Board: Bellcore Security Update Newsletter, 1995-1996.

• Conference Committees
  • Program Co-chair: (w/Kevin Fu & Yoshi Kohno), 1st USENIX Workshop on Health Security and Privacy (HealthSec '10), August 10, 2010.
  • Program Committee member: First Security and Privacy in Medical and Home-Care Systems Workshop (SPIMACS), Chicago, IL, November 13, 2009.
  • Invited Talks Co-Coordinator: 17th USENIX Security Symposium, San Jose, CA, July 28 - August 1, 2008.
  • Program Co-chair: (w/Patrick McDaniel): IEEE Symposium on Security and Privacy, Oakland, California, May 18-22, 2008.
  • Program Co-chair: (w/Giovani Di Crescenzo): Financial Cryptography '06 Anguilla BWI, February, 2006.
  • Program Committee member: IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 2004.
  • Program Committee member: Financial Cryptography '04 Key West, Florida, February 9-12, 2004.
  • Program Committee member: 2nd ACM SIGSAC Workshop on Privacy in the Electronic Society Washington D.C., October 30, 2003.
  • Program Committee member: 10th ACM Conference on Computer and Communications Security, Washington D.C., October 27-30, 2003.
  • Program Committee member: 8th European Symposium on Research in Computer Science (ESORICS), Norway, October 13-15, 2002.
  • Program Vice Chair: Security and Privacy Track, The Twelfth International World Wide Web Conference, Budapest, Hungary, May 20-24, 2003.
  • Program Committee member: IEEE Symposium on Security and Privacy, Oakland, California, May 11-14, 2003.
  • Program Committee member: Workshop on Security and Assurance in Ad hoc Networks, Orlando, FL, January 28, 2003.
  • Program Committee member: 4th International Conference on Information and Communications Security (ICICS), Kent Ridge Digital Labs (KRDL), Singapore December 9-12, 2002.
  • Program Committee member: ACM SIGSAC Workshop on Privacy in the Electronic Society Washington D.C., November 21, 2002.
  • Program Committee member: 9th ACM Conference on Computer and Communications Security, Washington D.C., November 17-21, 2002.
  • Program Committee member: 5th International Conference on Electronic Commerce Research (ICECR-5), Montreal, Canada, October 23-27, 2002.
  • Program Committee member: 2nd Symposium on Requirements Engineering for Information Security (SREIS), Raleigh, North Carolina, Oct 14-15, 2002.
  • Program Committee member: 7th European Symposium on Research in Computer Science (ESORICS), Zurich, Switzerland, October 14-16, 2002.
  • Program Committee member: 11th USENIX Security Symposium, San Francisco, Ca, August 5-9, 2002.
  • Program Committee member: International Workshop on Global and Peer-to-Peer Computing at IEEE International Symposium on Cluster Computing and the Grid (CCGrid'2002), Berlin, Germany, May 21-24, 2002.
  • Program Committee member: 11th International World Wide Web Conference Honolulu, Hawaii, May 7-11, 2002.
  • Program Committee member: 2nd Workshop on Privacy Enhancing Technologies San Francisco, CA, April 14-15, 2002.
  • Program Committee member: The 1st International Workshop on Peer-to-Peer Systems (IPTPS'02) MIT Faculty Club, Cambridge, MA, March 7-8, 2002.
  • Program Committee member: The 4th International Conference on Telecommunications and Electronic Commerce Dallas, TX, November, 2001.
  • Program Committee member: 10th USENIX Security Symposium, Washington D.C., August 13-17, 2001.
  • Program Committee member: Financial Cryptography '01 Grand Cayman, Cayman Islands, BWI, February, 2001.
  • Program Co-chair: (w/Paul Van Oorschot): ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 7-9, 2001.
  • Program Committee member: The 3rd International Conference on Telecommunications and Electronic Commerce Dallas, TX, November 16-19, 2000.
  • Program Committee member: 9th USENIX Security Symposium, Denver, Colorado, August 14-17, 2000.
  • Program Committee member: Workshop on Design Issues in Anonymity and Unobservability Berkeley, California, July 25-26, 2000.
  • Program Committee member: Performance and Architecture of Web Servers (PAWS), Santa Clara, CA, June 18, 2000.
  • Program Co-chair: (w/Gene Tsudik): ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 2-4, 2000.
  • Program Committee member: 1999 International Information Security Workshop (ISW'99), Kuala Lumpur, Malaysia, November 6-7, 1999.
  • Program Committee member: 2nd Int'l. Conference on Telecommunications and Electronic Commerce, Nashville, TN, October 6-8, 1999.
  • Invited Talks coordinator: 8th USENIX Security Symposium, Washington D.C., August, 1999.
  • Program Chair: 24th USENIX Annual Technical Conference, Monterey, CA, June 7-11, 1999.
  • Program Committee member: 8th International World Wide Web Conference , Toronto, Canada, May 11-14, 1999.
  • Program Committee member: 3rd USENIX workshop on Electronic Commerce , Boston, MA, August 31 - September 3, 1998.
  • Program Committee member: 5th ACM Conference on Computer and Communications Security, San Francisco, CA, November 3-5, 1998.
  • Program Chair: 7th USENIX Security Symposium, San Antonio, TX, Jan. 26-29, 1998.
  • Program Committee member: 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, April 2-4, 1997.
  • Program Committee member: 6th USENIX Security Symposium, San Jose, CA, July 22-25, 1996.
  • Program Committee member: ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 22-23, 1996.

• Testimony
  • United Stated House Committee on Oversight and Government Reform, hearing on electronic voting, Washington, D.C., (April 18, 2007).
  • United Stated House Committee on Appropriations, hearing on ensuring the integrity of elections, Washington, D.C., (March 7, 2007).
  • Maryland Senate Committee on Education, Health, and Environmental Affairs, Expert Testimony, Hearing on Senate Bill 392 for Voter-Verified Records in Voting Systems, Annapolis, MD, (February 22, 2007).
  • Maryland House Ways and Means Committee, Expert Testimony, Hearing on House Bill 18 for improving voting systems in Maryland, Annapolis, MD, (February 1, 2007).
  • Maryland House Ways and Means Committee, Expert Testimony, Hearing on House Bill 244 requiring a voter verified paper record for voting machines in Maryland, Annapolis, MD, (February 1, 2006).
  • United States Election Assistance Commission, Hearing on Voluntary Voting Systems Guidelines, Panel on Voter Verified Paper Audit Trail, Washington D.C. (June 30, 2005).
  • Senate hearing: Voting in 2004: A Report to the Nation on America's Election Process, Absentee Ballot Panel, Dirksen Senate Office Building, Washington, DC (December 7, 2004).
  • United States Election Assistance Commission, Technical Guidelines Development Committee, Technology Panel, Public Hearings on Computer Security and Transparency, National Institute of Standards and Technology, Gaithersburg, MD, (September 20, 2004).
  • Linda Schade vs. Linda Lamone et. al., Trial on the Legality of Paperless Voting Machines in Maryland, Annapolis, MD (August 25, 2004).
  • United States House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Hearing on Electronic Voting, Washington, D.C. (July 20, 2004).
  • United States House Committee on House Administration, Hearing on Security of Electronic Voting, Washington, D.C. (July 7, 2004).
  • United States Federal Trade Commission, Written Expert Testimony, on a proposed Do Not Email Repository, (May 10, 2004).
  • United States Election Assistance Commission, Hearing on Electronic Voting Security, Technology Panel, Washington D.C. (May 5, 2004).

• Panels
  • Panelist: First Security and Privacy in Medical and Home-Care Systems Workshop (SPIMACS), Authentication in iHealthcare, Chicago, IL, November 13, 2009.
  • Panelist: Computers, Freedom, and Privacy Conference, Internet Voting for Overseas Americans, Washington DC, (June 4, 2009).
  • Panelist: Workshop on Electronic Voting, Electronic Voting: Future Aspirations, Tel Aviv, Israel May 18, 2009.
  • Panelist: RSA Conference, Exploiting Online Games, San Francisco, CA April 23, 2009.
  • Panelist: American Association for the Advancement of Science, Revisiting the U.S. Voting System: A Research Inventory, Technology, Usability, and Security panel, Washington DC, (November 27, 2006).
  • Panelist: California Secretary of State's Voting System Testing Summit, Security Panel, Sacramento, CA, (November 28-29, 2005).
  • Panelist: NIST Symposium on Voting System Threats, Configuration and Usability Threats, Gaithersburg, MD, (October 7, 2005).
  • Panelist: Conference of State Supreme Court Chief Justices, Voting Technologies, Charleston, SC (August 1, 2005).
  • Panelist: Workshop on observation of automated elections, The Carter Center, Atlanta, GA (March 18, 2005).
  • Panelist: The Carter Center Venezuela Virtual Panel, (November, 2004).
  • Panelist: Workshop on Voting, Vote Capture and Vote Counting, Harvard Kennedy School of Government, The Technologies of Voting, Cambridge, MA (June 1, 2004).
  • Panelist: Computer Science and Telecommunications Board of The National Academy of Science Workshop on Dependable Software Systems, Case Study: Electronic Voting Washington D.C. (April 20, 2004).
  • Panelist: USENIX Security 2003, Electronic Voting, Washington D.C. (August 6, 2003).
  • Panelist: Democracy Now, 2003, Voter-Verifiable Elections: How Do We Get There?, Washington D.C. (November 23, 2003).
  • Panelist: USENIX Security 2003, Electronic Voting, Washington D.C. (August 6, 2003).
  • Panelist: IEEE Infocom 2002, Securing Wireless and Mobile Networks - Is It Possible?, New York City (June 25, 2002).
  • Participant: 2002 Security Visionary Roundtable: A Roadmap for a Safer Wireless World, Washington D.C., (May 5-7,2002).
  • Panelist: Computers Freedom and Privacy 2002, Who Goes There? Privacy in Identity and Location Services, San Francisco (April 18, 2002).
  • Panel moderator: Conference on Democracy and the Internet in an Enlarging Europe Overview of On-Line Voting: Systems and Issues, New York, NY (March, 2001).
  • Panelist:Financial Cryptography 2001, The Business of Electronic Voting, Grand Cayman (February, 2001).
  • Panelist: National Science Foundation E-voting workshop, Washington, D.C., (October, 2000).
  • Panelist: 5th ACM Conference on Computer and Communications Security, Anonymity on the Internet, San Francisco, CA, (November 1998).
  • Panelist: Open Systems Security and ISSA Annual Conference, Securing the Web, Orlando, FL (March, 1998).
  • Panel organizer and moderator: Implementation Issues for Electronic Commerce: What Every Developer Should Know. ISOC Symposium on Network and Distributed System Security, (March, 1998).
  • Panel organizer and moderator: Downloadable Executable Content - Past, Present and Future. ISOC Symposium on Network and Distributed System Security (February, 1997).
  • Panelist: DIMACS Workshop on Network Threats, Web/Java Security Issues, New Brunswick, NJ (December 5, 1996).

• Tutorials Taught
  • The Mathematics of Information Technology and Complex Systems Network (MITACS), Network Security, (May 8, 2003).
  • IEEE Infocom 2002, End to End Web Security and E-commerce, (June 23, 2002).
  • 2002 USENIX Annual Technical Conference, Introduction to Computer Security, (June 10, 2002).
  • LISA 2001, 15th Systems Administration Conference, Introduction to Computer Security, (December, 2001).
  • 8th & 9th USENIX Security Symposia, Cryptography - From the Basics Through PKI in 23,400 Seconds, (August, 2000) & (August 1999), with Dan Geer.
  • 9th International World Wide Web Conference, Security on the World Wide Web, (May, 2000).
  • ISOC Symposium on Network and Distributed System Security, Cryptography 101, (February, 2000).

Awards

• Chosen as one of 54 favorite people, places and things in Jewish Baltimore, Baltimore Jewish Times, February 22, 2008.
• 2007 Award for Outstanding Research in Privacy Enhancing Technologies, for Security Analysis of a Cryptographically-Enabled RFID Device (with Stephen C. Bono, Matthew Green, Ari Juels, Adam Stubblefield, Michael Szydlo).
• 2005 Best Student Paper Award at the 14th USENIX Security Symposium, Security Analysis of a Cryptographically-Enabled RFID Device (with Stephen C. Bono, Matthew Green, Ari Juels, Adam Stubblefield, Michael Szydlo).
• 2004 Electronic Frontiers Foundation Pioneer Award.
• 2003 Baltimorean of the Year, Baltimore Magazine, January, 2004.
• 2001 Index on Censorship Freedom of Expression Award for the Best Circumvention of Censorship for the Publius project.
• 2000 Best Paper Award at the 9th USENIX Security Symposium, A robust, tamper-evident and censorship-resistant web publishing system (with Marc Waldman and Lorrie Cranor).
• 1999 Best Paper Award & Best Student Paper Award at the 8th USENIX Security Symposium, The Design and Analysis of Graphical Passwords (with Ian Jermyn, Alain Mayer, Fabian Monrose, and Michael K. Reiter).
• 1996 Co-author of Best Student Paper, Building Systems that Flexibly Control Downloaded Executable Content, at the 6th USENIX UNIX Security Symposium. Student: Trent Jaeger.
• 1992 National Science Foundation Fellowship - Summer Institute in Japan
• 1986 Branstrom Prize, University of Michigan

Technical Advisory Boards

• Arbor Networks
  
  • Protect organizations from destructive network attacks like Internet worms and denial of service, and operational vulnerabilities like peering issues and routing instability.
• Fortify Software
  
  • Protect companies from the threats posed by security flaws in software applications.
• Goodmail Systems
  
  • Provide bulk email services for desirable mass email that bypass spam filters.
• Hx Technologies
  
  • Enable health information exchange and interoperability (HIEI) by deploying, operating, and supporting regional health information networks (RHINs), precursors to the anticipated national health information network (NHIN).

Invited Addresses:

• Invited Speaker Will Your Vote be Safe? Will it be Counted?, Chizuk Amuno Congregation, Baltimore, MD, (October 27, 2008).
• Keynote Speaker New Frontiers in Security Research, Forrester Research Security Forum, Atlanta, GA, (September 5, 2007).
• Invited Speaker Security of Electronic Voting, Gartner IT Security Summit, Washington DC (June 6, 2007).
• Keynote Speaker Breaking Security Systems, World Summit on Intrusion Prevenstion, Baltimore, MD, (May 9, 2007).
• Keynote Speaker Breaking Security Systems: Political, Legal, and Technical Aspects, ShmooCon Conference, Washington DC (March 23, 2007).
• Invited Talk Electronic Voting Security Threat Analyses for Voting System Categories: A Workshop on Rating Voting Methods (VSRW 06) Washington, DC (June 9, 2006).
• Keynote Speaker Breaking Security Systems Software Security Summit, Baltimore, MD (June 6, 2006).
• Invited talk Electronic Voting: A Primer Computers Freedom and Privacy Conference, Washington DC (May 2, 2006).
• Invited Talk Electronic Voting and Security Annual Joint Meeting of Baltimore City and Baltimore County League of Women Voters, Baltimore, MD (March 18, 2006).
• Keynote Speaker, Security and Privacy Issues in RFID Technologies, 14th Annual Embedded Systems Conference, Boston, MA, (June 13, 2005).
• Invited Talk USENIX Security Conference Electronic Voting in the United States: An Update Baltimore, MD (August 4, 2005).
• Distinguished Lecturer, Xerox distinguished lecture series, Security and Privacy issues in RFID Technologies, Rochester, NY (June 20, 2005).
• Invited Speaker, Applied Cryptography and Network Security Conference, Security and Privacy issues in RFID Technologies, Columbia University, New York, NY (June 8, 2005).
• Don P. Giddons Inaugural Professorial Lecture Security Systems: Making and Breaking Them Johns Hopkins University, Arellano Theatre, Baltimore, MD (March 7, 2005).
• Invited Speaker, Election Eve Experts, Johns Hopkins Public Affairs Lunch, Evergreen House, Baltimore, MD, (October 22, 2004).
• Keynote Speaker, Electronic Voting and Security, Consortium for Computing Sciences in Colleges , Loyola University, Baltimore, MD, (October 15, 2004).
• Invited Speaker E-voting and Security, Maryland InfraGard, Towson, MD, (October 5, 2004).
• Invited Speaker Electronic Voting Security, The National Academies Science, Technology, and Law Panel, Washington, D.C. (September 14, 2004).
• Keynote Speaker, A Case Study in Computer System Vulnerability: Electronic Voting, Merit Annual Meeting, University of Michigan, Ann Arbor (June 24, 2004).
• Keynote Speaker, Security of electronic voting, Computer Security 2004 Mexico, UNAM, Mexico City, (May 28, 2004).
• University of Maryland Baltimore County, Information Assurance Week Seminar, Security Issues in Electronic Voting, Baltimore, MD, (April 26, 2004).
• Applied Physics Lab, Colloqium, Security Issues in Electronic Voting, Columbia, MD, (March 19, 2004).
• Keynote Speaker, Electronic Voting: A Case Study of How Closed Systems Fail, Secure Trusted Operating System Consortium 5th Annual Symposium, "Security: From Theory to Practice", Washington, D.C. (December 3, 2003).
• National Science Foundation, WATSH seminar, Analysis of An Electronic Voting Machine, Fairfax, VA (August 12, 2003).
• Johns Hopkins University, Information Security Institute Seminar, How to Think about Internet Security, Baltimore, MD, (March 25, 2003).
• Invited Expert , China's Cyber-Wall: Can technology break through?, Testimony on Censorship Technologies, Congressional-Executive Commission on China, Washington D.C., (November 4, 2002).
• Invited Speaker, It's a Jungle Out There: Viruses, Worms, and DDOS, Oh My!, NCSU E-Commerce Program, Raleigh, NC, (October 23, 2002).
• Invited Speaker, A How-To Guide to Implementing Wireless LAN Security Solutions, The Practitioners' Forum on Mobile & Wireless Security, Washington, D.C., (April 30, 2002).
• Invited Speaker, Security Considerations for E-voting, Large Installation System Administration (LISA) (December 5, 2001).
• Invited Speaker, 9th CACR Information Security Workshop, Security on the Internet and in Wireless Networks, Ottawa, Canada, (November 29, 2001).
• 3rd Annual AT&T IP Security Conference, Wireless LAN Security, (November 2, 2001).
• Distinguished Lecture, Publius, A robust, tamper-evident and censorship-resistant web publishing system, University of Pennsylvania Distinguished Lecture series, (October 23, 2001).
• AT&T 802.11 County Fair, WLAN Security or Insecurity: Is it Safe to go into the Ether? (October 10, 2001).
• Invited Speaker, Security Considerations for E-voting, USENIX 2001 General Conference (June 29, 2001).
• Colloquium talk, Publius, A robust, tamper-evident and censorship-resistant web publishing system, Princeton University (December 13, 2000).
• Invited Speaker, Advanced Internet Technology Seminar, Practical Security Issues on the Net, Florida Atlantic University (August 29, 2000).
• Seminar Series Talk, Security on the web: "Is there Really a Threat?" Telcordia Technologies (July 21, 2000).
• Invited Speaker, Computer System Security: Is there Really a Threat? USENIX 2000 General Conference (June 21, 2000).
• Zero Knowledge Systems, Publius, A robust, tamper-evident and censorship-resistant web publishing system (May 25, 2000).
• MIT Laboratory for Computer Science, Secure Remote Access to Internal Web Servers (March 29, 2000).
• John Jay College, Security on the Web (March 23, 2000).
• Keynote speaker, Security Problems on the Web, AT&T EUA Customer Conference (March 6, 2000).
• Panasonic Research Labs, Remote Access to Internal Web Servers (March 2, 2000).
• Invited Speaker, Managing Web Server Security, Securities Industry Automation Corporation (SIAC) (December 2, 1999).
• Invited Speaker, User Security on the Web, Securities Industry Automation Corporation (SIAC) (December 2, 1999).
• Telcordia Technologies, Security and Privacy on the Web (April 16, 1999).
• Invited Speaker, 1st CACR Information Security Workshop Security and Privacy on the World Wide Web, Waterloo, Ontario (November 24, 1998).
• Invited Speaker, University of Michigan Security and Privacy on the World Wide Web, Ann Arbor, MI (October 26, 1998).
• Invited Speaker, AT&T Web Implementors Symposium, Security and Privacy on the World Wide Web, Florham Park, NJ (July 31, 1998).
• Open Systems Security and ISSA Annual Conference, Mobile Code Security, Orlando, FL (March 23, 1998).
• Open Systems Security and ISSA Annual Conference, Privacy on the Web, Orlando, FL (March 23, 1998).
• Invited Speaker, Congregation Agudath Israel, Internet Security (February 10, 1998).
• RSA Data Security Conference, Crowds: Anonymous Web Transactions, San Fancisco, CA (January 14, 1998).
• Invited Speaker, AT&T Technology Forum, World Wide Web Security, (December 9, 1997).
• Trusted Information Systems, Crowds: Anonymous Web Transactions, (November 14, 1997).
• Dimacs Workshop on Cryptography and Network Security, Crowds: Anonymous Web Transactions, New Brunswick, NJ (August 13, 1997).
• Dimacs Workshop on Cryptography and Network Security, How Math Will Protect You on the Information Super-highway, New Brunswick, NJ (August 13, 1997).
• Invited Speaker, 4th Workshop on Selected Areas in Cryptography, Crowds: Anonymous Web Transactions, Ottawa, Canada (August 11, 1997).
• University of Minnesota, Computer Science Seminar Anonymous Web Transactions, Minneapolis, MN (July 28, 1997).
• Keynote Speaker, AT&T Security Workshop, Security on the Internet, Rome, Italy (June 24, 1997).
• Dimacs Workshop on Network Threats, Blocking Java Applets at the Firewall, New Brunswick, NJ (December 5, 1996).
• University of California at Berkeley, Computer Science Seminar, Key Distribution Using Smart Cards, Berkeley, CA (November 25, 1996).
• Invited Speaker, Carnegie Mellon University, Traveling Salesmen Seminar Series, Key Distribution Using Smart Cards, Pittsburgh, PA (November 11, 1996).
• Invited Speaker, Open Systems Forum, Research Trends in Computer Security, Orlando, FL (March 5, 1996).
• Bellcore Applied Research Counsel, Security vs. Functionality in Java: Why You Can’t Have Your Coffee and Drink it Too, Morristown, NJ (January 30, 1996).
• Bell South, Secure Remote File Retrieval, Birmingham, Alabama (November 10, 1995).
• IBM Research Labs, Independent One-Time Passwords & Betsi, Hawthorne, New York (June 2, 1995).
• New York University, Computer Science Colloquium, Secure Cryptographic Key Distribution Over Insecure Networks,” (May 16, 1995).
• Invited Speaker, Michigan Mathematics Competition Program, How Math will Protect You on the Information Super-Highway, Allendale, Michigan (March 4, 1995).
• Bellcore, Lab Seminar, Bellcore’s Trusted Software Integrity System (January 26, 1995).
• Trusted Information Systems, Trusted Distribution of Software in a Hostile Environment (October 31, 1994).
• University of Michigan, 5th Annual Industrial Partners of Computer Science and Engineering (IPoCSE) Review, A Formal Method for Specifying and Analyzing Nonmonotonic Cryptographic Protocols (March 18, 1994).
• Naval Research Labs, Washington D.C., Formal Analysis Techniques and Their Application to a New Kerberos Service (November 2, 1993).
• University of Michigan, 4th Annual IPoCSE Review, Long-Running Jobs in a Secure Environment (April 1, 1993).
• University of Michigan, Intelligent Vehicle-Highway Systems Seminar, Distributed System Security (December 8, 1992).
• University of Michigan, Center for Information Technology Integration Brown Bag, Authentication in Distributed Systems (October 30, 1992).
• University of Michigan, Software Seminar, A System Architecture for IVHS (December 3, 1990).