http://avirubin.com/
rubin@jhu.edu

Address:

Date, Place of Birth

Contents

• Academic Degrees
• Academic Appointments
• Industry Experience
• Books
• Refereed Journal Publications
• Refereed Conference Publications
• Patents
• Miscellany
• Professional Activities
• Awards
• Technical Advisory Boards
• Invited Addresses

Academic Degrees

• 1994, Ph.D., Computer Science and Engineering, University of Michigan, Ann Arbor
  
• 1991, M.S.E., Computer Science and Engineering, University of Michigan, Ann Arbor
  
• 1989, B.S., Computer Science (Honors), University of Michigan, Ann Arbor
  

Academic Appointments

• 2003 - present
  Technical Director, Johns Hopkins University Information Security Institute

• April, 2004 - present
  Professor, Johns Hopkins University

• 2003 - April, 2004
  Associate Professor, Johns Hopkins University

• 1995 - 1999
  Adjunct Professor, New York University
  • Internet and Web Security Spring, 1999 (with Dave Kormann)
  • Privacy in Networks: Attacks and Defenses Spring, 1998 (with Dave Kormann and Mike Reiter)
  • Design and Analysis of Cryptographic Protocols Fall, 1996 & Spring, 1997 (with Matt Franklin)
  • Cryptography and Computer Security Fall, 1995 & Spring, 1996

• Summer, 1999
  Visiting Professor, École Normale Supérieure, Paris, France

• 1988 - 1993
  Teaching Assistant, University of Michigan
  • 1993 Intro. to Cryptography
  • 1992 Assembler Language Programming
  • 1991 Software Engineering
  • 1990 IVHS Seminar
  • 1989-1990 Head TA, Intro. to Computer Science
  • 1988-1989 Intro. to Computer Science

• Doctoral Committees
  • Doctoral Thesis Advisor: Ryan Gardner
  • Doctoral Thesis Advisor: Sam Small
  • Doctoral Thesis Advisor: Sujata Doshi
  • Doctoral Thesis Advisor: Joshua Mason
  • Dissertation Committee: J. Alex Halderman, Princeton University
  • Dissertation Committee: Sophie Qiu (May, 2007).
  • Doctoral Thesis Advisor: Adam Stubblefield (April, 2005).
  • Dissertation Committee: Kevin FU, MIT (February, 2005).
  • Dissertation Committee: Robert Fischer, Harvard University (June, 2003).
  • Dissertation Committee: Marc Waldman, New York University, (April, 2003).
  • Dissertation Committee: Patrick McDaniel, University of Michigan (September, 2001).
  • Doctoral Thesis Advisor: Fabian Monrose, New York University (April, 1999).
  • Dissertation Committee: Mike Just, Carleton University (November, 1998).
  • Dissertation Committee: Trent Jaeger, University of Michigan (October, 1996).

Industry Experience

• 1997 - 2002
  AT&T Labs - Research , Secure Systems Research Department
• 1994 - 1996
  Bellcore, Cryptography and Network Security Research Group
• Summer, 1990
  Great Lakes Software Co., Programmer, Howell, MI
• Summer, 1989
  IBM , Programmer, Meyers Corners Lab, Poughkeepsie, NY

Books

• Aviel D. Rubin, Brave New Ballot, Random House, (September, 2006).
• William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin, Firewalls and Internet Security: Repelling the Wily Haccker (2e), Addison Wesley Publishing Company, Inc., (February, 2003).
• Chapter 4, Communications Policy and Information Technology: Promises, Problems, Prospects, MIT Press, Lorrie Faith Cranor and Shane Mitchell Greenstein, eds., (2002).
• Aviel D. Rubin, White-hat Security Arsenal, Addison Wesley Publishing Company, Inc., (June, 2001).
• Chapter 8, Publius and Chapter 14, Trust in Distributed Systems,
  Marc Waldman, Lorrie Faith Cranor, and Aviel D. Rubin, Peer-to-Peer, O'Reilly & Associates, Inc., (February, 2001).
• Aviel D. Rubin, Daniel Geer, Marcus J. Ranum, Web Security Sourcebook, John Wiley & Sons, Inc , (June, 1997).
• Ph.D. dissertation: Nonmonotonic Cryptographic Protocols (ps.gz, pdf), University of Michigan, Ann Arbor (April, 1994).

Refereed Journal Publications

• Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, Avi Rubin, Anonymity in Wireless Broadcast Networks, International Journal of Network Security (IJNS), to appear, 2008.
• Stephen Bono, Aviel Rubin, Adam Stubblefield, and Matthew Green, Security Through Legality, Communications of the ACM (June, 2006).
• Adam Stubblefield, Dan S. Wallach, and Aviel D. Rubin, Managing the Performance Impact of Web Security, Electronic Commerce Research Journal, February, 2005.
• David Jefferson, Aviel D. Rubin, Barbara Simons, David Wagner, Analyzing Internet Voting Security, Communications of the ACM (October, 2004).
• Simon Byers, Aviel D. Rubin, and David Kormann, Defending Against an Internet-based Attack on the Physical World, ACM Transactions on Internet Technology (TOIT), August, 2004.
• Adam Stubblefield, John Ioannidis, and Aviel D. Rubin, A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP) (pdf), ACM Transactions on Information and System Security, May, 2004.
• Aviel D. Rubin, Security Considerations for Remote Electronic Voting, Communications of the ACM (December, 2002).
• Marc Waldman, Aviel D. Rubin, and Lorrie F. Cranor, The Architecture of Robust Publishing Systems, ACM Transactions on Internet Technology (TOIT), (November, 2001).
• David P. Kormann and Aviel D. Rubin, Risks of the Passport Single Signon Protocol, Computer Networks, (July, 2000).
• Christian Gilmore, David P. Kormann, and Aviel D. Rubin, Secure Remote Access to an Internal Web Server, IEEE Network, (November, 1999).
• Fabian Monrose and Aviel D. Rubin, Keystroke Dynamics as a Biometric for Authentication, (pdf) Future Generation Computer Systems, (March, 2000).
• Michael K. Reiter and Aviel D. Rubin, Anonymity Loves Company: Anonymous Web Transactions with Crowds (ps.gz, pdf) Communications of the ACM (February, 1999).
• Aviel D. Rubin and Daniel E. Geer, Jr., Mobile Code Security (ps.gz, pdf), IEEE Internet Computing (November/December, 1998).
• Aviel D. Rubin and Daniel E. Geer, Jr., A Survey of Web Security, IEEE Computer, (September, 1998).
• Michael K. Reiter and Aviel D. Rubin, Crowds: Anonymity for Web Transactions (ps.gz, pdf), ACM Transactions on Information and System Security, (June, 1998).
• Aviel D. Rubin, An Experience Teaching a Graduate Course in Cryptography (ps, pdf), Cryptologia (April, 1997).
• Aviel D. Rubin, Extending NCP for public Key Protocols, Mobile Networks and Applications (ACM/Balzer), 2(3) (April, 1997).
• Aviel D. Rubin, Independent One-Time Passwords, (ps.gz, pdf) USENIX Journal of Computer Systems (February, 1996).
• Aviel D. Rubin, Secure Distribution of Documents in a Hostile Environment, Computer Communications (June, 1995).

Refereed Conference Publications

• Ryan Gardner, Sujata Garera, Anand Rajan, Carols Rozas, Aviel D. Rubin, Manoj Sastry, Protecting Patient Records from Unwarranted Access, Future of Trust in Computing, July, 2008.
• Sujata Garera, Niels Provos, Monica Chew and Aviel D. Rubin, A Framework for Detection and Measurement of Phishing Attacks, 5th ACM Workshop on Recurring Malcode (WORM 2007), November, 2007.
• Sujata Garera and Aviel D. Rubin, An Independent Audit Framework for Software Dependent Voting Systems, 14th ACM Conference on Computer and Communcations Security, November, 2007.
• Ryan Gardner, Sujata Garera, and Aviel D. Rubin, On the Difficulty of Validating Voting Machine Software with Software, In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT '07), August, 2007.
• Sophie Qiu, Patrick McDaniel, Fabian Monrose, and Avi Rubin, Characterizing Address Use Structure and Stabillity of Origin Advertizement in Interdomain Routing, Proceedings of IEEE Symposium on Computers and Communications (June, 2006).
• Sujata Doshi, Fabian Monrose, and Aviel D. Rubin, Efficient Memory Bound Puzzles using Pattern Databases, 4th International Conference on Applied Cryptography and Network Security (ACNS'06), (June, 2006).
• Sophie Qiu, Patrick McDaniel, Fabian Monrose, and Avi Rubin, Characterizing Address Use Structure and Stabillity of Origin Advertizement in Interdomain Routing, 11th IEEE Symposium on Computers and Communications, (June 2006).
• Zachary Peterson, Randal Burns, Joseph Herring, Adam Stubblefield, and Aviel D. Rubin, Secure Deletion for a Versioning Filesystem , Proc. USENIX Conference on File and Storage Technologies (FAST '05), (December, 2005).
• Stephen C. Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin, Michael Szydlo, Security Analysis of a Cryptographically-Enabled RFID Device 14th USENIX Security Symposium, (August, 2005).
• Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, Analysis of an Electronic Voting System, Proc. IEEE Symposium on Security and Privacy (May, 2004).
• Nathanael Paul, David Evans, Aviel D. Rubin and Dan Wallach, Authentication for Remote Voting, ACM Workshop on Human-Computer Interaction and Security Systems (April, 2003).
• Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Aviel Rubin, Protocols for Anonymity in Wireless Networks Proc. 11th International Workshop on Security Protocols (April, 2003).
• Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick McDaniel, Aviel Rubin, Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing , Proc. ISOC Symposium on Network and Distributed System Security (February, 2003).
• Simon Byers, Aviel D. Rubin, David Kormann, Defending Against an Internet-based Attack on the Physical World (pdf), ACM Workshop on Privacy in the Electronic Society (November, 2002).
• Adam Stubblefield, John Ioannidis, and Aviel D. Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, Proc. ISOC Symposium on Network and Distributed System Security (February, 2002).
• Aviel D. Rubin, Security Considerations for Remote Electronic Voting, 29th Research Conference on Communication, Information and Internet Policy (TPRC2001), (October, 2001).
• Aviel D. Rubin and Rebecca N. Wright, Off-line generation of limited-use credit card numbers, (ps.gz, pdf) Financial Cryptography Conference, (February, 2001).
• Marc Waldman, Aviel D. Rubin, and Lorrie F. Cranor, Publius, A robust, tamper-evident and censorship-resistant web publishing system, 9th USENIX Security Symposium, (August, 2000).
• David P. Kormann and Aviel D. Rubin, Risks of the Passport Single Signon Protocol, 9th International World Wide Web Conference, (May, 2000).
• Patrick McDaniel and Aviel D. Rubin, A Response to "Can we Eliminate Certificate Revocation Lists?", (ps.gz, pdf), Financial Cryptography Conference, (February, 2000).
• William A. Aiello, Aviel D. Rubin, and Martin J. Strauss, Using smartcards to secure a personalized gambling device (ps.gz, pdf), 6th ACM Conference on Computer and Communcations Security, (November, 1999).
• Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin, The Design and Analysis of Graphical Passwords (ps.gz, pdf) 8th USENIX Security Symposium, (August, 1999).
• Christian Gilmore, David Kormann, and Aviel D. Rubin, Secure Remote Access to an Internal Web Server, (ps.gz, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1999).
• Fabian Monrose, Peter Wykoff, and Aviel D. Rubin, Distributed Execution with Remote Audit (ps.gz, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1999).
• Dahlia Malkhi, Michael K. Reiter and Aviel D. Rubin, Secure Execution of Java Applets using a Remote Playground (ps, pdf) Proc. IEEE Symposium on Security and Privacy (May, 1998).
• Aviel D. Rubin, Dan Boneh, and Kevin Fu, Revocation of Unread E-mail in an Untrusted Network (ps.gz, pdf), Second Australasian Conference on Information Security and Privacy (July, 1997).
• Fabian Monrose and Aviel D. Rubin, Authentication via Keystroke Dynamics (ps, pdf), 4th ACM Conference on Computer and Communcations Security (April, 1997).
• David M. Martin, Siviramakrishnan Rajagopalan, and Aviel D. Rubin, Blocking Java Applets at the Firewall (ps, pdf), Proc. ISOC Symposium on Network and Distributed System Security (February, 1997).
• Trent Jaeger, Aviel D. Rubin and Atul Prakash, A System Architecture for Flexible Control of Downloaded Executable Content, 5th International Workshop on Object-Orientation in Operating Systems (October, 1996).
• Trent Jaeger, Aviel D. Rubin and Atul Prakash, Building Systems that Flexibly Control Downloaded Executable Content, Proc. 6th USENIX Security Symposium (July, 1996).
• Victor Shoup and Aviel D. Rubin, Session Key Distribution Using Smart Cards, (ps, pdf), Proc. of Eurocrypt '96 (May, 1996).
• Trent Jaeger & Aviel D. Rubin, Preserving Integrity in Remote File Location and Retrieval, Proc. ISOC Symposium on Network and Distributed System Security (February, 1996).
• Aviel D. Rubin, Extending NCP for Public Key Protocols, Proc. IEEE 4th International Conference on Computer Communications and Networks (September, 1995).
• Aviel D. Rubin, Pseudo-Random Functions for One-Time Passwords, Proc. 5th USENIX UNIX Security Symposium (June, 1995).
• Aviel D. Rubin, Trusted Distribution of Software Over the Internet, Proc. ISOC Symposium on Network and Distributed System Security (February, 1995).
• Aviel D. Rubin & Peter Honeyman, Nonmonotonic Cryptographic Protocols, Proc. IEEE Computer Security Foundations Workshop VII (June, 1994).
• Aviel D. Rubin & Peter Honeyman, Long Running Jobs in an Authenticated Environment, Proc. 4th USENIX UNIX Security Symposium (October, 1993).

Patents

Miscellany

• Aviel D. Rubin, Lead article: Kerberos Versus the Leighton and Micali Protocol, Dr. Dobb's Journal (November, 2000).
• Aviel D. Rubin, Feature article: How to perform a secure remote backup over an insecure network, Sunworld (August, 2000).
• Aviel D. Rubin, Feature article: None of your E-business - Protecting Your Privacy in Cyberspace Web Techniques Magazine (April, 2000).
• Aviel D. Rubin, Cryptography, Microsoft Encarta Encyclopedia, 2000.
• Michael K. Reiter and Aviel D. Rubin Privacy on the Web: How to Be Just a Face in the Crowd, The Journal of Electronic Commerce (EDI FORUM) (January, 1999).
• Aviel D. Rubin and Daniel E. Geer, Jr., Safe CGI Scripting, Software Development magazine (January, 1999).
• Aviel D. Rubin Bellcore Bulletin article: Commentary, The World Wide Web: A Challenging Security Retrofit (December, 1996).
• Dan Sills, Aviel Rubin, and Howard Lemberg, Security Implications of Dynamically Downloadable Executable Objects, Advanced Network Architecture Initiative, Deliverable 5.2 (September, 1996).
• Aviel D. Rubin, IETF: Network Working Group, RFC 1805, Location-Independent Data/Software Integrity Protocol (June, 1995).
• Chapter: Design Document for Internet Billing System, Security Considerations (December, 1994).
• Chapter: Design Document for Broadband Systems Controller, Security Issues (October, 1994).
• Newsletter article: CITI Lights, Kerberos Support for Long Running Jobs (November 2, 1993).

Professional Activities

• Board of Directors
  • Director, USENIX Organization, elected by popular vote.
    - 2 year term: 2002-2004
    - 2 year term: 2000-2002

• Editorial and Committees
  • Guest Co-Editor: IEEE Security & Privacy Magazine, Special Issue on Electronic Voting, October/November, 2007.
  • Associate Editor: IEEE Transactions on Software Engineering (2005-2006).
  • Editorial and Advisory Board: International Journal of Information and Computer Security (IJICS) (2004-2006).
  • Guest Co-Editor: IEEE Computer Networks, Special Issue on Web Security, January, 2005.
  • Editorial Board: Journal of Privacy Technology (2004-2006).
  • Guest Co-Editor: IEEE Security & Privacy Magazine, Special Issue on Electronic Voting Security, January/February, 2004.
  • Member: Security Peer Review Group (SPRG) of the Federal Voting Assistance Program's (FVAP) Secure Electronic Registration and Voting Experiment (SERVE) Project, 2003-2004.
  • Member: DARPA Information Science And Technology Study Group (2003-2006).
  • Associate Editor: IEEE Security & Privacy Magazine (2003-present).
  • Guest Editor: Communications of the ACM, Special Issue on Wireless Networking Security, May, 2003.
  • Associate Editor: ACM Transactions on Internet Technology (2002-2005).
  • Executive Committee Member: DIMACS Workshop Series with Special Focus on Network Security (2002-2004).
  • Advisory Board Member: Information Security and Cryptography Book Series, Springer, 2001-2006.
  • Member: Steering Group, ISOC Symposium on Network and Distributed System Security, 2001-2004.
  • Member: Government Infosec Science and Technology Study Group on malicious code, 1999 - 2000.
  • Member: AT&T Internet Intellectual Property Review Team, 1999 - 2001.
  • Associate Editor: Electronic Commerce Research Journal, Baltzer Science Publishers, 1999 - 2002.
  • Co-Editor: Electronic Newletter of the IEEE Technical Committe on Security & Privacy, with Paul Syverson, 1998.
  • Editorial Board: Bellcore Security Update Newletter, 1995-1996.

• Conference Committees
  • Invited Talks Co-Coordinator: 17th USENIX Security Symposium, San Jose, CA, July 28 - August 1, 2008.
  • Program Co-chair: (w/Patrick McDaniel): IEEE Symposium on Security and Privacy, Oakland, California, May 18-22, 2008.
  • Program Co-chair: (w/Giovani Di Crescenzo): Financial Cryptography '06 Anguilla BWI, February, 2006.
  • Program Committee member: IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 2004.
  • Program Committee member: Financial Cryptography '04 Key West, Florida, February 9-12, 2004.
  • Program Committee member: 2nd ACM SIGSAC Workshop on Privacy in the Electronic Society Washington D.C., October 30, 2003.
  • Program Committee member: 10th ACM Conference on Computer and Communications Security, Washington D.C., October 27-30, 2003.
  • Program Committee member: 8th European Symposium on Research in Computer Science (ESORICS), Norway, October 13-15, 2002.
  • Program Vice Chair: Security and Privacy Track, The Twelfth International World Wide Web Conference, Budapest, Hungary, May 20-24, 2003.
  • Program Committee member: IEEE Symposium on Security and Privacy, Oakland, California, May 11-14, 2003.
  • Program Committee member: Workshop on Security and Assurance in Ad hoc Networks, Orlando, FL, January 28, 2003.
  • Program Committee member: 4th International Conference on Information and Communications Security (ICICS), Kent Ridge Digital Labs (KRDL), Singapore December 9-12, 2002.
  • Program Committee member: ACM SIGSAC Workshop on Privacy in the Electronic Society Washington D.C., November 21, 2002.
  • Program Committee member: 9th ACM Conference on Computer and Communications Security, Washington D.C., November 17-21, 2002.
  • Program Committee member: 5th International Conference on Electronic Commerce Research (ICECR-5), Montreal, Canada, October 23-27, 2002.
  • Program Committee member: 2nd Symposium on Requirements Engineering for Information Security (SREIS), Raleigh, North Carolina, Oct 14-15, 2002.
  • Program Committee member: 7th European Symposium on Research in Computer Science (ESORICS), Zurich, Swizerland, October 14-16, 2002.
  • Program Committee member: 11th USENIX Security Symposium, San Francisco, Ca, August 5-9, 2002.
  • Program Committee member: International Workshop on Global and Peer-to-Peer Computing at IEEE International Symposium on Cluster Computing and the Grid (CCGrid'2002), Berlin, Germany, May 21-24, 2002.
  • Program Committee member: 11th International World Wide Web Conference Honolulu, Hawai, May 7-11, 2002.
  • Program Committee member: 2nd Workshop on Privacy Enhancing Technologies San Francisco, CA, April 14-15, 2002.
  • Program Committee member: The 1st International Workshop on Peer-to-Peer Systems (IPTPS'02) MIT Faculty Club, Cambridge, MA, March 7-8, 2002.
  • Program Committee member: The 4th International Conference on Telecommunications and Electronic Commerce Dallas, TX, November, 2001.
  • Program Committee member: 10th USENIX Security Symposium, Washington D.C., August 13-17, 2001.
  • Program Committee member: Financial Cryptography '01 Grand Cayman, Cayman Islands, BWI, February, 2001.
  • Program Co-chair: (w/Paul Van Oorschot): ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 7-9, 2001.
  • Program Committee member: The 3rd International Conference on Telecommunications and Electronic Commerce Dallas, TX, November 16-19, 2000.
  • Program Committee member: 9th USENIX Security Symposium, Denver, Colorodo, August 14-17, 2000.
  • Program Committee member: Workshop on Design Issues in Anonymity and Unobservability Berkeley, California, July 25-26, 2000.
  • Program Committee member: Performance and Architecture of Web Servers (PAWS), Santa Clara, CA, June 18, 2000.
  • Program Co-chair: (w/Gene Tsudik): ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 2-4, 2000.
  • Program Committee member: 1999 International Information Security Workshop (ISW'99), Kuala Lumpur, Malaysia, November 6-7, 1999.
  • Program Committee member: 2nd Int'l. Conference on Telecommunications and Electronic Commerce, Nashville, TN, October 6-8, 1999.
  • Invited Talks coordinator: 8th USENIX Security Symposium, Washington D.C., August, 1999.
  • Program Chair: 24th USENIX Annual Technical Conference, Monterey, CA, June 7-11, 1999.
  • Program Committee member: 8th International World Wide Web Conference , Toronto, Canada, May 11-14, 1999.
  • Program Committee member: 3rd USENIX workshop on Electronic Commerce , Boston, MA, August 31 - September 3, 1998.
  • Program Committee member: 5th ACM Conference on Computer and Communications Security, San Francisco, CA, November 3-5, 1998.
  • Program Chair: 7th USENIX Security Symposium, San Antonio, TX, Jan. 26-29, 1998.
  • Program Committee member: 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, April 2-4, 1997.
  • Program Committee member: 6th USENIX Security Symposium, San Jose, CA, July 22-25, 1996.
  • Program Committee member: ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 22-23, 1996.

• Testimony
  • United Stated House Committee on Oversight and Government Reform, hearing on electronic voting, Washington, D.C., (April 18, 2007).
  • United Stated House Committee on Appropriations, hearing on ensuring the integrity of elections, Washington, D.C., (March 7, 2007).
  • Maryland Senate Committee on Education, Health, and Environmental Affairs, Expert Testimony, Hearing on Senate Bill 392 for Voter-Verified Records in Voting Systems, Annapolis, MD, (February 22, 2007).
  • Maryland House Ways and Means Committee, Expert Testimony, Hearing on House Bill 18 for impoving voting systems in Maryland, Annapolis, MD, (February 1, 2007).
  • Maryland House Ways and Means Committee, Expert Testimony, Hearing on House Bill 244 requiring a voter verified paper record for voting machines in Maryland, Annapolis, MD, (February 1, 2006).
  • United States Election Assistance Commission, Hearing on Voluntary Voting Systems Guidlines, Panel on Voter Verified Paper Audit Trail, Washington D.C. (June 30, 2005).
  • Senate hearing: Voting in 2004: A Report to the Nation on America's Election Process, Absentee Ballot Panel, Dirksen Senate Office Building, Washington, DC (December 7, 2004).
  • United States Election Assistance Commission, Technical Guidelines Development Committee, Technology Panel, Public Hearings on Computer Security and Transparency, National Institute of Standards and Technology, Gaithersburg, MD, (September 20, 2004).
  • Linda Schade vs. Linda Lamone et. al., Trial on the Legality of Paperless Voting Machines in Maryland, Annapolis, MD (August 25, 2004).
  • United States House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Hearing on Electronic Voting, Washington, D.C. (July 20, 2004).
  • United States House Committee on House Administration, Hearing on Security of Electronic Voting, Washington, D.C. (July 7, 2004).
  • United States Federal Trade Commission, Written Expert Testimony, on a proposed Do Not Email Repository, (May 10, 2004).
  • United States Election Assistance Commission, Hearing on Electronic Voting Security, Technology Panel, Washington D.C. (May 5, 2004).

• Panels
  • Panelist: American Association for the Advancement of Science, Revisiting the U.S. Voting System: A Research Inventory, Technology, Usability, and Security panel, Washington DC, (November 27, 2006).
  • Panelist: California Secretary of State's Voting System Testing Summit, Security Panel, Sacramento, CA, (November 28-29, 2005).
  • Panelist: NIST Symposium on Voting System Threats, Configuration and Usability Threats, Gaithersburg, MD, (October 7, 2005).
  • Panelist: Conference of State Supreme Court Chief Justices, Voting Technologies, Charleston, SC (August 1, 2005).
  • Panelist: Workshop on observation of automated elections, The Carter Center, Altanta, GA (March 18, 2005).
  • Panelist: The Carter Center Venezuela Virtual Panel, (November, 2004).
  • Panelist: Workshop on Voting, Vote Capture and Vote Counting, Harvard Kennedy School of Government, The Technologies of Voting, Cambridge, MA (June 1, 2004).
  • Panelist: Computer Science and Telecommunications Board of The National Academy of Science Workshop on Dependable Software Systems, Case Study: Electronic Voting Washington D.C. (April 20, 2004).
  • Panelist: USENIX Security 2003, Electronic Voting, Washington D.C. (August 6, 2003).
  • Panelist: Democracy Now, 2003, Voter-Verifiable Elections: How Do We Get There?, Washington D.C. (November 23, 2003).
  • Panelist: USENIX Security 2003, Electronic Voting, Washington D.C. (August 6, 2003).
  • Panelist: IEEE Infocom 2002, Securing Wireless and Mobile Networks - Is It Possible?, New York City (June 25, 2002).
  • Participant: 2002 Security Visionary Roundtable: A Roadmap for a Safer Wireless World, Washington D.C., (May 5-7,2002).
  • Panelist: Computers Freedom and Privacy 2002, Who Goes There? Privacy in Identity and Location Services, San Francisco (April 18, 2002).
  • Panel moderator: Conference on Democracy and the Internet in an Enlarging Europe Overview of On-Line Voting: Systems and Issues, New York, NY (March, 2001).
  • Panelist:Financial Cryptography 2001, The Business of Electronic Voting, Grand Cayman (February, 2001).
  • Panelist: National Science Foundation E-voting workshop, Washington, D.C., (October, 2000).
  • Panelist: 5th ACM Conference on Computer and Communications Security, Anonymity on the Internet, San Francisco, CA, (November 1998).
  • Panelist: Open Systems Security and ISSA Annual Conference, Securing the Web, Orlando, FL (March, 1998).
  • Panel organizer and moderator: Implementation Issues for Electronic Commerce: What Every Developer Should Know. ISOC Symposium on Network and Distributed System Security, (March, 1998).
  • Panel organizer and moderator: Downloadable Executable Content - Past, Present and Future. ISOC Symposium on Network and Distributed System Security (February, 1997).
  • Panelist: DIMACS Workshop on Network Threats, Web/Java Security Issues, New Brunswick, NJ (December 5, 1996).

• Tutorials Taught
  • The Mathematics of Information Technology and Complex Systems Network (MITACS), Network Security, (May 8, 2003).
  • IEEE Infocom 2002, End to End Web Security and E-commerce, (June 23, 2002).
  • 2002 USENIX Annual Technical Conference, Introduction to Computer Security, (June 10, 2002).
  • LISA 2001, 15th Systems Administration Conference, Introduction to Computer Security, (December, 2001).
  • 8th & 9th USENIX Security Symposia, Cryptography - From the Basics Through PKI in 23,400 Seconds, (August, 2000) & (August 1999), with Dan Geer.
  • 9th International World Wide Web Conference, Security on the World Wide Web, (May, 2000).
  • ISOC Symposium on Network and Distributed System Security, Cryptography 101, (February, 2000).

Awards

• Chosen as one of 54 favorite people, places and things in Jewish Baltimore, Baltimore Jewish Times, February 22, 2008.
• 2007 Award for Outstanding Research in Privacy Enhancing Technologies, for Security Analysis of a Cryptographically-Enabled RFID Device (with Stephen C. Bono, Matthew Green, Ari Juels, Adam Stubblefield, Michael Szydlo).
• 2005 Best Student Paper Award at the 14th USENIX Security Symposium, Security Analysis of a Cryptographically-Enabled RFID Device (with Stephen C. Bono, Matthew Green, Ari Juels, Adam Stubblefield, Michael Szydlo).
• 2004 Electronic Frontiers Foundation Pioneer Award.
• 2003 Baltimorean of the Year, Baltimore Magazine, January, 2004.
• 2001 Index on Censorship Freedom of Expression Award for the Best Circumvention of Censorship for the Publius project.
• 2000 Best Paper Award at the 9th USENIX Security Symposium, A robust, tamper-evident and censorship-resistant web publishing system (with Marc Waldman and Lorrie Cranor).
• 1999 Best Paper Award & Best Student Paper Award at the 8th USENIX Security Symposium, The Design and Analysis of Graphical Passwords (with Ian Jermyn, Alain Mayer, Fabian Monrose, and Michael K. Reiter).
• 1996 Co-author of Best Student Paper, Building Systems that Flexibly Control Downloaded Executable Content, at the 6th USENIX UNIX Security Symposium. Student: Trent Jaeger.
• 1992 National Science Foundation Fellowship - Summer Institute in Japan
• 1986 Branstrom Prize, University of Michigan

Technical Advisory Boards

• Arbor Networks
  
  • Protect organizations from destructive network attacks like Internet worms and denial of service, and operational vulnerabilities like peering issues and routing instability.
• Fortify Software
  
  • Protect companies from the threats posed by security flaws in software applications.
• Goodmail Systems
  
  • Provide bulk email services for desirable mass email that bypass spam filters.
• Hx Technologies
  
  • Enable health information exchange and interoperability (HIEI) by deploying, operating, and supporting regional health information networks (RHINs), precursors to the anticipated national health information network (NHIN).

Invited Addresses:

• Keynote Speaker New Frontiers in Security Research, Forrester Research Security Forum, Atlanta, GA, (September 5, 2007).
• Invited Speaker Security of Electronic Voting, Gartner IT Security Summit, Washington DC (June 6, 2007).
• Keynote Speaker Breaking Security Systems, World Summit on Intrusion Prevenstion, Baltimore, MD, (May 9, 2007).
• Keynote Speaker Breaking Security Systems: Political, Legal, and Technical Aspects, ShmooCon Conference, Washington DC (March 23, 2007).
• Invited Talk Electronic Voting Security Threat Analyses for Voting System Categories: A Workshop on Rating Voting Methods (VSRW 06) Washington, DC (June 9, 2006).
• Keynote Speaker Breaking Security Systems Software Security Summit, Baltimore, MD (June 6, 2006).
• Invited talk Electronic Voting: A Primer Computers Freedom and Privacy Conference, Washington DC (May 2, 2006).
• Invited Talk Electronic Voting and Security Annual Joint Meeting of Baltimore City and Baltimore County League of Women Voters, Baltimore, MD (March 18, 2006).
• Keynote Speaker, Security and Privacy Issues in RFID Technologies, 14th Annual Embedded Systems Conference, Boston, MA, (June 13, 2005).
• Invited Talk USENIX Security Conference Electronic Voting in the United States: An Update Baltimore, MD (August 4, 2005).
• Distinguished Lecturer, Xerox distinguished lecture series, Security and Privacy issues in RFID Technologies, Rochester, NY (June 20, 2005).
• Invited Speaker, Applied Cryptography and Network Security Conference, Security and Privacy issues in RFID Technologies, Columbia University, New York, NY (June 8, 2005).
• Don P. Giddons Inaugural Professorial Lecture Security Systems: Making and Breaking Them Johns Hopkins University, Arellano Theatre, Baltimore, MD (March 7, 2005).
• Invited Speaker, Election Eve Experts, Johns Hopkins Public Affairs Lunch, Evergreen House, Baltimore, MD, (October 22, 2004).
• Keynote Speaker, Electronic Voting and Security, Consortium for Computing Sciences in Colleges , Loyola University, Baltimore, MD, (October 15, 2004).
• Invited Speaker E-voting and Security, Maryland InfraGard, Towson, MD, (October 5, 2004).
• Invited Speaker Electronic Voting Security, The National Academies Science, Technology, and Law Panel, Washington, D.C. (September 14, 2004).
• Keynote Speaker, A Case Study in Computer System Vulnerability: Electronic Voting, Merit Annual Meeting, University of Michigan, Ann Arbor (June 24, 2004).
• Keynote Speaker, Security of electronic voting, Computer Security 2004 Mexico, UNAM, Mexico City, (May 28, 2004).
• University of Maryland Baltimore County, Information Assurance Week Seminar, Security Issues in Electronic Voting, Baltimore, MD, (April 26, 2004).
• Applied Physics Lab, Colloqium, Security Issues in Electronic Voting, Columbia, MD, (March 19, 2004).
• Keynote Speaker, Electronic Voting: A Case Study of How Closed Systems Fail, Secure Trusted Operating System Consortium 5th Annual Symposium, "Security: From Theory to Practice", Washington, D.C. (December 3, 2003).
• National Science Foundation, WATSH seminar, Analysis of An Electronic Voting Machine, Fairfax, VA (August 12, 2003).
• Johns Hopkins University, Information Security Institute Seminar, How to Think about Internet Security, Baltimore, MD, (March 25, 2003).
• Invited Expert , China's Cyber-Wall: Can technology break through?, Testimony on Censorship Technologies, Congressional-Executive Commission on China, Washington D.C., (November 4, 2002).
• Invited Speaker, It's a Jungle Out There: Viruses, Worms, and DDOS, Oh My!, NCSU E-Commerce Program, Raleigh, NC, (October 23, 2002).
• Invited Speaker, A How-To Guide to Implementing Wireless LAN Security Solutions, The Practitioners' Forum on Mobile & Wireless Security, Washington, D.C., (April 30, 2002).
• Invited Speaker, Security Considerations for E-voting, Large Installation System Administration (LISA) (December 5, 2001).
• Invited Speaker, 9th CACR Information Security Workshop, Security on the Internet and in Wireless Networks, Ottawa, Canada, (November 29, 2001).
• 3rd Annual AT&T IP Security Conference, Wireless LAN Security, (November 2, 2001).
• Distinguished Lecture, Publius, A robust, tamper-evident and censorship-resistant web publishing system, University of Pennsylvania Distinguished Lecture series, (October 23, 2001).
• AT&T 802.11 County Fair, WLAN Security or Insecurity: Is it Safe to go into the Ether? (October 10, 2001).
• Invited Speaker, Security Considerations for E-voting, USENIX 2001 General Conference (June 29, 2001).
• Colloquium talk, Publius, A robust, tamper-evident and censorship-resistant web publishing system, Princeton University (December 13, 2000).
• Invited Speaker, Advanced Internet Technology Seminar, Practical Security Issues on the Net, Florida Atlantic University (August 29, 2000).
• Seminar Series Talk, Security on the web: "Is there Really a Threat?" Telcordia Technologies (July 21, 2000).
• Invited Speaker, Computer System Security: Is there Really a Threat? USENIX 2000 General Conference (June 21, 2000).
• Zero Knowledge Systems, Publius, A robust, tamper-evident and censorship-resistant web publishing system (May 25, 2000).
• MIT Laboratory for Computer Science, Secure Remote Access to Internal Web Servers (March 29, 2000).
• John Jay College, Security on the Web (March 23, 2000).
• Keynote speaker, Security Problems on the Web, AT&T EUA Customer Conference (March 6, 2000).
• Panasonic Research Labs, Remote Access to Internal Web Servers (March 2, 2000).
• Invited Speaker, Managing Web Server Security, Securities Industry Automation Corporation (SIAC) (December 2, 1999).
• Invited Speaker, User Security on the Web, Securities Industry Automation Corporation (SIAC) (December 2, 1999).
• Telcordia Technologies, Security and Privacy on the Web (April 16, 1999).
• Invited Speaker, 1st CACR Information Security Workshop Security and Privacy on the World Wide Web, Waterloo, Ontario (November 24, 1998).
• Invited Speaker, University of Michigan Security and Privacy on the World Wide Web, Ann Arbor, MI (October 26, 1998).
• Invited Speaker, AT&T Web Implementors Symposium, Security and Privacy on the World Wide Web, Florham Park, NJ (July 31, 1998).
• Open Systems Security and ISSA Annual Conference, Mobile Code Security, Orlando, FL (March 23, 1998).
• Open Systems Security and ISSA Annual Conference, Privacy on the Web, Orlando, FL (March 23, 1998).
• Invited Speaker, Congregation Agudath Israel, Internet Security (February 10, 1998).
• RSA Data Security Conference, Crowds: Anonymous Web Transactions, San Fancisco, CA (January 14, 1998).
• Invited Speaker, AT&T Technology Forum, World Wide Web Security, (December 9, 1997).
• Trusted Information Systems, Crowds: Anonymous Web Transactions, (November 14, 1997).
• Dimacs Workshop on Cryptography and Network Security, Crowds: Anonymous Web Transactions, New Brunswick, NJ (August 13, 1997).
• Dimacs Workshop on Cryptography and Network Security, How Math Will Protect You on the Information Super-highway, New Brunswick, NJ (August 13, 1997).
• Invited Speaker, 4th Workshop on Selected Areas in Cryptography, Crowds: Anonymous Web Transactions, Ottawa, Canada (August 11, 1997).
• University of Minnesota, Computer Science Seminar Anonymous Web Transactions, Minneapolis, MN (July 28, 1997).
• Keynote Speaker, AT&T Security Workshop, Security on the Internet, Rome, Italy (June 24, 1997).
• Dimacs Workshop on Network Threats, Blocking Java Applets at the Firewall, New Brunswick, NJ (December 5, 1996).
• University of California at Berkeley, Computer Science Seminar, Key Distribution Using Smart Cards, Berkeley, CA (November 25, 1996).
• Invited Speaker, Carnegie Mellon University, Traveling Salesmen Seminar Series, Key Distribution Using Smart Cards, Pittsburgh, PA (November 11, 1996).
• Invited Speaker, Open Systems Forum, Research Trends in Computer Security, Orlando, FL (March 5, 1996).
• Bellcore Applied Research Counsel, Security vs. Functionality in Java: Why You Can’t Have Your Coffee and Drink it Too, Morristown, NJ (January 30, 1996).
• Bell South, Secure Remote File Retrieval, Birmingham, Alabama (November 10, 1995).
• IBM Research Labs, Independent One-Time Passwords & Betsi, Hawthorne, New York (June 2, 1995).
• New York University, Computer Science Colloquium, Secure Cryptographic Key Distribution Over Insecure Networks,” (May 16, 1995).
• Invited Speaker, Michigan Mathematics Competition Program, How Math will Protect You on the Information Super-Highway, Allendale, Michigan (March 4, 1995).
• Bellcore, Lab Seminar, Bellcore’s Trusted Software Integrity System (January 26, 1995).
• Trusted Information Systems, Trusted Distribution of Software in a Hostile Environment (October 31, 1994).
• University of Michigan, 5th Annual Industrial Partners of Computer Science and Engineering (IPoCSE) Review, A Formal Method for Specifying and Analyzing Nonmonotonic Cryptographic Protocols (March 18, 1994).
• Naval Research Labs, Washington D.C., Formal Analysis Techniques and Their Application to a New Kerberos Service (November 2, 1993).
• University of Michigan, 4th Annual IPoCSE Review, Long-Running Jobs in a Secure Environment (April 1, 1993).
• University of Michigan, Intelligent Vehicle-Highway Systems Seminar, Distributed System Security (December 8, 1992).
• University of Michigan, Center for Information Technology Integration Brown Bag, Authentication in Distributed Systems (October 30, 1992).
• University of Michigan, Software Seminar, A System Architecture for IVHS (December 3, 1990).