Most of my refereed publications center around my earlier work in cryptography. My later work on payment systems, and the innovations in more recent years, are generally found in either patent publications or product whitepapers and were generally not submitted for traditional academic publication. The list below does not include "trade press" publications, business conference speeches, panel discussions, etc.
Did I invent Zero Trust?
No, I did not, and let's leave that credit with the 2010 work of John Kindervag, then of Forrester Research. But here is indeed what happened: In the course of architecting the security for Verizon, it was very obvious to me that the notion of spreading our security dollars on one weak perimeter fence simply did not make sense. I thought in terms of how a village a few thousand years ago might have protected itself. Perhaps strong stockades around the grainary, the treasury, the chieftain's hut, and then a weak fence all around. So I invented the concept of "internal firewalls" (micro perimeters is such a nicer term...) to strongly protect high value assets. Of course identity is core to such "internal firewalls" and so the prototype firewall that was built was tightly integrated with the then latest greatest authentication/directory service, aka Kerberos v4. And a paper describing the BAfirewall (Verizon was then called Bell Atlantic; hence BA) prototype is below:
A Special Paper
In March 2001 the Association for Computing Machinery (ACM) published a special issue of its flagship journal Communications of the ACM (CACM), consisting of short essays celebrating the first 50 years of computing. The following was my contribution:
The cover designers listed the invited authors on the cover, resulting in what is likely to be the first and last time my name will appear sandwiched betweens the names of Edsger Dijkstra and John Glenn!
These papers, one in computer architecture and two in cryptanalysis, both used Markov model techniques to address very different problems.
The Password Papers
A primary goal of my work, has been to improve computer authentication. The first paper below (which won the Best Paper Award) uses techniques from Markov Models to create a very lightweight (and naturally multilingual) 'checker' to determine whether a user chosen password was 'good'. The next paper showed that some methods for generating pronounceable passwords for users, including a standard NIST had proposed, were easily attacked.
Yaksha: Fixing Public Key Cryptography
Public key cryptography, a breathtakingly brilliant and important idea, has in practice been plagued with some core fundamental problems. Some problems are intrinsic to the mathematics, for instance, secrets too large to be remembered. Others were caused by design considerations that ignored practical problems. I recognized these problems and developed the Yaksha system, which retained the value of PKI while making it more practical and more powerful.
The first paper describes the RSA variant developed and states and proves theorems on its security:
The next paper shows how the construct can be used to 'fix' the inherent vulnerabilities in the Kerberos protocol. It should be noted that in Greek mythology, Kerberos is the three headed dog that guards the gates to Hades (the world of the dead). Why a guard? Who exactly might try to break into the world of the dead (Hercules notwithstanding)? On the other hand it is likely that many try hard to break into heaven whether they deserve it or not. What if you wanted to guard the gates to heaven? Then you need something stronger than a Kerberos. You need a Yaksha, a demigod from ancient Indian mythology.
The same construct used above for authentication and digital signatures, can also be used for key exchange and key escrow, and the following paper describes those results:
A summary of these results, along with arguments motivating the economic need for reusable security infrastructures, can be found in:
In praise of librarians and other papers
I coined the term "messyware" to describe the often hidden assets of so-called "middlemen companies" seeking to make the transition from a pre-Internet business model to the new world. I used librarians as an example of a function that does not really go away, just morphs:
I have long been very interested in the trade-offs between civil liberties and the need for governments to eavesdrop on communication. In 1996 I was Guest Editor for a special issue of the Communications of the ACM with several papers on this topic. My guest editorial and the papers can be found at:
Working with Ravi Sandhu and Mihir Bellare, I advanced my earlier Yaksha work. Some of the results can be found in: