Research Interests

I am primarily interested in all aspects of security in distributed systems. I have been working on applying cryptographic techniques in building secure protocols to solve various problems in distributed systems. I am not a cryptographer, but I would like to be one when I grow up. I have found that a common theme in my recent work is "balance." It manifests in various ways in the design of multi-party protocols:

exchange protocols that ensure fairness to all players, or
protocols that provide the same level of security to all players regardless of their resources, by demanding higher resources from "well-endowed" players than from "anemic" players, or
engineering "accountability" (or "verifiability") into protocols so that a powerful or devious player cannot take advantage of an honest player without detection.

I am also interested in electronic commerce, mobile computing, operating systems, social implications of technology, fairness in societies in general, and history. My expertise in these areas rapidly diminishes from left to right. Surprisingly, my interest and enthusiasm seems to increase in the same direction!

Recent research topics

Optimistic fair exchange

Exchanges are a basic building block of many commercial processes. Examples include exchanging payment for receipt, certified mail, exchanging signatures on a contract text. In a two-party exchange, each player sends an item and expects to receive the other player's item in return. Fair exchanges are exchanges where each honest player is guaranteed that if he does not get the item he expects, then the other player(s) do not get the item he sent either. Optimistic fair exchanges rely on the use of a third party. But the third party needs to be involved only if something goes wrong. In the common case where players behave correctly, the third party need not be involved. Our first paper described detailed protocols for optimistic fair exchange. Our second paper improved the protocol so that it works on asynchronous networks as well. A companion paper employed the notion of verifiable encryption to build non-invasive fair exchange protocols (which do not dictate the format of the items exchanged) which guarantee a strong degree of fairness. Chapter 2 of my thesis is based on our first two papers. Chapter 3 of my thesis discusses the fair exchange of so called "generatable" items and how verifiable encryption can be used to make items generatable.

Electronic payment systems

A number of electronic payment systems have been proposed, implemented, and deployed in the 1990s. We carried out a survey of the state of the art in electronic payment systems. This survey turned out to be rather popular and was translated into Japanese. An updated version will appear in volume 50 of the "Advances in Computers" series.

The multitude of payment systems complicates the task of the application programmer. We developed a generic payment service framework within which an application can make use of any payment system (provided that the payment system has also been "adapted" into the framework).

Another important issue in electronic commerce is the techincal infrastructure to handle and resolve any disputes. This problem is rather complicated. We introduced and elaborated the problem in a paper presented at the 1998 Usenix e-commerce workshop. This remains an open problem.

Server-supported signatures

[tbd]

Pot-pourri

[tbd]

List of publications

Disclaimer

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Key Agreement in Ad-hoc Networks (with Philip Ginzboorg)

(To appear) in Computer Communication Review, 2000.
A preliminary version will be presented at the Nordsec '99 workshop in Nov. 1999. But there will be no formal proceedings.

Authenticating Public Terminals (with Michael Steiner, Hervé Debar, and Michael Waidner)

Computer Networks and ISDN Systems, 31(8):861-870, May 1999.

Towards a Framework for Handling Disputes in Payment Systems (with Michael Steiner and Els van Herreweghen)

IBM Research Report RZ 2996, Mar. 1998.
A shorter version appeared in the Proceedings of the Third USENIX Workshop on Electronic Commerce, pp. 187-202, Boston, Mass., September 1998.

Protecting the Computation Results of Free-roaming Agents (with Ceki Gülcü and Günter Karjoth)

Proceedings of the Second International Workshop on Mobile Agents (MA '98), LNCS 1477, pp. 195-207, Sep. 1998.
Personal Technologies, 2(2):92-99, Dec. 1998. (abstract)

Fairness in Electronic Commerce

Doctoral dissertation, University of Waterloo.
IBM Research Report RZ 3027, May 1998.

More on Optimistic Fair Exchange (with Victor Shoup and Michael Waidner)

A detailed report, Optimistic Fair Exchange of Digital Signatures, describing the use of verifiable encryption in fair exchange protocols is available as IBM Research Report RZ 2973, Nov. 1997. An extended abstract with the same title appears in the proceedings of Eurocrypt '98. LNCS 1403, pp. 591-606.
A detailed report, Asynchronous Protocols for Optimistic Fair Exchange, describing an improved fair exchange protocol is available as IBM Research Report RZ 2976, Nov. 1997. An extended abstract with the same title appears in the Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 86-99.
The journal version is scheduled to appear in the IEEE Journal on Selected Areas in Communications, 18(4):593-610, Apr. 2000.

Design of a Generic Payment Service (with Jose Abad-Peiro, Michael Steiner, and Michael Waidner)

IBM Research Report RZ 2891, Dec. 1996.
IBM Systems Journal, 37(1), pp 72-88, Jan. 1998.

Electronic Payment Systems (with Phil Janson, Michael Steiner, and Michael Waidner)

IBM Research Report RZ 2890, Dec. 1996.
An edited version appeared in the IEEE Computer Magazine, Sep. 1997, 30(9):28-35.
A Japanese translation appeared in Nikkei Computer, pp. 195-201, issue of March 30, 1998.
An updated version will appear as a chapter in volume 53 of the series Advances in Computers to be published in Mar., 2000. (this is the final version submitted for publication.

Optimistic Protocols for Fair Exchange (with Matthias Schunter and Michael Waidner)

IBM Research Report RZ 2858, Sep. 1996.
A shorter version in the Proceedings of the 4th ACM Conference on Computer and Communications Security, Zürich, pp 6-17, Apr. 1997.
We have now extended the basic two-party protocol to the multi-party case. It is available as IBM Research Report RZ 2892, Dec. 1996.

Server-Supported Signatures (with Gene Tsudik and Michael Waidner)

Proceedings of the Fourth European Symposium on Research in Computer Security (ESORICS), LNCS 1146, pp. 131-143. Springer-Verlag, Sep. 1996.
A slightly extended version appeared in the Journal of Computer Security, 5(1), pp 91-108, 1997.

Untraceability in Mobile Networks (with Didier Samfat and Refik Molva)

Proceedings of the ACM International Conference on Mobile Computing and Networking, Berkeley, Nov. 1995.
An improved version is also available.

Security Issues in Mobile Computing

CS 690B - Research Proposal, April 1995.

Anonymity in a Mobile Computing Environment

Proceedings of the Workshop on Mobile Computing Systems and Applications, Santa Cruz, Dec. 1994.

Some of the above are in the security-bib database.

In a previous life...

Parallel Algorithms for Constructing the Convex Hull in 2-Dimensions.

Term Paper for the Computational Geometry course, Summer 1990 (for Prof. Anna Lubiw).

A Neural Network Simulator for the Connection Machine. (with Ravi Shankar et al)

Term Paper for the Research Topics in Parallel Computing course, Fall 1989 (for Profs. Sanjay Ranka, C. Mohan and Kishan Mehrotra).
Syracuse University Technical Report SU-CIS-90-10.
Proceedings of the Fifth International Symposium on Intelligent Control, 1990.

A Parallel Free-text Search System with Indexing. (with Ophir Frieder and Sanjay Ranka)

Syracuse University Technical Report SU-CIS-90-1.
PARBASE Proceedings, 1990.

A Parallel Implementation of the Hough Transform Method. (with Ravi Shankar)

Term Paper for the Parallel Programming course, Fall 1988 (for Prof. E. E. Sibert).
Proceedings of the 32nd Midwest Symposium on Circuits and Systems, Urbana-Champaign, August 1989.