Michael Steiner

525 East 72nd Street, New York, NY 10021-9606, USA
home: +1 (212) 249 13 23       office: +1 (914) 784-7529       fax: +1 (914) 784-6205
email: steiner@acm.org        www: http://vcard.acm.org/~steiner/

Areas of Interest

• Computer Security: network security, security engineering, multi-party security, cryptographic protocols, and formal security models.
• Distributed Systems: operating systems, middle-ware, group communication, nomadic computing.

Education

• Doktor der Ingenieurwissenschaften (Dr. Ing.) der Naturwissenschaftlich-Technischen Fakultät der Universität des Saarlandes, March, 2002.
  Title: ``Secure Group Key Agreement''.
  Advisors: Prof. Dr. B. Pfitzmann, Prof. Dr. G. Tsudik (University of California, Irvine).
  Grade: Summa cum laude / Mit Auszeichnung

• Diplom Informatik-Ingenieur, Eidgenössische Technische Hochschule (ETH) Zürich, November 1992.
  Title: ``TCP/IP on the Ceres: Design and Implementation of a Communication Stack''
  Advisor: Prof. Dr. Beverly Sanders.

  Matura Typus B. Gymnasium Laufental-Thierstein, Laufen, September 1986.

Employment History

• November 2002 - present
  Research Scientist, IBM T.J Watson Research Laboratory, Hawthorne, NY, USA. Member of the Secure Software and Services Department. Research in intrusion response, risk management, middle ware security and cryptographic protocols, most recently on deploying static analysis techniques and code rewriting to address isolation in portals. Instrumental in developing a Tivoli compliance and remediation management solution based on Network Admission Control as well as in the security design and implementation of a large software-as-a-service infrastructure for IGS (IBM Global Services).

• October 2001 - June 2002
  Head of the cryptography and security group (Lehrstuhlvertretung), Universität des Saarlandes, Saarbrücken. Group leader of the EU ITS project MAFTIA working on the formal modeling of dependable cryptographic systems. Teaching course on cryptographic protocols.

• April 1999 - September 2001
  Research Scientist, Universität des Saarlandes, Saarbrücken. Member of the cryptography and security group. Research in formal models and proofs for secure group key agreements, protocols for password-based authentication and number-theoretic cryptographic assumptions.

• January 1993 - December 2001
  Research Scientist, IBM Research Laboratory, Rüschlikon, Switzerland. Member of the security group. Participation in the EU RACE project SAMSON and in several projects in the area of secure electronic commerce: Design of the iKP payment protocol family, micro-payment extensions, and the core of the MasterCard/Visa SET Secure Electronic Transactions ProtocolTechnical co-leader of the EU ACTS project SEMPER working on the architecture of a secure e-commerce platform and the design of a generic and modular payment framework.

• January 1990 - December 1992
  System administrator, ETH Zürich, Switzerland. Management of network of MacIntosh Computers running MacOS and A/UX. (Part time work).

• June 1990 - October 1990
  Software Engineer, S.A. GEOLINK, Paris, France. Work within a EU RACE project on data retrieval / compression for a distributed database.

• March 1989 - December 1989
  Hard- and software consultant, METTLER Instrumente AG, Greifensee, Switzerland (part time work).

Publications

1. Mitigating Dictionary Attacks on Password-Protected Local Storage (with Ran Canetti and Shai Halevi)
   • Conference Version: In Proceedings of Advances in Cryptology - Crypto '06, Santa Barbara, August 2006.

2. A Privacy-Protecting Coupon System (with Liqun Chen and Matthias Enzmann and Ahmad-Reza Sadeghi and Markus Schneider)
   • Conference Version: In Proceedings of the Sixth Conference on Financial Cryptography, Roseau, The Commonwealth Of Dominica, February 2005

3. Hardness Amplification of Weakly Verifiable Puzzles (with Ran Canetti and Shai Halevi)
   • Conference Version: In Proceedings of second Theory of Cryptography Conference, Cambridge, MA, February 2005

4. Autonomic Enterprise Security through Orchestration (with Naga Ayachitula, Suresh Chari, Josyula R. Rao and Maheswaran Surendra)
   • Conference Version: In Proceedings of 4th Annual Conference on Emerging Information Technology, Princeton, October 2004.

5. Polynomial Fairness and Liveness (with Michael Backes, Birgit Pfitzmann and Michael Waidner)
   • Journal Version: Journal of Computer Security, 12(3/4):589-618, 2004.
   • Conference Version: In Proceedings of the 15th IEEE Computer Security Foundations Workshop, pages 160-174, June 2002.

6. Secure Group Key Agreement
   • PhD Thesis: Saarland University, March 2002.

7. A Formal Model for Multi-party Group Key Agreement (with Birgit Pfitzmann and Michael Waidner)
   • Deliverable Chapter: Deliverable D22 of IST Project MAFTIA, January 2003.
   • Technical Report: Research Report RZ 3383 IBM Research, April 2002.

8. Three-party Encrypted Key Exchange Without Server Public-keys (with Chun-Li Lin, Hung-Min Sun, and Tzonelih Hwan)
   • Journal Version: IEEE Communications Letters, 5(12:497-499, December 2001.

9. Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference (with Ahmad-Reza Sadeghi)
   • Conference Version: In Proceedings of Advances in Cryptology - EuroCrypt '01, pages 129-142, Innsbruck, May 2001.
   • Technical Report: Cryptology ePrint Archive Report 2002/126, 26 Aug 2002. (Revised and extended version of above)

10. SEMPER - Secure Electronic Marketplace for Europe (with Gérard Lacoste, Birgit Pfitzmann and Michael Waidner)
    • Book (Editor): Lecture Notes in Computer Science, Volume 1854, Springer-Verlag, August, 2000. ISBN 3-540-67825-5.
    • Deliverable (Editor): Deliverable D13 of ACTS Project AC026, final report, September 1999.
    (Additionally, author of Part 1 The Vision of SEMPER (with Birgit Baum-Waidner, Gérard Lacoste, Birgit Pfitzmann, Michael Waidner and Arnd Weber), Chapter Architecture (with N. Asokan, Birgit Baum-Waidner, Torben P. Pedersen, Birgit Pfitzmann, Matthias Schunter, and Michael Waidner) and Chapter The Payment Framework (with N. Asokan).)

11. Key Agreement in Dynamic Peer Groups (with Gene Tsudik and Michael Waidner)
    • Journal Version: IEEE Transactions on Parallel and Distributed Systems, 11(8):769-780, August 2000.
    (Based on the papers ``CLIQUES: A New Approach to Group Key Agreement'' (ICDCS'98) and ``Diffie-Hellman Key Distribution Extended to Groups'' (ACM CCS 96), see below for more details)

12. Secure Password-Based Cipher Suite for TLS (with Peter Buhler, Thomas Eirich and Michael Waidner)
    • Journal Version: ACM Transactions on Information and System Security (TISSEC), 4(2):134-157, 2001.
    • Conference Version: In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '2000), pages 129-142, San Diego, February 2000. (Best Paper Award)

13. Design, Implementation and Deployment of a Secure Account-Based Electronic Payment System (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik, Els Van Herreweghen and Michael Waidner)
    • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):611-627, April 2000.
    • Technical Report: Research Report RZ 3137 IBM Research, Jun 1999.
    (Major revision and extension of ``iKP - A Family of Secure Electronic Payment Protocols'' (USENIX E-Commerce 96), see below for more details)

14. New Multi-party Authentication Services and Key Agreement Protocols (with Giuseppe Ateniese and Gene Tsudik)
    • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):628-639, April 2000.
    • Technical Report: Research Report RZ 3115 (# 93161) IBM Research, March 1999.
    (Based on the paper ``Authenticated Group Key Agreement and Related Protocols'' which appeared in the proceedings of the 5th ACM CCS, see below for more details)

15. Authenticating Public Terminals (with N. Asokan, Hervé Debar and Michael Waidner)
    • Journal Version: Computer Networks, 31(8):861-870, May 1999.

16. SEMPER: A Security Framework for the Global Electronic Marketplace (with Gerard Lacoste)
    • Magazine Article: comtec - the magazine for telecommunications technology, 77(9):56-63, September 1999.

17. SEMPER: Architecture, Services and Protocols
    • Deliverable (Editor): Deliverable D10 of ACTS Project AC026, public specifications, January 1999.

18. Authenticated Group Key Agreement and Friends (with Giuseppe Ateniese and Gene Tsudik)
    • Conference Version: In Proceedings of the Fifth ACM Conference on Computer and Communication Security, pages 17-26, San Franscisco, November 1998.
    • Technical Report: Research Report RZ 3063 (#93109) IBM Research, October 1998.

19. Towards a Framework for Handling Disputes in Payment Systems (with N. Asokan and Els Van Herreweghen)
    • Conference Version: In Proceedings of the Third Usenix Workshop on Electronic Commerce, pages 187-202, Boston Mass., September 1998.
    • Technical Report: Research Report RZ 2996 (#93042) IBM Research, March 1998.

20. CLIQUES: A New Approach to Group Key Agreement (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the 18th International Conference on Distributed Computing Systems (ICDCS'98), Amsterdam, May 1998.
    • Technical Report: Research Report RZ 2984 (#93030) IBM Research, December 1997.

21. Designing a Generic Payment Service (with Jose L. Abad-Peiro, N. Asokan, and Michael Waidner)
    • Journal Version: IBM Systems Journal, 37(1):72-88, January 1998.
    • Technical Report: Research Report RZ 2891 (# 90839), IBM Research, December 1996.

22. State of the Art in Electronic Payment Systems (with N. Asokan, Phil Janson, and Michael Waidner)
    • Book Chapter: Advances in Computers, Vol. 53, pages 425-449, Academic Press, March 2000.
    • Magazine Article: IEEE Computer, 30(9):28-35, September 1997.
    • Translation: (in Japanese) Nikkei Computer, pages 195-201, issue of March 30, 1998.
    • Conference Version: Public-Key Solutions 96, Zürich, September 1996. (Title ``Electronic Payment Systems'')
    • Technical Report: Research Report RZ 2890 (# 90838), IBM Research, December 1996. (Title ``Electronic Payment Systems'')

23. Micro-Payments based on iKP (with Ralf Hauser and Michael Waidner)
    • Conference Version: 14th Worldwide Congress on Computer and Communications Security Protection (SecuriCom'96), Paris, June 1996.
    • Technical Report: Research Report RZ 2791 (# 89269), IBM Research, February 1996.

24. Diffie-Hellman Key Distribution Extended to Groups (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the Third ACM Conference on Computer and Communications Security (CCS), New Delhi, March 1996.

25. Refinement and Extension of Encrypted Key Exchange (with Gene Tsudik and Michael Waidner)
    • Unrefereed: Operating System Review, 29(3):22-30, July, 1995.

26. iKP - A Family of Secure Electronic Payment Protocols (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

27. Generic Extensions of WWW Browsers (with Ralf Hauser)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

28. Management von Sicherheitsdiensten in verteilten Systemen (with Ralf Hauser and Günter Karjoth)
    • Journal Version: Datenschutz und Datensicherheit DuD, 19(3):150-155, Verlag Friedrich Vieweg & Sohn, Wiesbaden, March, 1995.
    • Conference Version: Proceedings der Fachtagung SIS '94, pages 7-21, Zürich, March 1994.

29. TCP/IP on the Ceres: Design and Implementation of a Communication Stack
    • Master Thesis: Eidgenössische Technische Hochschule (ETH) Zürich, November 1992.

Many of above publications can be found in electronic form on the Internet.

Lectures and Talks

• Invited tutorial on secure electronic commerce and participation at panel at COMDEX Internet, Frankfurt, October 1997.
• Invited lecture on security in electronic commerce as part of the Postgraduate Course in Computer Science ``Distributed Systems'', École Polytechnique Fédérale de Lausanne (EPFL), May, 1999.
• Conference Talks (see section on publications for more details): EITC, Princeton, October, 2004; NDSS, San Diego, February 2000; SecuriCom, Paris, June 1996; 3rd ACM CCS, New Delhi, March 1996; SIS, Zurich, March 1994.
• Invited seminar talks: ``Secure Password-Based Cipher Suite for TLS'', Johns Hopkins University, June 2000; ``Secure password-based cipher suite for TLS: The importance of end-to-end security'', University of Helsinki, November 2000; ``Fairness in Electronic Commerce'', Technische Universität Darmstadt, July 1998; ``SEMPER'', ISACA Internet Seminar, Zurich, August 1997.
• Further presentations: ``Architecture of SEMPER'', 2nd Public SEMPER Workshop, Zurich, November 1998; ``Secure Electronic Marketplace for Europe'', ICX Workshop, London, February 1998; Various presentations at IBM-wide Technical Symposia in 1995, 1996 & 1997.

Teaching

• Course on advanced cryptographic protocols, Winter 2001/2002.
• Seminar Internet security, Winter 2001/2002 (with A. Feldman, S. Steinbrecher & R. Sommer).
• Seminar cryptographic protocols, Sommer 2000 (with M. Schunter & T. Beiler).
• One semester introductory course in programming for secondary school teachers, 1985.

Service

• Program Committee Member:
  • 7th ACM Conference on Computer and Communication Security, Nov. 2000, Athens;
  • 8th ACM Conference on Computer and Communication Security, Nov. 2001, Philadelphia;
  • 7th European Symposium on Research in Computer Science (ESORICS), Oct. 2002, Zurich.
  • 8th European Symposium on Research in Computer Science (ESORICS), Oct. 2003, Gjovik.
  • 9th European Symposium on Research in Computer Science (ESORICS), Oct. 2004, Nice.
  • Symposium on Research in Security and Privacy, May 2004, Oakland.
  • ACM Symposium on Information, Computer and Communications Security (AsiaCCS), March 2006, Taipei, Taiwan.
  (Invitation to join the PC of the 9th ACM Conference on Computer and Communication Security, 2002 declined for time reasons).
• Reviewer: ACM Transactions on Information and System Security, IEEE Transactions on Computers, IEEE Personal Communications, IEEE Internet Computing, Computer Communication Review, Computer Networks and ISDN Systems, Information Processing Letters, IBM Journal of Research and Development, IBM System Journal, Springer Journal of Digital Libraries, Acta Cybernetica, ETRI Journal, Eurocrypt, NDSS.
• Invited to evaluate project proposals for the EU IST Priority Call 1, the Research Council of Norway and the ETH, Zurich.
• Invited participant in workshop ``Trust & Confidence in electronic commerce''. Preparation of the strategic content for the 5th Framework of european RTD projects, March 1998.
• Member of the personal commission in the IBM Research Laboratory from 1997 - 1999

Miscellaneous

• Awards
  • IBM Outstanding Technical Achievement Awards, August 1996 and December 2005.
  • IBM Research Division Awards, December 1995 and December 1998.
  • IBM Invention Achievement Awards, November, 1999 (First Plateau) and June, 2005 (Second Plateau).
  • ISOC Best Paper Award, NDSS'2000, February, 2000.
  • IBM Personal Systems Institute Award for Prize Winning Design in the Advanced PC Device Contest, October, 2000.

• Grants: Graduiertenkolleg ``Effizienz und Komplexität von Algorithmen und Rechenanlagen'', Deutsche Forschungsgesellschaft, April 1999 - September 2000.

• Patents: Eight patents granted and several patent applications under evaluation.

  Member: ACM (SIGSAC & SIGOPS), IEEE Computer Society.

Personal

• Citizenship: Switzerland.
• DOB: March 8, 1967. Languages: german(mother tongue), english(fluent), french(good). Hobbies: cycling, soaring and skiing. Likes contemporary literature, music and playing violoncello.

References

• Available on on request