Research Summary

I am known for my security work, but I have a wide range of interests.

Of course, speaking and teaching continue to be a strong interest of mine, though I have recently been forced to reduce my public appearances by my company. For several years I have presented "Rethinking Passwords", a popular discussion of the problems with modern password rules and security systems, and some suggestions to improve things. The press has shown interest, and a couple of research projects have been started based on some ideas presented in this talk. There are invitations pending for speaking internationally.

I've always kept my mind open to the commercial opportunities behind research projects. This has been helped by exposure to a wide variety of business ideas while interacting the VCs during my Lumeta years.

I thrive in a rich, collaborative environment, like Bell Labs or Shannon Lab. Working at home is fine for the 99% perspiration part, but most of my best ideas come from interactions and consultations with colleagues from a variety of fields.

I tend to come up with a lot of new ideas, often outside the box. It helps to sit and listen to people talking about their problems, or even reading the first few lines of a paper's abstract. In the past few years at AT&T I've generated roughly four to six ideas suitable for business consideration or a patent application. Some of these include a new way to see a movie; slow movies, suitable for computer desktops and large idle wall displays; a way for an author to sign an ebook in person; and and some thoughts on making strong passwords easier and more fun to use.

For some ideas, I generate prototype code or examples. The iPhone and iPad are brilliant hardware devices, and good platforms for trying some of my ideas. So I have spent the past two years coming up to speed on IOS programming. (I have no objections to similarly learning Android programming, especially if the 'go' language is suitable. But I suspect that Apple products will show a better security record over time.)

As a training project I created iTeX, an iPad app for reading documents generated with TeX and LaTeX. It's free in the app store, and provides an interesting experimental browser for reading Project Gutenberg and arXiv documents. This project required a combination of IOS programming, system administration and construction of a reasonably secure web service, and TeX expertise. I love it when I can bring several disparate areas together into a project.

Lumeta's code was about a 50-50 split between scripts (sed/grep/awk/shell) and C. Most of the programs I write tend to be shell scripts, with a little python leaking in lately. I find the OO mechanisms of C++ and Java to be top-heavy, generally too much text festooning too little code, unless the coding problem is huge. Perl is almost uniformly ugly and I avoid it, despite a vast and useful group of libraries. I administer Linux and FreeBSD machines regularly, preferring the latter.

I do continue to keep up in security, attending some conferences and serving on a number of program committees. Aside from recent well-received talks, I am thinking and experimenting with alternatives to passwords, and the painless use of higher entropy authentication. The latter includes an experimental iPhone app to gather over 80 bits of user-supplied entropy to protect the device against brute force forensics by highly capable attackers.

At this point, I am open to suggestions, trying to figure out what to do for the next ten years, and where. I do enjoy some travel, though it is getting a little harder these days. I live in north central NJ and have family in the area, so I don't plan to move. Working at home is certainly not a problem, but I find that I miss the lunchtime conversations with colleagues.