I can't often talk about the research I do at Lincoln Laboratory, but sometimes the curtain parts for a brief instant and allows a quick peek:
And while I'm at it, let me reiterate the fact that we're looking for more great people to come help solve important cryptographic problems:
- Automated Security Analysis Researcher (crypto and formal methods!)
- Applied Cryptographer (help bring homomorphic encryption to actual use)
- Malicious Code Analysis Researcher (what is this malware doing?)
That's just a sample. Many, many more positions here. (Hint: search for jobs associated with Groups 06-61, 06-68 and 06-69.)
Seeing as this is ostensibly a crypto blog, I'd like to comment on a paper from earlier this year: It's no secret-- Measuring the security and reliability of authentication via 'secret' questions, by Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman. This paper looks at the security of 'security questions': those questions about yourself you have to answer to get back into an account when you've forgotten your password. And (shock! surprise!) they find that this sort of mechanism generally sucks from a security point of view-- perhaps even more than passwords do.
After a long period of inactivity, I am pleased to report signs of life for two of my papers-- and a tech report, besides.
It looks like I will be able to attend the 16th ACM Conference on Computer and Communications Security (also known simply as CCS 2009). Will any of my fellow cryptographers also be there? Or, if any my readers have been there before: this will be my first time. What should I expect?
One of the recent USENIX Security papers has been getting quite a bit of buzz: Vanish: Increasing Data Privacy with Self-Destructing Data. It's really a very clever paper, proposing a way to do something apparently impossible: ensuring that data (like email) 'disappears' after a certain period of time.