Fabian Monrose
birth:
place: St.Lucia
.education.gif){kind=small}
Ph.D. in Computer
Science from NYU
Assistant Professor
in Computer Science here at Johns Hopkins
My research interests include computer and network security, with particular interest in biometrics and techniques for strong user authentication.
Generating Cryptographic keys from voice
Extending our prior work on generating repeatable cryptographic keys from habitual patterns in a user's typing rhythm, we are currently exploring ways of achieving similar goals using features in a user's voice. Our main focus here is in reliably generating strong cryptographic keys for use in 3G phones, PDAs, and the like. We've developed some techniques for doing so and have been implementing them on devices for a while now. Thus far we have shown how to reliably generate 46 bits from less than 3 seconds of speech. Getting this right has been much more challenging that we first thought.
* Fabian Monrose, Michael K. Reiter, Q. (Peter)
Li , Susanne Wetzel. Using Voice to Generate Cryptographic
Keys. In 2001: A Speaker Odyssey. The Speech Recognition Workshop,
Crete, Greece, June, 2001. (PDF).
* Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Susanne Wetzel.
Cryptographic Key Generation From Voice. In Proceedings
of the IEEE Conference on Security and Privacy, Oakland, CA. May,
2001. (PDF)
* Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Daniel Lopresti,
Chilin Shih. Towards Voice Generated Cryptographic Keys on
Resource Constrained Devices. In Proceedings of the
11th USENIX Security Symposium, August, 2002.(PDF)
Privacy
We designed an infrastructure to support global customization of Web content. Our architecture allows merchants (like cheapfares.com) to customize content for a particular visitor based on activities undertaken at unrelated sites (say for example, Amazon.com). A key objective of this project is to protect both merchant and user privacy while not limiting collaboration. To this end, we developed novel data protection mechanisms for both merchants and users. More information is contained in:
* Bob Arlein, Ben Jai, Markus Jakobsson, Fabian Monrose, and Michael K. Reiter. Privacy Preserving Global Customization. In Proceedings of the ACM Conference on Electronic Commerce, 2000. (PDF)
Graphical Passwords
We evaluated a new graphical password scheme that exploits features of graphical input devices such as PDAs to provide better security than textual-based alternatives. Graphical passwords serve the same purpose as textual passwords, with the added benefit that pictures (e.g., line drawings) may be used in conjunction with words. A primary motivation for using pictures as opposed to words stems from our (well, at least some people's) remarkable ability to recall pictures. This paper won both the best student and best overal paper awards at the 8th USENIX Security conference.
* Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. The Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999. (PDF)
Password Hardening using Keystroke Dynamics
This project dates way back (to when I was still a graduate student), and though I still get regular email inquires about it, I am no longer continuing this work (as the voice project outlined earlier continues where this left off). In our work on keystroke dynamics, we examined a new approach to strengthening the security of user chosen passwords. Our techniques made use of habitual patterns in a user's typing rhythm (as she types her password) for generating strong cryptographic keys that could be used, for example, for file encryption, VPN access, etc. See:
* Fabian Monrose, Michael K. Reiter, and Suzanne
Wetzel. Password Hardening based on Keystroke Dynamics.
In the International Journal of Information Security (PDF), 2001.
A preliminary version appears in the Proceedings of the 6th ACM
Computer and Communications Security Conference, Singapore, November,
1999.
* Fabian Monrose and Aviel D. Rubin. Authentication via
Keystroke Dynamics. In Proceedings of the Fourth ACM Conference
on Computer and Communication Security, Zurich, Switzerland, April,
1997..
* Fabian Monrose and Aviel D. Rubin. Keystroke Dynamics
as a Biometric for Authentication. Future Generation Computing
Systems (FGCS) Journal: Security on the Web (special issue). March
2000.
Mobile code security
At NDSS'99 we presented a practical solution for the problem of
verifying the remote execution of mobile code in malicious environments.
That work was based on Java stack inspection and probabilistic
checking proofs. You can find more info below:
* Fabian Monrose, Peter Wyckoff and Aviel D. Rubin. Distributed Execution with Remote Audit. In Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, San Diego, February, 1999. (PDF).
| This website was created by and is maintained
by Dr. Scott Williams, Professor of Mathematics State University of New York at Buffalo |
|
|
|
|
