Fabian Monrose


place: St.Lucia

Ph.D. in Computer Science from NYU

Assistant Professor in Computer Science here at Johns Hopkins

My research interests include computer and network security, with particular interest in biometrics and techniques for strong user authentication. 

  Generating Cryptographic keys from voice 

Extending our prior work on generating repeatable cryptographic keys from habitual patterns in a user's typing rhythm, we are currently exploring ways of achieving similar goals using features in a user's voice. Our main focus here is in reliably generating strong cryptographic keys for use in 3G phones, PDAs, and the like. We've developed some techniques for doing so and have been implementing them on devices for a while now. Thus far we have shown how to reliably generate 46 bits from less than 3 seconds of speech. Getting this right has been much more challenging that we first thought.

* Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Susanne Wetzel. Using Voice to Generate Cryptographic Keys. In 2001: A Speaker Odyssey. The Speech Recognition Workshop, Crete, Greece, June, 2001. (PDF). 
* Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Susanne Wetzel. Cryptographic Key Generation From Voice. In Proceedings of the IEEE Conference on Security and Privacy, Oakland, CA. May, 2001. (PDF)
* Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Daniel Lopresti, Chilin Shih. Towards Voice Generated Cryptographic Keys on Resource Constrained Devices. In Proceedings of  the 11th USENIX Security Symposium, August, 2002.(PDF)



We designed an infrastructure to support global customization of Web content. Our architecture allows merchants (like cheapfares.com) to customize content for a particular visitor based on activities undertaken at unrelated sites (say for example, Amazon.com). A key objective of this project is to protect both merchant and user privacy while not limiting collaboration. To this end, we developed novel data protection mechanisms for both merchants and users. More information is contained in:

* Bob Arlein, Ben Jai, Markus Jakobsson, Fabian Monrose, and Michael K. Reiter. Privacy Preserving Global Customization. In Proceedings of the ACM Conference on Electronic Commerce, 2000. (PDF)


    Graphical Passwords

We evaluated a new graphical password scheme that exploits features of graphical input devices such as PDAs to provide better security than textual-based alternatives. Graphical passwords serve the same purpose as textual passwords, with the added benefit that pictures (e.g., line drawings) may be used in conjunction with words. A primary motivation for using pictures as opposed to words stems from our (well, at least some people's) remarkable ability to recall pictures. This paper won both the best student and best overal paper awards at the 8th USENIX Security conference. 

* Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin.  The Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999. (PDF)


    Password Hardening using Keystroke Dynamics

This project dates way back (to when I was still a graduate student), and though I still get regular email inquires about it,  I am no longer continuing this work (as the voice project outlined earlier continues where this left off). In our work on keystroke dynamics, we examined a new approach to strengthening the security of user chosen passwords. Our techniques made use of habitual patterns in a user's typing rhythm (as she types her password) for generating strong cryptographic keys that could be used, for example, for file encryption, VPN access, etc. See:

* Fabian Monrose, Michael K. Reiter, and Suzanne Wetzel. Password Hardening based on Keystroke Dynamics. In the International Journal of Information Security (PDF), 2001. A preliminary version appears in the Proceedings of the 6th ACM Computer and Communications Security Conference, Singapore, November, 1999.
* Fabian Monrose and Aviel D. Rubin.  Authentication via Keystroke Dynamics. In Proceedings of the Fourth ACM Conference on Computer and Communication Security, Zurich, Switzerland, April, 1997..
* Fabian Monrose and Aviel D. Rubin.  Keystroke Dynamics as a Biometric for Authentication. Future Generation Computing Systems (FGCS) Journal: Security on the Web (special issue). March 2000.


    Mobile code security
At NDSS'99 we presented a practical solution for the problem of verifying the remote execution of mobile code in malicious environments. That work was based on Java stack inspection and probabilistic checking proofs. You can find more info below:

* Fabian Monrose, Peter Wyckoff and Aviel D. Rubin.  Distributed Execution with Remote Audit. In Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, San Diego, February, 1999. (PDF).


Computer Scientists of the African Diaspora

This website was created by and is maintained by
Dr. Scott Williams, Professor of Mathematics
State University of New York at Buffalo

visitors since opening 5/25/97

Contact Dr. Williams