| Work experience |
| Home | About | Publications | Practical Cryptography |
Here are the most important places and things I've worked on. Any publications relating to my work can be found in my list of publications.
Since 2004 I've been working for Microsoft, currently in the Windows Security group. Previously, I was part of the team that developed the BitLocker drive encryption system in Windows Vista.
From 2001 to 2003 I was self-employed as an independent cryptography consultant. One interesting project was helping IEEE 802.11i to improve the security of wireless networks. I contributed to both WPA and WPA2 and both security protocols are currently widely used. I also wrote the book Practical Cryptography together with Bruce Schneier.
From 1998 to 2001 I worked for Counterpane as a cryptography consultant. The work has been very varied, and included the specification and design of cryptographic primitives, protocols, and systems, attacking existing or proposed systems, as well as the initial design of a cryptographic security infrastructure for a multinational. Projects have ranged from two-day reviews for tiny companies to in-depth work for multinationals and government organizations.
The main lesson from my work at Counterpane is that very few systems are secure. Nearly all the systems we evaluated showed serious security flaws. Without fail the best systems are designed by a small group of experts, and have undergone public review. If you are developing a system using cryptography, get experts involved early in the design phase and keep them in the loop throughout the project. If you have already designed a system, expect that it will be broken by an expert.
At Counterpane we also had time to do research and to publish. I uncovered several serious flaws in the November 1998 version of IPsec. We developed Yarrow, a cryptographically strong pseudo-random number generator. For the Advanced Encryption Standard (AES) competition we designed the block cipher Twofish. The Twofish team was very active in the cryptanalysis of the AES candidates. I spent some time analyzing Rijndael, the proposed AES cipher, with interesting results. (See the list of publications for details.)
From 1993 to 1998 I worked for DigiCash, where we had lots of fun creating cryptographically secured payment systems. As a cryptographer I was involved in the basic design of most systems. We made several generations of point-of-sale smart-card systems, smart-cards that could pay electronic tolls at high speed while protecting consumer privacy, and the eCash™ payment system for the Internet.
For smart cards we developed techniques to protect against timing attacks, a secure transactional database, secure remote scripting, and highly efficient public-key authentication without public-key computations. We also developed a cryptographically secured transactional database, a high-speed back-end payment processing system, and (medical) databases that allow aggregation of data without invading people's privacy. To achieve these goals we also had to develop many tools, including new programming languages, compilers and specialised optimisers for several platforms.
Most of these developments were proprietary, and except for the patents there are hardly any publications about them.
The DigiCash team performed outstanding technical feats, and was well ahead of its time. Unfortunately, so was the rest of the company: DigiCash was a dot-com before it became fashionable, and in the end the revenue side could not support it.
I had the joy of working at the CWI (National Research Institute for Mathematics and Computer Science in the Netherlands) for a year and a half in 1992-1993. I spent most of my time doing research into cryptographic protocols, and developed the first of the current generation of efficient off-line cryptographic payment protocols. The publications can be found in the list of publications.
In the early 80s I was active at a youth research lab in Eindhoven called DJO. Five of us were not satisfied with the available computer resources, and as there was no budget to buy a second computer we decided to build our own. The project got a bit out of hand. We developed a Z80 system with virtual memory, a multi-user version of CP/M with virtual disk-drives, our own LAN (including a few more computers) using our own adapters and protocols, and implemented a functional language (SASL) with a stackless garbage collector. Most software was written in assembler for speed. For an overview, see the Ordinator web site (partly in Dutch).
Apart from life-long friends this project gave me a thorough understanding of how a computer works, from line impedances and reflections through gates, CPU, assembler instructions, operating system, and compiler to the actual application. Now, 20 years later, it is amazing how much computer technology has changed; and yet there is nothing new, only more and faster.
| Home | About | Publications | Practical Cryptography |
Copyright © 2001-2008 by MacFergus BV, last update 2008-02-17.