 |
|
Dr. Ari Juels
Dr. Ari Juels is Chief Scientist and Director of RSA Laboratories, where he works to bring sparks of invention and insight from RSA's scientists and affiliates to the company as a whole. He joined RSA in 1996.
Ari's dozens of research publications span a range of topics, including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection.
Ari has served as the program chair or co-chair for a number of conferences and workshops, including Financial Cryptography in 2004, the DIMACS Workshop on Electronic Voting in 2004, the Industry Track of the ACM Conference on Computer and Communications Security in 2005, the ACM Workshop on Wireless Security (WiSe) in 2006, the IEEE International Workshop on Pervasive Computing Security (PerSec) in 2006, and the Security, Privacy, and Ethics track of WWW2006. He has been a frequent invited speaker at industry events, such as USENIX Security 2004 and CHES 2006. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35.
Ari received his B.A. in Latin Literature and Mathematics from Amherst College in 1991 and his Ph.D. in Computer Science from U.C. Berkeley in 1996.
Last Thursday, a six-institution team of scientists (Kleinjung et al.) announced the successful factorization of RSA-768. RSA-768 is a 768-bit (232 decimal-digit) RSA public key created in 2001 by RSA Laboratories as a cryptanalytic challenge number. The fall of RSA-768 is a landmark result, but no surprise. It reflects a consistent pace of growth in computing power, and continuing scientific interest in the problem of factoring, not an algorithmic breakthrough.
Continue Reading
Tetraktys: A Cryptographic Thriller Novel
|
My cryptographic thriller novel Tetraktys is slated for official release in July. My publisher is launching it this week, however, in a pre-release event at the RSA Conference.
Continue Reading
The Latest from RSA Labs: The Keys to RFID Privacy
|
Data-security vendors sometimes get tall orders from customers. Not unheard of are: "I'd like a good digital signature system... with 20-bit keys" and "I want to use one-time pads for encryption... and I need to compress them." But one of the most challenging I've heard was recently offered up by colleagues in the RFID (Radio-Frequency IDentification) industry.
Continue Reading
Password Expiration: Like Margarine and Water?
|
We often swallow ideas that we needn't or shouldn't. Take the onetime urging of nutritionists to substitute margarine for butter in the cause of cardiovascular health. When this advice was first circulating, most margarines contained high quantities of trans fats, concoctions that have turned out to be so harmful - to the heart, among other things - that they are now banned in restaurants in NYC. Similar dogma applies to the advice to drink eight eight-ounce glasses of water a day for overall good health. Everyone knows the advice. But no one seems to know where the 8x8 rule comes from or if it is good or bad.
So what pieces of conventional wisdom in computer security are like margarine and the 8x8 water doctrine? I'd hold forth password expiration as a prime candidate.
Continue Reading
Is it safer to fly or drive? (and why you can't do one without the other)
|
Kevin Bowers is a Research Scientist at RSA Laboratories. Here are his views on the controversy surrounding REAL ID. What do you think?
I'm getting married this summer and my family will be traveling to the wedding. In order to make the trip, my parents recently renewed their passports. Not because I'm getting married at an exotic destination, but because they live in Montana and have to fly to the wedding. Like several other states, Montana has refused to comply with the requirements of the REAL ID Act of 2005. The Department of Homeland Security (DHS) had threatened to prevent residents from those states from using their state-issued driver's licenses as identification at airport security, effective May 11th. As it happens, the DHS recently granted all states an extension to the May 11th deadline, allowing them additional time to become REAL ID compliant.
Continue Reading
The U.S. Passport card or PASS (People Access Security Service) card, a new travel document, is slated for issue by the federal government in the spring of this year. A poor cousin to the standard passport, it's more compact and less expensive, but valid only at land and sea points of border entry into the United States, not for air travel. The PASS card emerged as part of the Western Hemisphere Travel Initiative (WHTI), which phases out drivers' licenses as border-crossing documents for the U.S.
I've heard two starkly contrasting opinions on the security of the PASS card...
Continue Reading
Fish, Subprime Mortgages, and Data Storage
|
In his Histories, Herodotus tells the story of Polykrates, overlord of the island of Samos. The king of Egypt counseled Polykrates to throw away some possession of great value, lest a surplus of good fortune bring him tragedy. Heeding this advice, Polykrates pitched his most prized possession, an emerald ring, into the sea. Several days later, a fisherman brought Polykrates a fish as tribute. When the fish was cut open, it was discovered to contain the fatal ring. (Polykrates was, of course, brutally murdered soon afterward.)
Herodotus's story (and book) was crafted as a parable about hubris. It is also a good parable about banking--and more generally about risk...
Continue Reading
"Phishing," as you probably know, is a form of online con game. Users are lured by e-mail messages to legitimate-seeming but criminal sites--typically falsified versions of their real banking sites--and encouraged to enter password information. Having harvested this information, the operators of the criminal sites use it to break into victims' accounts. (As the term suggests, most "phishing" e-mail goes wide of the mark, arriving as spam unconnected with the recipient's bank. A phishing expedition, though, can be profitable with only a few successes.)
The remedies offered by the security community are numerous. Most prevalent are various types of red flags...
Continue Reading
|
 |
RSA FraudAction Research Lab
Blog
|
 |
Eric Baize: Software Security Assurance Blog
Blog
|
 |
Sam Curry
Blog
|
 |
Todd Graham: Deconstructing Governance, Risk and Compliance
Blog
|
|
Dr. Ari Juels
Blog
|
 |
Shannon Kellogg
Blog
|
 |
Mischel Kwon
Blog
|
 |
Uri Rivner
Blog
|
 |
Paul Stamp: Token Security Guy
Blog
|
 |
Securing Virtualization Bloggers
|
Securing Virtualization Blog
|
|
