The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts.
Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.
After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.
- An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
- Shows you how to build cryptography into products from the start
- Examines updates and changes to cryptography
- Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more
Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
I structure my research around four broad themes, which I briefly summarize below. A complete list of my publications is available here.
Emerging Technologies, Security, and Privacy. I am deeply drawn to overcoming the computer security and privacy challenges associated with emerging, embedded, pervasive technologies and applications. I try to stay one step ahead of the "bad guys" by identifying emerging technologies that might have significant security and privacy risks and then developing solutions for mitigating those risks before real threats manifest. I have focused on a number of different technologies over the years, including electronic voting machines [ref, ref, ref, ref, ref], RFIDs [ref, ref, ref], wireless robots and toys [ref], and other personal ubicomp devices [ref]. Today, most of my active research is focused on augmented reality [ref, ref, ref, ref, ref, ref, ref, ref, ref, ref], and IoT [ref, ref]. In the past I have also worked on computer security and privacy for wireless medical devices [ref, ref, ref, ref, ref, ref, ref, ref, ref], automobiles [ref, ref, ref], privacy and home powerline measurements [ref], privacy controls for sensed data [ref, ref], security for conventional devices in networked homes (light bulbs) [ref], security for telerobotics [ref, ref], cell-site simulators [ref], tech-policy issues with crypto currencies like Bitcoin [ref], understanding QR code usage and risks in the wild [ref], attacking machine learning models [ref], and security for computational biology systems [ref]. I am also interested in security for ICTD [ref].
The Cloud, The Network, Security, and Privacy. I am committed to helping protect the security and privacy of our information as we become increasingly reliant on networks and the cloud. There are three key inter-related strands to this work. First, I identify and assess new weaknesses within the Internet, e.g., our work on remotely fingerprinting physical machines based on their clock skews [ref], and our exploration of mechanisms for leveraging the online advertising ecosystem for low-cost intelligence gathering [ref]. Second, I measure properties of the Internet at a large scale, e.g., our measurement study of ISP modifications to Web traffic between Web servers and users [ref], our study of the practices with which recording studios send DMCA takedown notices [ref], our study of Internet censorship [ref], our studies of the Web tracking ecosystem (both past [ref] and present [ref]), and our study of the susceptibility of web archives to remote manipulation [ref]. Third, I design and build new systems with strong security and privacy properties, e.g., our design and analysis of new anonymous wireless networks [ref], wired networks that offer both user anonymity and forensic capabilities [ref, ref], privacy-respecting systems for tracking lost or stolen mobile devices [ref], methods for auditing accesses to files on lost or stolen devices [ref], systems for controlling the lifetimes of data on the Web [ref, ref], new methods for avoiding certain types of Web tracking [ref], new methods for censorship resistance and understanding censorship [ref], new methods for authentication [ref], new methods for protecting against certain classes of Web attacks [ref], methods for user-driven access control [ref], a user-interface toolkit designed for security [ref], and a secure method for embedding applications within Android [ref].
Humans and Computer Security. Third, I believe that technologies should not be designed nor evaluated in isolation; rather, technologies should be considered in the broader milieu of users, other people in the users' environments, manufacturers, government bodies, public interest groups, and so on. This perspective permeates my research. Usability is part of this broader consideration, e.g., our study of graphical password usability [ref]. But usability is only one part. Much of my work has focused on understanding the interactions and trade-offs between security/privacy and other critical human values [ref, ref, ref]. For example, we interviewed cardiac device patients, found that some of the proposed security solutions for wireless implantable medical devices may interact with a person's self-image, sense of dignity, or psychological comfort, and then proposed defensive directions that account for these human values [ref]. We similarly interviewed ICTD practitioners to inform the design of future ICTD digital data collection platforms [ref]. We have also recently started to study privacy and online dating [ref] and the impacts of censorship on populations [ref]. Less directly related security and privacy, I am also interested in technologies that support mindfulness [ref, ref].
Education. I am very interested in developing techniques to help increase the overall awareness and understanding of key computer security concepts amongst broad collections of individuals, including students (both those enrolled in computer security courses and those enrolled in general, introductory computing courses, including at the high school level), industry professionals (both technical and non-technical), and the general public. I introduced security reviews, current events reports, and science fiction prototyping into my undergraduate computer security course [ref]. Variants of these approaches have now been used at a number of universities, and my course's use of "security reviews" was discussed in Wired. In 2012 we introduced Control-Alt-Hack(TM), a computer security-themed card game designed to not only be fun to play, but to also help address our educational goals [ref, ref]. We also recently released the The Security Cards: A Security Threat Brainstorming Toolkit, which is a collection of 42 cards designed to assist in computer security-related brainstorming and education.
Additional information can be found at the UW Security and Privacy Research Lab home page. If you are interested in supporting UW CSE, please visit this URL (for general departmental support) or this URL (and search for "computer security").