About
I am an architect and software engineer in the Hardware Security team of Azure Edge and Platform Enterprise and Security. My current project concerns the Microsoft Pluton security processor. (opens in new tab)
I previously was an applied researcher and engineer in MSR Security and Cryptography, and then one of its successor groups, MSR Cryptography, Security, and Privacy (CRYSP).
Most recently I worked on a project to establish provenance of digital media, primarily video, to address the problem of authenticity in a world where deepfakes are becoming increasingly common, and where media is shared and re-shared through a variety of outlets, and rarely consumed from the original producer’s online presence. This is being pursued through Project Origin (opens in new tab), which is a collaboration between the BBC, the CBC, the New York Times, and Microsoft, and more recently through the Coalition for Content Provenance and Authenticity (opens in new tab), where we will pursue technical solutions in conjunction with our aforementioned partners as well as Adobe, ARM, Intel, Truepic, and others. See the project’s home page for a demonstration video and technical documentation.
C2PA’s technical specification is now at version 1.3. I have put quite a lot of work into this, both in authoring sections myself, and reviewing sections written by others. You can view the specification here (opens in new tab).
I previously worked on post-quantum cryptography, and you can learn about all of our work here (opens in new tab). We shipped a modified version of OpenVPN software and added post-quantum cryptography to it (opens in new tab) as a way for people to start playing with it now.
I previously worked on automatically, formally verified implementations of these algorithms using the F* (opens in new tab) language as part of Project Everest (opens in new tab), and in particular, the HACL* (opens in new tab) library of verified cryptographic primitives.
In parallel, I am joining a project to examine trust failures in the Public Key Infrastructure (PKI) from a variety of perspectives, not only technical ones. More on this as well as it evolves.
Before this, my activities primarily focused on the Internet of Things. In particular, I worked on security models and automated security and credential management for IoT, primarily in the consumer space. My activities focus on two industry-wide collaborative efforts: the AllSeen Alliance (opens in new tab) and its protocol stack AllJoyn, and the Open Connectivity Foundation (opens in new tab) and its implementation IoTivity. (opens in new tab)
I’ve previously worked in distributed systems/network security, protocol design, and mobile device security, especially the use of mobile devices as credentials and authenticators, when mobile devices have hardened hardware security processors like TPMs. I’ve also spent a lot of time doing code for and consulting on X.509 certificates and the Public Key Infrastructure.
I completed my B.S. with Honors at the University of Maryland (opens in new tab), and my M.S. and Ph.D. at the University of Texas at Austin (opens in new tab). My thesis focused on theoretical and experimental methods of access control in distributed systems.