A couple of years ago, I was out walking with one of my PhD students on one of those pandemic-coping long walks, when he asked me “how did you get into security research?” It was such an odd story, so I sat him down on a bench by the sidewalk and told him the story over bubble tea. A few weeks ago, my former colleague at MFCF reminded me how I got started with doing security at MFCF which is where my strange story began. So I thought I should write this story down.
Like many things in my life, my career in security research started in a completely unplanned manner. This is the story of how I stumbled on to information security practice and then research.
In 1984, with a hundred other classmates, nearly half the class, I trooped back to the hilltop university in Sri Lanka where I was a freshman engineering student. The previous year, I had missed sitting the first year examinations as the simmering ethnic tensions had burst out into a full-fledged civil war between the Tamil Tiger militants and the government forces. Tamil youth like myself feared that worse was yet to come: Tigers were actively recruiting and scores of Tamil youth abandoned their education to join them, many of them went on to lose their lives; the soldiers couldn’t tell the difference between Tigers and ordinary Tamil youth. Caught between the two, young Tamil men feared for their lives and limb on a daily basis. We sought far and wide for an opportunity to continue our education elsewhere. Unlike in 2023 when western countries tripped over each other to help Ukrainian youth fleeing their country, there were no organized programs to help refugee youth who wanted to escape war and continue to study. Fortunately, the giant neighbor to our North, India, still charged the same absurdly low tuition fees for domestic and international students. I was lucky enough to get a seat at the Indian Institute of Technology at Kharagpur. The low tuition fees meant that my middle class family in Sri Lanka could afford to pay for my four years of education (yes, I had to start the program from scratch in India since there were no provisions for refugee students).
It was in Kharagpur that my friend, classmate, and fellow refugee, Mano, introduced me to the idea of a fake login screen, and the term “fishing,” at least that was what my ears heard. I found it an interesting curiosity but thought no more of it. Having graduated from IIT Kharagpur, I followed the well-worn path of IIT students to the US, enrolling in the PhD program at Syracuse University. Our earlier premonitions about the worse being yet to come were prophetic. India intervened in the civil war and sent their forces, dubbed the Indian Peace-Keeping Force (IPKF) to Sri Lanka. Soon IPKF became embroiled in a brutal war with the Tigers in the north and east of Sri Lanka. In response, Marxist youth in the south battled the government forces. My parents and three younger sisters were still in Sri Lanka. It became apparent to me that to have any realistic chance of getting them out of the war zone, I needed to leave the US to a more immigrant-friendly country like Canada, and find a full-time job.
At Syracuse I had started playing with (massively) parallel computers like the Connection Machine. I had some preliminary thoughts that parallel computing could be my research theme. At UWaterloo, Paul Larson’s database group seemed to be the only systems group working on parallel computing. So I contacted Paul. When he learned that what I needed was a full-time job with the possibility of doing research on the side, he pointed me to MFCF which had an open position for a software specialist.
In 1990, I joined MFCF as a software specialist. Shortly after that, I was thrilled to learn that university employees didn’t have to pay tuition. I promptly enrolled as a part-time doctoral student in the Spring 1990 term! UWaterloo CS then required doctoral students to do four courses followed by a “comprehensive examination” that was intended to test the level of undergraduate CS background. This was the easy part: by the end of Fall 1991, I had completed the coursework and comprehensive examination requirements. Although I regularly attended Paul’s research group meetings, with a full-time job to do, I wasn’t able to grasp on to a research theme. At work, I was dealing with network management topics (For some reason, Waterloo had been using a 9-bit netmask for its subnets. I got the task of semi-automating the great “renumbering” which involved not only changing the IP addresses but also various other configuration files which were in different places in systems of different architectures; MFCF was managing almost a dozen different architectures then). One of my colleagues at MFCF, Ken Wellsch, was a part-time PhD student with Charlie Colbourn, who was working on network reliability. So I switched to Charlie’s group. But Charlie is a combinatorist. I audited a course in combinatorial designs, but it soon became apparent to me that I didn’t have the mathematical background to be able to do research with someone of Charlie’s caliber.
As I recounted in the acknowledgements section of my doctoral dissertation, one day in mid 1992, my manager at MFCF, Bill Ince, walked into my office and said “I want you to set up Kerberos for the campus.” I had no idea what Kerberos was. So I downloaded the Kerberos source code from athena.mit.edu and read everything about Kerberos that I could get my hands on, including Bill Bryant’s Greek drama “Designing an Authentication System: a Dialogue in Four Scenes,” which was an excellent “garden path” introduction to the design of Kerberos. I was fascinated by what I learned, including the idea of what is today known as “single signon.” I remember reading some documentation explaining how postwar Germany, where many people had lost their various identification papers in the war, focused on developing a robust process for issuing passports to people so that all other identification needs, even those that didn’t involve crossing borders, could bootstrap off of passports. I cannot remember where I read it or whether it is even true. But it was certainly enough to catch my imagination. I proceeded to set up the first Kerberos realm for UWaterloo.CA and built Kerberos on all the architectures we supported so that they were available for all MFCF-supported machines. But, as is the case with many security tools, it didn’t quite catch on. There were only a handful of people who used Kerberos on a regular basis.
Around that time, Ian! D. Allen, who was administering the computer graphics lab moved to Ottawa and had to administer the CGL machines remotely. I imagine he used rlogin to access CGL systems remotely. Thirty years ago, people were concerned about eavesdroppers, but session hijacking had not yet registered as a significant threat. But in order to get root access he needed to use the UWaterloo version of the su command, called suw. It is one of those chatty programs that expected input (a password) from standard user input. Sending a password through an rlogin session was not acceptable even in the adversary model of that time. That was my first opportunity to try to do something non-standard to solve a real-life security problem. I ended up creating something I called the Kerberos Escort Service (kesc). I must have thought that it was a clever choice of a name! It consisted of a pair of programs. On the far end, there was a wrapper program that registered itself as a Kerberos server and invoked the target chatty program. On the local end, kesc was a standalone Kerberos client that can be told to connect to this server, and agree on a session key. It can then get the password from the user, “escort” it over to the server, protected by the session key, which the server program can extract and feed to the chatty program; this is the same interaction design pattern as the Unix expect command, which was in fact my inspiration. I don’t remember how extensively Ian! used kesc, but he was my first end user for security-relevant work.
But not every system was kerberized, even on UWaterloo campus. So I decided to replicate the same pattern but without Kerberos by resorting to an (unauthenticated) Diffie-Hellman exchange. I called this tool secure-comm. Had I been smarter, I would have evolved secure-comm in the direction of what became SSL or ssh, both of which appeared a year or two later. But I didn’t have the foresight to imagine such a future for these tools. Unfortunately all of these tools are lost now because, according to oldest Internet Archive snapshot of my math.uwaterloo.ca homepage (which dates from several years after I left Waterloo), I made them available from ftp.math.uwaterloo.ca which no longer exists and has not been archived. But some newsgroup chatter still remains, thanks to Google archiving newsgroups, including posts about kesc and secure-comm and a hint about why they were written.
Playing around with Kerberos and other security tools like Tripwire (which I ported to 64-bit architectures when MFCF acquired a 64-bit DEC Alpha machine in its version 1.2 from mid 1994), and the excitement and satisfaction I derived from this exercise, convinced me that I wanted to do my research in security. The only problem was that at that time, no one at UWaterloo CS was working on security. There were world-class cryptographers at the Department of Combinatorics and Optimization, but trying to work with Charlie had shown me that I didn’t have the necessary math background to work with them. Gord Agnew in ECE was a security expert, but he was not taking on new students (I did take his cryptography course).
So I was once again in limbo. But this was an exciting time. The GSM specifications had come out recently, and researchers were starting to become interested in mobile communications security. One paper in particular caught my attention: it was co-authored by Gene Tsudik who was with the IBM Zurich Research Laboratory (ZRL) security group with Refik Molva and his student Didier Samfat from the newly established Eurecom in France; I had already read papers from the ZRL security group and had been thoroughly impressed. This paper was on inter-domain authentication of mobile users. I spotted a gap: it did not address the problem of anonymity and unlinkability; requiring mobile users to authenticate will allow an eavesdropper to track their movements. GSM specifications had indeed tried to address this problem using the notion of “temporary mobile subscriber identifiers” (TMSIs). But this approach was already recognized as being brittle: a fake base station could fool a mobile device into revealing its real identity, and the 2G version of GSM did not permit users to authenticate base stations.
I started thinking about this problem. I didn’t really know what I was doing since I was without any real supervision and didn’t have peers to bounce ideas off of. I remember I was driving my sister Kavitha, who was a UWaterloo CS undergrad at the time, to her work term in Paris, Ontario when it dawned on me that having the mobile user (probabilistically) encrypt their subscriber identifier using their home network’s public key can address this problem. I remember explaining this excitedly to Kavitha as we drove to Paris. It was a simple and rather obvious idea. But since I didn’t know what I was doing, I thought it deserved to be written up as a short paper. I submitted it to a new workshop, Workshop on Mobile Computing and Applications (WMSCA), that I had seen advertised. To my surprise, the paper was accepted. What’s more, the list of accepted papers had two other papers on the same topic of providing identity privacy to mobile users from researchers whose names I was already familiar with: one by Gene Tsudik and his IBM Research colleagues and the other by Didier Samfat and Refik Molva! You can imagine my excitement!
I had this little problem of how to fund my trip to the workshop, since I had no supervisor and no research project funding my work. Luckily WMSCA issued a call for graduate student “scribes” to take notes at the workshop in return for free registration. I promptly applied to become a scribe, and paid out of pocket to fly to the Bay Area. But the trip was worth every dollar I spent! There were four scribes. All four of us eventually become academics: Peter Grillo, Adrian Friday, C. K. Toh, and me (I was probably the last to become an academic). Prof. M. Satyanarayanan, who organized the workshop, wrote a digest of proceedings based on our notes. WMSCA itself eventually morphed into the very popular HotMobile.
The workshop organizers decided to put the three papers into a panel on privacy and anonymity. Neither Gene nor his co-author Amir Herzberg could make it to the workshop. So it was left to me and Didier, two graduate students, to hold the panel in front of all the top mobile computing researchers at the time! You have probably discerned a common recurring theme in this story: once again, as I sat on the panel, I had no idea what I was doing! But the experience gave me the confidence to dare to believe that I could do research: I had independently come with the same idea as Didier and Refik did! Gene and Amir had a different, clever, and elegant idea using only symmetric key cryptography. But my little paper put me on their radar.
With this newfound confidence, I asked my boss’ boss at MFCF, Prof. Jay Black, to take me on as a part-time graduate student, even though Jay was not working on security himself. He kindly agreed. I wrote the COMP-II proposal on Security Issues in Mobile Computing (which, as it turned out, was not the topic of my eventual dissertation!). I still didn’t know what I was doing, and it was clear that I needed to be part of a functional security research group with a good research supervisor if I were to succeed. But by this time, my parents and sisters had immigrated to Canada. So I still needed enough income to be able to support them. I reached out to Amir about a summer internship at IBM TJ Watson Research Center in New York. Amir was ready to take me on. IBM sent me an offer letter with which I was supposed to cross the border. I had already scouted out accommodation (at a YMCA in Hawthorne, because I couldn’t afford anything safer or better!). As it turned out, IBM had forgotten to get Amir’s signature on the letter before he went on some long trip. There was no chance that the US Immigration will let in any “alien”, let alone a young brown man, with an unsigned job offer! I was totally dejected. But as luck would have it, on the same day, I got an e-mail from Gene asking if I was interested in a “pre doc” position at IBM ZRL.
So I found myself in Zurich that summer, interviewing with IBM ZRL. In the very first interview, I learned what a “pre doc” is — it stands for “pre-doctoral fellow”. Pre-docs work for IBM on a 60% contract with the understanding that they will work on their doctoral research in the remaining 40% of the time. A quick mental calculation made it clear to me that even though Swiss salaries are higher than in Canada, with a 60% contract, I would not be able to live in Zurich and still support a household in Waterloo. That realization made me completely relax for the rest of the interview, because it was clear to me that this wasn’t going to work out. I enjoyed the rest of the day, talking to all the smart and dynamic people in the group, discussing all sorts of things, with absolutely no pressure, nervousness, or expectations! The last interview was by their head of HR who was a psychologist. Later, I learned that all hiring managers totally trusted his impressions. He asked me, “if you were Gene, would you hire yourself?” I answered without any hesitation because the answer was obvious to me: “no, because even though the technical fit seems to be good, the candidate will not last in this job because of his family obligations.” The following week, Gene’s manager Phil Janson sent me a completely unexpected e-mail that took me by total surprise, saying that they would like to offer an 80% pre-doc position. That is how I came to join ZRL, and my career in security research got a lifeline.
I joined ZRL in November 1995, expecting to work with Gene. Gene was on vacation at the time. I started working with Michael Waidner on the new European Project, Secure Electronic Market Place for Europe (SEMPER). Gene showed up a couple of weeks later and announced that he was leaving ZRL to return to the US. But before he left, we managed to write a paper together (the second paper with Gene took 20+ years more!). I was incredibly lucky to have had Michael as my supervisor and mentor who set me to work on the fair exchange problem with fellow PhD student Matthias Schunter and a new IBM researcher, Victor Shoup. That work formed the basis of my dissertation. Later, UWaterloo made Michael an adjunct professor for a year so that he could be formally listed as my dissertation co-supervisor along with Jay.
Two interesting asides. First, in addition to our respective papers at WMSC ‘94 , Didier, and I also published a paper together with Refik in the first ever MobiCom expanding on the same idea of using public key encryption to provide identity privacy for mobile users. When I joined Nokia in 1999, Nokia experts were actively involved in the 3GPP 3G/UMTS specifications being drafted. I suggested our idea of public key encryption of mobile user identifiers. It didn’t fly at that time because mobile phones were believed to be too anemic to do public key computations. By the time 5G rolled around this was certainly no longer true. By the 2010s, academics and industry researchers had started proposing the same basic idea, although they appeared to have been unaware of the proposals fifteen years prior, perhaps because it was such a simple idea. The 3GPP 5G security specifications subsequently introduced the notion of the, confusingly named, Subscription Concealed Identifier (SUCI) which is an encryption of the mobile subscriber’s permanent identifier using a session key derived using the home network’s public key.
Second, when IBM ZRL finally made me the pre-doc offer that I couldn’t refuse, the department of computer science at UWaterloo promptly declined my request to move to Switzerland to conduct my doctoral research at IBM ZRL Despite the oft-repeated aspirations for closer ties with industry, the department was, quite understandably, concerned about letting a graduate student spend extended time elsewhere doing their doctoral research. It was my incredible stroke of luck that Prof. Johnny Wong, who was on my dissertation committee, was leaving to IBM ZRL for his sabbatical year in 1996. He reassured the department that he would provide the necessary oversight for my work at ZRL. Without Johnny’s fortuitous intervention, I wouldn’t have been able to go to ZRL, and very likely, my career in security research would have ended.
It has been an improbable journey. I wouldn’t be where I am now had it not been for lucky escapes from calamity, incredible strokes of good fortune, and the willingness of mentors and advisors like Bill or Jay or Gene or Johnny or, last but certainly not least, Michael who provided unbelievable opportunities to me or removed the obstacles in my way. I am forever indebted to them.
Leave a Reply