Comcast endowed professor for security innovation
Dept. of Computer Science and Engineering
University of Connecticut
I am interested in security and privacy of networked systems. Security and privacy may be breached in many ways - it only takes one weak link to break the chain. I want to understand different threats and tools, and combine analysis and proofs with implementations, economics, and even human, legal, ethical and psychological aspects. Specific areas:
- Internet security: infrastructure (routing, DNS, DoS) and applications (web, phishing).
- Security for IoT and other emerging networks (e.g., of sensors, drones, stealthy-bots).
- Applied provable cryptography, esp. resiliency to exposures, cryptanalysis, side-channels, leakage.
- Privacy, anonymity and covert communication.
- Usable security and social-engineering attacks, and defenses - esp. for naive users.
- Financial cryptography, i.e., using cryptography to innovate financial systems, protocols and networks.
Positions and calls:
- I am on search committee of the CSE department, for the position of Synchrony-Financial Endowed Chair in Cybersecurity, a tenure-track faculty position at the associate or full professor level. Contact me for details, or see details and apply. The department also have additional searches, including in machine learning, a lecturer track position, and more.
- I am co-chair of the TPC of the IEEE CNS'19 conference, June 10-12 in Washington, DC. Deadline: Dec. 21st, 2018. See CFP.
- I am in the steering committee of the CANS conference.
- I serve on editing board of the PoPETS conference/journal hybrid.
- I served on many program committees, editing boards etc. [but I try to avoid it this year to focus on CNS]
I keep downloadable copies of most of my publications in my researchgate page. I apologize, but I don't keep an updated full list of publications; you may see (most) additional publications in online services such as DBLP or Scholar.
I am currently in the process of writing my lecture notes for introduction to cybersecurity. My (overly ambitious) goal is to write multiple parts; currently I can offer you a partial draft of the first part, which focuses on applied cryptography - which I view as the basic tool of cybersecurity, and as a great way to also learn how to approach security in general - with `adversarial' thinking, protecting against arbitrary attacker strategies rather than assuming a specific attack. The text seems already quite useful, and I appreciate feedback. The presentations are also available (in powerpoint - see also in researchgate). I also provide few exams, questions and solutions in network security , which will be the focus of the second part of the lecture notes - hopefully, mostly available by Spring term 2019, when I'll teach the course.
Teaching, advising and students:
I like teaching and advising students. I teach CSE3400 (intro to cyber security) in fall term '18, and will teach CSE4402 (Network security) and a seminar (on `bleeding edge' research in cyber security) in spring term '19. I use UConn's HuskyCT extensively for providing materials and communicating with students.
See information on advising and students, including info for potential students, tips for students and list of previous and current students.
Personal and Opinions:
I an interested and opinionated in many topics such as politics, religions, history and science. In particular I'm very interested in social-technical, ethical and legal issues. See Cyber Security & Centralized Data, What Could Go Wrong?, an interview by the Institute for New Economic Thinking on the importance of privacy for society and economics, and the need for (self-)controls on at least some forms of cyber-warfare. See interview (in Hebrew) where I explain the risks of biometric repository which is being piloted in Israel.
I like discussing and arguing about these and other topics. And I also like reading, music, hikes, gardening, dogs, movies, and gym.
I'm best reachable by email: email@example.com. If I don't reply in reasonable time, send reminder, your message may have got lost (in spam... or just forgotten due to overload, sorry!).