• Publications
  • Influence
The Secure Real-time Transport Protocol (SRTP)
This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay
The Security and Performance of the Galois/Counter Mode (GCM) of Operation
GCM is shown to be the most efficient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet traffic in conjunction with software experiments and hardware designs.
Key Establishment in Large Dynamic Groups Using One-Way Function Trees
Among the hierarchical methods, OFT is the first to achieve an approximate halving in broadcast length, an idea on which subsequent algorithms have built.
Statistical Analysis of the Alleged RC4 Keystream Generator
A method for distinguishing 8-bit RC4 from randomness is demonstrated and it is observed that an attacker can, on occasion, determine portions of the internal state with nontrivial probability.
Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization
A scalable method for establishing group session keys for secure large, dynamic groups such as multicast sessions is presented and implemented based on a novel application of One-Way Function Trees (OFTs).
Identifying Encrypted Malware Traffic with Contextual Flow Data
This work develops supervised machine learning models that take advantage of a unique and diverse set of network flow data features and shows that incorporating this contextual information into a supervised learning system significantly increases performance at a 0.00% false discovery rate for the problem of classifying encrypted, malicious flows.
Deciphering malware’s use of TLS (without decryption)
It is concluded that malware’s usage of TLS is distinct in an enterprise setting, and that these differences can be effectively used in rules and machine learning classifiers.
Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity
This paper designs and carries out experiments that show how six common algorithms perform when confronted with real network data, and identifies the situations in which certain classes of algorithms underperform on the task of encrypted malware traffic classification.
An Interface and Algorithms for Authenticated Encryption
This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used