img

Tech-Pubs

Most of Ravi's refereed publications center around his earlier work in cryptography.  His later work on payment systems, and the innovations in more recent years, are generally found in either patent publications or product whitepapers and were generally not submitted for traditional academic publication. The list below does not include "trade press" publications, business conference speeches, panel discussions, etc.

A Special Paper

In March 2001 the Association for Computing Machinery (ACM) published a special issue of its flagship journal Communications of the ACM (CACM), consisting of short essays celebrating the first 50 years of computing.  The following was Ravi's contribution:

The cover designers listed the invited authors on the cover, resulting in what is likely to be the first and last time Ravi's name will appear sandwiched betweens the names of Edsger Dijkstra and John Glenn!

Early Papers

These papers, one in computer architecture and two in cryptanalysis, both used Markov model techniques to address very different problems.

Another paper, on firewalls, stemmed from Ravi's professional career architecting security at Verizon.  It is now outdated, but was among the first papers to argue against a 'perimeter defense' (one large weak fence) and made the case for smaller fences with strength commensurate with the value of assets being protected.  This is an example of a concept that we find so obvious in the physical world, but which is strangely (and irrationally) abandoned when we move over to cyberspace.

The Password Papers

A primary goal of Ravi's work from 1990 to the present, has been to improve computer authentication.  The first paper below (which won the Best Paper Award) uses techniques from Markov Models to create a very lightweight (and naturally multilingual) 'checker' to determine whether a user chosen password was 'good'.  The next paper showed that some methods for generating pronounceable passwords for users, including a standard  NIST had proposed, were easily attacked.

Yaksha: Fixing Public Key Cryptography

Public key cryptography, a breathtakingly brilliant and important idea, has in practice been plagued with some core fundamental problems.  Some problems are intrinsic to the mathematics, for instance, secrets too large to be remembered.  Others were caused by design considerations not drawn from practice.  In research in the early to mid nineties, Ravi recognized these problems and developed the Yaksha system, which retained the value of PKI while making it more practical and more powerful.  

The first paper describes the RSA variant developed and states and proves theorems on its security:

The next paper shows how the construct can be used to 'fix' the inherent vulnerabilities in the Kerberos protocol.  It should be noted that in Greek mythology, Kerberos is the three headed dog that guards the gates to Hades (the world of the dead).  Why a guard? Who exactly might try to break into the world of the dead (Hercules notwithstanding)? On the other hand it is likely that many try hard to break into heaven whether they deserve it or not.  What if you wanted to guard the gates to heaven?  Then you need something stronger than a Kerberos. You need a Yaksha, a demigod from ancient Indian mythology.

The same construct used above for authentication and digital signatures, can also be used for key exchange and key escrow, and the following  paper describes those results:

A summary of these results, along with arguments motivating the economic need for reusable security infrastructures, can be found in:

In praise of librarians and other papers

Ravi coined the term "messyware" to describe the often hidden assets of so-called "middlemen companies" seeking to make the transition from a pre-Internet business model to the new world.  He uses librarians as an example of a function that does not really go away.

He has been very interested in the trade-offs between civil liberties and the need for governments to eavesdrop on communication.  In 1996 he was Guest Editor for a special issue of the Communications of the ACM with several papers on this topic.  His guest editorial and the papers can be found at:

Working with Ravi Sandhu and Mihir Bellare, Ravi advanced his earlier Yaksha work.  Some of the results can be found in: