Ian Goldberg

Research Interests

Computer security, privacy, and cryptography, focusing on useful systems for protecting Internet-based transactions.

Education

• Ph.D. (Computer Science), University of California, Berkeley, 2000.
  • "A Pseudonymous Communications Infrastructure for the Internet"
• M.Sc. (Computer Science), University of California, Berkeley, 1998.
  • "ipse and the Power of Intrusion Detection Systems"
• B.Math. (Pure Mathematics and Computer Science), University of Waterloo, 1995.
  • Graduated with distinction — Dean's honour list

Professional Experience

• August 2006 – present

  Assistant Professor, David R. Cheriton School of Computer Science, University of Waterloo

• June 1999 – July 2006

  Chief Scientist, Radialpoint (formerly called Zero-Knowledge Systems, Inc.)

  Responsible for research, design, and prototype implementation of privacy-enhancing technologies in a commercial setting.

Peer-reviewed Journal Publications

• Ian Goldberg, Atefeh Mashatan, Douglas Stinson. "On Message Recognition Protocols: Recoverability and Explicit Confirmation". International Journal of Applied Cryptography. 20 pages. To appear; accepted November 2009.
• Aniket Kate, Gregory Zaverucha, Ian Goldberg. "Pairing-Based Onion Routing with Improved Forward Secrecy". ACM Transactions on Information and System Security. 30 pages. To appear; accepted February 2009.
• Ian Goldberg, David Wagner. "TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web". First Monday electronic journal. Vol. 3, No. 4. 20 pages. April 1998.

Peer-reviewed Conference and Workshop Publications

• Aniket Kate, Ian Goldberg. "Using Sphinx to Improve Onion Routing Circuit Construction". Financial Cryptography and Data Security 2010. 8 pages. To appear; accepted December 2009. (Acceptance rate: 26%, 34/130)
• Ian Goldberg, Berkant Ustaoğlu, Matthew Van Gundy, Hao Chen. "Multi-party Off-the-Record Messaging". 16th ACM Conference on Computer and Communications Security. pp. 358–368. November 2009. (Acceptance rate: 18%, 58/315)
• Chris Alexander, Joel Reardon, Ian Goldberg. "Plinko: Polling with a Physical Implementation of a Noisy Channel". Workshop on Privacy in the Electronic Society 2009. pp. 109–112. November 2009. (Acceptance rate: 54%, 15/28)
• Joel Reardon, Ian Goldberg. "Improving Tor Using a TCP-over-DTLS Tunnel". 18th USENIX Security Symposium. pp. 119–133. August 2009. (Acceptance rate: 15%, 26/176)
• Aniket Kate, Ian Goldberg. "Distributed Key Generation for the Internet". 29th International Conference on Distributed Computing Systems. pp. 119–128. June 2009. (Acceptance rate: 16%, 74/455)
• Ian Goldberg, Atefeh Mashatan, Douglas Stinson. "A New Message Recognition Protocol With Self-Recoverability for Ad Hoc Pervasive Networks". 7th International Conference on Applied Cryptography and Network Security. pp. 219–237. June 2009. (Acceptance rate: 21%, 32/150)
• George Danezis, Ian Goldberg. "Sphinx: A Compact and Provably Secure Mix Format". 2009 IEEE Symposium on Security and Privacy. pp. 269–282. May 2009. (Acceptance rate: 10%, 26/254)
• Ryan Stedman, Kayo Yoshida, Ian Goldberg. "A User Study of Off-the-Record Messaging". The 2008 Symposium On Usable Privacy and Security. pp. 95–104. July 2008. (Acceptance rate: 28%, 12/43)
• Chris Alexander, Ian Goldberg. "Improved User Authentication in Off-The-Record Messaging". Workshop on Privacy in the Electronic Society 2007. pp. 41–47. October 2007. (Acceptance rate: 19%, 9/48)
• Ge Zhong, Ian Goldberg, Urs Hengartner. "Louis, Lester and Pierre: Three Protocols for Location Privacy". 7th Privacy Enhancing Technologies Symposium. pp. 62–76. June 2007. (Acceptance rate: 19%, 16/84)
• Aniket Kate, Gregory Zaverucha, Ian Goldberg. "Pairing-Based Onion Routing". 7th Privacy Enhancing Technologies Symposium. pp. 95–112. June 2007. (Acceptance rate: 19%, 16/84)
• Ian Goldberg. "Improving the Robustness of Private Information Retrieval". 2007 IEEE Symposium on Security and Privacy. pp. 131–145. May 2007. (Acceptance rate: 8%, 20/246)
• Ian Goldberg. "On the Security of the Tor Authentication Protocol". Workshop on Privacy Enhancing Technologies 2006. pp. 316–331. June 2006. (Acceptance rate: 26%, 24/91)
• Nikita Borisov, Ian Goldberg, Eric Brewer. "Off-the-Record Communication, or, Why Not To Use PGP". Workshop on Privacy in the Electronic Society 2004. pp. 77–84. October 2004. (Acceptance rate: 22%, 10/45)
• Ian Goldberg. "Privacy-enhancing Technologies for the Internet, II: Five Years Later". Workshop on Privacy Enhancing Technologies 2002. pp. 1–12. April 2002. (Acceptance rate: 35%, 17/48)
• Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, David Wagner. "A Cryptanalysis of the High-bandwidth Digital Content Protection System". Workshop on Security and Privacy in Digital Rights Management 2001. pp. 192–200. November 2001. (Acceptance rate: 30%, 15/50)
• Nikita Borisov, Ian Goldberg, David Wagner. "Intercepting Mobile Communications: The Insecurity of 802.11". ACM SIGMOBILE Annual International Conference on Mobile Computing and Networking 2001. pp. 180–189. July 2001. (Acceptance rate: 11%, 30/281)
• David Wagner, Ian Goldberg. "Proofs of Security for the Unix Password Hashing Algorithm". Asiacrypt 2000. pp. 560–572. December 2000. (Acceptance rate: 32%, 45/139)
• Chris Hall, Ian Goldberg, Bruce Schneier. "Reaction Attacks Against Several Public-Key Cryptosystems". International Conference on Information and Communication Security 1999. pp. 2–12. November 1999.
• Ian Goldberg, Steven D. Gribble, David Wagner, Eric A. Brewer. "The Ninja Jukebox". 2nd USENIX Symposium on Internet Technologies and Systems. 10 pages. October 1999.
• Armando Fox, Ian Goldberg, Steven D. Gribble, David C. Lee, Anthony Polito, Eric A. Brewer. "Experience With Top Gun Wingman: A Proxy-Based Graphical Web Browser for the 3Com PalmPilot". IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing (Middleware) 1998. 18 pages. September 1998.
• Ian Goldberg, David Wagner, Randi Thomas, Eric A. Brewer. "A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker". 6th USENIX Security Symposium. pp. 1–13. July 1996.

Books Edited

• Ian Goldberg, Mikhail Atallah. (Eds.) "Privacy Enhancing Technologies, 9th International Symposium (PETS 2009)". Seattle, WA. 264 pages. August 2009.
• Nikita Borisov, Ian Goldberg. (Eds.) "Privacy Enhancing Technologies, 8th International Symposium (PETS 2008)". Leuven, Belgium. 246 pages. July 2008.

Book Chapters

• Ian Goldberg. "Privacy-Enancing Technologies for the Internet III: Ten Years Later". Chapter 1 of "Digital Privacy: Theory, Technologies, and Practices", Alessandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis, Sabrina di Vimercati, editors. pp. 3–18. Auerbach, December 2007.
• Ian Goldberg, David Wagner. "Architectural Considerations for Cryptanalytic Hardware". Chapter 10 of "Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design". pp. 10-1–10-26. O'Reilly, July 1998.

Other Invited Publications

• Ian Goldberg, Austin Hill, Adam Shostack. "Trust, Ethics, and Privacy". Boston University Law Review. Vol. 81, No. 2. pp. 407–422. April 2001.
• Ian Goldberg, David Wagner, Eric A. Brewer. "Privacy-enhancing Technologies for the Internet". IEEE COMPCON '97. pp. 103–109. February 1997.

Technical Reports

• Femi Olumofin, Ian Goldberg. "Privacy-preserving Queries over Relational Databases". CACR Tech Report 2009-37. 16 pages. November 2009.
• Maxwell Young, Aniket Kate, Ian Goldberg, Martin Karsten. "Practical Robust Communication in DHTs Tolerating a Byzantine Adversary". CACR Tech Report 2009-31. 21 pages. September 2009.
• Aniket Kate, Ian Goldberg. "Asynchronous Distributed Private-Key Generators for Identity-Based Cryptography". ePrint Tech Report 2009/355. 29 pages. July 2009.
• Femi Olumofin, Piotr K. Tysowski, Ian Goldberg, Urs Hengartner. "Achieving Efficient Query Privacy for Location Based Services". CACR Tech Report 2009-22. 22 pages. May 2009.
• Joel Reardon, Jeff Pound, Ian Goldberg. "Relational-Complete Private Information Retrieval". CACR Tech Report 2007-34. 24 pages. November 2007.
• Aniket Kate, Ian Goldberg. "A Distributed Private-Key Generator for Identity-Based Cryptography". CACR Tech Report 2007-33. 18 pages. November 2007.
• Aniket Kate, Ian Goldberg. "Generalizing Cryptosystems Based on the Subset Sum Problem". CACR Tech Report 2007-26. 14 pages. September 2007.
• Joel Reardon, Alan Kligman, Brian Agala, Ian Goldberg. "KleeQ: Asynchronous Key Management for Dynamic Ad-Hoc Networks". CACR Tech Report 2007-03. 17 pages. January 2007.

Invited Talks

• "Sphinx: A Compact and Provably Secure Mix Format". University of Illinois at Urbana-Champaign Information Trust Institute Trust and Security Seminar. September 2009.
• "Sphinx: A Compact and Provably Secure Mix Format". Purdue University CERIAS Security Seminar. August 2009.
• "Internet Security and Privacy for the Rest of Us". Third Age Learning Speaker Series on "Privacy and Security in Your World". February 2009.
• "Introduction to Classical Cryptography and Information Security". Information Security in a Quantum World Conference. August 2008. (with Alfred Menezes, Douglas Stinson)
• "Off-the-Record Messaging: Useful Security and Privacy for IM". Pitney Bowes Fourth Annual Conference on Information Security and Communication. June 2008.
• "Cryptography, Security, and Privacy on the Internet". CEMC Lyons Invited Speaker. June 2008.
• "Off-the-Record Messaging: Useful Security and Privacy for IM". 1st Canada-France MITACS Workshop on Foundations & Practice of Security. May 2008.
• "Improving the Robustness of Private Information Retrieval". University of California, Berkeley TRUST Seminar. April 2008.
• "Improving the Robustness of Private Information Retrieval". Johns Hopkins University Information Security Institute Seminar. February 2008.
• "interceptedI: A Technical Perspective". On The Identity Trail's Revealed I conference. October 2007. (panel with Michael Geist, Clayton Pecknold, Wesley Wark, Philippa Lawson)
• "Looking Ahead: A Ten-Year Outlook for Internet Security and Privacy". International Conference on Distributed Computing Systems 2007. June 2007. (panel with Ashvin Goel, Emin Gun Sirer, Anthony Joseph, David Lie, Partha Dasgupta)
• "Polynomial Secret Sharing and Private Information Retrieval". Canadian Mathematics Competition Seminar. June 2007.
• "Improving the Robustness of Private Information Retrieval". Stanford Security Seminar. May 2007.
• "Off-the-Record Messaging: Useful Security and Privacy for IM". Stanford University Department of Electrical Engineering Computer Systems Colloquium. May 2007.
• "Cryptography, Security and Privacy on the Internet". 17th Conference on Computers, Freedom, and Privacy. May 2007.
• "Off-the-Record Messaging: Useful Security and Privacy for IM". MITACS Digital Security Seminar Series at Carleton University. April 2007.
• "Improving the Robustness of Private Information Retrieval". University of Massachusetts Amherst Computer Science Department Seminar. April 2007.
• "Questions and Answers about Off-the-Record Messaging". Hewlett-Packard Software Engineering Seminar. February 2007.
• "Off-the-Record Messaging". 7th Annual Privacy and Security Workshop & 15th CACR Information Security Workshop. November 2006.
• "Privacy-Enhancing Technologies for the Internet". Fourth Annual Conference on Privacy, Security, and Trust. October 2006.
• "Off-the-Record Communication, or, Why Not To Use PGP". Research seminar, University of California, Berkeley. August 2006.
• "Off-the-Record Messaging". CyLab / ISRI Seminar Series, Carnegie Mellon University. October 2005.
• "The Promise of Privacy Enhancing Technologies". 12th Conference on Computers, Freedom, and Privacy. April 2002. (with Paul Syverson, Lorrie Faith Cranor, Marc Levine)
• "Privacy vs. Security: Myth or Fiction?". Financial Cryptography 2002. March 2002. (with Ron Rivest, Graham Wood)
• "Privacy-Degrading Technologies: How Not to Build the Future". 9th USENIX Security Symposium. August 2000.
• "A Pseudonymous Communications Infrastructure for the Internet". Stanford University Computer Systems Laboratory EE380 Colloquium. April 2000.

Other Research Seminars

• "Sphinx: A Compact and Provably Secure Mix Format". CACR Seminar, University of Waterloo. July 2009.
• "Off-the-Record Messaging: Useful Security and Privacy for IM". Computer Science Club Seminar, University of Waterloo. October 2007.
• "Improving the Robustness of Private Information Retrieval". CACR Seminar, University of Waterloo. April 2007.

Guest Lectures

• University of Waterloo, CS 492 (Computers and Society). 16 January 2009.
• University of Waterloo, CO 487 (Applied Cryptography). 10 March 2006.
• Carnegie Mellon University, 15-508 / 17-801 / 19-608 / 95-818 (Privacy Policy, Law, and Technology). 24 October 2005.

Selected Other Publications and Conference Talks

• "Privacy and Anonymity on the Internet". Workshop on Vanishing Anonymity, 15th Conference on Computers, Freedom, and Privacy. April 2005.
• "Off-the-Record Messaging". CodeCon 2005. February 2005. (with Nikita Borisov)
• "Six Ways from Sunday: Attacks on the WEP Protocol of 802.11". RSA Conference 2002. February 2002.
• "The Insecurity of 802.11: An Analysis of the Wired Equivalent Privacy protocol". Black Hat Briefings 2001. July 2001.
• "Using the Internet Pseudonymously". RSA Conference 2000. January 2000.
• "Practical Computer Security". CrypTEC '99. July 1999. (with Eric Brewer, David Wagner)
• "The Palm III as an Authentication Token". RSA Conference 1999. January 1999.
• "Cryptanalysis of the GSM Identification Algorithm". Black Hat Briefings 1998. July 1998.
• "Shared Libraries on the PalmPilot". Handheld Systems. Vol. 5, No. 6. Nov/Dec 1997.
• "Randomness and the Netscape Browser". Dr. Dobb's Journal. January 1996. (with David Wagner)

Teaching

• Instructor, CS 135 (Designing Functional Programs)
  University of Waterloo, Fall 2009

  68 students

• Instructor, CS 858 (Hot Topics in Privacy Enhancing Technologies)
  University of Waterloo, Fall 2009

  12 students

• Instructor, CS 135 (Designing Functional Programs)
  University of Waterloo, Winter 2009

  166 students in 2 sections

• Instructor, CS 458/658 (Computer Security and Privacy)
  University of Waterloo, Fall 2008

  60 students

• Instructor, CS 135 (Designing Functional Programs)
  University of Waterloo, Fall 2008

  90 students

• Instructor, CS 489/698 section 1 (Computer Security and Privacy)
  University of Waterloo, Fall 2007

  58 students

• Instructor, CS 854 (Hot Topics in Privacy Enhancing Technologies)
  University of Waterloo, Fall 2007

  12 students

• Instructor, CS 456/656 (Computer Networks)
  University of Waterloo, Fall 2006

  61 students in 2 sections

• Co-instructor, CS 261 (Computer Security)
  UC Berkeley, Fall 1998

  Designed and taught a new graduate-level course in Computer Security (with fellow graduate student David Wagner). Developed syllabus and assignments; lectured; advised students on class projects.

Students Supervised

• Maxwell Young (Ph.D. Advisory Committee [Martin Karsten]), Fall 2009 – present
• Ryan Henry (Master's Student), Fall 2009 – present
• Mashael AlSabah (Ph.D. Student), Winter 2009 – present
• Atefeh Mashatan (Ph.D. Advisory Committee [Douglas Stinson]), Fall 2008
• Andrew Chung (Undergraduate Research Assistant, part-time), Fall 2008
• Femi Olumofin (Ph.D. Student), Fall 2008 – present
• Can Tang (Master's Student), Fall 2008 – present
• Willy Lew (Undergraduate Research Assistant, part-time), Spring 2008
• Lisa Du (Undergraduate Research Assistant, part-time), Spring 2008
• Muhaimeen Ashraf (Undergraduate Research Assistant, part-time), Spring 2008
• Robin Snader (Ph.D. Advisory Committee [Nikita Borisov, University of Illinois at Urbana-Champaign]), Winter 2008 – Fall 2009
• Berkant Ustaoğlu (Ph.D. Advisory Committee [Alfred Menezes]), Winter 2008 – Spring 2008
• Jiayuan Sui (M.Math. Thesis Reader [Douglas Stinson]), Winter 2008
• Michael Bodis (Undergraduate Research Assistant, part-time), Winter 2008
• Rob Smits (Undergraduate Research Assistant, part-time), Winter 2008
• Ali Taleghani (Ph.D. Advisory Committee [Jo Atlee]), Fall 2007 – present
• Jiang Wu (Ph.D. Advisory Committee [Douglas Stinson]), Fall 2007 – Spring 2009
• Weihan Wang (M.Math. Thesis Reader [Martin Karsten]), Fall 2007
• Xiaoting Sun (Master's Student), "Anonymous, Secure and Efficient Vehicular Communications", Fall 2007
• Chris Alexander (Master's Student), Fall 2007 – Fall 2009
• Douglas Stebila (Ph.D. Advisory Committee [Michele Mosca]), Spring 2007 – Winter 2009
• Chris Alexander (Undergraduate Student Research Assistant), Spring 2007
• Aniket Kate (Ph.D. Student), Spring 2007 – present
• Chris Alexander (Undergraduate Research Assistant, part-time), Winter 2007
• Joel Reardon (Master's Student), "Improving Tor using a TCP-over-DTLS Tunnel", Fall 2006 – Spring 2008

Software

• Percy++

  Percy++ is an implemenation of Private Information Retrieval protocols in C++. It provides information-theoretic, computational, or hybrid protection for the privacy of the query, and handles servers that fail to respond or that respond incorrectly. Percy++ has been accepted into the Advanced Crypto Software Collection.

  Released: March 2007 – June 2007

• Off-the-Record Messaging

  Off-the-Record Messaging (OTR) enables secure and private instant messaging over existing IM networks. In order to emulate real-world "off-the-record" conversions, it provides encryption, authentication, forward secrecy and deniability.

  Released: November 2004 – October 2009

Program Committees

• Program Chair, 19th USENIX Security Symposium, August 2010
• 18th USENIX Security Symposium, August 2009
• Program Co-chair, 9th Privacy Enhancing Technologies Symposium, August 2009
• 30th IEEE Symposium on Security and Privacy, May 2009
• 17th USENIX Security Symposium, July 2008
• Program Co-chair, 8th Privacy Enhancing Technologies Symposium, July 2008
• 34th International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM), January 2008
• 14th Workshop on Selected Areas in Cryptography, August 2007
• 7th Privacy Enhancing Technologies Symposium, June 2007
• 6th Workshop on Privacy Enhancing Technologies, June 2006
• 5th CodeCon, February 2006
• Third Annual Conference on Privacy, Security, and Trust, October 2005
• 5th Workshop on Privacy Enhancing Technologies, May 2005
• 4th CodeCon, February 2005
• 4th Workshop on Privacy Enhancing Technologies, May 2004
• 2002 IEEE Symposium on Security and Privacy, May 2002
• 6th International Financial Cryptography Conference, February 2002
• 10th USENIX Security Symposium, August 2001
• 9th USENIX Security Symposium, August 2000

Other Service

• Reviewer: NSERC Discovery—Individual (2010)
• Reviewer: Eighth Annual IEEE International Conference on Pervasive Computing and Communications (2009)
• Reviewer: ACM Transactions on Information and System Security (2009, 2 articles)
• Reviewer: Elsevier Computers & Security (2008)
• Reviewer: ACM Transactions on Information and System Security (2008, 3 articles)
• Reviewer: 2008 IEEE Symposium on Security and Privacy (2008)
• Reviewer: Graphics Interface 2008 (2008)
• Reviewer: NSERC Discovery—Individual (2008, 3 applications)
• Privacy Enhancing Technologies Advisory Board, June 2007 – present
• Reviewer: Elsevier Journal of Systems and Software (2007)
• Reviewer: 7th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networking (2007)
• Reviewer: Journal of Combinatorial Mathematics and Combinatorial Computing (2007)
• Undergraduate Academic Plans Committee, January 2007 – present
• Chair of the Board of Directors, The Tor Project, a scientific and educational charity, January 2007 – present
• Director, The Tor Project, December 2006 – present
• Ontario Graduate Scholarships Ranking Committee, October 2006
• Reviewer: IEE Proceedings Information Security (2006)
• Reviewer: ACM Computing Surveys (2006)
• Reviewer: Communications of the ACM (2006)
• PET 2006 Award Committee, June 2006
• PET 2003 Award Committee, March 2003
• Reviewer: 8th Workshop on Selected Areas in Cryptography (2001)

Awards and Honours

• Best Paper Award, 6th USENIX Security Symposium, 1996
• Governor General's Silver Medal, 1995
• NSERC Post-Graduate Scholarships, 1995–1999
• Wired Magazine's Wired 25, 1998

Professional Affiliations

• Association for Computing Machinery
• Canadian Mathematical Society
• USENIX
• Institute for Quantum Computing

Last update: 1 February 2010