I am an Associate Professor in Computer Science here at Johns Hopkins. Prior to joining the Computer Science department I was a member of  the Secure Systems Group at Bell Labs, Lucent Technologies. My research interests include computer and network security, with particular interest in biometrics and techniques for strong user authentication.  At Bell Labs I worked on a few projects, some of which were very cool,  and some, lets just say weren't  too exciting. You decide.  Nonetheless,  I've added pointers to them here.  

email:    Phone: (410) 516-8746, Fax (410) 516-8457

   Program committees that I'm involved with (or served on in the past)

• First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET'08)
• USENIX Security Symposium (2008, 2007, 2006, 2005).
• IEEE Symposium on Security and Privacy (2008, 2007).
• Network & Distributed System Security (2009, 2008, 2007, 2006, 2003,  2002, 2001).
• Information Security Conference (2008, 2007).
• 6th IEEE Biometrics Symposium (2008).
• 1st USENIX Workshop on Hot Topics in Understanding Botnets, HotBots (2007).
• 2nd USENIX Workshop on Hot Topics in Security, HotSec (2007).
• 4th ACM Workshop on Recurring Malcode (WORM) (2006).
• 25th International Conference on Distributed Computing Systems (2005).
• International Workshop on Information Security Applications (2003).
• International World Wide Web Conference, Security & Privacy Track (2003, 2004).
•  Discrete Algorithms & Methods for Mobile Computing & Comm. (2001).
• 1^st ACM Workshop on Security & Privacy in Electronic Commerce (2000).

   Teaching

• Advanced Topics in Network Security (CS 600.624).
• Network Security (CS 600.424).
• Computer and Network Forensics (CS 600.625).

   Research Topics & Selected Publications

    Generating Cryptographic keys from voice 

Extending our prior work on generating repeatable cryptographic keys from habitual patterns in a user's typing rhythm, we are currently exploring ways of achieving similar goals using features in a user's voice. Our main focus here is in reliably generating strong cryptographic keys for use in 3G phones, PDAs, and the like. We've developed some techniques for doing so and have been implementing them on devices for a while now. Getting this right has been much more challenging than we first thought.

• Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Susanne Wetzel. Using Voice to Generate Cryptographic Keys. In 2001: A Speaker Odyssey. The Speech Recognition Workshop, Crete, Greece, June, 2001. (PDF). 
• Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Susanne Wetzel. Cryptographic Key Generation From Voice. In Proceedings of the IEEE Conference on Security and Privacy, Oakland, CA. May, 2001. (PDF)
• Fabian Monrose, Michael K. Reiter, Q. (Peter) Li , Daniel Lopresti, Chilin Shih. Towards Voice Generated Cryptographic Keys on Resource Constrained Devices. In Proceedings of  the 11th USENIX Security Symposium, August, 2002.(PDF)

    Traffic Classification (primarily on encrypted or anonymized network traffic)

• Encrypted traffic
  • Charles Wright, Lucas Ballard, Scott Coulls, Fabian Monrose, and Gerald Masson. Spot me if you can: recovering spoken phrases in encrypted VoIP conversations. To appear in Proceedings of IEEE Symposium on Security and Privacy, May, 2008. (PDF)
  • Charles Wright, Lucas Ballard, Fabian Monrose, and Gerald Masson. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? In Proceedings of the 16th USENIX Security Symposium, Boston, August, 2007.(PDF).
  • Charles Wright, Fabian Monrose, and Gerald Masson. On Inferring Application Protocol Behaviors in Encrypted Network Traffic. In Journal of Machine Learning Research (JMLR): Special issue on Machine Learning for Computer Security, volume 7, 2745-2769, 2006. (PDF)
  • Charles Wright, Fabian Monrose, and Gerald Masson. Using Visual Motifs to Classify Encrypted Traffic. In Proceedings of the ACM Workshop on Visualization for Computer Security (VizSEC), 2006.(PDF)
  • Charles Wright, Fabian Monrose, and Gerald Masson. HMM Profiles for Network Traffic Classification (Extended Abstract). In Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), pages 9-15, 2004.

• Anonymized Traffic
  • Scott Coulls, Charles Wright, Angelos Keromytis, Fabian Monrose, and Michael Reiter. Taming the Devil: Techniques of Evaluating Anonymized Network Data. In Proceedings of the 15th Annual Network and Distributed Systems Security Symposium, Feb, 2008.
  • Scott Coulls, Charles Wright, Fabian Monrose, Michael Collins and Michael Reiter. On Web Browsing Privacy in Anonymized NetFlows. In Proceedings of the 16th USENIX Security Symposium, Boston, August, 2007. (PDF)
  • Scott Coulls, Charles Wright, Fabian Monrose, Michael Collins and Michael Reiter. Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Traces. In Proceedings of the 14th Annual Network and Distributed Systems Symposium (NDSS), pages 35-47, Feb, 2007.

  
  

      Network Security

  Current interests include analysis of Internet-scale threats, primarily botnets. We've understaken a number of studies to assess the prevalence of malware and various delivery mechanisms (drive-by downloads). We have also examined the effectiveness of network telescopes for a variety of tasks, particularly to better understand their capabilities and limits with respect to malware detection and containment. Below are some papers on these subjects. More to come soon ...

  Malware studies:
  • Sam Small, Josh Mason, Fabian Monrose, Niels Provos and Adam Stubblefield. To Catch A Predator: A Natural Language Approach for Eliciting Malicious Payloads. To appear in Proceedings of the 17th USENIX Security Symposium, July, 2008. (PDF)
  • Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, and Fabian Monrose. All Your iFrames Point to Us. To appear in the Proceedings of the 17th USENIX Security Symposium, July, 2008 (PDF)
  • Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. A Multifaceted Approach to Understanding the Botnet Phenomenon. In proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference, October, Brazil, 2006. (PDF)

    More information on the architecture we used in the IMC paper is provided in Jay Zarfoss' Masters thesis on A Scalable Architecture for Persistent Botnet Tracking, Jan. 26, 2007.

  • Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. My Botnet is Bigger than Yours (Maybe, Better than Yours). In proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets, April, Boston, 2007. (PDF)

  Modeling:
  • Moheeb Rajab, Fabian Monrose, Andreas Terzis and Niels Provos. Peeking Through the Cloud: DNS-based Estimation and its Applications In proceedings the 6th Conference on Applied Cryptography and Network Security (ACNS), 2008. (PDF)
  • Moheeb Rajab, Fabian Monrose and Andreas Terzis. Fast and Evasive Attacks: Highlighting the Challenges Ahead. In proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID), Sept, Germany, 2006. (PDF)
  • Moheeb Rajab, Fabian Monrose and Andreas Terzis. On the Impact of Dynamic Addressing on Malware Propagation. In Proceedings of the ACM Workshop on Recurring Malware (WORM), Washington D.C., November, 2006.(PDF)
  • Moheeb Rajab, Fabian Monrose and Andreas Terzis. On the effectiveness of Distributed Worm Monitoring. In Proceedings of the 14th USENIX Security Symposium, pages 225-237, Baltimore, August, 2005. (PDF)
  • Moheeb Rajab, Fabian Monrose and Andreas Terzis. Worm Evolution Tracking via Timing Analysis. In ACM Workshop on Recurring Malware (WORM), pages 52-59, Washington D.C., November, 2005. (PDF)

  • Sophie Qiu, Patrick McDaniel, and Fabian Monrose. Toward Valley-Free Inter-domain Routing. In Proceedings of the IEEE Conference on Communications, June, Scottland, 2007.
  • Sophie Qui, Fabian Monrose, Andreas Terzis, and Patrick McDaniel. Efficient Techniques for Detecting False Origin Advertisements in Inter-domain Routing. In Proceedings of the Second Workshop on Secure Network Protocols (NPSec), November 2006. (PDF)
  • Sophie Qiu, Patrick McDaniel, Fabian Monrose, and Aviel D. Rubin, Characterizing Address Use Structure and Stabillity of Origin Advertizement in Interdomain Routing. In Proceedings of IEEE Symposium on Computers and Communications (ISCC), pages 489-496, June, Italy, 2006. (Supercedes the earlier techreport PDF)
  • Bharat Doshi, Antonio De Simone, Sam Small, Fabian Monrose and Andreas Terzis. Large-scale Dynamic Virtual Private Networks for the Global Information Grid. In Proceedings of IEEE Milcom, Atlantic City, October, 2005.
  • S. Kamara, D. Davis, L. Ballard, R. Caudy and F. Monrose. An Extensible Platform for Evaluating Security Protocols. In Proceedings of the 38th IEEE Annual Simulation Symposium (ANSS), pages 204-213, San Deigo, 2005. (PDF). SIMNET is maintained here.

  
  

      Evaluation techniques for Biometric Key Generators 

  Revisiting the current practices in reporting biometric performance. Here, we show the impact of incorporating stronger adversarial assumptions when performing such evaluations. Come back here for some more updates soon...

  • Lucas Ballard, Fabian Monrose and Daniel Lopresti. Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing. In proceedings of the 15th USENIX Security Symposium, Vancouver, Aug. 2006.(PDF)  

  • Lucas Ballard, Daniel Lopresti and F. Monrose. Evaluating the Security of Handwriting Biometrics. In proceedings of the 10th International Workshop on Frontiers in Handwriting Recognition (IWFHR06), France, October, 2006.(PDF)
  • Daniel Lopresti, Lucas Ballard and F. Monrose. Evaluating Biometric Security (Invited Paper). In proceedings of First Korean-Japan Workshop on Pattern Recognition, Nov, 2006.
  • Lucas Ballard, Daniel Lopresti and Fabian Monrose. Forgery Quality and its Implications for Behavioral Biometric Security. In IEEE Transactions on Systems, Man, and Cybernetics (Special Edition), Volume 37, no. 5, October, 2007. (PDF)
  • Lucas Ballard, Seny Kamara and M.K. Reiter. The Practical Subtleties of Biometric Key Generation. To Appear in Proceedings of the 17th Annual USENIX Security Symposium, 2008. This paper supercedes our earlier tech report and is part of Lucas' thesis, Robust Techniques for Evaluating Biometric Cryptographic Key Generators, March, 2008.

  
  

      Graphical Passwords

  We evaluated a new graphical password scheme that exploits features of graphical input devices such as PDAs to provide better security than textual-based alternatives. Graphical passwords serve the same purpose as textual passwords, with the added benefit that pictures (e.g., line drawings) may be used in conjunction with words. A primary motivation for using pictures as opposed to words stems from our (well, at least some people's) remarkable ability to recall pictures. This paper won both the best student and best overal paper awards at the 8th USENIX Security conference. 

  • Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin.  The Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999. (PDF)

  Some additional work on the relationship between user choice and its implication for the available entropy in Graphical Passwords schemes appears here:

  • Darren Davis, Fabian Monrose, and Michael K. Reiter. On user choice in Graphical Password Schemes. In Proceedings of the 13th USENIX Security Symposium, August, San Diego, 2004. (PDF)

  
  

      Password Hardening using Keystroke Dynamics

  This project dates way back (to when I was still a graduate student), and though I still get regular email inquires about it,  I am no longer continuing this work (as the voice project outlined earlier continues where this left off). In our work on keystroke dynamics, we examined a new approach to strengthening the security of user chosen passwords. Our techniques made use of habitual patterns in a user's typing rhythm (as she types her password) for generating strong cryptographic keys that could be used, for example, for file encryption, VPN access, etc. See:

  • Fabian Monrose and Aviel D. Rubin.  Authentication via Keystroke Dynamics. In Proceedings of the Fourth ACM Conference on Computer and Communication Security, Zurich, Switzerland, April, 1997. (PDF).
  • Fabian Monrose, Michael K. Reiter, and Suzanne Wetzel. Password Hardening based on Keystroke Dynamics. In the International Journal of Information Security (PDF), 2001. A preliminary version appears in the Proceedings of the 6th ACM Computer and Communications Security Conference, Singapore, November, 1999. (PDF)
  • Fabian Monrose and Aviel D. Rubin.  Keystroke Dynamics as a Biometric for Authentication. Future Generation Computing Systems (FGCS) Journal: Security on the Web (special issue). March 2000. (PDF).

  
  

      Applied Crypto

  • Darren Davis, Fabian Monrose and Mike Reiter.  Time Scoped Searching of Encrypted Audit Logs. In Proceedings of the 6th International Conference on Information and Communications Security (ICICS), pages 532-545, October, 2004. (PDF). The ICICS paper is very dense (given page limitations), so interested readers are referred to Darren's Master's thesis for more information:

    SEALED: Searching Encrypted Audit Logs Expeditiously, May, 2004.

  • Lucas Ballard, Seny Kamara and Fabian Monrose.  Achieving Efficient Conjunctive Searches of Encrypted Data. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS), pages 414-426, December, 2005.
  • Lucas Ballard, Matthew Green, Breno de Medeiros and Fabian Monrose.  Correlation Resistant Storage and its Applications. Security and Privacy Applied Research (SPAR) Technical Report TR-BGMM050507, May, 2005.

  
  

      Miscellaneous topics

  • Sujata Doshi, Fabian Monrose, and Aviel Rubin. Efficient Memory Bound Puzzles using Pattern Databases . In Proceedings of the 4th International Conference on Applied Cryptography and Network Security (ACNS), pages 98-113, June, Singapore, 2006. (PDF)
  • Bob Arlein, Ben Jai, Markus Jakobsson, Fabian Monrose, and Michael K. Reiter. Privacy Preserving Global Customization. In Proceedings of the ACM Conference on Electronic Commerce, pages 176-184, 2000. (PDF)
  • Fabian Monrose, Peter Wyckoff and Aviel D. Rubin.  Distributed Execution with Remote Audit. In Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, San Diego, February, 1999. (PDF).

  
  

     Students (past and present)
  

  Some students that I've advised or worked closely with on their thesis work include:
  • Darren Davis, MSe., 2006 (First employment at Bloomberg)
  • Sophie Qui, Ph.D., 2007 (First employment at Cisco Systems)
  • Jay Zarfoss, MSe., 2007 (First employment at L-3 communications)
  • Lucas Ballard, Ph.D., 2008 (First employment at Google Inc.)
  • Seny Kamara, Ph.D., 2008 (First employment at Microsoft Research)
  • Moheeb Rajab, Ph.D., 2008 (First employment at Google Inc.)
  • Charles Wright, Ph.D., 2008 (First employment at MIT Lincoln Labs)
  • Scott Coull, Ph.D. candidate

  
  

     Research and Equipment Grants
  

  • (PI) CAREER: Towards Effective Identification of Application Behaviors in Encrypted Traffic, NSF Cyber Trust, 2006
  • (co-PI) Thinking Ahead: A Proactive Approach for Countering Future Internet Malware, NSF Cyber Trust, 2006
  • (PI) Generative Models for Improving Biometrically Enhanced Systems, NSF Cyber Trust, 2004
  • (co-PI) Towards More Secure Inter-Domain Routing, NSF STI, 2003
  • CISCO Critical Infrastructure Assurance Group (CIAG) equipment grant, 2004

  
  

     Personal interests

  Now on to the important stuff  :-) My twins girls are the joy of my life. In my free time I try to get in as much scuba diving as I can, which sadly only happens about once a year. My wife and I are from St. Lucia, and most of our family lives there (yeah, I know, what are we doing here?). If you are looking for a great get-away spot, drop me an email and I'll be happy to give you suggestions on what to do once you get to St. Lucia.

   

  

  I admit that mathematical science is a good thing. But excessive devotion to it is a bad thing --- Aldous Huxley