B.S., City University of New York (Hunter College); M.S., Columbia; M.A., Princeton; Ph.D., Princeton
Areas of Expertise:
Secure Systems and Cryptology
My research focuses on the architecture and design of secure systems based on cryptographic techniques, analysis of secure systems against practical attack models, and on finding new cryptographic primitives and techniques. This work has led directly to several new cryptographic concepts, including: “Remotely-Keyed Encryption,” which allows the use of inexpensive, low-bandwidth secure hardware to protect high-bandwidth communication and stored data, “Atomic Proxy Cryptography,” which allows re-encryption by untrusted third parties, and “Master-Key Encryption,” which provides a systematic way to design (and study) ciphers with built-in “back doors.”
I am especially interested in the use of encryption to protect insecure systems such as the Internet. I was a designer of swipe, a predecessor of the now standard IPSEC protocol for protecting Internet traffic. Another project, CFS, investigated and demonstrated the feasibility of including encryption as file system service.
Recently, I’ve applied cryptologic techniques to other areas, including the analysis of physical security systems; this work yielded a powerful and practical attack against virtually all commonly used master-keyed mechanical locks.
I coined the term, and am one of the inventors of, Trust Management, which provides the abstract layer in which a system decides whether to allow some potentially dangerous action. This work has led to two trust management languages, KeyNote and PolicyMaker, that provide tools for specifying policy, delegating authority, and controlling access. In addition to providing a useful framework for studying and proving security properties of distributed systems, our tools have been used to build powerful policy control mechanisms into several important applications, including the OpenBSD IPSEC implementation.
Technology and Public Policy
Cryptology and computer security have important relationships to vital areas of public policy, and my work has touched on these in several ways. In 1994, I discovered a serious flaw in the US Government’s “Clipper” encryption system, which had been proposed as a mechanism for the public to encrypt their data in a way that would still allow access by law enforcement. I have edited several influential reports on encryption policy, including the 1998 study of “key escrow” systems that demonstrated that such systems are inherently less secure and more expensive than systems without such a feature. This work contributed to the recent shift in U.S. encryption policy. More recently, I have been active in the analysis of the FBI’s “Carnivore” Internet wiretap system. I have testified before various comittees of the US Congress and European Parliament several times, providing technical perspective on the problems surrounding law enforcement and intelligence access to communications traffic and computer data.
"Where Iran is strong, weak in cyberspace," coverage by Politico, November 20, 2019, quoting Professor Matt Blaze.
"Multiple bills seek to secure elections: Will they do it?," coverage by Security Boulevard, November 5, 2019, quoting Professor Matt Blaze.
"The FBI is investigating West Virginia’s blockchain-based midterm elections," coverage in Quartz, October 9, 2019, featuring Professor Matt Blaze.
"This tech could secure voting machines, but not before 2020," coverage by Yahoo! Finance, August 12, 2019, quoting Professor Matt Blaze.