San Diego, CA, August 21, 2007 -- Tadayoshi (Yoshi) Kohno – the wave-making computer security expert with a computer science Ph.D. from UC San Diego – has landed on Technology Review’s prestigious annual list of innovators under 35, the TR 35.
While at UCSD, Kohno made waves in media, government and computer science circles for his work on electronic voting machines and other computer security issues. In 2006, after completing his Ph.D. at UCSD, Kohno joined the computer science faculty at the University of Washington.
|Tadayoshi (Yoshi) Kohno, earmed a Ph.D. in computer science at UCSD and is now a professor at the U. of Washington. He landed on the prestigious Technology Review TR35 list in 2007.|
“The theme of Yoshi’s work is security. He likes to look at systems, see what makes them fail and then see how he can fix them,” said Mihir Bellare, the UCSD computer science professor and cryptography expert who served as Kohno’s Ph.D. thesis advisor.
“At UCSD, Kohno explored mathematical techniques in cryptography to provide provably secure systems. He started bridging the gap between theory and actual systems by building mathematical models that cover what is actually in systems,” said Bellare.
His most high profile project at UCSD pertained to electronic voting and led Kohno to testify before Congress in Washington, DC. Kohno and his colleagues analyzed voting machines created by Diebold, identified security holes and showed that the machines were vulnerable to fraud. “This work has had enormous impact – a lot of people are now thinking about how we can improve electronic voting,” said Bellare.
Among many other projects, Kohno worked with Bellare and fellow UCSD graduate student Chanathip Namprempre on the Secure SHell (SSH) protocol – software that hundreds of thousands of people use every day to securely transfer files or log into remote computers.
“We knew the theory behind the cryptography, and how to prove it is secure,” said Bellare, who noted UCSD computer scientists worked on much of the cryptography that SSH relies upon. “But Yoshi looked at what SSH actually does. He found that SSH doesn’t do things like we might like it to. It does things differently. Yoshi identified vulnerabilities and then showed how you can build or extend existing theories to fix them. A resulting paper showed how to define threat models and come up with fixes that are provably secure.”
Kohno went on to write an RFC (the standard way of communicating things to the Internet community that actually designs and implements the protocols). He then forwarded the RFC to the working group responsible for the Secure SHell protocol.
“They expressed a lot of interest. By now, they have probably adopted the fixes and put them into the new versions of the protocol. This is a nice example of a feedback loop in which practice and theory go back and forth,” said Bellare.
In a variety of settings and situations, Yoshi figured out that major security problems are often uncovered when you go into actual systems.
“With WinZip, for example, he found that the cryptography is not implemented like you might think it is. This is an important step forward. Yoshi’s work delivers a lot in terms of understanding what is happening in actual systems.”
Yoshi continues to work with both the cryptography, and systems and networking groups within the Jacobs School’s computer science department. Stay tuned for the next chapter.
UCSD computer scientists, engineers and participants in UCSD’s Calit2 are no strangers to Technology Review’s annual list of young innovators:
1999 Lawrence Saul, computer science professor
1999 Natalie Jeremijenko UCSD Calit2 new-media artist
2003 Sangeeta Bhatia, then a bioengineering professor
2003 Christophe Schilling, former bioengineering graduate student
2004 Serge Belongie, computer science professor
2005 Trey Ideker, bioengineering professor
2006 Sumeet Singh, former computer science graduate student
2007 Yoshi Kohno, former computer science graduate student