Michael Steiner

Scheidterstr. 61, D-66123 Saarbrücken, Germany
home: +49.681.390.4714       office: +49.681.302.5631       fax: +49.681.302.4631
email: steiner@acm.org        www: http://vcard.acm.org/~steiner/

Areas of Interest

• Computer Security: network security, secure electronic commerce (multi-party security), cryptographic protocols, and formal security models.
• Distributed Systems: operating systems, group communication, nomadic computing.

Education

• Doktor der Ingenieurwissenschaften (Dr. Ing.) der Naturwissenschaftlich-Technischen Fakultät der Universität des Saarlandes, March, 2002.
  Title: ``Secure Group Key Agreement''.
  Advisors: Prof. Dr. B. Pfitzmann, Prof. Dr. G. Tsudik (University of California, Irvine).

• Diplom Informatik-Ingenieur, Eidgenössische Technische Hochschule (ETH) Zürich, November 1992.
  Title: ``TCP/IP on the Ceres: Design and Implementation of a Communication Stack''
  Advisor: Prof. Dr. Beverly Sanders.

  Matura Typus B. Gymnasium Laufental-Thierstein, Laufen, September 1986.

Employment History

• October 2001 - Present
  Head of the cryptography and security group (Lehrstuhlvertretung), Universität des Saarlandes, Saarbrücken. Group leader of the EU ITS project MAFTIA working on the formal modeling of dependable cryptographic systems. Teaching course on cryptographic protocols.

• April 1999 - September 2001
  Research Scientist, Universität des Saarlandes, Saarbrücken. Member of the cryptography and security group. Research in formal models and proofs for secure group key agreements, protocols for password-based authentication and number-theoretic cryptographic assumptions.

• January 1993 - December 2001
  Research Scientist, IBM Research Laboratory, Rüschlikon, Switzerland. Member of the security group. Participation in the EU RACE project SAMSON and in several projects in the area of secure electronic commerce: Design of the iKP payment protocol family, micro-payment extensions, and the core of the SET Secure Electronic Transactions Protocol; Technical co-leader of the EU ACTS project SEMPER working on the architecture of a secure e-commerce platform and the design of a generic and modular payment framework.

• January 1990 - December 1992
  System administrator, ETH Zürich, Switzerland. Management of network of MacIntosh Computers running MacOS and A/UX. (Part time work).

• June 1990 - October 1990
  Software Engineer, S.A. GEOLINK, Paris, France. Work within a EU RACE project on data retrieval / compression for a distributed database.

• March 1989 - December 1989
  Hard- and software consultant, METTLER Instrumente AG, Greifensee, Switzerland (part time work).

Publications

1. Polynomial Fairness and Liveness (with Michael Backes, Birgit Pfitzmann and Michael Waidner)
   • Conference Version: In Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002.

2. A Formal Model for Multi-party Group Key Agreement (with Birgit Pfitzmann and Michael Waidner)
   • Technical Report: Research Report RZ 3383 IBM Research, April 2002.

3. Three-party Encrypted Key Exchange Without Server Public-keys (with Chun-Li Lin, Hung-Min Sun, and Tzonelih Hwan)
   • Journal Version: IEEE Communications Letters, 5(12:497-499, December 2001.

4. Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference (with Ahmad-Reza Sadeghi)
   • Conference Version: In Proceedings of Advances in Cryptology - EuroCrypt '01, pages 129-142, Innsbruck, May 2001.

5. SEMPER - Secure Electronic Marketplace for Europe (with Gérard Lacoste, Birgit Pfitzmann and Michael Waidner)
   • Book (Editor): Lecture Notes in Computer Science, Volume 1854, Springer-Verlag, August, 2000. ISBN 3-540-67825-5.
   • Deliverable (Editor): Deliverable D13 of ACTS Project AC026, final report, September 1999.
   (Additionally, author of Part 1 The Vision of SEMPER (with Birgit Baum-Waidner, Gérard Lacoste, Birgit Pfitzmann, Michael Waidner and Arnd Weber), Chapter Architecture (with N. Asokan, Birgit Baum-Waidner, Torben P. Pedersen, Birgit Pfitzmann, Matthias Schunter, and Michael Waidner) and Chapter The Payment Framework (with N. Asokan).)

6. Key Agreement in Dynamic Peer Groups (with Gene Tsudik and Michael Waidner)
   • Journal Version: IEEE Transactions on Parallel and Distributed Systems, 11(8):769-780, August 2000.
   (Based on the papers ``CLIQUES: A New Approach to Group Key Agreement'' (ICDCS'98) and ``Diffie-Hellman Key Distribution Extended to Groups'' (ACM CCS 96), see below for more details)

7. Secure Password-Based Cipher Suite for TLS (with Peter Buhler, Thomas Eirich and Michael Waidner)
   • Journal Version: ACM Transactions on Information and System Security (TISSEC), 4(2):134-157, 2001.
   • Conference Version: In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '2000), pages 129-142, San Diego, February 2000. (Best Paper Award)

8. Design, Implementation and Deployment of a Secure Account-Based Electronic Payment System (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik, Els Van Herreweghen and Michael Waidner)
   • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):611-627, April 2000.
   • Technical Report: Research Report RZ 3137 IBM Research, Jun 1999.
   (Major revision and extension of ``iKP - A Family of Secure Electronic Payment Protocols'' (USENIX E-Commerce 96), see below for more details)

9. New Multi-party Authentication Services and Key Agreement Protocols (with Giuseppe Ateniese and Gene Tsudik)
   • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):628-639, April 2000.
   • Technical Report: Research Report RZ 3115 (# 93161) IBM Research, March 1999.
   (Based on the paper ``Authenticated Group Key Agreement and Related Protocols'' which appeared in the proceedings of the 5th ACM CCS, see below for more details)

10. Authenticating Public Terminals (with N. Asokan, Hervé Debar and Michael Waidner)
    • Journal Version: Computer Networks, 31(8):861-870, May 1999.

11. SEMPER: A Security Framework for the Global Electronic Marketplace (with Gerard Lacoste)
    • Magazine Article: comtec - the magazine for telecommunications technology, 77(9):56-63, September 1999.

12. SEMPER: Architecture, Services and Protocols
    • Deliverable (Editor): Deliverable D10 of ACTS Project AC026, public specifications, January 1999.

13. Authenticated Group Key Agreement and Friends (with Giuseppe Ateniese and Gene Tsudik)
    • Conference Version: In Proceedings of the Fifth ACM Conference on Computer and Communication Security, pages 17-26, San Franscisco, November 1998.
    • Technical Report: Research Report RZ 3063 (#93109) IBM Research, October 1998.

14. Towards a Framework for Handling Disputes in Payment Systems (with N. Asokan and Els Van Herreweghen)
    • Conference Version: In Proceedings of the Third Usenix Workshop on Electronic Commerce, pages 187-202, Boston Mass., September 1998.
    • Technical Report: Research Report RZ 2996 (#93042) IBM Research, March 1998.

15. CLIQUES: A New Approach to Group Key Agreement (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the 18th International Conference on Distributed Computing Systems (ICDCS'98), Amsterdam, May 1998.
    • Technical Report: Research Report RZ 2984 (#93030) IBM Research, December 1997.

16. Designing a Generic Payment Service (with Jose L. Abad-Peiro, N. Asokan, and Michael Waidner)
    • Journal Version: IBM Systems Journal, 37(1):72-88, January 1998.
    • Technical Report: Research Report RZ 2891 (# 90839), IBM Research, December 1996.

17. State of the Art in Electronic Payment Systems (with N. Asokan, Phil Janson, and Michael Waidner)
    • Book Chapter: Advances in Computers, Vol. 53, pages 425-449, Academic Press, March 2000.
    • Magazine Article: IEEE Computer, 30(9):28-35, September 1997.
    • Translation: (in Japanese) Nikkei Computer, pages 195-201, issue of March 30, 1998.
    • Conference Version: Public-Key Solutions 96, Zürich, September 1996. (Title ``Electronic Payment Systems'')
    • Technical Report: Research Report RZ 2890 (# 90838), IBM Research, December 1996. (Title ``Electronic Payment Systems'')

18. Micro-Payments based on iKP (with Ralf Hauser and Michael Waidner)
    • Conference Version: 14th Worldwide Congress on Computer and Communications Security Protection (SecuriCom'96), Paris, June 1996.
    • Technical Report: Research Report RZ 2791 (# 89269), IBM Research, February 1996.

19. Diffie-Hellman Key Distribution Extended to Groups (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the Third ACM Conference on Computer and Communications Security (CCS), New Delhi, March 1996.

20. Refinement and Extension of Encrypted Key Exchange (with Gene Tsudik and Michael Waidner)
    • Unrefereed: Operating System Review, 29(3):22-30, July, 1995.

21. iKP - A Family of Secure Electronic Payment Protocols (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

22. Generic Extensions of WWW Browsers (with Ralf Hauser)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

23. Management von Sicherheitsdiensten in verteilten Systemen (with Ralf Hauser and Günter Karjoth)
    • Journal Version: Datenschutz und Datensicherheit DuD, 19(3):150-155, Verlag Friedrich Vieweg & Sohn, Wiesbaden, March, 1995.
    • Conference Version: Proceedings der Fachtagung SIS '94, pages 7-21, Zürich, March 1994.

Most of above publications can be found in electronic form on the Internet.

Lectures and Talks

• Invited tutorial on secure electronic commerce and participation at panel at COMDEX Internet, Frankfurt, October 1997.
• Invited lecture on security in electronic commerce as part of the Postgraduate Course in Computer Science ``Distributed Systems'', École Polytechnique Fédérale de Lausanne (EPFL), May, 1999.
• Conference Talks (see section on publications for more details): NDSS, San Diego, February 2000; SecuriCom, Paris, June 1996; 3rd ACM CCS, New Delhi, March 1996; SIS, Zurich, March 1994.
• Invited seminar talks: ``Secure Password-Based Cipher Suite for TLS'', Johns Hopkins University, June 2000; ``Secure password-based cipher suite for TLS: The importance of end-to-end security'', University of Helsinki, November 2000; ``Fairness in Electronic Commerce'', Technische Universität Darmstadt, July 1998; ``SEMPER'', ISACA Internet Seminar, Zurich, August 1997.
• Further presentations: ``Architecture of SEMPER'', 2nd Public SEMPER Workshop, Zurich, November 1998; ``Secure Electronic Marketplace for Europe'', ICX Workshop, London, February 1998; Various presentations at IBM-wide Technical Symposia in 1995, 1996 & 1997.

Teaching

• Course on advanced cryptographic protocols, Winter 2001/2002.
• Seminar Internet security, Winter 2001/2002 (with A. Feldman, S. Steinbrecher & R. Sommer).
• Seminar cryptographic protocols, Sommer 2000 (with M. Schunter & T. Beiler).
• One semester introductory course in programming for secondary school teachers, 1985.

Service

• Program Committee Member:
  • 7th ACM Conference on Computer and Communication Security, Nov. 2000, Athens;
  • 8th ACM Conference on Computer and Communication Security, Nov. 2001, Philadelphia;
  • 7th European Symposium on Research in Computer Science (ESORICS), Oct. 2002, Zurich.
  (Invitation to join the PC of the 9th ACM Conference on Computer and Communication Security, 2002 declined for time reasons).
• Reviewer: ACM Transactions on Information and System Security, IEEE Transactions on Computers, Computer Communication Review, Computer Networks and ISDN Systems, IBM Journal of Research and Development, IBM System Journal, IEEE Personal Communications, ETRI Journal, Eurocrypt.
• Invited participant in workshop ``Trust & Confidence in electronic commerce''. Preparation of the strategic content for the 5th Framework of european RTD projects, March 1998.
• Member of the personal commission in the IBM Research Laboratory from 1997 - 1999

Miscellaneous

• Awards
  • IBM Outstanding Technical Achievement Award, August 1996.
  • IBM Research Division Awards, December 1995 and December 1998.
  • IBM Invention Achievement Award (First Plateau), November, 1999.
  • ISOC Best Paper Award, NDSS'2000, February, 2000.
  • IBM Personal Systems Institute Award for Prize Winning Design in the Advanced PC Device Contest, October, 2000.

• Patents: Six patent applications filed

  Member: ACM (SIGSAC & SIGOPS), IACR (International Association for Cryptologic Research), SI (SIGSEC).

Personal

• Citizenship: Switzerland.
• DOB: March 8, 1967.
• Marital Status: Single. Languages: german(mother tongue), english(fluent), french(good). Hobbies: member of soaring club SG Dittingen, biking and skiing. Likes contemporary literature, music and playing violoncello.

References

• Available on on request