Michael Roe

Researcher

Address: Microsoft Research, 7 J J Thomson Avenue, Cambridge CB3 0FB, UK

Research Interests

The Security Protocols Workshop

I help organize an annual workshop on security protocols. In most years it is held in Cambridge, but in 2007 it was held in Brno, in the Czech Republic. The workshop's proceedings are published by Springer in the “Lecture Notes in Computer Science” (LNCS) series.

• 4th Workshop - LNCS 1189
• 5th Workshop - LNCS 1361
• 6th Workshop - LNCS 1550
• 7th Workshop - LNCS 1796
• 8th Workshop - LNCS 2133
• 9th Workshop - LNCS 2467
• 10th Workshop - LNCS 2845
• 11th Workshop - LNCS 3364
• 12th Workshop - LNCS 3957

IPSec

(In collaboration with Tuomas Aura, Moritz Becker and Piotr Zielinski)

• Tuomas Aura, Michael Roe and Anish Mohammed. Experiences with Host-to-Host IPSec

Security for mobile computers

• Tuomas Aura, Michael Roe, and Jari Arkko. Security of Internet Location Management. In Proc. 18th Annual Computer Security Applications Conference, pages 78–87. IEEE Press, December 2002.
• Jari Arkko, Tuomas Aura, James Kempf, Vesa-Matti Mäntylä, Pekka Nikander, and Michael Roe. Securing IPv6 Neighbor and Router Discovery. In WiSE ’02: Proceedings of the ACM workshop on Wireless security, pages 77–86, New York, NY, USA, 2002. ACM Press.

Mobile Internet Protocol

(In collaboration with Greg O'Shea, Tuomas Aura and Jari Arkko)

The Internet was not originally designed with mobile devices in mind. At present, many Internet applications will fail to work correctly if the computer is moved between networks while they are running: for example, if you disconnect your laptop from a wired ethernet and try to use wireless instead. The goal of this project was to find ways to make applications work while mobile, without introducing new security problems.

In the course of this project, we came up with two new security techniques, known as Cryptographically Generated Addresses and Return Routability.

Return Routability was chosen by the Internet Engineering Task Force as the means of providing mobility in the the new version of the Internet Protocol, IPv6. The full technical specification is published as RFC 3776, Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents. We explain the reasoning behind the design in an article in Annales des Télécommunications, which is also available as a Microsoft Research technical report: Designing the Mobile IPv6 Security Protocol.

We also proposed an alternative design that was first published in Computer Communications Review as Child-proof Authentication for MIPv6 (CAM). Later on, we called this Cryptographically Generated Addresses (CGA), but we hadn't come up with the name for it when we wrote the CCR article. Although CGA was not adopted as the standard for Internet Mobility, it has turned out to be useful for other purposes. There is an IETF specification for CGA: RFC 3972.

We also had a third design, known as BAKE/2 (pronounced “half-baked”), which was submitted to the IETF as a proposal but never formally published: Authentication of Mobile IPv6 Updates and Acknowledgments.

Digital signatures, public key infrastructures and non-repudiation

My previous work in this area includes:

• My doctoral dissertation, Cryptography and Evidence.
• The International Standard ISO/IEC 10181-4 "Non-Repudiation Framework", which standardises the terminology used in this subject area.
• The LOCATOR project (in 1988), which implemented digitally signed and encrypted email delivered over the mobile telephone network.
• The PASSWORD project, which was a pilot deployment of network of certification authorities across the European Union. I describe some of the conclusions of this project in Experiences with Secure Electronic Mail. This project also produced a report on the technical requirements for a certification authority.

More recently, I have been helping Microsoft's legal department to understand the implications of the recent government legislation in this area, such as the EU Digital Signature Directive, the German Signaturgesetz, and the UK Electronic Commerce Bill.

Implementation of Cryptographic Algorithms

I first became involved in computer security when I wote a high-performance implementation of the RSA public-key cryptosystem. Although most of my subsequent research has been on how to use cryptography effectively (rather than the cryptographic algorithm itself), I still occasionally write cryptographic code:

• Several of the code samples in Bruce Schneier's book Applied Cryptography were written by me.
• I wrote the cryptographic code for the LOCATOR and PASSWORD projects. (In PASSWORD, we had multiple independent implementations as an additional correctness check. All components were implemented by three separate teams who shared a common specification but weren't allowed to see each other's code. I wrote one of the three crypto libraries)
• In my previous job (for Hitachi), I implemented NIST's Secure Hash Algorithm and all of the candidates for the Advanced Encryption Standard in the Ada programming lanaguage.
• In my current job, I have written cryptographic code that will be used in some Microsoft products.

My publications on performance measurement of cryptographic protocols includes Performance of symmetric ciphers and one-way hash functions (published in Fast Software Encryption '93), a followup paper (published in Fast Software Encryption '94) and Performance of Protocols (published in Security Protocols - 7th International Workshop).

Virtual Reality

I occasionally collaborate with Virtual Worlds researchers on solving new the security issues their work creates.

Web Security

I co-authored the Microsoft technical report on the cross-site scripting problem.

Other publications

• Secure Sessions from Weak Secrets
• How to reverse-engineer an EES device
• Ross Anderson and Michael Roe. The GCHQ protocol and its problems
• Tom Casey, Michael Roe, Bill Tuck and Steve Wilbur. Secure Automated Document Delivery