Résumé
of
Joshua Hill
josh-resume@untruth.org
Education
Bachelor of Science in Computer Science, California Polytechnic State University, San Luis Obispo.
Masters of Science in Mathematics, California Polytechnic State University, San Luis Obispo.
Masters of Science in Mathematics, University of California, Irvine.
PhD Candidate in Mathematics, University of California at Irvine in the area of Algorithmic Algebraic Number Theory under Daqing Wan.
Core Areas of Expertise
- Application of Mathematics to Cryptography
- FIPS 140 interpretation and evaluation of products to FIPS 140
- Security engineering and security evaluation
- Cryptography
- Network security protocols
- Network security evaluation
- Non-deterministic RNG evaluation
- Training diverse audiences in highly technical matters
- Production of effective technical reports
- Broad exposure to a cross section of marketed security solutions
Experience
Graduate Student, Teaching Assistant, Research Assistant at University of
California at Irvine, Department of Mathematics, 2008 to Present.
Concentration: Algebra / Number Theory. Teaching assistant to 60-120
students per quarter in the subjects of calculus (differential, integral,
multi-dimensional), linear algebra, differential equations, cryptography, group theory, and a one year graduate level algebra series. Received
"Outstanding Mathematics Teaching Assistant Award" for 2010-2011.
Senior Security Engineer, for InfoGard Laboratories, 2004 to 2008.
In addition to the responsibilities of Security Engineer:
Company technical lead.
Provide technical guidance and training to security engineers and customers on complex technical issues.
Evaluate formal models for high assurance systems.
Design analysis and statistical evaluation of RNGs.
Evaluation of statistical tests.
Authoring, evaluation, and editing of public ANSI/NIST security standards.
Programming and support of internal test tools.
Simple and Differential Power Analysis (SPA/DPA) and timing attack testing.
Cryptographic protocol and algorithmic analysis.
Developed FIPS 140-3 requirements and testing procedures.
Participated in PCI scan vendor accreditation testing.
Created InfoGard's Penetration Testing Laboratory, and was responsible for its operation.
Security Engineer, for InfoGard Laboratories, 1998 to 2004.
FIPS 140-1 and 140-2 cryptographic module validation.
Common Criteria evaluation.
VISA PED and PCI testing.
USPS testing for electronic and mechanical indicia production.
Network security analysis.
Produce written summaries of security vulnerabilities.
Firewall and IDS design and evaluation.
Code audits and security evaluations.
System and Network administration.
Graduate Teaching Associate, for California Polytechnic
State University 2005-2007.
Instructor for 9 quarter long university mathematics courses
(Pre-calculus Algebra and Business Calculus). Developed syllabi,
lectures, tests, quizzes and assigned final grades.
Systems Developer, for The Grid, a
national ISP. 1997 to 1998. Programming and support of internal
and external user interfaces. Support of DNS, mail, and web servers.
System and network security. Firewall design and implementation.
(BSDI / Solaris / NT)
System Administrator, for Robert E. Kennedy
Library, Cal Poly, San Luis Obispo. 1996 to 1998. Initial setup and
administration of UNIX/NT based computers; Installation and
upkeep of web, mail, DNS, gopher, and various custom network servers.
Custom programming and scripting. Upkeep of legacy systems. Securing
UNIX systems against threats, both internal and external.
(Linux / NT / OSF1)
Papers
Presentations
Authored Internal Training Presentations (each runs 2 to 8 hours)
- Basic Cryptography. Touches on historical uses of cryptography, the recent development of modern cryptography, cryptographic goals, cryptographic primitives, attack classes, security evaluation models, and a theoretical framework for symmetric and asymmetric cryptography.
- Cryptographic Algorithms. General principals of symmetric cipher design. Key schedules, general cipher design (Feistel and product ciphers). Detailed presentation of the design of DES, including weak/semi-weak keys and known attacks. Detailed presentation of the design of AES. Overview of internals of Skipjack, and SHA family.
- Randomness Theory. General theoretical background for RNG analysis and review, with emphasis on entropy evaluation of non-deterministic RNGs. Discussion on Shannon entropy and min-entropy. Summary of the SP800-22 testing requirements and use of the NIST sts tool.
- Randomness Practice. General PRNG design and characteristics. Detailed presentation on ANSI X9.31 A.2.4 PRNG, with emphasis on the algorithm's cycle properties. Implementation of the ANSI X9.31 A.2.4 PRNG using other symmetric algorithms. Detailed presentation on FIPS 186-2 appendix 3.1 PRNG, with emphasis on XSEED attacks. Detailed presentation on SP800-90 Hash_DRBG, HMAC_DRBG, CTR_DRBG. Summary of the findings for Dual_EC_DRBG.
- Algorithm modes. Discussion of symmetric algorithm confidentiality modes (ECB, CBC, CFB, OFB, CTR), including error propagation and plaintext malleability. Discussion of authentication modes (CBCMAC, CMAC, HMAC), including susceptibility to extension attacks. Discussion of combined modes (CCM, GCM)
- Public/Private Key Cryptography. Discussion of general properties of public/private systems, security strengths, and complete mathematical detail for RSA, DSA, ECDSA, DH, ECCDH , MQV and ECMQV. Demonstrate an example calculation for RSA, Diffie-Hellman, and ECDSA.
- Error Detection Codes: Basic error detection properties of parity, (1s compliment) checksum, and CRC. Examples of the calculation for each method.
- Penetration Testing, The Path to Fun and Profit (through the inevitable): An overview of the techniques of penetration testing, with emphasis on the shortcomings of this testing technique.
- fidentd, an identd program that always identifies any network communication as associated with a specified user (generally a fake user).
- rpasswd, a random password generator whose passwords are based on the S/Key dictionary.
- ketchup, a utility that keeps track of the changes in a log file between views.
- sts 1.5, with errata. NIST no longer supports the UNIX version of sts, so I keep its statistical tests current with the current windows version (and my version runs 6 times faster than the NIST version). I have also added configuration file support, parameter checking, and fixed numerous bugs.
- A rewrite of the ent program for assessing entropy. Includes several of the SP800-22 tests, as well as likely upper bound calculation for Shannon and min-entropy (for various block sizes, with arbitrary offsets).
- A reference implementation of the ECDSA algorithm in Mathematica, with support for all NIST approved curve (on both prime ordered and binary fields)
- A reference implementation of the FIPS 186-3 RSA key generation procedure in Mathematica.
Languages
C, C++, Java, Perl, Bourne Shell, SQL, 80x86 Assembly, 680x0 Assembly, TeX, Mathematica, Z
Other
Linux Kernel Developer, 1995 to 2005. Design and
Implementation of the Linux Operating System.
Linux Audit Team, 1998 to 2005. Auditing of common Linux tools
in order to detect security flaws or faulty programming.
Security Consultant, 1994 to present. Computer, network and data
security. Design, review and implementation of security systems for a
variety of levels of security.
Cryptographic Research, 1995 to present. Cryptographic application
development, protocol design and review and algorithm verification.
Member of the IACR
C/C++ Development: over 22 years of experience in the development of 'C'
programs of various scales. Over 19 years of experience in 'C++' development.
Personal
Age:36, Married, Health excellent, Hobbies include photography, back packing,
road biking and swimming.
References
Available on request.