Michael Steiner

132 West 87th Street, New York, NY 10024, USA
home: +1 (212) 249 13 23       office: +1 (914) 784-7529       fax: +1 (914) 784-6205
email: steiner@acm.org        www: http://vcard.acm.org/~steiner/

Publications

1. Overcome security threats for Ajax applications (with Sachiko Yoshihama, Frederik De Keukelaere, Frederik and Naohiko Uramoto)
   • Magazine Article: IBM developerworks, June, 2007

2. Mashup Component Isolation via Server-Side Analysis and Instrumentation (with K. Vikram)
   • Workshop Version: IEEE Web 2.0 Security & Privacy Workshop, 2007.

3. Security for Web2.0 application scenarios: Exposures, Issues and Challenges (with Sumeer Bhola and Suresh Chari)
   • Workshop Version: IEEE Web 2.0 Security & Privacy Workshop, 2007.

4. Mitigating Dictionary Attacks on Password-Protected Local Storage (with Ran Canetti and Shai Halevi)
   • Conference Version: In Proceedings of Advances in Cryptology - Crypto '06, Santa Barbara, August 2006.

5. A Privacy-Protecting Coupon System (with Liqun Chen and Matthias Enzmann and Ahmad-Reza Sadeghi and Markus Schneider)
   • Conference Version: In Proceedings of the Sixth Conference on Financial Cryptography, Roseau, The Commonwealth Of Dominica, February 2005

6. Hardness Amplification of Weakly Verifiable Puzzles (with Ran Canetti and Shai Halevi)
   • Conference Version: In Proceedings of second Theory of Cryptography Conference, Cambridge, MA, February 2005

7. Autonomic Enterprise Security through Orchestration (with Naga Ayachitula, Suresh Chari, Josyula R. Rao and Maheswaran Surendra)
   • Conference Version: In Proceedings of 4th Annual Conference on Emerging Information Technology, Princeton, October 2004.

8. Elix0r: Cost-Effective Incident Response (with Suresh Chari, Sudhakar Govindavajhala, Daisuke Nojiri and Josyula R. Rao)
   • Technical Report: Research Report RC 23765, IBM Research, May 2004.

9. Polynomial Fairness and Liveness (with Michael Backes, Birgit Pfitzmann and Michael Waidner)
   • Journal Version: Journal of Computer Security, 12(3/4):589-618, 2004.
   • Conference Version: In Proceedings of the 15th IEEE Computer Security Foundations Workshop, pages 160-174, June 2002.

10. Secure Group Key Agreement
    • PhD Thesis: Saarland University, March 2002.

11. A Formal Model for Multi-party Group Key Agreement (with Birgit Pfitzmann and Michael Waidner)
    • Deliverable Chapter: Deliverable D22 of IST Project MAFTIA, January 2003.
    • Technical Report: Research Report RZ 3383 IBM Research, April 2002.

12. Three-party Encrypted Key Exchange Without Server Public-keys (with Chun-Li Lin, Hung-Min Sun, and Tzonelih Hwan)
    • Journal Version: IEEE Communications Letters, 5(12:497-499, December 2001.

13. Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference (with Ahmad-Reza Sadeghi)
    • Conference Version: In Proceedings of Advances in Cryptology - EuroCrypt '01, pages 129-142, Innsbruck, May 2001.
    • Technical Report: Cryptology ePrint Archive Report 2002/126, 26 Aug 2002. (Revised and extended version of above)

14. SEMPER - Secure Electronic Marketplace for Europe (with Gérard Lacoste, Birgit Pfitzmann and Michael Waidner)
    • Book (Editor): Lecture Notes in Computer Science, Volume 1854, Springer-Verlag, August, 2000. ISBN 3-540-67825-5.
    • Deliverable (Editor): Deliverable D13 of ACTS Project AC026, final report, September 1999.
    (Additionally, author of Part 1 The Vision of SEMPER (with Birgit Baum-Waidner, Gérard Lacoste, Birgit Pfitzmann, Michael Waidner and Arnd Weber), Chapter Architecture (with N. Asokan, Birgit Baum-Waidner, Torben P. Pedersen, Birgit Pfitzmann, Matthias Schunter, and Michael Waidner) and Chapter The Payment Framework (with N. Asokan).)

15. Key Agreement in Dynamic Peer Groups (with Gene Tsudik and Michael Waidner)
    • Journal Version: IEEE Transactions on Parallel and Distributed Systems, 11(8):769-780, August 2000.
    (Based on the papers ``CLIQUES: A New Approach to Group Key Agreement'' (ICDCS'98) and ``Diffie-Hellman Key Distribution Extended to Groups'' (ACM CCS 96), see below for more details)

16. Secure Password-Based Cipher Suite for TLS (with Peter Buhler, Thomas Eirich and Michael Waidner)
    • Journal Version: ACM Transactions on Information and System Security (TISSEC), 4(2):134-157, 2001.
    • Conference Version: In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '2000), pages 129-142, San Diego, February 2000. (Best Paper Award)

17. Design, Implementation and Deployment of a Secure Account-Based Electronic Payment System (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik, Els Van Herreweghen and Michael Waidner)
    • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):611-627, April 2000.
    • Technical Report: Research Report RZ 3137 IBM Research, Jun 1999.
    (Major revision and extension of ``iKP - A Family of Secure Electronic Payment Protocols'' (USENIX E-Commerce 96), see below for more details)

18. New Multi-party Authentication Services and Key Agreement Protocols (with Giuseppe Ateniese and Gene Tsudik)
    • Journal Version: IEEE Journal of Selected Area in Communications (JSAC), Special Issue on Network Security, 18(4):628-639, April 2000.
    • Technical Report: Research Report RZ 3115 (# 93161) IBM Research, March 1999.
    (Based on the paper ``Authenticated Group Key Agreement and Related Protocols'' which appeared in the proceedings of the 5th ACM CCS, see below for more details)

19. Authenticating Public Terminals (with N. Asokan, Hervé Debar and Michael Waidner)
    • Journal Version: Computer Networks, 31(8):861-870, May 1999.

20. SEMPER: A Security Framework for the Global Electronic Marketplace (with Gerard Lacoste)
    • Magazine Article: comtec - the magazine for telecommunications technology, 77(9):56-63, September 1999.

21. SEMPER: Architecture, Services and Protocols
    • Deliverable (Editor): Deliverable D10 of ACTS Project AC026, public specifications, January 1999.

22. Authenticated Group Key Agreement and Friends (with Giuseppe Ateniese and Gene Tsudik)
    • Conference Version: In Proceedings of the Fifth ACM Conference on Computer and Communication Security, pages 17-26, San Franscisco, November 1998.
    • Technical Report: Research Report RZ 3063 (#93109) IBM Research, October 1998.

23. Towards a Framework for Handling Disputes in Payment Systems (with N. Asokan and Els Van Herreweghen)
    • Conference Version: In Proceedings of the Third Usenix Workshop on Electronic Commerce, pages 187-202, Boston Mass., September 1998.
    • Technical Report: Research Report RZ 2996 (#93042) IBM Research, March 1998.

24. CLIQUES: A New Approach to Group Key Agreement (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the 18th International Conference on Distributed Computing Systems (ICDCS'98), Amsterdam, May 1998.
    • Technical Report: Research Report RZ 2984 (#93030) IBM Research, December 1997.

25. Designing a Generic Payment Service (with Jose L. Abad-Peiro, N. Asokan, and Michael Waidner)
    • Journal Version: IBM Systems Journal, 37(1):72-88, January 1998.
    • Technical Report: Research Report RZ 2891 (# 90839), IBM Research, December 1996.

26. State of the Art in Electronic Payment Systems (with N. Asokan, Phil Janson, and Michael Waidner)
    • Book Chapter: Advances in Computers, Vol. 53, pages 425-449, Academic Press, March 2000.
    • Magazine Article: IEEE Computer, 30(9):28-35, September 1997.
    • Translation: (in Japanese) Nikkei Computer, pages 195-201, issue of March 30, 1998.
    • Conference Version: Public-Key Solutions 96, Zürich, September 1996. (Title ``Electronic Payment Systems'')
    • Technical Report: Research Report RZ 2890 (# 90838), IBM Research, December 1996. (Title ``Electronic Payment Systems'')

27. Micro-Payments based on iKP (with Ralf Hauser and Michael Waidner)
    • Conference Version: 14th Worldwide Congress on Computer and Communications Security Protection (SecuriCom'96), Paris, June 1996.
    • Technical Report: Research Report RZ 2791 (# 89269), IBM Research, February 1996.

28. Diffie-Hellman Key Distribution Extended to Groups (with Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the Third ACM Conference on Computer and Communications Security (CCS), New Delhi, March 1996.

29. Refinement and Extension of Encrypted Key Exchange (with Gene Tsudik and Michael Waidner)
    • Unrefereed: Operating System Review, 29(3):22-30, July, 1995.

30. iKP - A Family of Secure Electronic Payment Protocols (with Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Gene Tsudik and Michael Waidner)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

31. Generic Extensions of WWW Browsers (with Ralf Hauser)
    • Conference Version: In Proceedings of the First USENIX Workshop on Electronic Commerce, New York, July 1995.

32. Management von Sicherheitsdiensten in verteilten Systemen (with Ralf Hauser and Günter Karjoth)
    • Journal Version: Datenschutz und Datensicherheit DuD, 19(3):150-155, Verlag Friedrich Vieweg & Sohn, Wiesbaden, March, 1995.
    • Conference Version: Proceedings der Fachtagung SIS '94, pages 7-21, Zürich, March 1994.

33. TCP/IP on the Ceres: Design and Implementation of a Communication Stack
    • Master Thesis: Eidgenössische Technische Hochschule (ETH) Zürich, November 1992.

Many of above publications can be found in electronic form on the Internet .