Skip to main content

Dr. Douglas Stebila

Assistant Professor

Department of Computing and Software

Expertise:
cryptography; network security
Areas of Specialization:
Research Clusters:

Overview

Dr. Douglas Stebila is an Assistant Professor in cryptography at McMaster University in Hamilton, Ontario, Canada.  His research focuses on improving the security of Internet cryptography protocols such as SSL/TLS and SSH and developing practical quantum-resistant cryptosystems.  His previous work on the integration and standardization of elliptic curve cryptography in SSL/TLS has been deployed on hundreds of millions of web browsers and servers worldwide. Dr. Stebila is the leader of the Open Quantum Safe open-source software project for prototyping quantum-resistant cryptography.

My research interests include:

  • Applied cryptography: provable security; key exchange; digital signatures; public key encryption; client puzzles / proofs of work; lattice-based cryptography; elliptic curve cryptography; quantum cryptography
  • Internet security: network security protocols (SSL/TLS, SSH, Tor); privacy; PKI; authentication; usability

Education

  • BMath in Combinatorics & Optimization and Computer Science, University of Waterloo (2003)
  • MSc in Mathematics and Foundations of Computer Science, University of Oxford (2004)
  • PhD in Combinatorics & Optimization, University of Waterloo (2009)
  • Certificate in University Teaching, University of Waterloo (2009)
  • Graduate Certificate in Academic Practice, Queensland University of Technology (2011)

Biography

I am currently an Assistant Professor in the Department of Computing and Software in the Faculty of Engineering at McMaster University.

From 2010–2016, I was a Lecturer and then Senior Lecturer at the Queensland University of Technology in the Science and Engineering Faculty, jointly appointed between the School of Electrical Engineering and Computer Science and the School of Mathematical Sciences.

From 2009–2010, I was a postdoctoral researcher at the Information Security Institute at the Queensland University of Technology, addressing cryptographic aspects of denial of service resistance.

From 2004–2009, I was a PhD student in the Department of Combinatorics and Optimization at the University of Waterloo. I worked with Prof. Michele Mosca on a variety of problems related to quantum cryptography, including an analysis of the cryptographic case for quantum key distribution and the development of quantum coins, a new form of digital cash that makes use of the no-cloning properties of quantum money.

As a PhD student, I was also affiliated with the Institute for Quantum Computing and the Centre for Applied Cryptographic Research at the University of Waterloo. My research included analyzing side-channel attacks on elliptic curve cryptographypassword authenticated key exchange protocols, and denial of service resistance of key exchange protocols.

In Fall 2001, Spring 2002, and Spring 2003, I was an intern at Sun Microsystems Laboratories in the Next Generation Cryptography project, working with Sheueling Chang Shantz, Vipul Gupta, Hans Eberle, and Nils Gura. Our research focused on next generation cryptographic technologies. I worked on software implementations of elliptic curve cryptography and the ECDH and ECDSA algorithms, and integrated them into the widely used OpenSSL and NSS toolkits. We have had several publications (12345) and a technical standard result from our work. I was a visiting researcher again at Sun Labs in Fall 2005.

In 2001, I was an undergraduate research assistant in the Centre for Applied Cryptographic Research at the University of Waterloo. I worked with Prof. Stefan Wolf on problems in information theory.

Publications

Recent

Books

  1. Proc. 20th Australasian Conference on Information Security and Privacy (ACISP) 2015. E. Foo, D. Stebila, editors. LNCS, vol. 9144. Springer, 2015.

Refereed journal papers

  1. Anonymity and one-way authentication in key exchange protocols. I. Goldberg, D. Stebila, B. Ustaoglu. In Designs, Codes and Cryptography, 2013.
  2. Publicly verifiable ciphertexts (full version). J. González Nieto, M. Manulis, B. Poettering, J. Rangasamy, D. Stebila. In Journal of Computer Security, 2013.
  3. Plaintext awareness in identity-based key encapsulation. M. Manulis, B. Poettering, D. Stebila. In International Journal of Information Security, 2014.
  4. Secure modular password authentication for the web using channel bindings (full version). M. Manulis, D. Stebila, F. Kiefer, N. Denham. In International Journal of Information Security, 2016.
  5. Double-authentication-preventing signatures (full version). B. Poettering, D. Stebila. In International Journal of Information Security, 2017.
  6. ASICS: Authenticated key exchange security incorporating certification systems (full version). C. Boyd, C. Cremers, M. Feltz, K. G. Paterson, B. Poettering, D. Stebila. In International Journal of Information Security, 2017.

Refereed conference papers

  1. An end-to-end systems approach to elliptic curve cryptography. N. Gura, S. Chang Shantz, H. Eberle, S. Gupta, V. Gupta, D. Finchelstein, E. Goupy, D. Stebila. In CHES 2002.
  2. Performance analysis of elliptic curve cryptography for SSL. V. Gupta, S. Gupta, S. Chang, D. Stebila. In ACM Wireless Security 2002.
  3. Generic GF(2m) arithmetic in software and its application to ECC. A. Weimerskirch, D. Stebila, S. Chang. In ACISP 2003.
  4. Speeding up secure web transactions using elliptic curve cryptography. V. Gupta, D. Stebila, S. Fung, S. Chang, N. Gura, H. Eberle. In NDSS 2004.
  5. Integrating elliptic curve cryptography into the web's security infrastructure. V. Gupta, D. Stebila, S. Chang. In ACM WWW 2004.
  6. Unified point addition formulæ and side-channel attacks. D. Stebila, N. Thériault. In CHES 2006.
  7. Towards denial-of-service-resilient key agreement protocols. D. Stebila, B. Ustaoglu. In ACISP 2009.
  8. The case for quantum key distribution. D. Stebila, M. Mosca, N. Lütkenhaus. In QuantumComm 2009.
  9. Quantum coins. M. Mosca, D. Stebila. In Error-Correcting Codes, Finite Geometries and Cryptography 2010.
  10. Multi-factor password-authenticated key exchange. D. Stebila, P. Udupi, S. Chang. In AISC 2010.
  11. Predicate-based key exchange. J. Birkett, D. Stebila. In ACISP 2010.
  12. One-time-password-authenticated key exchange. K. G. Paterson, D. Stebila. In ACISP 2010.
  13. Fixed argument pairings. C. Costello, D. Stebila. In LATINCRYPT 2010.
  14. Reinforcing bad behaviour: the misuse of security indicators on popular websites. D. Stebila. In OzCHI 2010.
  15. Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols. D. Stebila, L. Kuppusamy, J. Rangasamy, C. Boyd, J. González Nieto. In CT-RSA 2011.
  16. An integrated approach to cryptographic mitigation of denial-of-service attacks. J. Rangasamy, D. Stebila, C. Boyd, J. González Nieto. In ACM ASIACCS 2011.
  17. Defending web services against denial of service attacks using client puzzles. S. Suriadi, D. Stebila, A. Clark, H. Liu. In IEEE ICWS 2011.
  18. Efficient modular exponentiation-based puzzles for denial-of-service protection. J. Rangasamy, D. Stebila, C. Boyd, J. González Nieto, L. Kuppusamy. In ICISC 2011.
  19. Towards a provably secure DoS-resilient key exchange protocol with perfect forward secrecy. L. Kuppusamy, J. Rangasamy, D. Stebila, C. Boyd, J. González Nieto. In INDOCRYPT 2011.
  20. Practical client puzzles in the standard model. L. Kuppusamy, J. Rangasamy, D. Stebila, C. Boyd, J. González Nieto. In ACM ASIACCS 2012.
  21. Effort-release public-key encryption from cryptographic puzzles. J. Rangasamy, D. Stebila, C. Boyd, J. González Nieto, L. Kuppusamy. In ACISP 2012.
  22. Self-identified experts lost on the Interwebs. T. Kelley, S. Lien, L. J. Camp, D. Stebila. In LASER 2012.
  23. Publicly verifiable ciphertexts. J. González Nieto, M. Manulis, B. Poettering, J. Rangasamy, D. Stebila. In SCN 2012.
  24. Comparative eye tracking of experts and novices in web single sign-on. M. Arianezhad, L. J. Camp, T. Kelley, D. Stebila. In ACM CODASPY 2013.
  25. Usability and security of gaze-based graphical grid passwords. M. Arianezhad, D. Stebila, B. Mozaffari. In USEC 2013.
  26. Quantum key distribution in the classical authenticated key exchange framework. M. Mosca, D. Stebila, B. Ustaoglu. In PQCrypto 2013.
  27. Count-min sketches for estimating password frequency within Hamming distance two. L. South, D. Stebila. In ACISP 2013.
  28. Quantum one-time programs. A. Broadbent, G. Gutoski, D. Stebila. In CRYPTO 2013.
  29. ASICS: Authenticated key exchange security incorporating certification systems. C. Boyd, C. Cremers, M. Feltz, K. G. Paterson, B. Poettering, D. Stebila. In ESORICS 2013.
  30. On the security of TLS renegotiation. F. Giesen, F. Kohlar, D. Stebila. In ACM CCS 2013.
  31. Formalising human recognition: A fundamental building block for security proofs. K. Radke, C. Boyd, J. González Nieto, M. Manulis, D. Stebila. In AISC 2014.
  32. Modelling after-the-fact leakage for key exchange. J. Alawatugoda, D. Stebila, C. Boyd. In ACM ASIACCS 2014.
  33. Continuous after-the-fact leakage-resilient key exchange. J. Alawatugoda, C. Boyd, D. Stebila. In ACISP 2014.
  34. Double-authentication-preventing signatures. B. Poettering, D. Stebila. In ESORICS 2014.
  35. Multi-ciphersuite security of the Secure Shell (SSH) protocol. F. Bergsma, B. Dowling, F. Kohlar, J. Schwenk, D. Stebila. In ACM CCS 2014.
  36. Secure modular password authentication for the web using channel bindings. M. Manulis, D. Stebila, N. Denham. In SSR 2014.
  37. Protecting encrypted cookies from compression side-channel attacks. J. Alawatugoda, D. Stebila, C. Boyd. In FC 2015.
  38. Hierarchical deterministic Bitcoin wallets that tolerate key leakage. G. Gutoski, D. Stebila. In FC 2015.
  39. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. J. W. Bos, C. Costello, M. Naehrig, D. Stebila. In IEEE S&P 2015.
  40. Modelling ciphersuite and version negotiation in the TLS protocol. B. Dowling, D. Stebila. In ACISP 2015.
  41. An analysis of TLS handshake proxying. D. Stebila, N. Sullivan. In IEEE TrustCom 2015.
  42. A cryptographic analysis of the TLS 1.3 handshake protocol candidates. B. Dowling, M. Fischlin, F. Günther, D. Stebila. In ACM CCS 2015.
  43. Continuous after-the-fact leakage-resilient eCK-secure key exchange. J. Alawatugoda, D. Stebila, C. Boyd. In IMA Cryptography & Coding 2015.
  44. Predicting TLS performance from key exchange performance. F. Moghimifar, D. Stebila. In AISC 2016.
  45. From stateless to stateful: Generic authentication and authenticated encryption constructions with application to TLS. B. Hale, C. Boyd, S. F. Mjølsnes, D. Stebila. In CT-RSA 2016.
  46. Safely exporting keys from secure channels: On the security of EAP-TLS and TLS Key Exporters. C. Brzuska, H. Jacobsen, D. Stebila. In EUROCRYPT 2016.
  47. Authenticated network time synchronization. B. Dowling, D. Stebila, G. Zaverucha. In USENIX Security 2016.
  48. Secure logging schemes and Certificate Transparency. B. Dowling, F. Günther, U. Herath, D. Stebila. In ESORICS 2016.
  49. Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE. J. Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko, A. Raghunathan, D. Stebila. In ACM CCS 2016.
  50. Post-quantum key exchange for the Internet and the Open Quantum Safe project. D. Stebila, M. Mosca. In SAC 2016.
  51. From identification to signatures, tightly: A framework and generic transforms. M. Bellare, B. Poettering, D. Stebila. In ASIACRYPT 2016.
  52. Deterring certificate subversion: efficient double-authentication-preventing signatures. M. Bellare, B. Poettering, D. Stebila. In PKC 2017.
  53. A formal security analysis of the Signal messaging protocol. K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, D. Stebila. In IEEE EuroS&P 2017.
  54. Transitioning to a quantum-resistant public key infrastructure. N. Bindel, U. Herath, M. McKague, D. Stebila. In PQCrypto 2017.
  55. Security analysis of a design variant of randomized hashing. P. Gauravaram, S. Hirose, D. Stebila. In ATIS 2017.

Technical standards

  1. ECMQV_ECQV cipher suites for Transport Layer Security (TLS). M. Campagna, D. Stebila.Internet-Draft, 2009.
  2. Elliptic-curve algorithm integration in the Secure Shell transport layer. D. Stebila, J. Green.RFC 5656, 2009.
  3. X.509v3 certificates for Secure Shell authentication. K. Igoe, D. Stebila. RFC 6187, 2011.
  4. A Transport Layer Security (TLS) extension for establishing an additional shared secret. J.M. Schanck, D. Stebila. Internet-Draft, 2017.

Technical reports

  1. Quantum safe cryptography and security: An introduction, benefits, enablers and challengers. M. Campagna et al., D. Stebila. ETSI (European Telecommunications Standards Institute), 2015.
  2. A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol. B. Dowling, M. Fischlin, F. Günther, D. Stebila. 2016.

Book chapters

  1. Cryptographic approaches to denial-of-service resistance. C. Boyd, J. González Nieto, L. Kuppusamy, H. Narasimham, C. Pandu Rangan, J. Rangasamy, J. Smith, D. Stebila, V. Varadarajan. In An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection, Springer, 2011.
  2. Cryptographic approaches to denial-of-service resistance. S. Suriadi, A. Clark, H. Liu, D. Schmidt, J. Smith, D. Stebila. In An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection, Springer, 2011.

Refereed conference posters

  1. Oblivious transfer from any non-trivial binary-symmetric channel. D. Stebila, S. Wolf. In IEEE ISIT 2002.
  2. Uncloneable quantum money. M. Mosca, D. Stebila. In QIP 2007.

Dissertations

  1. Cryptographic applications of graph theoretic constructions. D. Stebila. MSc thesis, University of Oxford, 2004.
  2. Classical authenticated key exchange and quantum cryptography. D. Stebila. PhD thesis, University of Waterloo, 2009.

View more Publications

View External Publications

Achievements

Awards

  • Best paper award, IEEE International Conference on Web Services (ICWS) 2011
  • Best student paper award (≥ 50% student authors), ACM Symposium on Computer and Communications Security (CCS) 2014

Funding

Program Committees

PhD completions