Jump to content

J. Alex Halderman: Difference between revisions

Edit links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Electronic voting: sealed filing
No edit summary
 
(23 intermediate revisions by 15 users not shown)
Line 1: Line 1:
{{short description|American computer scientist}}
{{Multiple issues|

{{BLP self-published|date=July 2019}}
{{More citations needed|date=July 2019}}
{{Multiple issues|{{BLP self-published|date=July 2019}}
{{BLP sources|date=July 2019}}|collapsed=yes}}
}}
{{Infobox scientist
{{Infobox scientist
| name = J. Alex Halderman
| name = John Alexander Halderman
| image = J. Alex Halderman - 2018.jpg
| image = J. Alex Halderman - 2018.jpg
| image_size =
| image_size =
Line 14: Line 14:
| death_date = <!--{{death date and age |YYYY|MM|DD |YYYY|MM|DD}} (death date then birth date)-->
| death_date = <!--{{death date and age |YYYY|MM|DD |YYYY|MM|DD}} (death date then birth date)-->
| death_place =
| death_place =
| nationality = [[Americans|American]]
| fields = [[Computer science]]
| fields = [[Computer science]]
| workplaces = [[University of Michigan]]
| workplaces = [[University of Michigan]]
| alma_mater = [[Princeton University]]
| alma_mater = [[Princeton University]]
| thesis_title = <!--(or | thesis1_title = and | thesis2_title = )-->
| thesis_title = Investigating security failures and their causes: An analytic approach to computer security
| thesis_url = <!--(or | thesis1_url = and | thesis2_url = )-->
| thesis_url = https://www.proquest.com/docview/304988110/
| thesis_year = <!--(or | thesis1_year = and | thesis2_year = )-->
| thesis_year = 2009
| doctoral_advisor = [[Edward Felten]] <!--(or | doctoral_advisors = )-->
| doctoral_advisor = [[Edward Felten]] <!--(or | doctoral_advisors = )-->
| doctoral_students = <!--[[David Adrian]], [[Zakir Durumeric]], [[James Kasten]], [[Andrew Springall]], [[Eric Wustrow]]-->
| doctoral_students = <!--[[David Adrian]], [[Zakir Durumeric]], [[James Kasten]], [[Andrew Springall]], [[Eric Wustrow]]-->
| known_for = [[2016 United States presidential election recounts]]
| known_for = [[2016 United States presidential election recounts]]
| awards = [[Sloan Research Fellowship]], [[Pwnie Awards|Pwnie Award]]
| awards = [[Sloan Research Fellowship]], [[Pwnie Awards|Pwnie Award]]
| website = [https://jhalderm.com/ J. Alex Halderman homepage]
| website = {{official url}}
}}
}}


'''J. Alex Halderman''' (born {{abbr|c.|circa}} January 1981) is professor of [[Computer Science and Engineering]] at the [[University of Michigan]], where he is also director of the Center for Computer Security & Society. Halderman's research focuses on [[computer security]] and [[information privacy|privacy]], with an emphasis on problems that broadly impact society and public policy.
'''John Alexander Halderman'''<ref>{{Cite web |title=Investigating security failures and their causes: An analytic approach to computer security - ProQuest |url=https://www.proquest.com/docview/304988110/ |access-date=2024-11-19 |website=www.proquest.com |language=en}}</ref> (born {{abbr|c.|circa}} January 1981) is an American computer scientist. He currently serves as a professor of [[computer science and engineering]] at the [[University of Michigan]], as well as being the director of the Center for Computer Security and Society at [[University of Michigan College of Engineering|Michigan Engineering]]. His research focuses on [[computer security]] and [[information privacy|privacy]], with an emphasis on problems that broadly impact society and public policy.


== Education ==
== Education ==
Halderman was awarded the [[Bachelor of Arts|A.B.]] ''[[summa cum laude]]'' in June 2003, the [[Master of Arts|M.A.]] in June 2005, and the [[Doctor of Philosophy|Ph.D.]] in June 2009, all in Computer Science from [[Princeton University]].{{Citation needed|date=July 2019}}
From [[Princeton University]], Halderman received a [[Bachelor of Arts]] ''[[summa cum laude]]'' in June 2003, a [[Master of Arts]] in June 2005, and a [[Doctor of Philosophy]] in June 2009, all in computer science.<ref>{{Cite web |title=J. Alex Halderman |url=https://jhalderm.com/ |access-date=2022-05-08 |website=jhalderm.com}}</ref>


== Academic career ==
== Career and research ==
As a student at Princeton, Halderman played a significant role in exposing flaws in [[digital rights management]] (DRM) software used on [[Compact Disc Digital Audio|compact discs]]. In 2004, he discovered that a DRM system called [[MediaMax CD-3]] could be bypassed simply by holding down the [[shift key]] while inserting a CD.{{Citation needed|date=July 2019}} The company behind the system briefly threatened him with a $10 million lawsuit, landing him on the front page of ''[[USA Today]]''.<ref>{{cite magazine| last=Noden |first=Merrell| date=2006-03-22| title=Who's Afraid of Alex Halderman '03?| url=http://www.princeton.edu/~paw/archive_new/PAW05-06/10-0322/features_halderman.html |magazine=Princeton Alumni Weekly |access-date=2019-06-09}}</ref> Later, in 2005, he helped show that a DRM system called [[Extended Copy Protection]] functioned identically to a [[rootkit]] and weakened the security of computers in which audio CDs were played.{{Citation needed|date=July 2019}} The ensuing [[Sony BMG copy protection rootkit scandal]] led to the recall of millions of CDs, class action lawsuits, and enforcement action by the U.S. [[Federal Trade Commission]].{{Citation needed|date=July 2019}}


In 2008, Halderman led the team that discovered the [[cold boot attack]] against [[disk encryption]], which allows an attacker with physical access to a computer device to extract encryption keys or other secrets from its memory. The technique, which was initially effective against nearly every full-disk encryption product on the market, exploits [[dynamic random-access memory|DRAM]] [[data remanence]] to retrieve memory contents even after the device has been briefly powered off.<ref name="halderman2008">{{Cite journal| doi = 10.1145/1506409.1506429| issn = 0001-0782| volume = 52| issue = 5| pages = 91–98| last1 = Halderman| first1 = J. Alex| last2 = Schoen| first2 = Seth D.| last3 = Heninger| first3 = Nadia| last4 = Clarkson| first4 = William| last5 = Paul| first5 = William| last6 = Calandrino| first6 = Joseph A.| last7 = Feldman| first7 = Ariel J.| last8 = Appelbaum| first8 = Jacob| last9 = Felten| first9 = Edward W.| title = Lest we remember: cold-boot attacks on encryption keys| journal = Communications of the ACM| year = 2009| s2cid = 7770695| url = https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf}}</ref> One version of the technique involves cooling DRAM modules with [[freeze spray]] to slow data decay, then removing them from the computer and reading them in an external device. It has become an important part of [[computer forensics]] practice and has also inspired a wide variety of defensive research, such as leakage-resilient cryptography and hardware implementations of encrypted RAM. For their work developing the attack, Halderman and his coauthors received the [[Pwnie Awards|Pwnie Award]] for Most Innovative Research and the Best Student Paper Award from the [[USENIX]] Security Symposium.
As a student at Princeton, Halderman played a significant role in exposing flaws in [[Digital Rights Management]] software used on [[Compact Disc Digital Audio|compact discs]]. In 2004, he discovered that a DRM system called [[MediaMax CD-3]] could be bypassed simply by holding down the [[shift key]] while inserting a CD.{{Citation needed|date=July 2019}} The company behind the system briefly threatened him with a $10 million lawsuit, landing him on the front page of [[USA Today]].<ref>{{cite magazine| last=Noden |first=Merrell| date=2006-03-22| title=Who's Afraid of Alex Halderman '03?| url=http://www.princeton.edu/~paw/archive_new/PAW05-06/10-0322/features_halderman.html |magazine=Princeton Alumni Weekly |access-date=2019-06-09}}</ref> Later, in 2005, he helped show that a DRM system called [[Extended Copy Protection]] functioned identically to a [[rootkit]] and weakened the security of computers in which audio CDs were played.{{Citation needed|date=July 2019}} The ensuing [[Sony BMG copy protection rootkit scandal]] led to the recall of millions of CDs, class action lawsuits, and enforcement action by the U.S. [[Federal Trade Commission]].{{Citation needed|date=July 2019}}


At the [[University of Michigan]], Halderman and coauthors performed some of the first comprehensive studies of [[Internet censorship in China]]<ref>{{cite journal | title = Internet Censorship in China: Where Does the Filtering Occur? | first1 = Xueyang | last1 = Xu | first2 = Z. Morley | last2 = Mao | author2-link=Z. Morley Mao | first3 = J. Alex | last3 = Halderman | journal = Passive and Active Measurement | volume = 6579 | pages = 133–142 | publisher = Springer | year = 2011 | url = https://web.eecs.umich.edu/~zmao/Papers/china-censorship-pam11.pdf| doi = 10.1007/978-3-642-19260-9_14 | series = Lecture Notes in Computer Science | bibcode = 2011LNCS.6579..133X | isbn = 978-3-642-19259-3 }}</ref> and in [[Internet censorship in Iran|Iran]],<ref>{{cite journal| last1 = Aryan | first1 = Simurgh | last2 = Aryan | first2 = Homa | last3 = Halderman | first3 = J. Alex | title = Internet Censorship in Iran: A First Look | journal = Third USENIX Workshop on Free and Open Communications on the Internet (FOCI) | url = https://www.usenix.org/system/files/conference/foci13/foci13-aryan.pdf| year = 2013 }}</ref> and of underground "[[Internet censorship in Cuba|street networks]]" in Cuba.<ref>{{cite journal | title = Initial Measurements of the Cuban Street Network | first1 = Eduardo | last1 = Pujol | first2 = Will | last2 = Scott | first3 = Eric | last3 = Wustrow | first4 = J. Alex | last4 = Halderman | year = 2017 | journal = ACM Internet Measurement Conference | url = https://conferences.sigcomm.org/imc/2017/papers/imc17-final186.pdf}}</ref> In 2009, he led a team that uncovered security problems and copyright infringement in [[Green Dam Youth Escort|client-side censorship software]] mandated by the Chinese government.<ref>{{cite web | title = Analysis of the Green Dam Censorware System | url = https://jhalderm.com/pub/gd/ | first1 = Scott | last1 = Wolchok | first2 = Randy | last2 = Yao | first3 = J. Alex | last3 = Halderman | date = 2009-06-18 | access-date = 2019-06-09 }}</ref> The findings helped catalyze popular protest against the program, leading China to reverse its policy requiring its installation on new PCs. In 2011, Halderman and his students invented [[Telex (anti-censorship system)|Telex]], a new approach to circumventing Internet censorship, partially by placing anticensorship technology into core network infrastructure outside the censoring country.
In 2008, Halderman led the team that discovered the [[cold boot attack]] against [[disk encryption]], which allows an attacker with physical access to a computer device to extract encryption keys or other secrets from its memory. The technique, which was initially effective against nearly every full-disk encryption product on the market, exploits [[dynamic random-access memory|DRAM]] [[data remanence]] to retrieve memory contents even after the device has been briefly powered off.<ref name="halderman2008">{{Cite journal| doi = 10.1145/1506409.1506429| issn = 0001-0782| volume = 52| issue = 5| pages = 91–98| last1 = Halderman| first1 = J. Alex| last2 = Schoen| first2 = Seth D.| last3 = Heninger| first3 = Nadia| last4 = Clarkson| first4 = William| last5 = Paul| first5 = William| last6 = Calandrino| first6 = Joseph A.| last7 = Feldman| first7 = Ariel J.| last8 = Appelbaum| first8 = Jacob| last9 = Felten| first9 = Edward W.| title = Lest we remember: cold-boot attacks on encryption keys| journal = Communications of the ACM| year = 2009| s2cid = 7770695| url = https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf}}</ref> One version of the technique involves cooling DRAM modules with [[freeze spray]] to slow data decay, then removing them from the computer and reading them in an external device. It has become an important part of [[computer forensics]] practice and has also inspired a wide variety of defensive research, such as leakage-resilient cryptography and hardware implementations of encrypted RAM. For their work developing the attack, Halderman and his coauthors received the [[Pwnie Awards|Pwnie Award]] for Most Innovative Research and the Best Student Paper Award from the [[USENIX]] Security Symposium.

At the [[University of Michigan]], Halderman and coauthors performed some of the first comprehensive studies of [[Internet censorship in China]]<ref>{{cite journal | title = Internet Censorship in China: Where Does the Filtering Occur? | first1 = Xueyang | last1 = Xu | first2 = Z. Morley | last2 = Mao | first3 = J. Alex | last3 = Halderman | journal = Passive and Active Measurement | volume = 6579 | pages = 133–142 | publisher = Springer | year = 2011 | url = https://web.eecs.umich.edu/~zmao/Papers/china-censorship-pam11.pdf| doi = 10.1007/978-3-642-19260-9_14 | series = Lecture Notes in Computer Science | isbn = 978-3-642-19259-3 }}</ref> and in [[Internet censorship in Iran|Iran]],<ref>{{cite journal| last1 = Aryan | first1 = Simurgh | last2 = Aryan | first2 = Homa | last3 = Halderman | first3 = J. Alex | title = Internet Censorship in Iran: A First Look | journal = Third USENIX Workshop on Free and Open Communications on the Internet (FOCI) | url = https://www.usenix.org/system/files/conference/foci13/foci13-aryan.pdf| year = 2013 }}</ref> and of underground "[[Internet censorship in Cuba|street networks]]" in Cuba.<ref>{{cite journal | title = Initial Measurements of the Cuban Street Network | first1 = Eduardo | last1 = Pujol | first2 = Will | last2 = Scott | first3 = Eric | last3 = Wustrow | first4 = J. Alex | last4 = Halderman | year = 2017 | journal = ACM Internet Measurement Conference | url = https://conferences.sigcomm.org/imc/2017/papers/imc17-final186.pdf}}</ref> In 2009, he led a team that uncovered security problems and copyright infringement in [[Green Dam Youth Escort|client-side censorship software]] mandated by the Chinese government.<ref>{{cite web | title = Analysis of the Green Dam Censorware System | url = https://jhalderm.com/pub/gd/ | first1 = Scott | last1 = Wolchok | first2 = Randy | last2 = Yao | first3 = J. Alex | last3 = Halderman | date = 2009-06-18 | access-date = 2019-06-09 }}</ref> The findings helped catalyze popular protest against the program, leading China to reverse its policy requiring its installation on new PCs. In 2011, Halderman and his students invented [[Telex (anti-censorship system)|Telex]], a new approach to circumventing Internet censorship, partially by placing anticensorship technology into core network infrastructure outside the censoring country.
With support from the [[United States Department of State]], which called the technique a "generational jump forward" in censorship resistance,<ref name="freiss2016"/> Halderman led a multi-institutional collaboration that further developed the technology and deployed it at ISP-scale under the name Refraction Networking.<ref>{{cite journal | title = An ISP-Scale Deployment of TapDance | first1 = Sergey | last1 = Frolov | first2 = Fred |last2 = Douglas | first3 = Will | last3 = Scott | first4 = Allison | last4 = McDonald | first5 = Benjamin | last5 = VanderSloot | first6 = Rod | last6 = Hynes | first7 = Adam | last7 = Kruger | first8 = Michalis | last8 = Kallitsis | first9 = David G. | last9 = Robinson | first10 = Nikita | last10 = Borisov | first11= J. Alex | last11 = Halderman | first12 = Eric | last12 = Wustrow | journal = 7th USENIX Workshop on Free and Open Communications on the Internet | year = 2017 | url = https://www.usenix.org/system/files/conference/foci17/foci17-paper-frolov_0.pdf}}</ref> In 2015, United States Ambassador to the United Nations [[Samantha Power]] brought him to New York to demonstrate the technology at a meeting alongside the [[United Nations General Assembly|General Assembly]].<ref name="freiss2016"/>
With support from the [[United States Department of State]], which called the technique a "generational jump forward" in censorship resistance,<ref name="freiss2016"/> Halderman led a multi-institutional collaboration that further developed the technology and deployed it at ISP-scale under the name Refraction Networking.<ref>{{cite journal | title = An ISP-Scale Deployment of TapDance | first1 = Sergey | last1 = Frolov | first2 = Fred |last2 = Douglas | first3 = Will | last3 = Scott | first4 = Allison | last4 = McDonald | first5 = Benjamin | last5 = VanderSloot | first6 = Rod | last6 = Hynes | first7 = Adam | last7 = Kruger | first8 = Michalis | last8 = Kallitsis | first9 = David G. | last9 = Robinson | first10 = Nikita | last10 = Borisov | first11= J. Alex | last11 = Halderman | first12 = Eric | last12 = Wustrow | journal = 7th USENIX Workshop on Free and Open Communications on the Internet | year = 2017 | url = https://www.usenix.org/system/files/conference/foci17/foci17-paper-frolov_0.pdf}}</ref> In 2015, United States Ambassador to the United Nations [[Samantha Power]] brought him to New York to demonstrate the technology at a meeting alongside the [[United Nations General Assembly|General Assembly]].<ref name="freiss2016"/>


In 2012, Halderman and coauthors discovered serious flaws in [[Random number generator attack|random number generators]] that weakened the [[public-key cryptography]] used for [[HTTPS]] and [[SSH]] servers in millions of [[Internet of things]] devices. They [[responsible disclosure|disclosed vulnerabilities]] to 60 device manufacturers and spurred changes to the [[Linux]] kernel.<ref>{{cite journal | title=Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices| first1=Nadia | last1 = Heninger | first2 = Zakir | last2 = Durumeric | first3 = Eric | last3 = Wustrow | first4 = J. Alex | last4 = Halderman | journal = 21st USENIX Security Symposium | year = 2012 | url=https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final228.pdf}}</ref> Their work received the Best Paper Award at the USENIX Security Symposium and was named one of the notable computing articles of the year by [[ACM Computing Reviews]].<ref>{{cite magazine | magazine = ACM Computing Reviews | title = Notable Computing Books and Articles of 2012 | first = Angela | last = Condon | url = http://computingreviews.com/recommend/bestof/notableitems_2012.cfm }}</ref> Halderman played a significant role in fixing several major vulnerabilities in the [[Transport Layer Security|TLS protocol]]. He was a co-discoverer of the [[Logjam (computer security)|Logjam]]<ref>{{cite journal | title = Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice | first1= David | last1= Adrian | first2= Karthikeyan | last2= Bhargavan | first3= Zakir | last3= Durumeric | first4= Pierrick | last4= Gaudry | first5= Matthew | last5= Green | first6 = J. Alex | last6 = Halderman | first7 = Nadia | last7 = Heninger | first8 = Drew | last8 = Springall | first9 = Emmanuel | last9= Thomé | first10 = Luke | last10 = Valenta | first11 = Benjamin | last11 = VanderSloot | first12 = Eric | last12 = Wustrow | first13 = Santiago | last13= Zanella-Béguelin | first14 = Paul | last14= Zimmermann | journal = Communications of the ACM | volume = 61 | issue = 1 | pages = 106–114 | year = 2019 | doi = 10.1145/3292035 | s2cid= 56894427 | url=https://jhalderm.com/pub/papers/weakdh-cacm19.pdf}}</ref> and [[DROWN attack|DROWN]]<ref>{{cite journal | title = DROWN: Breaking TLS using SSLv2 | first1 =Nimrod | last1 = Aviram | first2 = Sebastian | last2 = Schinzel | first3 = Juraj | last3 = Somorovsky | first4= Nadia | last4 = Heninger | first5 = Maik | last5 = Dankel | first6 = Jens | last6 = Steube | first7 = Luke | last7 = Valenta | first8 = David | last8 = Adrian | first9 = J. Alex | last9 = Halderman | first10 = Viktor | last10= Dukhovni | first11 = Emilia | last11 = Käsper | first12 = Shaanan | last12 = Cohney | first13 = Susanne | last13 = Engels | first14 = Christof | last14 = Paar | first15 = Yuval | last15 = Shavitt | journal = 25th USENIX Security Symposium | year = 2016 | url = https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_aviram.pdf}}</ref> attacks, and conducted the first impact assessment of the [[FREAK]] attack.<ref>{{cite web | title = The FREAK Attack | date = 2015-03-03 | url = https://freakattack.com | access-date = 2019-06-10 }}</ref> The three flaws compromised the security of tens of millions of [[HTTPS]] websites and resulted in changes to HTTPS server software, web browsers, and the TLS protocol. Since they worked by exploiting remnants of ways in which older versions of the protocol had been deliberately weakened due to 1990s-era restrictions on the [[export of cryptography from the United States]],<ref>{{cite web | title = What factors contributed to DROWN? | website = The DROWN Attack | year = 2016 | url = https://drownattack.com/#faq-factors}}</ref> they carried lessons for the ongoing public policy debate about [[Crypto wars|cryptographic back doors for law enforcement]].<ref>{{cite web | title = More than 11 million HTTPS websites imperiled by new decryption attack | first = Dan | last = Goodin | website = Ars Technica | date = 2016-03-01 | url=https://arstechnica.com/information-technology/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack/ | access-date = 2019-06-10 }}</ref>
In 2012, Halderman and coauthors discovered serious flaws in [[Random number generator attack|random number generators]] that weakened the [[public-key cryptography]] used for [[HTTPS]] and [[SSH]] servers in millions of [[Internet of things]] devices. They [[responsible disclosure|disclosed vulnerabilities]] to 60 device manufacturers and spurred changes to the [[Linux]] kernel.<ref>{{cite journal | title=Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices| first1=Nadia | last1 = Heninger | first2 = Zakir | last2 = Durumeric | first3 = Eric | last3 = Wustrow | first4 = J. Alex | last4 = Halderman | journal = 21st USENIX Security Symposium | year = 2012 | url=https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final228.pdf}}</ref> Their work received the Best Paper Award at the USENIX Security Symposium and was named one of the notable computing articles of the year by ''[[ACM Computing Reviews]]''.<ref>{{cite magazine | magazine = ACM Computing Reviews | title = Notable Computing Books and Articles of 2012 | first = Angela | last = Condon | url = http://computingreviews.com/recommend/bestof/notableitems_2012.cfm }}</ref> Halderman played a significant role in fixing several major vulnerabilities in the [[Transport Layer Security|TLS protocol]]. He was a co-discoverer of the [[Logjam (computer security)|Logjam]]<ref>{{cite journal | title = Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice | first1= David | last1= Adrian | first2= Karthikeyan | last2= Bhargavan | first3= Zakir | last3= Durumeric | first4= Pierrick | last4= Gaudry | first5= Matthew | last5= Green | first6 = J. Alex | last6 = Halderman | first7 = Nadia | last7 = Heninger | first8 = Drew | last8 = Springall | first9 = Emmanuel | last9= Thomé | first10 = Luke | last10 = Valenta | first11 = Benjamin | last11 = VanderSloot | first12 = Eric | last12 = Wustrow | first13 = Santiago | last13= Zanella-Béguelin | first14 = Paul | last14= Zimmermann | journal = Communications of the ACM | volume = 61 | issue = 1 | pages = 106–114 | year = 2019 | doi = 10.1145/3292035 | s2cid= 56894427 | url=https://jhalderm.com/pub/papers/weakdh-cacm19.pdf}}</ref> and [[DROWN attack|DROWN]]<ref>{{cite journal | title = DROWN: Breaking TLS using SSLv2 | first1 =Nimrod | last1 = Aviram | first2 = Sebastian | last2 = Schinzel | first3 = Juraj | last3 = Somorovsky | first4= Nadia | last4 = Heninger | first5 = Maik | last5 = Dankel | first6 = Jens | last6 = Steube | first7 = Luke | last7 = Valenta | first8 = David | last8 = Adrian | first9 = J. Alex | last9 = Halderman | first10 = Viktor | last10= Dukhovni | first11 = Emilia | last11 = Käsper | first12 = Shaanan | last12 = Cohney | first13 = Susanne | last13 = Engels | first14 = Christof | last14 = Paar | first15 = Yuval | last15 = Shavitt | journal = 25th USENIX Security Symposium | year = 2016 | url = https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_aviram.pdf}}</ref> attacks, and conducted the first impact assessment of the [[FREAK]] attack.<ref>{{cite web | title = The FREAK Attack | date = 2015-03-03 | url = https://freakattack.com | access-date = 2019-06-10 }}</ref> The three flaws compromised the security of tens of millions of HTTPS websites and resulted in changes to HTTPS server software, web browsers, and the TLS protocol. Since they worked by exploiting remnants of ways in which older versions of the protocol had been deliberately weakened due to 1990s-era restrictions on the [[export of cryptography from the United States]],<ref>{{cite web | title = What factors contributed to DROWN? | website = The DROWN Attack | year = 2016 | url = https://drownattack.com/#faq-factors}}</ref> they carried lessons for the ongoing public policy debate about [[Crypto wars|cryptographic back doors for law enforcement]].<ref>{{cite web | title = More than 11 million HTTPS websites imperiled by new decryption attack | first = Dan | last = Goodin | website = Ars Technica | date = 2016-03-01 | url=https://arstechnica.com/information-technology/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack/ | access-date = 2019-06-10 }}</ref>


Halderman's Logjam work also provided a plausible explanation for a major question raised by the [[Edward Snowden|Edward Snowden revelations]]: how the [[National Security Agency]] could be decoding large volumes of encrypted network traffic. By extrapolating their results to the resources of a major government, the researchers concluded that nation-state attackers could plausibly break 1024-bit [[Diffie-Hellman key exchange]] using a purpose-built [[supercomputer]].<ref name=milgrom2017>{{cite magazine | first = Randy | last = Milgrom | magazine = The Michigan Engineer | year = 2017 | title = Courage to Resist: The High-Stakes Adventures of J. Alex Halderman | url = https://medium.com/@UMengineering/courage-to-resist-ddb84e3a2f0}}</ref> For a cost on the order of a hundred million dollars, an intelligence agency could break the cryptography used by about two-thirds of all [[virtual private networks]].<ref>{{cite web | url = https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/ | title = How is NSA breaking so much crypto? | first1 = J. Alex | last1 = Halderman | first2 = Nadia | last2 = Heninger | date = 2015-10-14 | access-date=2019-06-10 | website = Freedom-to-Tinker}}</ref> Snowden publicly responded that he shared the researchers suspicions and blamed the U.S. government for failing to close a vulnerability that left so many people at risk.<ref>{{cite web |
Halderman's Logjam work also provided a plausible explanation for a major question raised by the [[Edward Snowden|Edward Snowden revelations]]: how the [[National Security Agency]] could be decoding large volumes of encrypted network traffic. By extrapolating their results to the resources of a major government, the researchers concluded that nation-state attackers could plausibly break 1,024-bit [[Diffie-Hellman key exchange]] using a purpose-built [[supercomputer]].<ref name=milgrom2017>{{cite magazine | first = Randy | last = Milgrom | magazine = The Michigan Engineer | year = 2017 | title = Courage to Resist: The High-Stakes Adventures of J. Alex Halderman | url = https://medium.com/@UMengineering/courage-to-resist-ddb84e3a2f0}}</ref> For a cost on the order of a hundred million dollars, an intelligence agency could break the cryptography used by about two-thirds of all [[virtual private networks]].<ref>{{cite web | url = https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/ | title = How is NSA breaking so much crypto? | first1 = J. Alex | last1 = Halderman | first2 = Nadia | last2 = Heninger | date = 2015-10-14 | access-date=2019-06-10 | website = Freedom-to-Tinker}}</ref> Snowden publicly responded that he shared the researchers suspicions and blamed the U.S. government for failing to close a vulnerability that left so many people at risk.<ref>{{cite web |
title = Edward Snowden weighs in on the huge internet vulnerability that could have helped the US spy on citizens | first = Cale | last = Guthrie Weissman | date = 2015-05-21 | website = Business Insider | url = https://www.businessinsider.com/edward-snowden-talks-about-logjam-on-reddit-2015-5 | access-date=2019-06-10 }}</ref> The work received the 2015 [[Pwnie Awards|Pwnie Award]] for Most Innovative Research and was named Best Paper at the ACM Conference on Computer and Communications Security.
title = Edward Snowden weighs in on the huge internet vulnerability that could have helped the US spy on citizens | first = Cale | last = Guthrie Weissman | date = 2015-05-21 | website = Business Insider | url = https://www.businessinsider.com/edward-snowden-talks-about-logjam-on-reddit-2015-5 | access-date=2019-06-10 }}</ref> The work received the 2015 [[Pwnie Awards|Pwnie Award]] for Most Innovative Research and was named Best Paper at the ACM Conference on Computer and Communications Security.


In 2013, Halderman and his [[graduate school|graduate students]] created [[ZMap (software)|ZMap]], a [[Free and open-source software|free and open-source]] [[Network enumeration|security scanning]] tool designed for information security research.<ref>{{cite journal | title = ZMap: Fast Internet-Wide Scanning and its Security Applications | first1=Zakir | last1=Durumeric | first2=Eric | last2=Wustrow | first3 = J. Alex | last3 = Halderman | journal = 22nd USENIX Security Symposium | year=2013 | url=https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_durumeric.pdf}}</ref>
In 2013, Halderman and his [[graduate school|graduate students]] created [[ZMap (software)|ZMap]], a [[Free and open-source software|free and open-source]] [[Network enumeration|security scanning]] tool designed for information security research.<ref>{{cite journal | title = ZMap: Fast Internet-Wide Scanning and its Security Applications | first1=Zakir | last1=Durumeric | first2=Eric | last2=Wustrow | first3 = J. Alex | last3 = Halderman | journal = 22nd USENIX Security Symposium | year=2013 | url=https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_durumeric.pdf}}</ref>
By making efficient use of [[Bandwidth (computing)|network bandwidth]], ZMap can scan the Internet's entire [[IPv4]] [[address space]] in under an hour, allowing researchers to quantify vulnerable systems, track the adoption of security patches, and even measure the impact of [[natural disaster]]s that disrupt Internet access.<ref>{{cite news | first = Timothy B. | last = Lee | title = Here's what you find when you scan the entire Internet in an hour | newspaper = The Washington Post | date = 2013-08-13 | url=https://www.washingtonpost.com/news/the-switch/wp/2013/08/18/heres-what-you-find-when-you-scan-the-entire-internet-in-an-hour/ | access-date = 2019-06-11 }}</ref> Halderman and collaborators used it to track the [[Heartbleed|OpenSSL Heartbleed vulnerability]]<ref>{{cite journal|last1=Durumeric|first1=Zakir|last2=Li|first2=Frank|last3=Kasten|first3=James|last4=Amann|first4=Johanna|last5=Beekman|first5=Jethro|last6=Payer|first6=Mathias|author-link6=Mathias Payer|last7=Weaver|first7=Nicolas|last8=Adrian|first8=David|last9=Paxson|first9=Vern|last10=Bailey|first10=Michael|last11=Halderman|first11=J. Alex|year=2014|title=The Matter of Heartbleed|url=https://dl.acm.org/citation.cfm?id=2663755|journal=14th ACM Internet Measurement Conference}}</ref> and raised the global rate of patching by 50% by warning the operators of unpatched web servers.<ref>{{cite web | first = Sean | last = Gallagher | website = Ars Technica | date = 2014-04-10 | title = Researchers find thousands of potential targets for Heartbleed OpenSSL bug | url = https://arstechnica.com/information-technology/2014/04/researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug/ | access-date = 2019-06-10}}</ref> Their work won the Best Paper award at the ACM Internet Measurement Conference. In partnership with [[Google]], Halderman's research group used ZMap to study the security of [[Simple Mail Transfer Protocol|email delivery]],<ref>{{cite journal | title = Neither Snow nor Rain nor MITM: An Empirical Analysis of Email Delivery Security | first1=Zakir | last1=Durumeric | first2=David | last2=Adrian | first3=Ariana | last3=Mirian | first4=James | last4=Kasten | first5=Elie | last5=Bursztein | first6=Nicholas | last6=Lidzborski | first7=Kurt | last7=Thomas | first8=Vijay | last8=Eranti | first9=Michael | last9=Bailey | first10=J. Alex | last10=Halderman | journal=15th ACM Internet Measurement Conference | year=2015}}</ref> highlighting seven countries where more than 20% of inbound Gmail messages arrived unencrypted due to [[downgrade attack|network attackers]].<ref>{{cite web | website=Google Security Blog | title=New Research: Encouraging trends and emerging threats in email security | date=2015-11-12 | first1=Elie | last1=Bursztein | first2=Nicolas | last2=Lidzborski | url=https://security.googleblog.com/2015/11/new-research-encouraging-trends-and.html | access-date=2019-06-11}}</ref> To mitigate the problem, [[Gmail]] added an indicator to let users know when they receive a message that wasn't delivered using encryption, resulting in a 25% increase in inbound messages sent over an encrypted connection.<ref>{{cite web | title=More Encryption, More Notifications, More Email Security | website = Google Security Blog | first1=Nicolas |last1=Lidzborski |first2=Jonathan | last2=Pevarnek | url=https://security.googleblog.com/2016/03/more-encryption-more-notifications-more.html | date=2016-03-24 | access-date=2019-06-11}}</ref> Halderman and his collaborators were recognized with the 2015 [[Internet Research Task Force|IRTF]] Applied Networking Research Prize.
By making efficient use of [[Bandwidth (computing)|network bandwidth]], ZMap can scan the Internet's entire [[IPv4]] [[address space]] in under an hour, allowing researchers to quantify vulnerable systems, track the adoption of security patches, and even measure the impact of [[natural disaster]]s that disrupt Internet access.<ref>{{cite news | first = Timothy B. | last = Lee | title = Here's what you find when you scan the entire Internet in an hour | newspaper = The Washington Post | date = 2013-08-13 | url=https://www.washingtonpost.com/news/the-switch/wp/2013/08/18/heres-what-you-find-when-you-scan-the-entire-internet-in-an-hour/ | access-date = 2019-06-11 }}</ref> Halderman and collaborators used it to track the [[Heartbleed|OpenSSL Heartbleed vulnerability]]<ref>{{cite book|last1=Durumeric|first1=Zakir|last2=Li|first2=Frank|last3=Kasten|first3=James|last4=Amann|first4=Johanna|last5=Beekman|first5=Jethro|last6=Payer|first6=Mathias|author-link6=Mathias Payer|last7=Weaver|first7=Nicolas|last8=Adrian|first8=David|last9=Paxson|first9=Vern|last10=Bailey|first10=Michael|last11=Halderman|first11=J. Alex|title=Proceedings of the 2014 Conference on Internet Measurement Conference |chapter=The Matter of Heartbleed |date=2014 |year=2014|pages=475–488 |doi=10.1145/2663716.2663755 |isbn=9781450332132 |s2cid=142767 |doi-access=free}}</ref> and raised the global rate of patching by 50% by warning the operators of unpatched web servers.<ref>{{cite web | first = Sean | last = Gallagher | website = Ars Technica | date = 2014-04-10 | title = Researchers find thousands of potential targets for Heartbleed OpenSSL bug | url = https://arstechnica.com/information-technology/2014/04/researchers-find-thousands-of-potential-targets-for-heartbleed-openssl-bug/ | access-date = 2019-06-10}}</ref> Their work won the Best Paper award at the ACM Internet Measurement Conference. In partnership with [[Google]], Halderman's research group used ZMap to study the security of [[Simple Mail Transfer Protocol|email delivery]],<ref>{{cite journal | title = Neither Snow nor Rain nor MITM: An Empirical Analysis of Email Delivery Security | first1=Zakir | last1=Durumeric | first2=David | last2=Adrian | first3=Ariana | last3=Mirian | first4=James | last4=Kasten | first5=Elie | last5=Bursztein | first6=Nicholas | last6=Lidzborski | first7=Kurt | last7=Thomas | first8=Vijay | last8=Eranti | first9=Michael | last9=Bailey | first10=J. Alex | last10=Halderman | journal=15th ACM Internet Measurement Conference | year=2015}}</ref> highlighting seven countries where more than 20% of inbound Gmail messages arrived unencrypted due to [[downgrade attack|network attackers]].<ref>{{cite web | website=Google Security Blog | title=New Research: Encouraging trends and emerging threats in email security | date=2015-11-12 | first1=Elie | last1=Bursztein | first2=Nicolas | last2=Lidzborski | url=https://security.googleblog.com/2015/11/new-research-encouraging-trends-and.html | access-date=2019-06-11}}</ref> To mitigate the problem, [[Gmail]] added an indicator to let users know when they receive a message that wasn't delivered using encryption, resulting in a 25% increase in inbound messages sent over an encrypted connection.<ref>{{cite web | title=More Encryption, More Notifications, More Email Security | website = Google Security Blog | first1=Nicolas |last1=Lidzborski |first2=Jonathan | last2=Pevarnek | url=https://security.googleblog.com/2016/03/more-encryption-more-notifications-more.html | date=2016-03-24 | access-date=2019-06-11}}</ref> Halderman and his collaborators were recognized with the 2015 [[Internet Research Task Force|IRTF]] Applied Networking Research Prize.


In order to accelerate the adoption of encryption by web servers, Halderman in 2012 partnered with [[Mozilla]] and the [[Electronic Frontier Foundation]] to found the [[Let's Encrypt|Let's Encrypt HTTPS certificate authority]]. Let's Encrypt provides [[public key certificate|HTTPS certificates]] at no cost through an automated protocol, significantly lowering the complexity of setting up and maintaining TLS encryption. Since its launch in 2016, Let's Encrypt has grown to protecting more than 150 million web sites.<ref>{{cite web | website = Let's Encrypt Blog | title = Looking Forward to 2019 | first=Josh | last=Aas | date=2018-12-31 | url=https://letsencrypt.org/2018/12/31/looking-forward-to-2019.html | access-date=2019-06-11}}</ref> Halderman and his students laid the foundation for the [[IETF]]-standard protocol that clients use to interface with the CA, the [[Automated Certificate Management Environment]].<ref>{{cite IETF |title=Automatic Certificate Management Environment (ACME) | rfc=8555 |last1=Barnes |first1=R. |last2=Hoffman-Andrews|first2=J. |first3= D. |last3 = McCarney|last4=Kasten |first4=J. |date=2019-03-12 |publisher=[[Internet Engineering Task Force|IETF]] |accessdate=2019-03-13}}</ref> He sits on the board of directors of the [[Internet Security Research Group]], the non-profit that operates Let's Encrypt.<ref>{{cite web | title=About Internet Security Research Group | website=Internet Security Research Group | url=https://www.abetterinternet.org/about/ | access-date=2019-06-11}}</ref> He is also a co-founder and chief scientist of Censys,<ref>{{cite web | title = About Us - Censys | url = https://censys.io/about | access-date=2019-06-09 }}</ref> a network security company that he says aims to "change the way security works by making it more quantitative, more precise, and more accurate."<ref>{{cite web | title = 2018 Tech Transfer Annual Report | website = University of Michigan | year = 2019 | url = https://techtransfer.umich.edu/wp-content/uploads/2019/05/fy2018-1.pdf | access-date=2019-06-10 }}</ref>
In order to accelerate the adoption of encryption by web servers, Halderman in 2012 partnered with [[Mozilla]] and the [[Electronic Frontier Foundation]] to found the [[Let's Encrypt|Let's Encrypt HTTPS certificate authority]]. Let's Encrypt provides [[public key certificate|HTTPS certificates]] at no cost through an automated protocol, significantly lowering the complexity of setting up and maintaining TLS encryption. Since its launch in 2016, Let's Encrypt has grown to protecting more than 150 million web sites.<ref>{{cite web | website = Let's Encrypt Blog | title = Looking Forward to 2019 | first=Josh | last=Aas | date=2018-12-31 | url=https://letsencrypt.org/2018/12/31/looking-forward-to-2019.html | access-date=2019-06-11}}</ref> Halderman and his students laid the foundation for the [[IETF]]-standard protocol that clients use to interface with the CA, the [[Automated Certificate Management Environment]].<ref>{{cite IETF |title=Automatic Certificate Management Environment (ACME) | rfc=8555 |last1=Barnes |first1=R. |last2=Hoffman-Andrews|first2=J. |first3= D. |last3 = McCarney|last4=Kasten |first4=J. |date=2019-03-12 |publisher=[[Internet Engineering Task Force|IETF]] |access-date=2019-03-13}}</ref> He sits on the board of directors of the [[Internet Security Research Group]], the non-profit that operates Let's Encrypt.<ref>{{cite web | title=About Internet Security Research Group | website=Internet Security Research Group | url=https://www.abetterinternet.org/about/ | access-date=2019-06-11}}</ref> He is also a co-founder and chief scientist of Censys,<ref>{{cite web | title = About Us - Censys | url = https://censys.io/about | access-date=2019-06-09 }}</ref> a network security company that he says aims to "change the way security works by making it more quantitative, more precise, and more accurate."<ref>{{cite web | title = 2018 Tech Transfer Annual Report | website = University of Michigan | year = 2019 | url = https://techtransfer.umich.edu/wp-content/uploads/2019/05/fy2018-1.pdf | access-date=2019-06-10 }}</ref>


In 2015, Halderman was part of a team of proponents that included, [[Steven M. Bellovin]], [[Matt Blaze]], [[Nadia Heninger]], and [[Andrea M. Matwyshyn]] who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.<ref>{{Cite web|title=Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention|url=https://cdn.loc.gov/copyright/1201/2015/registers-recommendation.pdf}}</ref>
In 2015, Halderman was part of a team of proponents that included [[Steven M. Bellovin]], [[Matt Blaze]], [[Nadia Heninger]], and [[Andrea M. Matwyshyn]] who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.<ref>{{Cite web|title=Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention|url=https://cdn.loc.gov/copyright/1201/2015/registers-recommendation.pdf}}</ref>


Halderman was awarded a [[Sloan Research Fellowship]] in 2015 by the [[Alfred P. Sloan Foundation]], and in 2019 he was named an Andrew Carnegie Fellow by the [[Carnegie Corporation of New York]].<ref>{{cite web|url=https://news.umich.edu/two-u-m-professors-awarded-carnegie-fellowships/| title=Two U-M professors awarded Carnegie Fellowships | date=2019-04-23| publisher=Michigan News| access-date=2019-06-09}}</ref> He was profiled in the November 2016 issue of ''[[Playboy]]''.<ref name="freiss2016">{{cite magazine |last=Friess |first=Steve |date=29 September 2016 |title=Technology Will Destroy Democracy Unless This Man Stops It |url=http://www.playboy.com/articles/technology-will-destroy-democracy |magazine=Playboy |access-date=24 November 2016 |archive-url=https://web.archive.org/web/20161125050650/http://www.playboy.com/articles/technology-will-destroy-democracy |archive-date=25 November 2016 |url-status=dead }}</ref>
Halderman was awarded a [[Sloan Research Fellowship]] in 2015 by the [[Alfred P. Sloan Foundation]], and in 2019 he was named an Andrew Carnegie Fellow by the [[Carnegie Corporation of New York]].<ref>{{cite web|url=https://news.umich.edu/two-u-m-professors-awarded-carnegie-fellowships/| title=Two U-M professors awarded Carnegie Fellowships | date=2019-04-23| publisher=Michigan News| access-date=2019-06-09}}</ref> He was profiled in the November 2016 issue of ''[[Playboy]]''.<ref name="freiss2016">{{cite magazine |last=Friess |first=Steve |date=29 September 2016 |title=Technology Will Destroy Democracy Unless This Man Stops It |url=http://www.playboy.com/articles/technology-will-destroy-democracy |magazine=Playboy |access-date=24 November 2016 |archive-url=https://web.archive.org/web/20161125050650/http://www.playboy.com/articles/technology-will-destroy-democracy |archive-date=25 November 2016 |url-status=dead }}</ref>


== Electronic voting ==
== Electronic voting ==
After the [[2016 United States presidential election]], computer scientists, including Halderman, urged the [[Hillary Clinton presidential campaign, 2016|Clinton campaign]] to request an [[election recount]] in Wisconsin, Michigan, and Pennsylvania (three swing states where [[Donald Trump|Trump]] had won narrowly, while Clinton won New Hampshire and Maine narrowly) for the purpose of excluding the possibility that the hacking of electronic voting machines had influenced the recorded outcome.<ref>{{Cite web|url=http://www.cnn.com/2016/11/22/politics/hillary-clinton-challenge-results/index.html|title=Computer scientists to Clinton campaign: Challenge election results|author=Dan Merica|website=CNN|access-date=2016-11-23}}</ref><ref>{{Cite news|url=https://www.nytimes.com/2016/11/23/us/politics/vote-count-hillary-clinton-trump.html|title=Hillary Clinton Supporters Call for Vote Recount in Battleground States|last1=Gabriel|first1=Trip|last2=Sanger|first2=David E.|date=2016-11-23|newspaper=The New York Times|access-date=2017-06-26}}</ref><ref>{{Cite web|url=https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba|title=Want to Know if the Election was Hacked? Look at the Ballots|last=Halderman|first=J. Alex|date=2016-11-24|website=Medium|access-date=2016-11-24}}</ref>
After the [[2016 United States presidential election]], computer scientists, including Halderman, urged the [[Hillary Clinton presidential campaign, 2016|Clinton campaign]] to request an [[election recount]] in Wisconsin, Michigan, and Pennsylvania (three swing states where [[Donald Trump|Trump]] had won narrowly, while Clinton won New Hampshire and Maine narrowly) for the purpose of excluding the possibility that the hacking of electronic [[voting machine]]s had influenced the recorded outcome.<ref>{{Cite web|url=http://www.cnn.com/2016/11/22/politics/hillary-clinton-challenge-results/index.html|title=Computer scientists to Clinton campaign: Challenge election results|author=Dan Merica|website=CNN|date=23 November 2016 |access-date=2016-11-23}}</ref><ref>{{Cite news|url=https://www.nytimes.com/2016/11/23/us/politics/vote-count-hillary-clinton-trump.html|title=Hillary Clinton Supporters Call for Vote Recount in Battleground States|last1=Gabriel|first1=Trip|last2=Sanger|first2=David E.|date=2016-11-23|newspaper=The New York Times|access-date=2017-06-26}}</ref><ref>{{Cite web|url=https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba|title=Want to Know if the Election was Hacked? Look at the Ballots|last=Halderman|first=J. Alex|date=2016-11-24|website=Medium|access-date=2016-11-24}}</ref>

On June 21, 2017, Halderman testified before the [[United States Senate Select Committee on Intelligence]].<ref>{{cite web |url=https://www.npr.org/2017/06/21/533666328/u-s-elections-systems-vulnerable-lawmakers-told-in-dueling-hearings |title=U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings |last=Naylor |first=Brian |date=2017-06-21 |publisher=National Public Radio |access-date=2017-06-26|quote=My conclusion is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyberattacks that could change votes. These realities risk making our election results more difficult for the American people to trust. I know America's voting machines are vulnerable because my colleagues and I have hacked them.}}</ref><ref>{{cite web|url=https://www.intelligence.senate.gov/hearings/open-hearing-russian-interference-2016-us-elections|title=Hearings &#124; Intelligence Committee | publisher=U.S. Senate | access-date=2017-06-26}}</ref><ref>{{cite web| url=https://www.intelligence.senate.gov/sites/default/files/documents/os-ahalderman-062117.pdf | title=Expert Testimony by J. Alex Halderman | date=2017-06-21|publisher=U.S. Senate |access-date=2017-06-26}}</ref> The hearing, titled "[[Russian interference in the 2016 United States elections|Russian Interference in the 2016 U.S. Election]]", focused on the federal government's role in safeguarding U.S. elections from outside interference. Halderman discussed his own research in computer science and cybersecurity. He discussed one instance where he tampered with a voting machine and [[Electoral fraud#Tampering with electronic voting systems|demonstrated the ability to change the outcome of an election]]. He also made three policy recommendations to safeguard U.S. elections: upgrading and replacing obsolete and vulnerable voting machines; consistently and routinely checking that American elections results are accurate; and applying cybersecurity best practices to the design of voting equipment and the management of elections. Halderman fielded questions from the Senators about his research and policy recommendations. At the end of the hearing, [[Richard Burr|Chairman Burr]] praised Halderman for his work and noted how important his research is.{{citation needed|date=November 2018}}


Following the [[2020 United States presidential election]], Halderman stated that a software glitch during the unofficial vote tally was not caused by fraud, but rather by human error,<ref>{{cite news |author=<!--Staff writer(s); no by-line.--> |date=November 10, 2020 |title=US election fact check: The voting dead? |url=https://www.dw.com/en/us-election-fact-check-the-voting-dead/a-55545125 |access-date=December 4, 2020}}</ref> and said the conspiracy theory that a supercomputer was used to switch votes from Trump to [[Joe Biden|Biden]] was "nonsense".<ref>{{cite web |url=https://www.factcheck.org/2020/11/bogus-theory-claims-supercomputer-switched-votes-in-election/ |title=Bogus Theory Claims Supercomputer Switched Votes in Election |last1=Fichera |first1=Angelo |last2=Spencer |first2=Saranac |date=November 13, 2020 |access-date=December 4, 2020 |quote=Likewise, J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, told us the conspiracy theory is “nonsense.”}}</ref>
On 21 June 2017, Halderman testified before the [[United States Senate Select Committee on Intelligence]].<ref>{{cite web |url=https://www.npr.org/2017/06/21/533666328/u-s-elections-systems-vulnerable-lawmakers-told-in-dueling-hearings |title=U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings |last=Naylor |first=Brian |date=2017-06-21 |publisher=National Public Radio |access-date=2017-06-26|quote=My conclusion is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyberattacks that could change votes. These realities risk making our election results more difficult for the American people to trust. I know America's voting machines are vulnerable because my colleagues and I have hacked them.}}</ref><ref>{{cite web|url=https://www.intelligence.senate.gov/hearings/open-hearing-russian-interference-2016-us-elections|title=Hearings &#124; Intelligence Committee | publisher=U.S. Senate | access-date=2017-06-26}}</ref><ref>{{cite web| url=https://www.intelligence.senate.gov/sites/default/files/documents/os-ahalderman-062117.pdf | title=Expert Testimony by J. Alex Halderman | date=2017-06-21|publisher=U.S. Senate |access-date=2017-06-26}}</ref> The hearing, titled "[[Russian interference in the 2016 United States elections|Russian Interference in the 2016 U.S. Election]]" focused on the federal government's role in safeguarding U.S. elections from outside interference. Halderman discussed his own research in computer science and cybersecurity. He discussed one instance where he tampered with a [[voting machine]] and [[Electoral_fraud#Tampering_with_electronic_voting_systems|demonstrated the ability to change the outcome of an election]]. He also made three policy recommendations to safeguard U.S. elections: upgrading and replacing obsolete and vulnerable voting machines; consistently and routinely checking that American elections results are accurate; and applying cybersecurity best practices to the design of voting equipment and the management of elections. Halderman fielded questions from the Senators about his research and policy recommendations. At the end of the hearing, [[Richard Burr|Chairman Burr]] praised Halderman for his work and noted how important his research is.{{citation needed|date=November 2018}}


His [[expert witness]] report on voting machine vulnerabilities was filed in a Georgia case [[under seal]], but is sought by litigants in another case and an [[election official]] in Louisiana.<ref>Kate Brumback. Associated Press. (January 13, 2022) "Fox News, Others Seek Access to Report on Voting Machines". [https://www.usnews.com/news/politics/articles/2022-01-13/fox-news-others-seek-access-to-report-on-voting-machines USNews website] Retrieved March 12, 2022.</ref>
Following the [[2020 United States presidential election]], Halderman stated that a software glitch during the unofficial vote tally was not caused by fraud, but rather by human error,<ref>{{cite news |author=<!--Staff writer(s); no by-line.--> |date=November 10, 2020 |title=US election fact check: The voting dead? |url=https://www.dw.com/en/us-election-fact-check-the-voting-dead/a-55545125 |access-date=December 4, 2020}}</ref> and said the conspiracy theory that a supercomputer was used to switch votes from Trump to [[Joe Biden|Biden]] was "nonsense".<ref> {{cite web |url=https://www.factcheck.org/2020/11/bogus-theory-claims-supercomputer-switched-votes-in-election/ |title=Bogus Theory Claims Supercomputer Switched Votes in Election |last=Fichera |first=Angelo |last2=Spencer |first2=Saranac |date=November 13, 2020 |access-date=December 4, 2020 |quote=Likewise, J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, told us the conspiracy theory is “nonsense.”}}</ref>


In 2022, CISA issued the advisory "Vulnerabilities Affecting Dominion Voting Systems ImageCast X" based on research by Halderman.<ref>{{Cite web|url=https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01|title=Vulnerabilities Affecting Dominion Voting Systems ImageCast X &#124; CISA|website=www.cisa.gov|date=3 June 2022 }}</ref>
The subject's [[Expert witness|expert witness]] report on voting machine vulnerabilities was filed in a Georgia case [[Under seal|under sealed]], but is sought by litigants in another case and an [[Election official|election official]] in Louisiana.<ref>Kate Brumback. Associated Press. (13 January 2022) "Fox News, Others Seek Access to Report on Voting Machines". [https://www.usnews.com/news/politics/articles/2022-01-13/fox-news-others-seek-access-to-report-on-voting-machines USNews website] Retrieved 12 March 2022.</ref>


==References==
==References==

Latest revision as of 22:50, 19 November 2024

John Alexander Halderman
Bornc. January 1981 (age 43–44)
Pennsylvania, United States
Alma materPrinceton University
Known for2016 United States presidential election recounts
AwardsSloan Research Fellowship, Pwnie Award
Scientific career
FieldsComputer science
InstitutionsUniversity of Michigan
ThesisInvestigating security failures and their causes: An analytic approach to computer security (2009)
Doctoral advisorEdward Felten
Websitejhalderm.com Edit this at Wikidata

John Alexander Halderman[1] (born c. January 1981) is an American computer scientist. He currently serves as a professor of computer science and engineering at the University of Michigan, as well as being the director of the Center for Computer Security and Society at Michigan Engineering. His research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy.

Education

[edit]

From Princeton University, Halderman received a Bachelor of Arts summa cum laude in June 2003, a Master of Arts in June 2005, and a Doctor of Philosophy in June 2009, all in computer science.[2]

Career and research

[edit]

As a student at Princeton, Halderman played a significant role in exposing flaws in digital rights management (DRM) software used on compact discs. In 2004, he discovered that a DRM system called MediaMax CD-3 could be bypassed simply by holding down the shift key while inserting a CD.[citation needed] The company behind the system briefly threatened him with a $10 million lawsuit, landing him on the front page of USA Today.[3] Later, in 2005, he helped show that a DRM system called Extended Copy Protection functioned identically to a rootkit and weakened the security of computers in which audio CDs were played.[citation needed] The ensuing Sony BMG copy protection rootkit scandal led to the recall of millions of CDs, class action lawsuits, and enforcement action by the U.S. Federal Trade Commission.[citation needed]

In 2008, Halderman led the team that discovered the cold boot attack against disk encryption, which allows an attacker with physical access to a computer device to extract encryption keys or other secrets from its memory. The technique, which was initially effective against nearly every full-disk encryption product on the market, exploits DRAM data remanence to retrieve memory contents even after the device has been briefly powered off.[4] One version of the technique involves cooling DRAM modules with freeze spray to slow data decay, then removing them from the computer and reading them in an external device. It has become an important part of computer forensics practice and has also inspired a wide variety of defensive research, such as leakage-resilient cryptography and hardware implementations of encrypted RAM. For their work developing the attack, Halderman and his coauthors received the Pwnie Award for Most Innovative Research and the Best Student Paper Award from the USENIX Security Symposium.

At the University of Michigan, Halderman and coauthors performed some of the first comprehensive studies of Internet censorship in China[5] and in Iran,[6] and of underground "street networks" in Cuba.[7] In 2009, he led a team that uncovered security problems and copyright infringement in client-side censorship software mandated by the Chinese government.[8] The findings helped catalyze popular protest against the program, leading China to reverse its policy requiring its installation on new PCs. In 2011, Halderman and his students invented Telex, a new approach to circumventing Internet censorship, partially by placing anticensorship technology into core network infrastructure outside the censoring country. With support from the United States Department of State, which called the technique a "generational jump forward" in censorship resistance,[9] Halderman led a multi-institutional collaboration that further developed the technology and deployed it at ISP-scale under the name Refraction Networking.[10] In 2015, United States Ambassador to the United Nations Samantha Power brought him to New York to demonstrate the technology at a meeting alongside the General Assembly.[9]

In 2012, Halderman and coauthors discovered serious flaws in random number generators that weakened the public-key cryptography used for HTTPS and SSH servers in millions of Internet of things devices. They disclosed vulnerabilities to 60 device manufacturers and spurred changes to the Linux kernel.[11] Their work received the Best Paper Award at the USENIX Security Symposium and was named one of the notable computing articles of the year by ACM Computing Reviews.[12] Halderman played a significant role in fixing several major vulnerabilities in the TLS protocol. He was a co-discoverer of the Logjam[13] and DROWN[14] attacks, and conducted the first impact assessment of the FREAK attack.[15] The three flaws compromised the security of tens of millions of HTTPS websites and resulted in changes to HTTPS server software, web browsers, and the TLS protocol. Since they worked by exploiting remnants of ways in which older versions of the protocol had been deliberately weakened due to 1990s-era restrictions on the export of cryptography from the United States,[16] they carried lessons for the ongoing public policy debate about cryptographic back doors for law enforcement.[17]

Halderman's Logjam work also provided a plausible explanation for a major question raised by the Edward Snowden revelations: how the National Security Agency could be decoding large volumes of encrypted network traffic. By extrapolating their results to the resources of a major government, the researchers concluded that nation-state attackers could plausibly break 1,024-bit Diffie-Hellman key exchange using a purpose-built supercomputer.[18] For a cost on the order of a hundred million dollars, an intelligence agency could break the cryptography used by about two-thirds of all virtual private networks.[19] Snowden publicly responded that he shared the researchers suspicions and blamed the U.S. government for failing to close a vulnerability that left so many people at risk.[20] The work received the 2015 Pwnie Award for Most Innovative Research and was named Best Paper at the ACM Conference on Computer and Communications Security.

In 2013, Halderman and his graduate students created ZMap, a free and open-source security scanning tool designed for information security research.[21] By making efficient use of network bandwidth, ZMap can scan the Internet's entire IPv4 address space in under an hour, allowing researchers to quantify vulnerable systems, track the adoption of security patches, and even measure the impact of natural disasters that disrupt Internet access.[22] Halderman and collaborators used it to track the OpenSSL Heartbleed vulnerability[23] and raised the global rate of patching by 50% by warning the operators of unpatched web servers.[24] Their work won the Best Paper award at the ACM Internet Measurement Conference. In partnership with Google, Halderman's research group used ZMap to study the security of email delivery,[25] highlighting seven countries where more than 20% of inbound Gmail messages arrived unencrypted due to network attackers.[26] To mitigate the problem, Gmail added an indicator to let users know when they receive a message that wasn't delivered using encryption, resulting in a 25% increase in inbound messages sent over an encrypted connection.[27] Halderman and his collaborators were recognized with the 2015 IRTF Applied Networking Research Prize.

In order to accelerate the adoption of encryption by web servers, Halderman in 2012 partnered with Mozilla and the Electronic Frontier Foundation to found the Let's Encrypt HTTPS certificate authority. Let's Encrypt provides HTTPS certificates at no cost through an automated protocol, significantly lowering the complexity of setting up and maintaining TLS encryption. Since its launch in 2016, Let's Encrypt has grown to protecting more than 150 million web sites.[28] Halderman and his students laid the foundation for the IETF-standard protocol that clients use to interface with the CA, the Automated Certificate Management Environment.[29] He sits on the board of directors of the Internet Security Research Group, the non-profit that operates Let's Encrypt.[30] He is also a co-founder and chief scientist of Censys,[31] a network security company that he says aims to "change the way security works by making it more quantitative, more precise, and more accurate."[32]

In 2015, Halderman was part of a team of proponents that included Steven M. Bellovin, Matt Blaze, Nadia Heninger, and Andrea M. Matwyshyn who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.[33]

Halderman was awarded a Sloan Research Fellowship in 2015 by the Alfred P. Sloan Foundation, and in 2019 he was named an Andrew Carnegie Fellow by the Carnegie Corporation of New York.[34] He was profiled in the November 2016 issue of Playboy.[9]

Electronic voting

[edit]

After the 2016 United States presidential election, computer scientists, including Halderman, urged the Clinton campaign to request an election recount in Wisconsin, Michigan, and Pennsylvania (three swing states where Trump had won narrowly, while Clinton won New Hampshire and Maine narrowly) for the purpose of excluding the possibility that the hacking of electronic voting machines had influenced the recorded outcome.[35][36][37]

On June 21, 2017, Halderman testified before the United States Senate Select Committee on Intelligence.[38][39][40] The hearing, titled "Russian Interference in the 2016 U.S. Election", focused on the federal government's role in safeguarding U.S. elections from outside interference. Halderman discussed his own research in computer science and cybersecurity. He discussed one instance where he tampered with a voting machine and demonstrated the ability to change the outcome of an election. He also made three policy recommendations to safeguard U.S. elections: upgrading and replacing obsolete and vulnerable voting machines; consistently and routinely checking that American elections results are accurate; and applying cybersecurity best practices to the design of voting equipment and the management of elections. Halderman fielded questions from the Senators about his research and policy recommendations. At the end of the hearing, Chairman Burr praised Halderman for his work and noted how important his research is.[citation needed]

Following the 2020 United States presidential election, Halderman stated that a software glitch during the unofficial vote tally was not caused by fraud, but rather by human error,[41] and said the conspiracy theory that a supercomputer was used to switch votes from Trump to Biden was "nonsense".[42]

His expert witness report on voting machine vulnerabilities was filed in a Georgia case under seal, but is sought by litigants in another case and an election official in Louisiana.[43]

In 2022, CISA issued the advisory "Vulnerabilities Affecting Dominion Voting Systems ImageCast X" based on research by Halderman.[44]

References

[edit]
  1. ^ "Investigating security failures and their causes: An analytic approach to computer security - ProQuest". www.proquest.com. Retrieved 2024-11-19.
  2. ^ "J. Alex Halderman". jhalderm.com. Retrieved 2022-05-08.
  3. ^ Noden, Merrell (2006-03-22). "Who's Afraid of Alex Halderman '03?". Princeton Alumni Weekly. Retrieved 2019-06-09.
  4. ^ Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W. (2009). "Lest we remember: cold-boot attacks on encryption keys" (PDF). Communications of the ACM. 52 (5): 91–98. doi:10.1145/1506409.1506429. ISSN 0001-0782. S2CID 7770695.
  5. ^ Xu, Xueyang; Mao, Z. Morley; Halderman, J. Alex (2011). "Internet Censorship in China: Where Does the Filtering Occur?" (PDF). Passive and Active Measurement. Lecture Notes in Computer Science. 6579. Springer: 133–142. Bibcode:2011LNCS.6579..133X. doi:10.1007/978-3-642-19260-9_14. ISBN 978-3-642-19259-3.
  6. ^ Aryan, Simurgh; Aryan, Homa; Halderman, J. Alex (2013). "Internet Censorship in Iran: A First Look" (PDF). Third USENIX Workshop on Free and Open Communications on the Internet (FOCI).
  7. ^ Pujol, Eduardo; Scott, Will; Wustrow, Eric; Halderman, J. Alex (2017). "Initial Measurements of the Cuban Street Network" (PDF). ACM Internet Measurement Conference.
  8. ^ Wolchok, Scott; Yao, Randy; Halderman, J. Alex (2009-06-18). "Analysis of the Green Dam Censorware System". Retrieved 2019-06-09.
  9. ^ a b c Friess, Steve (29 September 2016). "Technology Will Destroy Democracy Unless This Man Stops It". Playboy. Archived from the original on 25 November 2016. Retrieved 24 November 2016.
  10. ^ Frolov, Sergey; Douglas, Fred; Scott, Will; McDonald, Allison; VanderSloot, Benjamin; Hynes, Rod; Kruger, Adam; Kallitsis, Michalis; Robinson, David G.; Borisov, Nikita; Halderman, J. Alex; Wustrow, Eric (2017). "An ISP-Scale Deployment of TapDance" (PDF). 7th USENIX Workshop on Free and Open Communications on the Internet.
  11. ^ Heninger, Nadia; Durumeric, Zakir; Wustrow, Eric; Halderman, J. Alex (2012). "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices" (PDF). 21st USENIX Security Symposium.
  12. ^ Condon, Angela. "Notable Computing Books and Articles of 2012". ACM Computing Reviews.
  13. ^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (2019). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF). Communications of the ACM. 61 (1): 106–114. doi:10.1145/3292035. S2CID 56894427.
  14. ^ Aviram, Nimrod; Schinzel, Sebastian; Somorovsky, Juraj; Heninger, Nadia; Dankel, Maik; Steube, Jens; Valenta, Luke; Adrian, David; Halderman, J. Alex; Dukhovni, Viktor; Käsper, Emilia; Cohney, Shaanan; Engels, Susanne; Paar, Christof; Shavitt, Yuval (2016). "DROWN: Breaking TLS using SSLv2" (PDF). 25th USENIX Security Symposium.
  15. ^ "The FREAK Attack". 2015-03-03. Retrieved 2019-06-10.
  16. ^ "What factors contributed to DROWN?". The DROWN Attack. 2016.
  17. ^ Goodin, Dan (2016-03-01). "More than 11 million HTTPS websites imperiled by new decryption attack". Ars Technica. Retrieved 2019-06-10.
  18. ^ Milgrom, Randy (2017). "Courage to Resist: The High-Stakes Adventures of J. Alex Halderman". The Michigan Engineer.
  19. ^ Halderman, J. Alex; Heninger, Nadia (2015-10-14). "How is NSA breaking so much crypto?". Freedom-to-Tinker. Retrieved 2019-06-10.
  20. ^ Guthrie Weissman, Cale (2015-05-21). "Edward Snowden weighs in on the huge internet vulnerability that could have helped the US spy on citizens". Business Insider. Retrieved 2019-06-10.
  21. ^ Durumeric, Zakir; Wustrow, Eric; Halderman, J. Alex (2013). "ZMap: Fast Internet-Wide Scanning and its Security Applications" (PDF). 22nd USENIX Security Symposium.
  22. ^ Lee, Timothy B. (2013-08-13). "Here's what you find when you scan the entire Internet in an hour". The Washington Post. Retrieved 2019-06-11.
  23. ^ Durumeric, Zakir; Li, Frank; Kasten, James; Amann, Johanna; Beekman, Jethro; Payer, Mathias; Weaver, Nicolas; Adrian, David; Paxson, Vern; Bailey, Michael; Halderman, J. Alex (2014). "The Matter of Heartbleed". Proceedings of the 2014 Conference on Internet Measurement Conference. pp. 475–488. doi:10.1145/2663716.2663755. ISBN 9781450332132. S2CID 142767.{{cite book}}: CS1 maint: date and year (link)
  24. ^ Gallagher, Sean (2014-04-10). "Researchers find thousands of potential targets for Heartbleed OpenSSL bug". Ars Technica. Retrieved 2019-06-10.
  25. ^ Durumeric, Zakir; Adrian, David; Mirian, Ariana; Kasten, James; Bursztein, Elie; Lidzborski, Nicholas; Thomas, Kurt; Eranti, Vijay; Bailey, Michael; Halderman, J. Alex (2015). "Neither Snow nor Rain nor MITM: An Empirical Analysis of Email Delivery Security". 15th ACM Internet Measurement Conference.
  26. ^ Bursztein, Elie; Lidzborski, Nicolas (2015-11-12). "New Research: Encouraging trends and emerging threats in email security". Google Security Blog. Retrieved 2019-06-11.
  27. ^ Lidzborski, Nicolas; Pevarnek, Jonathan (2016-03-24). "More Encryption, More Notifications, More Email Security". Google Security Blog. Retrieved 2019-06-11.
  28. ^ Aas, Josh (2018-12-31). "Looking Forward to 2019". Let's Encrypt Blog. Retrieved 2019-06-11.
  29. ^ Barnes, R.; Hoffman-Andrews, J.; McCarney, D.; Kasten, J. (2019-03-12). Automatic Certificate Management Environment (ACME). IETF. doi:10.17487/RFC8555. RFC 8555. Retrieved 2019-03-13.
  30. ^ "About Internet Security Research Group". Internet Security Research Group. Retrieved 2019-06-11.
  31. ^ "About Us - Censys". Retrieved 2019-06-09.
  32. ^ "2018 Tech Transfer Annual Report" (PDF). University of Michigan. 2019. Retrieved 2019-06-10.
  33. ^ "Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention" (PDF).
  34. ^ "Two U-M professors awarded Carnegie Fellowships". Michigan News. 2019-04-23. Retrieved 2019-06-09.
  35. ^ Dan Merica (23 November 2016). "Computer scientists to Clinton campaign: Challenge election results". CNN. Retrieved 2016-11-23.
  36. ^ Gabriel, Trip; Sanger, David E. (2016-11-23). "Hillary Clinton Supporters Call for Vote Recount in Battleground States". The New York Times. Retrieved 2017-06-26.
  37. ^ Halderman, J. Alex (2016-11-24). "Want to Know if the Election was Hacked? Look at the Ballots". Medium. Retrieved 2016-11-24.
  38. ^ Naylor, Brian (2017-06-21). "U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings". National Public Radio. Retrieved 2017-06-26. My conclusion is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyberattacks that could change votes. These realities risk making our election results more difficult for the American people to trust. I know America's voting machines are vulnerable because my colleagues and I have hacked them.
  39. ^ "Hearings | Intelligence Committee". U.S. Senate. Retrieved 2017-06-26.
  40. ^ "Expert Testimony by J. Alex Halderman" (PDF). U.S. Senate. 2017-06-21. Retrieved 2017-06-26.
  41. ^ "US election fact check: The voting dead?". November 10, 2020. Retrieved December 4, 2020.
  42. ^ Fichera, Angelo; Spencer, Saranac (November 13, 2020). "Bogus Theory Claims Supercomputer Switched Votes in Election". Retrieved December 4, 2020. Likewise, J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, told us the conspiracy theory is "nonsense."
  43. ^ Kate Brumback. Associated Press. (January 13, 2022) "Fox News, Others Seek Access to Report on Voting Machines". USNews website Retrieved March 12, 2022.
  44. ^ "Vulnerabilities Affecting Dominion Voting Systems ImageCast X | CISA". www.cisa.gov. 3 June 2022.
[edit]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=J._Alex_Halderman&oldid=1258471949"