Cheriton School of Computer Science Professor N. Asokan has been named a 2023 Fellow of the Royal Society of Canada, the highest national honour a researcher in the arts and humanities, social sciences, and sciences can achieve. He is one of five researchers at the University of Waterloo and among the 101 individuals across Canada to be honoured this year by the Royal Society of Canada for their outstanding scholarly, artistic and scientific achievements.
“Congratulations to my colleague N. Asokan on becoming a Fellow of the Royal Society of Canada,” said Raouf Boutaba, Professor and Director of the Cheriton School of Computer Science. “He is an internationally respected leader in industry and academia with highly impactful contributions to security research, most notably his work on secure pairing protocols and his work on trusted execution environments.”
About Professor Asokan’s research
Over his career, Professor Asokan has made many significant and lasting contributions to network and systems security. Of particular note are the following contributions that have not only shaped academic research but also influenced industry practice —
- opening new research lines on optimistic fair exchange protocols
- designing trusted device pairing protocols that are used by every Bluetooth device today
- pioneering mobile trusted computing technologies, as well as providing leadership to introduce them to mobile device software developers
- identifying and helping to mitigate a man-in-the-middle attack in many Internet protocols
- showing how AI can improve the security of Internet-of-Things devices
- demonstrating security and privacy concerns in AI-based systems and designing techniques to mitigate them
Professor Asokan was named a Fellow of the Institute of Electrical and Electronics Engineers in 2017 and a Fellow of the Association for Computing Machinery in 2019. The ACM Special Interest Group on Security, Audit and Control, the leading technical society for security and privacy, selected him for the 2018 ACM SIGSAC Outstanding Innovation Award. This honour is awarded annually to individuals whose technical contributions have had lasting impact in furthering or understanding the theory and development of secure systems. Indeed, in the citation, ACM SIGSAC states that the award was conferred for pioneering research on fair-exchange protocols, trusted device pairing, and mobile trusted execution environments that has had widespread impact and led to large-scale deployment.
In his doctoral dissertation and the publications leading up to it, Professor Asokan explored the problem of fair exchange. This research explored how two mutually distrustful parties perform an exchange over an insecure network like the Internet such that each party gets what it wants or that neither does. Professor Asokan pioneered the notion of optimistic fair exchange protocols designed to optimize for the common case where both parties are honest and want to complete the exchange. A generally off-line trusted third party is engaged to restore fairness if and only if one party misbehaves.
This work had a significant impact in the research community. Four papers based on Professor Asokan’s dissertation appeared in top computer science venues — the ACM Conference on Computer and Communications Security, the IEEE Symposium on Security and Privacy, Eurocrypt, and the IEEE Journal on Selected Areas in Communications. Professor Asokan’s protocols were also implemented by IBM Research. Optimistic fair exchange became a new line of research, spurring subsequent research work ranging from theoretical impossibility results to improvements of optimistic fair exchange protocols themselves. Recent technologies such as cryptocurrencies have reignited the need for and interest in fair exchange protocols, and interest in optimistic fair exchange continues to this day.
Professor Asokan’s work on analyzing security of communication protocols and designing more secure protocols permeated his career subsequently. Two examples stand out.
The first is his work on trusted device pairing protocols, the process of setting up the initial secure channel between two previously unfamiliar devices, such that attackers cannot eavesdrop on or interfere with what is being communicated. Trusted device pairing is particularly challenging when devices are paired — for example, a Bluetooth headset with a mobile phone, or a tablet onto a home Wi-Fi network — by people who are not technologically savvy. The key challenge is designing mechanisms that are easy and intuitive to use while providing sufficient security. Professor Asokan co-designed a secure pairing protocol that was incorporated into the Bluetooth standard specifications for the Secure Simple Pairing protocol. This protocol implementation is now present in billions of devices, from wireless earbuds to smartphones to tablets to personal computers, and more. Professor Asokan’s paper on this topic appeared at the IEEE Symposium on Security and Privacy, a top security conference, and has led to significant follow-up research.
The second example arose from his observation that the worldwide mobile phone infrastructure is a powerful resource that can be used for global-scale authentication of users for services beyond phone calls and text messages. This research led to Generic Authentication Architecture, which is now part of the Third Generation Partnership Project specification that standardizes mobile phone communications worldwide. Professor Asokan co-authored a book on Generic Authentication Architecture. This work also identified a recurring problem in many settings, whereby incorrectly composing two security protocols leads to a so-called man-in-the-middle attack that allows attackers to interpose themselves between two communicating parties and impersonate one to the other. This work strongly influenced both research and practice, including several standard specifications by the Internet Engineering Task Force that governs Internet communication protocols. The impact of this work was felt many years later, including a 2012 Internet Engineering Task Force standard titled “The Network Endpoint Assessment (NEA) Asokan Attack Analysis.”
In the past two decades, Professor Asokan’s work on trusted computing, especially the use of hardware assistance to secure software, had tremendous impact. With his colleagues at Nokia, the world’s largest mobile phone manufacturer at the time, he pioneered the mobile trusted execution environment technology. This technology allows computing platforms such as smartphones and tablets to protect confidential data and conduct sensitive computation along with, yet isolated from, the operating system and applications. Today, trusted execution environments allow people to perform sensitive operations such as touch payments with their smartphones without worrying about malware intercepting or interfering with these payments. Trusted execution environments are now deployed globally, used widely, and remain a vibrant research topic. Professor Asokan co-authored the first seminal research publications on trusted execution environments almost 15 years ago, long before it became a popular research topic. Since then, he co-authored many widely cited research papers along with two books on mobile trusted computing — Hardware Platform Security for Mobile Devices by Now Publishers in 2022 and Mobile Platform Security by Morgan & Claypool in 2014.
Professor Asokan’s more recent work focuses on the interplay between security and privacy and artificial intelligence techniques. His work on the use of AI for securing Internet-of-Things settings led to significant follow-up research. One such example is his research on discovering vulnerable smart devices in smart home networks, which won the best demo award at the IEEE International Conference on Distributed Computing Systems, a top distributed systems conference.
Finally is Professor Asokan’s significant research on model extraction attacks. Such attacks occur when a malicious client of an AI service provider clones the AI model to undercut the service provider’s business. His work was instrumental in demonstrating that model extraction is a real threat, and his first paper on the subject has had more than 350 citations to date. Notably, the techniques developed in his research group to mitigate model extraction attacks were adopted by industry partner Intel, which then integrated it into the version 1.5 release of OpenFL, an open-source implementation for federated learning.
Fellows of the Royal Society of Canada at the Cheriton School of Computer Science
Professor Asokan is the ninth faculty member at the Cheriton School of Computer Science to be named a Fellow of the Royal Society of Canada. Past recipients are Raouf Boutaba, Richard Cleve, J. Alan George, Srinivasan Keshav, Ming Li, J. Ian Munro, M. Tamer Özsu, and Douglas Stinson.
About the Royal Society of Canada
Founded in 1882, the Royal Society of Canada comprises the Academies of Arts, Humanities and Sciences, and The College of New Scholars, Artists and Scientists. Recognition by the Royal Society of Canada is the highest honour an individual can achieve in the arts, social sciences and sciences.