Ian Goldberg

Useful security and privacy

Ian Goldberg
Ian Goldberg’s main research theme is useful security and privacy. “The idea is to make technologies that actually improve people’s lives,” explains Ian. “By applying four principles,* we can design technologies that will have a positive impact.”

Two of Ian’s projects are Off-the-Record (OTR) Messaging and improving the Tor Network. OTR extends instant messaging protocols for conversation privacy and information security. OTR conversations are encrypted, authenticated and have perfect forward secrecy – previous conversations are protected if private keys are accessed. They also use deniable authentication – your Instant Messaging (IM) buddy knows you’re the one communicating, but is unable to prove it to anyone else.

Tor is a system that prevents traffic analysis of Internet usage – the collection of your Internet Protocol (IP) address, location and browsing patterns. Traffic data can be used to tailor information or pricing based on information gathered about you. “You’re leaving trails of personal information which collectively form a dossier about you and your online activities. It’s personal and private information,” notes Ian. “Using Tor allows you to control who gets access to the information – you become another anonymous web surfer.”

Tor transmits information over the Internet via a network of randomly selected intermediate sites, hiding activity data while you browse, publish or use other Transmission Control Protocol (TCP)-protocol based applications. Ian’s work helps improve Tor’s performance, encouraging people to use Tor more often.

Ian also creates protocols for location and database privacy. He is part of the Cryptography, Security, and Privacy (CrySP) Research Group. “Our goal is to help you keep the benefits of new technologies while at the same time protecting you,” Ian comments.

University of Waterloo Mathematics, Annual Report 2006

* Four principles of useful security and privacy technologies:

  • Usability - it's easy to use and runs without negatively affecting performance.

  • Deployabilitity - users can obtain the program and it intergrates into a system without repairing Operating System (OS)/program changes.

  • Effectiveness - it does what is says it will do and it is well designed.

  • Robustness - it anticipates the unexpected; how, when, where it is used or attacked. And it fails gracefully, with minimal damage or loss.