08 October 2012

Where I've gone off to

For those of you back at my university, you may have noticed I'm not there this semester.

Google's 2012 FEP team

I spent this past summer at Google, Inc, developing internal tools for the AdSense team, specifically Google Programmable Ads. Being at Google was great; I loved my team and my intern cohort, the rest of the interns in the Freshman Engineering Practicum.

I'm not currently at Google; my internship ended at the beginning of August. Although it was a blast, all good things must come to an end.

I'm not at Mason, either. I was super excited to return to university, and was just about to buy my books and get ready to move in when I got an email from a former coworker at Ksplice, a startup Oracle acquired while I interned there last year. He was starting a new company which would focus on business communications. I'd be working with a bunch of my former coworkers, and based on what I had heard of the company's plans I was confident in their ability to make an awesome product.

Needless to say, when they decided to offer me a position working there full time, I jumped on it.

From an academic point of view, Mason didn't really have much of a mechanism to support this. Co-ops are uncommon there, and not really supported for more than one semester; a full year away had never been done, according to our career services. My department was fully supportive, however, so we managed to find a way to make it work. This involved filling out some oddly-named forms, such as Special Registration for Graduation Request, which the registrar asserted was the right form, trust us on this one.

Myself and Obey Arthur Liu
at a SIPB hackathon
But that's all neither here nor there. I'm now up in Cambridge, MA, working with awesome people (including but not limited to tabbott, wdaherjesstess, and keegan), and exploring the city. I'm hanging out with MIT SIPB, helping with the maintenance of Sugar Labs' servers in E15 and spending more time working on various open source projects.

To my friends at Mason: I miss you all. I know regardless of how the next year+ turns out, it'll be one one hell of a ride.

16 April 2012

AMPED Status Update

This semester, I created an Android application which processes approval of transactions on the internet in conjunction with a web interface. I walked through the AMPED web interface and server code with my faculty mentor, and we conducted a security analysis of the protocol used in the project. The end result is an application which can be used to handle arbitrary authentication requests, as generated by a server. It performs secure authentication of these requests, and cryptographically signs approved transactions as per the initial proposal. I also produced a reusable Java library which can be incorporated in other projects.
Source code for all parts of the project are available on the web. The code has been released under the GNU General Public License, which allows for free use, modification, and redistribution under certain terms.

The application is static, and programmatic provisioning for, say, wide deployment, isn’t possible at the present time. In future research I would like to investigate mechanisms for securely provisioning new devices so that we could limit dependence on a secure channel for initial communication, while maintaining the non-repudiation capabilities of AMPED. For example, some combination of a QR code (for an initial shared secret) and a device’s cellular radio could be used to ensure a secure key exchange. After receiving a shared secret, the device would then generate a secret key and transfer the public portion to the server, using the shared secret as an ephemeral key for this purpose. This is similar to what’s used in Google Authenticator, but GA requires both the server and the client be able to generate valid authentication tokens, preventing non-repudiation.

Integrating AMPED into existing software systems would also be potentially fruitful, as this would allow us to see how the project would function under normal usage conditions. To this end, Dr. Simon has expressed interest in the possibility of using a future iteration of AMPED in the administration of wireless sensor networks.

AMPED was developed with funding from the George Mason University Office of Student Scholarship’s Spring 2012 research grant programme, URSP.