Federal Trade Commission


Dear Sirs/Madams:

I am nominating myself for service on the "Advisory Committee on Online Access and Security".

I started my technical career at Bell Laboratories as a system administrator and systems programmer. Systems I built for secure administration of groups of machines are described in the technical literature, e.g., [15] in the attached resume. My academic research has often provided new solutions for securing networked systems, and includes Internet and Web technologies.

I have analyzed, designed and implemented a variety of security technologies with applications to privacy, and have several patents on software and hardware systems. Cryptographic software I have implemented has been published [16]. In the attached CV I have included a selected list of my publications in this area. I have served, and continue to serve, in a consulting role to several companies on security topics, such as the design of a single-chip firewall for IP networks.

I believe that my contribution to the committee would be using my engineering experience in evaluating technical feasibility and costs for implementing and operating various security and privacy methods.

Jonathan M. Smith
CIS, University of Penn
200 South 33rd St.
Philadelphia, PA 19104-6389

Jonathan M. Smith - Curriculum Vitae

Research Areas:

Advanced Computer Communications Networks, Secure Distributed Computing Systems.

Positions Held:

9/89 to present - Department of Computer and Information Science, University of Pennsylvania, Professor (with tenure; Assistant Professor 9/89-6/95, Associate Professor 7/95-6/99).

1/84 to 9/89 - Member of the Technical Staff, Bell Communications Research. Computer Technology Transfer and Small-System Computing Technology Departments. Completed Ph.D. using several 8 month leaves of absence.

9/81 to 1/84 - Member of the Technical Staff, Bell Telephone Laboratories. UNIX Computing Technology Department. M.S. under `One Year on Campus' program.

Professional Service:

NSF CISE Advisory Committee (1999-2001).

National Research Council Committee on Future Technologies for Army Multimedia Communication (1994-1995)

ACM SIGCOMM Conference Program Committee, Member 1990-1995, 1998 (co-chair), 1999.

Consulting Activities:

Chief R&D Consultant, iPrivacy, LLC, New York, NY (1999-); Technical Expert Witness for Communications R&D Organizations (anonymity required) (1992-1995,1998-); IBM Research, Hawthorne, NY (1992-4); Canadian Imperial Bank of Commerce, New York, NY; Telefon Ericsson AB (1997-1998); MUSIC Semi-conductors, Hackettstown, NJ (1996- ); Bell Communications Research, Morristown, NJ (1996-1997).

Professional Memberships:

Institute of Electrical and Electronics Engineers (Senior Member); Association for Computing Machinery (ACM); Sigma Xi.

Education:Ph.D. (Computer Science), 1989, Columbia University, NY, NY; A.B. (Mathematics), 1981, Boston College, Chestnut Hill, MA.

Selected Publications on Security/Privacy Topics:

[1] Ilija Hadzic, Sanjay K. Udani, and Jonathan M. Smith, "Hardware Viruses," in Field Programmable Logic 1999, Springer-Verlag, Edinburgh, UK (1999), pp. 291-300.

[2] D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith, "Safety and Security of Programmable Network Infrastructures," IEEE Communications Magazine, Vol. 36(10), pp. 84-92 (October 1998).

[3] D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith, "Security in Active Networks," in Secure Internet Programming: Security Issues for Mobile and Distributed Objects, ed. Jan Vitek and Christian Jensen, Springer-Verlag (1999), pp. 433-451.

[4] William A. Arbaugh, James R. Davin, David J. Farber, and Jonathan M. Smith, "Security for Virtual Private Intranets," IEEE Computer (Special Issue on Broadband Networking Security), Vol. 31(9), pp. 48-55, Cover Feature (September 1998).

[5] D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith, "A Secure Active Network Environment Architecture: Realization in SwitchWare," IEEE Network Magazine, special issue on Active and Programmable Networks, Vol. 12(3), pp. 37-45 (May/June 1998).

[6] William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith, "DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols," in IEEE GLOBECOM 98, Sydney, AU (November 1998), pp. 59-65.

[7] W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith, "Automated Recovery in a Secure Bootstrap Process," in Internet Society 1998 Symposium on Network and Distributed System Security, San Diego, CA (1998), pp. 155-167.

[8] Frederick Herz, Marcos Salganicoff, Mitch Marcus, Lyle Ungar, Jonathan Smith, Steven L. Salzberg, and Jason M. Eisner, Pseudonymous Server for System for Customized Electronic Identification of Desirable Objects, U.S. Patent #5754939, May 19, 1998.

[9] William A. Arbaugh, David J. Farber, and Jonathan M. Smith, "A Secure and Reliable Bootstrap Architecture," in IEEE Security and Privacy Conference, Oakland, CA (May, 1997), pp. 65-71. (An early version available as Technical Report MS-CIS-96-35, CIS Dept., University of Pennsylvania, December 2nd, 1996)

[10] Angelos Keromytis, John Ioannidis, and Jonathan M. Smith, "Implementing IPSec," in Proceedings, IEEE GlobeCom Conference, Phoenix, AZ (November, 1997), pp. 1948-1952.

[11] S. Personick, D. Crawford, R. Gallager, J. Jaffe, J. Kurose, D. Leeper, C. Manders, B. McCune, A. McLaughlin, J. M. Smith, L. Streeter, L. Wishart, and B. Zeigler, Commercial Multimedia Technologies for Twenty-First Century Army Battlefields: a Technology Management Strategy, National Academy Press, Washington, DC (1995).

[12] Jonathan M. Smith, C. Brendan S. Traw, and David J. Farber, "Apparatus for Providing Cryptographic Support in a Network," U.S. Patent No. 5,329,623 (July 12th, 1994).

[13] Jonathan M. Smith, C. Brendan S. Traw, and David J. Farber, "Cryptographic Support for a Gigabit Network," in Proceedings, INET '92, Kobe, JAPAN (June 15-18, 1992), pp. 229-237. (Inaugural Conference of the Internet Society)

[14] Albert G. Broscius and Jonathan M. Smith, "Exploiting Parallelism in Hardware Implementation of the DES," in Proceedings, CRYPTO 1991 Conference, ed. Joan Feigenbaum, Santa Barbara, CA (August, 1991), pp. 367-376.

[15] Jonathan M. Smith, "Practical Problems with a Cryptographic Protection Scheme," in Advances in Cryptography - Proceedings of Crypto89, ed. Gilles Brassard, Springer-Verlagn(1990), pp. 64-73.

[16] Jonathan M. Smith, "LUCIFER," in Applied Cryptography: Protocols, Algorithms and Source Code in C, ed. Bruce Schneier,mJohn Wiley & Sons (1994), pp. 485-491. C implementation of Lucifer cipher for UNIX, written in 1991