Cormac Herley

I am a Principal Researcher at Microsoft Research. I am interested in data and signal analysis problems that reduce complexity an remove pain points for users. My main current interests are authentication and data driven security. Link to Knowledge Tools group.

Before Microsoft I was at Hewlett Packard for five years, most recently as manager of the Printing Systems group at HPL. I received my PhD from Columbia University, my MSEE from Georgia Tech and my BE (Elect.) from University College Cork, Ireland.  There are links to some of my papers and projects below; I'm inventor of sixty or so US patents issued or pending.

My email is my first name at microsoft dot com

 

Recent Papers        

Safety and Security:

P2P and Networking:

Multimedia:

Image Processing:

 

Sample  Recent Projects

 

 

 

Challenge-Response Access Control:

 

A main problem with passwords is that they give a replay attack: spyware that observes the secret has everything it needs to gain access to a users accounts. An alternative to passwords are Challenge-Response authentication mechanisms where the user gives only a portion of the secret in response to a challenge at every login. We examine the feasibility of making such a scheme withstand collusion; i.e. within the limitations of human memory and calculating power can we have a system that allows spyware resistant login? Joint work with Baris Coskun.

 

 

Replay-Resistant Entry of Sensitive Data on Untrusted Machines:

 

Users increasingly face the problem of entering sensitive data such as passwords, credit card or social security numbers on untrusted machines. Passwords are an obvious concern, but making, for example, a hotel reservation from an untrusted terminal can leave behind all the ingredients necessary for ID theft. Building on the KLASSP proxy work we describe a replay-resistant mechanism for entering any sensitive data.  Joint work with Dinei Florencio.

 

Study of Web Password Habits:

 

Conventional wisdom is that users choose weak passwords and re-use them across many sites. We study users' actual behavior and report the findings.  Joint work with Dinei Florencio.

 

Detecting Keyloggers and other Spyware:

 

Today much of our account security depends on keeping passwords secret. Yet, it is all too easy to end up with malicious logging software on a PC: a zero-day vulnerability or a freeware game that comes with an unannounced payload is all it takes.  We develop simple tools to detect keylogging software and other spyware based on behavioral analysis. Joint work with Stanislav Nurilov.

 

KLASSP: KeyLogger Avoiding Shared Secret Proxy:

 

Roaming users often find themselves having to use untrusted machines to enter passwords. Can you really trust an internet café machine to be free of keyloggers or other spyware?  In this project we show how to login securely from an untrusted machine by using a proxy. There is no change to the login server, and no change to the client, the user merely points the browser at the KLASSP proxy. The proxy doesn’t act as a password management system, so there’s none of the overhead of having to maintain up to date credentials at a server in the cloud. Spyware on the untrusted machine that logs the keystrokes, watches the screen and traps all network traffic still canot get the password or mount a replay attack. Joint work with Dinei Florencio and Nikita Pandey.

 

Phishing Prevention:

 

Phishing represents a tough security challenge for a number of reasons. First, the victim unknowingly assists the attacker; second, phishers quickly adapt to circumvent any fixed set of detection rules; finally, users tend to ignore pop-ups or security warnings. What can we do in such a challenging environment?  We propose an anti-phishing scheme that works around all of these challenges. We assume that victims will type their passwords at insecure sites, we assume that phishers will adapt, and we assume that many or most victims will ignore all the warnings we give. And yet, we claim we can save substantially all users. We save users who ignore our warnings, and even users who typed their password at the phishing site before it was identified as phishing. We may even save a few users who don't use our technology! And we never "block" anyone from accessing any legitimate web-site. The scheme is relatively simple: a plug-in for IE, and a server that aggregates information across users. Joint work with Dinei Florencio.

 

Analysis of P2P Networks:

 

BitTorrent has moved the state of the art forward in terms of delivering large files to large audiences. In this work we  took a hard look at the mechanisms to see why it works so well, and if/when it doesn’t. The secret of it’s success seems to be the Tit-for-tat data exchange between peers, and a local-rarest-first request order for data, which prevents the infamous “last block problem.” We discovered the BitTorrent has slightly more difficulty scaling down than up: it can have difficulty when the seed bandwidth is low. We propose a smartseed strategy, a variant on the TFT scheme and a bandwidth estimation that improves the performance. The simulator code is available. Joint work with Ashwin Bharambe and Venkat Padmanabhan.

 

Decomposing Multimedia Streams:

 

Have you ever noticed that media streams repeat a lot? For example a top 40 radio station plays the top 40 over and over. Commercials on TV repeat over and over, news clips get played endlessly. While a lot of Signal Processing tools seeks to extract redundancy this repetition has never really been exploited, until now. In this work I break a multimedia stream into its component objects by explicitly detecting the repeats. This allows object advancing and rewinding to object boundaries and various other cool things. We can find repeats that are weeks apart in a video stream operating in realtime on a basic desktop PC. Part of this involved using the work on audio fingerprinting by Chris Burges and John Platt.

 

 

Playlist Generation and Inferring Similarity between Multimedia Objects:

 

An offshoot of the Multimedia Decomposition project is an interesting way to infer song distances based on proximity in a DJ-authored stream. We build a big graph of music, where each song is a node, and when one song follows another the weight of the link between them is increased. We say their similarity is related to the shortest path between them on the graph. This gives a really simple way of generating music playlists.  Joint work with C. Burges and Robert Ragno.

 

Segmenting Scanned Photos:

 

Scanning a shoebox of old photos can be very time consuming. If you scan 4 by 6 photos three at-a-time on your scanner you must segment them by hand to get individual files. This work processes the input scan and outputs the segmented files. It’s really fast, and really accurate. It works even on crumpled receipts that you’ve carried in your wallet for weeks. This isn’t the messiest problem I’ve ever worked on, but it's probably the messiest problem I’ve actually solved.

 

Occlusion Removal from Images:

 

Trying to frame a nice shot of a notable landmark can be frustrating. A passerby ambles into the shot, so you wait for him to pass. By the time he moves on someone else wanders into view and occludes the shot. It can involve a lot of waiting to get the shot you want. Here I show how to combine two or more shots to get an unobstructed view. There’s no magic of course: each part of the scene must be un-occluded in at least one shot. But the clever part is that given even two images the algorithm can automatically figure out which is occluded and which not. 

 

Older Projects:

 

Older Projects from Previous lives:

 

    

 

    

 Microsoft Products (current or pending) I’ve helped ship

 

 

 

 

Press Coverage and Other Stuff

 

 

Some Favorite Things around Seattle: