Niels Provos

Niels Provos
Niels Provos
Nationality	German and American
Alma mater	Universität Hamburg, M.S Mathematics (1998); University of Michigan, Ph.D. Computer Science (2003)
Known for	OpenBSD, OpenSSH, Bcrypt, Safe Browsing
	Scientific career
Fields	Computer Security
Institutions	Google ; Stripe
Doctoral advisor	Peter Honeyman

Last updated November 03, 2023

Niels Provos is a German-American researcher in security engineering, malware,^[1] and cryptography. He received a PhD in computer science from the University of Michigan.^[2] From 2003 to 2018, he worked at Google as a Distinguished Engineer on security for Google.^[3]^[4] In 2018, he left Google to join Stripe as its new head of security.^[5] In 2022, Provos left Stripe and joined Lacework as head of Security Efficacy.

For many years, Provos contributed to the OpenBSD operating system, where he developed the bcrypt adaptive cryptographic hash function. He is the author of numerous software packages, including the libevent event driven programming system, the Systrace access control system, the honeyd honeypot system, the StegDetect steganography detector, the Bcrypt password encryption technique, and many others.

Provos has been an outspoken critic of the effect of the DMCA and similar laws on security researchers, arguing that they threaten to make criminals of people conducting legitimate security research.^[6]

Provos has also served as the Program Chair of the Usenix Security Symposium, on the program committees of the Network and Distributed System Security Symposium, ACM SIGCOMM, and numerous other conferences, and served on the board of directors of Usenix from 2006 to 2010.

Blending his professional interests and creative pursuits, Provos has also started producing security-themed Electronic Dance Music (EDM) tracks under his artist name Activ8te. He embarked on this musical endeavor with the aim of garnering more interest in the field of security.^[7]^[8]

Provos's hobbies also include swordsmithing, and he has forged swords in both Japanese and Viking styles. It started with his father collecting sabres. Niels routinely posts videos of his blacksmithing activities online.^[9]^[10] By his words "At work, we try to fight the bad guys and make the world safer for our users. And swords are maybe an expression in a similar way. You create weapons to defend yourself against the hordes of barbarians."^[11]

Education

Ph.D., Computer Science & Engineering, August 2003, the University of Michigan (Dissertation: "Statistical Steganalysis")
Diplom in Mathematics, August 1998, Universität Hamburg, Hamburg, Germany. (Masters in Mathematics). (Thesis: "Cryptography, especially the RSA algorithm on elliptic curves and Z/nZ")
Vordiplom in Mathematics, March 1995, Universität Hamburg, Hamburg, Germany.
Vordiplom in Physics, March 1995, Universität Hamburg, Hamburg, Germany.

Selected publications

All Your iFrames Point to Us Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab and Fabian Monrose, 17th USENIX Security Symposium, August 2008.
The Ghost in the Browser: Analysis of Web-based Malware Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, USENIX Workshop on Hot Topics in Understanding Botnets, April 2007.
Detecting Steganographic Content on the Internet Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002
Improving Host Security with System Call Policies Niels Provos, 12th USENIX Security Symposium, Washington, DC, August 2003
Provos, Niels; Holz, Thorsten (July 2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional. ISBN 978-0-321-33632-3.
Detecting pirated applications (Oct 2014) Ashish Bhatia, Min Gyung Kang, Monirul Islam Sharif, Niels Provos, Panayiotis Mavrommatis, and Sruthi Bandhakavi

Related Research Articles

In cryptography and computer security, a man-in-the-middle (MITM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site which contains information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. This is similar to police sting operations, colloquially known as "baiting" a suspect.

Secure Digital Music Initiative (SDMI) was a forum formed in late 1998, composed of more than 200 IT, consumer electronics, security technology, ISP and recording industry companies, as well as authors, composers and publishing rightsholders, ostensibly with the purpose of developing technology and rights management systems specifications that will protect once developed and installed, the playing, storing, distributing and performing of digital music.

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passwords falls into the hands of an attacker, they can use a precomputed rainbow table to recover the plaintext passwords. A common defense against this attack is to compute the hashes using a key derivation function that adds a "salt" to each password before hashing it, with different passwords receiving different salts, which are stored in plain text along with the hash.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure.

Honeypots are security devices whose value lie in being probed and compromised. Traditional honeypots are servers that wait passively to be attacked. Client Honeypots are active security devices in search of malicious servers that attack clients. The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred. Often the focus of client honeypots is on web browsers, but any client that interacts with servers can be part of a client honeypot.

<span class="mw-page-title-main">StopBadware</span> Anti-malware nonprofit organization

StopBadware was an anti-malware nonprofit organization focused on making the Web safer through the prevention, mitigation, and remediation of badware websites. It is the successor to StopBadware.org, a project started in 2006 at the Berkman Center for Internet and Society at Harvard University. It spun off to become a standalone organization, and dropped the ".org" in its name, in January 2010.

Clickbot.A is a botnet that is used for click fraud.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

A steganography software tool allows a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data.

Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets, since infected computers will attempt to contact some of these domain names every day to receive updates or commands. The use of public-key cryptography in malware code makes it unfeasible for law enforcement and other actors to mimic commands from the malware controllers as some worms will automatically reject any updates not signed by the malware controllers.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

In cryptography, a pepper is a secret added to an input such as a password during hashing with a cryptographic hash function. This value differs from a salt in that it is not stored alongside a password hash, but rather the pepper is kept separate in some other medium, such as a Hardware Security Module. Note that the National Institute of Standards and Technology refers to this value as a secret key rather than a pepper. A pepper is similar in concept to a salt or an encryption key. It is like a salt in that it is a randomized value that is added to a password hash, and it is similar to an encryption key in that it should be kept secret.

In cryptography, the Double Ratchet Algorithm is a key management algorithm that was developed by Trevor Perrin and Moxie Marlinspike in 2013. It can be used as part of a cryptographic protocol to provide end-to-end encryption for instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

References

↑ Mills, Elinor. "Google's Niels Provos battles malware on the Web". CNET. Retrieved 7 April 2011.
↑ Provos, Niels. "Provos' official web page" . Retrieved 22 January 2023.
↑ "Google Research Page on Provos" . Retrieved 20 August 2013.
↑ "Niels Provos on Twitter" . Retrieved 9 October 2018. After 15 years working on Security, I am saying Goodbye to @Google today.
↑ "Stripe hires Niels Provos away from Google to be its new head of security". TechCrunch. Retrieved 2018-10-17.
↑ Poulsen, Kevin. "'Super-DMCA' fears suppress security research". SecurityFocus. Archived from the original on 11 June 2011. Retrieved 7 April 2011.
↑ Newman, Lily Hay. "A Popular Password Hashing Algorithm Starts Its Long Goodbye". Wired. ISSN 1059-1028 . Retrieved 2023-07-22.
↑ Sunkel, Cameron (2023-06-02). "This Cybersecurity Expert Is Making Electronic Music to Help People Fortify Their Digital Identities". EDM.com - The Latest Electronic Dance Music News, Reviews & Artists. Retrieved 2023-07-22.
↑ "Provos' Youtube channel for his swordsmithing videos". YouTube . Retrieved 20 August 2013.
↑ McMillan, Robert. "World's Most Wired Swordsmith". Wired. Retrieved 20 August 2013.
↑ "Swordsmith Keeps Google Safe From Barbaric Hordes". WIRED.

External links

This biographical article relating to a computer specialist is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Mills, Elinor. "Google's Niels Provos battles malware on the Web". CNET. Retrieved 7 April 2011.

[Provos'_official_web_page-2] Provos, Niels. "Provos' official web page" . Retrieved 22 January 2023.

[3] "Google Research Page on Provos" . Retrieved 20 August 2013.

[4] "Niels Provos on Twitter" . Retrieved 9 October 2018. After 15 years working on Security, I am saying Goodbye to @Google today.

[5] "Stripe hires Niels Provos away from Google to be its new head of security". TechCrunch. Retrieved 2018-10-17.

[6] Poulsen, Kevin. "'Super-DMCA' fears suppress security research". SecurityFocus. Archived from the original on 11 June 2011. Retrieved 7 April 2011.

[7] Newman, Lily Hay. "A Popular Password Hashing Algorithm Starts Its Long Goodbye". Wired. ISSN 1059-1028 . Retrieved 2023-07-22.

[8] Sunkel, Cameron (2023-06-02). "This Cybersecurity Expert Is Making Electronic Music to Help People Fortify Their Digital Identities". EDM.com - The Latest Electronic Dance Music News, Reviews & Artists. Retrieved 2023-07-22.

[9] "Provos' Youtube channel for his swordsmithing videos". YouTube . Retrieved 20 August 2013.

[10] McMillan, Robert. "World's Most Wired Swordsmith". Wired. Retrieved 20 August 2013.

[11] "Swordsmith Keeps Google Safe From Barbaric Hordes". WIRED.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

v t e The OpenBSD Project
Operating system	OpenBSD version history security features
Related projects	bio CARP httpd fdm LibreSSL mandoc mg OpenBGPD OpenIKED OpenNTPD OpenOSPFD OpenSMTPD OpenSSH PF pfsync sensors sndio spamd sudo tmux Xenocara cwm
People	Theo de Raadt Niels Provos
Organizations	OpenBSD Foundation
Publications	OpenBSD Journal

Authority control databases
International	ISNI VIAF
National	Norway United States Netherlands
Academics	Association for Computing Machinery DBLP Google Scholar Mathematics Genealogy Project
Other	IdRef