Niels Provos

Niels Provos
Niels Provos
Nationality	German and American
Alma mater	Universität Hamburg, M.S Mathematics (1998); University of Michigan, Ph.D. Computer Science (2003)
Known for	OpenBSD, OpenSSH, Bcrypt, Safe Browsing
	Scientific career
Fields	Computer Security
Institutions	Google ; Stripe
Doctoral advisor	Peter Honeyman

Last updated January 16, 2025

Niels Provos is a German-American researcher in security engineering, malware,^[1] and cryptography. He received a PhD in computer science from the University of Michigan.^[2] From 2003 to 2018, he worked at Google as a Distinguished Engineer on security for Google.^[3]^[4] In 2018, he left Google to join Stripe as its new head of security.^[5] In 2022, Provos left Stripe and joined Lacework as head of Security Efficacy.

For many years, Provos contributed to the OpenBSD operating system, where he developed the bcrypt adaptive cryptographic hash function. He is the author of numerous software packages, including the libevent event driven programming system, the Systrace access control system, the honeyd honeypot system, the StegDetect steganography detector, the Bcrypt password encryption technique, and many others.

Provos has been an outspoken critic of the effect of the DMCA and similar laws on security researchers, arguing that they threaten to make criminals of people conducting legitimate security research.^[6]

Provos has also served as the Program Chair of the Usenix Security Symposium, on the program committees of the Network and Distributed System Security Symposium, ACM SIGCOMM, and numerous other conferences, and served on the board of directors of Usenix from 2006 to 2010.

Blending his professional interests and creative pursuits, Provos has also started producing security-themed Electronic Dance Music (EDM) tracks under his artist name Activ8te. He embarked on this musical endeavor with the aim of garnering more interest in the field of security.^[7]^[8]

Provos's hobbies also include swordsmithing, and he has forged swords in both Japanese and Viking styles. It started with his father collecting sabres. Niels routinely posts videos of his blacksmithing activities online.^[9]^[10] By his words "At work, we try to fight the bad guys and make the world safer for our users. And swords are maybe an expression in a similar way. You create weapons to defend yourself against the hordes of barbarians."^[11]

Education

Ph.D., Computer Science & Engineering, August 2003, the University of Michigan (Dissertation: "Statistical Steganalysis")
Diplom in Mathematics, August 1998, Universität Hamburg, Hamburg, Germany. (Masters in Mathematics). (Thesis: "Cryptography, especially the RSA algorithm on elliptic curves and Z/nZ")
Vordiplom in Mathematics, March 1995, Universität Hamburg, Hamburg, Germany.
Vordiplom in Physics, March 1995, Universität Hamburg, Hamburg, Germany.

Selected publications

All Your iFrames Point to Us Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab and Fabian Monrose, 17th USENIX Security Symposium, August 2008.
The Ghost in the Browser: Analysis of Web-based Malware Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, USENIX Workshop on Hot Topics in Understanding Botnets, April 2007.
Detecting Steganographic Content on the Internet Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002
Improving Host Security with System Call Policies Niels Provos, 12th USENIX Security Symposium, Washington, DC, August 2003
Provos, Niels; Holz, Thorsten (July 2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional. ISBN 978-0-321-33632-3.
Detecting pirated applications (Oct 2014) Ashish Bhatia, Min Gyung Kang, Monirul Islam Sharif, Niels Provos, Panayiotis Mavrommatis, and Sruthi Bandhakavi

Related Research Articles

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, where in actuality the attacker has inserted themselves between the two user parties.

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure. Shadowserver provides its data at no cost to national CSIRTs and network owners.

Honeypots are security devices whose value lie in being probed and compromised. Traditional honeypots are servers that wait passively to be attacked. Client Honeypots are active security devices in search of malicious servers that attack clients. The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred. Often the focus of client honeypots is on web browsers, but any client that interacts with servers can be part of a client honeypot.

<span class="mw-page-title-main">StopBadware</span> Anti-malware nonprofit organization

StopBadware was an anti-malware nonprofit organization focused on making the Web safer through the prevention, mitigation, and remediation of badware websites. It is the successor to StopBadware.org, a project started in 2006 at the Berkman Center for Internet and Society at Harvard University. It spun off to become a standalone organization, and dropped the ".org" in its name, in January 2010.

Clickbot.A is a botnet that is used for click fraud.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

A steganography software tool allows a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist and hacker (born 1980)

Elie Bursztein, is a French computer scientist and software engineer. He is Google and DeepMind AI cybersecurity technical and research lead.

Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets, since infected computers will attempt to contact some of these domain names every day to receive updates or commands. The use of public-key cryptography in malware code makes it unfeasible for law enforcement and other actors to mimic commands from the malware controllers as some worms will automatically reject any updates not signed by the malware controllers.

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

In cryptography, a pepper is a secret added to an input such as a password during hashing with a cryptographic hash function. This value differs from a salt in that it is not stored alongside a password hash, but rather the pepper is kept separate in some other medium, such as a Hardware Security Module. Note that the National Institute of Standards and Technology refers to this value as a secret key rather than a pepper. A pepper is similar in concept to a salt or an encryption key. It is like a salt in that it is a randomized value that is added to a password hash, and it is similar to an encryption key in that it should be kept secret.

Justin Cappos is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 DDoS attacks on Dyn. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

↑ Mills, Elinor. "Google's Niels Provos battles malware on the Web". CNET. Retrieved 7 April 2011.
↑ Provos, Niels. "Provos' official web page" . Retrieved 22 January 2023.
↑ "Google Research Page on Provos" . Retrieved 20 August 2013.
↑ "Niels Provos on Twitter" . Retrieved 9 October 2018. After 15 years working on Security, I am saying Goodbye to @Google today.
↑ "Stripe hires Niels Provos away from Google to be its new head of security". TechCrunch. Retrieved 2018-10-17.
↑ Poulsen, Kevin. "'Super-DMCA' fears suppress security research". SecurityFocus. Archived from the original on 11 June 2011. Retrieved 7 April 2011.
↑ Newman, Lily Hay. "A Popular Password Hashing Algorithm Starts Its Long Goodbye". Wired. ISSN 1059-1028 . Retrieved 2023-07-22.
↑ Sunkel, Cameron (2023-06-02). "This Cybersecurity Expert Is Making Electronic Music to Help People Fortify Their Digital Identities". EDM.com - The Latest Electronic Dance Music News, Reviews & Artists. Retrieved 2023-07-22.
↑ "Provos' Youtube channel for his swordsmithing videos". YouTube . Retrieved 20 August 2013.
↑ McMillan, Robert. "World's Most Wired Swordsmith". Wired. Retrieved 20 August 2013.
↑ "Swordsmith Keeps Google Safe From Barbaric Hordes". WIRED.

External links

This biographical article relating to a computer specialist is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Mills, Elinor. "Google's Niels Provos battles malware on the Web". CNET. Retrieved 7 April 2011.

[Provos'_official_web_page-2] Provos, Niels. "Provos' official web page" . Retrieved 22 January 2023.

[3] "Google Research Page on Provos" . Retrieved 20 August 2013.

[4] "Niels Provos on Twitter" . Retrieved 9 October 2018. After 15 years working on Security, I am saying Goodbye to @Google today.

[5] "Stripe hires Niels Provos away from Google to be its new head of security". TechCrunch. Retrieved 2018-10-17.

[6] Poulsen, Kevin. "'Super-DMCA' fears suppress security research". SecurityFocus. Archived from the original on 11 June 2011. Retrieved 7 April 2011.

[7] Newman, Lily Hay. "A Popular Password Hashing Algorithm Starts Its Long Goodbye". Wired. ISSN 1059-1028 . Retrieved 2023-07-22.

[8] Sunkel, Cameron (2023-06-02). "This Cybersecurity Expert Is Making Electronic Music to Help People Fortify Their Digital Identities". EDM.com - The Latest Electronic Dance Music News, Reviews & Artists. Retrieved 2023-07-22.

[9] "Provos' Youtube channel for his swordsmithing videos". YouTube . Retrieved 20 August 2013.

[10] McMillan, Robert. "World's Most Wired Swordsmith". Wired. Retrieved 20 August 2013.

[11] "Swordsmith Keeps Google Safe From Barbaric Hordes". WIRED.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

v t e The OpenBSD Project
Operating system	OpenBSD version history security features
Related projects	bio CARP doas httpd fdm LibreSSL mandoc mg OpenBGPD OpenIKED OpenNTPD OpenOSPFD OpenSMTPD OpenSSH PF pfsync sensors sndio spamd sudo tmux Xenocara cwm
People	Theo de Raadt Niels Provos
Organizations	OpenBSD Foundation
Publications	OpenBSD Journal

Authority control databases
International	ISNI VIAF WorldCat
National	United States Netherlands Norway
Academics	Mathematics Genealogy Project Association for Computing Machinery Google Scholar DBLP
Other	IdRef