The Undergraduate Who Secured The Internet: Loren Kohnfelder
The Undergraduate Who Secured The Internet: Loren Kohnfelder
The core of trust on the Internet focuses on one thing: PKI — the Public Key Infrastructure. So, unlike the work of Whitfield Diffie, Marty Hellman, Ron Rivest, Adi Shamir and Len Adleman, you’ll not be able the person who created it with their Google Scholar record. And, you’ll not be able to find the work published in the Transactions of the ACM or the IEEE. There will also be no PhD award associated with the work and no patent submissions.
But, you will find the involvement of the greatest inventors in cybersecurity: Len Adleman (the “A” in RSA). And, like Ralph Merkle, this person published amazing work at an undergraduate level. And that person is Loren Kohnfelder, and who studied at MIT.
And, so, while most of the research papers are published by PhD students and their supervisors, there are many papers published at an undergraduate level that have been highly significant. One of the most significant was by Loren in 1978 and who defined the PKI (Public Key Infrastructure) in his undergraduate thesis [here]:
And the supervisor?
PKI
Before we outline the thesis, let’s investigate how PKI actually works. With the PKI (Public Key Infrastructure), Alice and Bob create a key pair (a public key and a private key), and where Trent will verify their public key. If Bob wants to prove his identity and verify the integrity of a message, he will sign a hash of the message with his private key:
Alice will then check the signature for the message using Bob’s public key. For this, Bob’s public key is encapsulated in an X.509 format, and which has been signed with the private key of a trusted entity (Trent). This takes the form of a digital certificate, and where Alice checks the validity of the certificate with Trent’s public key:
The thesis
The thesis just brimmed with new concepts, including the definition of the term of the certificate:
and a revocation list:
and the concept of puting experation data on certificates:
And, as an academic supervisor, I see thesis’ written with 100s of references, but Loren only needed 12 references, but all 12 were simplying stunning pieces of work:
Perhaps, these 12 papers build the foundation for our modern trust infastructures?
Overall, the work was used to build the X.509 specification for digital certificates, and which was the basis for SSL/TLS and S/MIME. Loren went on to publish the Designing Secure Software book and has a blog here:
Conclusions
Inventions and new knowledge are discovered at every level. You don’t have to do a PhD to publish work and get involved with research. Many would question why you have to spend three years with the sole purpose of gaining the PhD. It is true that the intensive study in a PhD leads naturally to ground-breaking work, but that only happens on a rare basis. Most PhD thesis’ are just add some advancement on current knowledge, but not the ground breaking work in Loren’s thesis.
So, go do research … read papers … discover new things … and break the status quo ..
