It's Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law. CLIP, Fordham University School of Law, 26 March 2019.
How the Internet Works (especially for lawyers). CLIP, Fordham University School of Law, 26 February 2019.
Investigating Cyber Incidents. 13 February 2019.
How to Get a Cyber NTSB. 13 February 2019.
The Evolution of Ipsec. 8 February 2019.
30 Years of Defending the Internet. University of Pennsylvania, 7 December 2018.
Hack-Back. Tufts University, 19 November 2018.
Privacy (technical introduction). 2 November 2018.
An Evaluation of the Ozzie Proposal. Workshop on Encryption, Surveillance, and Transparency, 14 August 2018.
What Can Governments Do About the Computer Security Crisis?. Cyber Week, Tel Aviv University, June 2018.
Hack Back for Good, Not Vengeance. Moderated panel discussion. RSA Conference, April 2018.
Introduction to Cryptographic Engineering. Society of Women Engineers, Engineering Exploration Experience, 24 March 2018.
Censorship, Freedom of Speech, and Architecture. Internet Architecture Board Tech Session, 28 February 2018.
Keys Under Doormats. Cornell workshop on Surveillance, Privacy, and Civil Liberties, February 2018.
Rethinking Authentication. SRI International, November 2017.
Containers and their Limit. DHS/SRI Infosec Technology Transition Council (ITTC) Meeting, November 2017.
Rethinking Authentication. CySeP '17, Stockholm, June 2017.
Computers, Society, and the Law. Wayne Patterson University, April 2017.
Cybersecurity and Emerging Global Threats. Columbia Association for Foreign Affairs, April 2017.
Software and Complexity. Columbia Undergraduate Scholars Program, 14 February 2017.
It's Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law. University of Southampton, 7 November 2016.
How the Internet Works. 18 May 2016.
Crypto Agility: Research, Industry, and Policy Implications. Forum on Cyber Resilience: Workshop on Cryptographic Agility and Interoperability, National Academies of Science, Engineering, and Medicine, 9 May 2016.
Encryption, Security, and Privacy. U. of Texas Austin, Strauss Center, March 2016.
Steven M. Bellovin, Matt Blaze, Susan Landau, and Stephanie Pell, It's Too Complicated:The Technological Implications of IP-based Communications on the Content/Non-Content Distinction and the Third Party Doctrine. The Second Annual Cato Surveillance Conference, October 2015.
Thinking Security. Cyber Security Summer School, Estonia, July 2015.
National Security, Surveillance Technology, and the Law, Federal Judicial Center, June 2015.
Searching Securely: Technical Issues with Warrants for Remote SearchWorkshop on Surveillance & Technology. June 2015.
When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning. UNC Department of Computer Science 50th Anniversary Symposium, 2 May 2015.
Protecting the Internet Against Large-Scale Passive Monitoring. Workshop on Cyber Security Technological District, University of Calabria, Italy, November 2014.
Technion 2014 Summer School on Computer Security, Haifa, Israel, September 2014.
Metadata. The talk was to a law school class on surveillance. March 2014.
Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet. University of Illinois at Urbana-Champaign, 3 October 2013.
Life Amidst the Lawyers: A Technologist's Year at the FTC. Computer Science and Telecommunications Board, 1 October 2013.
Vernam, Mauborgne, and Friedman: The One-Time Pad and the Index of Coincidence. Cryptologic History Symposium, October 2013.
Web Security in the Real World. Keynote address. Workshop on Improving Trust in the Online Marketplace, NIST, April 2013.
Thinking Security. Keynote address. FLOCON 2013, Albuquerque, NM, January 2013.
Frank Miller: Inventor of the One-Time Pad. Cryptologic History Symposium, Laurel, MD, October 2011.
Doing History in the Internet Age. C4HS workshop, July 2011.
Workshop on The Future of User Authentication and Authorization on the Web, St. Lucia, March 2011.
SSL Failings. Panel session.
What am I Doing? Comprehension and Authentiation. Invited talk.
Financial Cryptography 2011 Rump Session, March 2011.
Simple VPN. Usenix Security Rump Session, August 2010.
Onassis Foundation Lectures in Computer Science: Network and Information Security, June 2010.
Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes. Cryptologic History Symposium, Laurel, MD, October 2009.
Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes. Invited talk. (Audio, Video) 18th Usenix Security Symposium, Montreal, QC, August 2009.
Future Trends in Security. AusCERT, Gold Coast, Queensland, Australia, May 2009.
Good Security and Privacy Things. The Dark and the Light of the Internet, The Marconi Society, 16 April 2009.
Maritza Johnson and Steven M. Bellovin, Security Assurance for Web Device APIs. Security for Access to Device APIs from the Web & W3C Workshop, December 2008.
Newspeak: A Paradigm for Architectural Security. ENISA-FORTH Summer School on Network &Information Security, Crete, Greece, September 2008.
Newspeak: A Paradigm for Architectural Security. Cybersecurity Summit 2008 for NSF Large Research Facilities, Arlington, VA, May 2008.
Internet Privacy: Big Brother and Little Brother. First International Symposium on Global Information Governance, Pisa, Italy, March 2008.
Issues in Routing Security. DIMACS Workshop on Secure Interdomain Routing, March 2008.
Internet Privacy: Big Brother and Little Brother. NICT Symposium on Internet Security and Privacy, Tokyo, Japan, February 2008.
Configuration Management and Security. LISA Configuration Workshop, Dallas, TX, November 2007.
The Future of Internet Security. European Conference on Computer Network Defense, Heraklion, Greece, October 2007.
Routing Security Economics. DIMACS Workshop on Information Security Economics, 18 January 2007.
Where To Now?. National Computer Systems Security Award, Miami, FL, December 2006.
Real Attacks and Threat Models. IETF 67, San Diego, CA, November 2006.
On the Brittleness of Software and the Infeasibility of Security Metrics. First Workshop on Security Metrics (MetriCon 1.0), Vancouver, BC, August 2006.
Square Wheels and Round Tuits. Keynote address. Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems, San Jose, CA, April 2006.
Routing Security. ARIN XVII, Montreal, QC, April 2006.
Encrypted Key Exchange. Stuyvesant High School, NY, NY, February 2006.
Cryptography and the Internet: Where It Is, Where It Isn't, Where it Should Be — and Why It Isn't There. Cognos Innovation Lecture, Carleton University, Ottawa, ON, 1 December 2005.
Deploying New Hash Functions. NIST Cryptographic Hash Workshop, 31 October 2005.
Application Security: Threats and Architecture. FDIC Designing an Information Security Program, September 2005.
Application Security: Threats and Architecture. IETF 63, Paris, France, August 2005.
Lessons from IPv6. Next-Generation Secure Internet Workshop, July 2005.
IPv6 Threats to Communications. May 2005.
Steven M. Bellovin, John Ioannidis, and Randy Bush, Operational Requirements for Secured BGP. DHS Secure Routing Workshop, March 2005.
Moving Application Security into the Network. End-to-End Meeting, January 2005.
Security Challenges. TI Workshop on Dependability and Security, December 2004.
TCP/IP Security Holes: A Look Back. Invited talk, "classic" papers session. 20th Annual Computer Security Applications Conference, December 2004.
Measurement and Security. AT&T IP Security Day, November 2004.
Cryptography and the Internet: Where It Is, Where It Isn't, Where it Should Be — and Why It Isn't There. DIMACS Workshop on Cryptography: Theory Meets Practice, October 2004.
Permissive Action Links and the History of Public Key Cryptography. Invited talk. (Audio) Usenix Security Symposium, August 2004.
Australian Unix Users' Group, Melbourne, AU, August 2004.
An Introduction to Cryptography. Tutorial.
Securing the Net: Where the Holes Are. INET, Barcelona, Spain, May 2004.
CALEA and VoIP: The Internet is not the PSTN. Computers, Freedom, and Privacy, April 2004.
Internet Security: Then and Now. NANOG 30, Miami, FL, February 2004.
Protocol Problems and Architectural Issues. ICANN DNS Security and Stability Advisory Committee meeting on wildcard DNS records in TLDs, Washington, DC, October 2003.
Routing Security. British Columbia Institute of Technology, June 2003.
An Introduction to Modern Cryptography. Westfield High School Saturday Science Program, March 2003.
A Technique for Counting NATted Hosts. Second Internet Measurement Workshop, Marseille, November 2002.
The State of Software Security. Information Security Law: Software Security and Vulnerability Reporting, Seton Hall University School of Law, November 2002.
Realistic Security. Management of Technologies Symposium, Stevens Institute of Technology, 23 October 2002.
The IETF or Where do all those RFCs come from, anyway?. Usenix, Monterey, CA, 13 June 2002.
Security and Software Engineering. MIT, Cambridge, MA, 17 January 2002.
ICANN and Internet Security. ICANN Open Meeting, Marina del Rey, CA, 13 November 2001.
Telephone versus Internet Wiretaps: A Technical and Legal Perspective. NAE/CSTB Workshop on Critical Infrastructure Protection and the Law, 22 October 2001.
Security and Software Engineering. Toolsmith Conference, University of North Carolina at Chapel Hill, 18 October 2001.
Internet Security in my Crystal Ball. End-to-End Research Group, June 2001.
Jennifer Rexford, Steven M. Bellovin, and Randy Bush, Some Initial Measurements of Prefix Length Phyltreing. NANOG 22, Scottsdale, AZ, May 2001.
DDoS Attacks and Pushback. Note---this talk is significantly different than the other talk of the same name. NANOG 21, Atlanta, GA, February 2001.
DDoS Attacks and Pushback. December 2000.
Host versus Network Security. Center for Global Security Research (CGSR), Lawrence Livermore National Laboratory, University of California and Office of Engineering and Technology, Federal Communications Commission (FCC), Conference on Telecommunications Network Security and Reliability in the 21st Century, Washington, DC, 31 October 2000.
Security and IPv6. IPv6 Summit, Washington, DC, 19 October 2000.
NISSC, Baltimore, MD, 18 October 2000.
Preventing Denial of Service Attacks. Panel session.
Defense Strategies for DDoS Attacks. Panel session.
Works in Progress session, 9th Usenix Security Symposium, August 2000.
Security Aspects of Napster and Gnutella. June 2000.
Security: Present and Future. June 2000.
Security for the Web. Seton Hall University, February 2000.
Distributed Denial of Service Attacks. NANOG, San Jose, February 2000.
Distributed Denial of Service Attacks. February 2000.
Destroying the Net. RSA Conference, January 2000.
Distributed Firewalls. 8th Usenix Security Symposium, Washington, DC, August 1999.
Regulation, Cryptography, and Internet Security. Multilateral Security in Communications, Stuttgart, Germany, July 1999.
Network Security. Tutorial. IM '99, 8 May 1999.
NDSS, February 1999.
Authentication Architectures. February 1999.
Security, Cryptography, and Magic. Panel session. RSA Conference, January 1999.
Computer Insecurity. 20 October 1998.
Network and Internet Security. September 1998.
Cryptography and the Internet. CRYPTO, August 1998.
Security for the NGI. December 1997.
Trust Problems. Panel session. NISSC, Baltimore, MD, October 1997.
Network Layer Security—Structure and Challenges. DIMACS, October 1997.
Key Recovery. July 1997.
Trends in Internet Security. July 1997.
NISSC, Baltimore, MD, October 1996.
WWW Problems. Panel session.
Is Encryption Unbreakable?. Panel session.
Java—Threat or Menace?. Panel session.
Where the Wild Things Are. Panel session.
IAB/IESG Statement on Cryptography. October 1996.
Java Security Model. April 1996.
Shifting the Odds—Writing More Secure Software. December 1994.
An Introduction to Escrowed Encryption Systems. Usenix, Boston, MA, June 1994.
Firewalls are Necessary. IEEE Symposium on Research in Security and Privacy, May 1994.
IETF TalksI often give talks at IETF meetings. Since these are generally not very comprehensible out of context, I've broken them out and listed them separately.
Towards a TCP Security Option. 67th IETF, San Diego, CA, November 2006.
Access Control Prefix Router Advertisement Option for IPv6. 56th IETF, San Francisco, CA, March 2003.
(Ab?)Using IPsec for SEND. 54th IETF, Yokohama, Japan, July 2002.
47th IETF, Adelaide, South Australia, March 2000.
iaPCBC for IPsec. 46th IETF, Washington, DC, November 1999.
Transport-Friendly ESP BoF. 44th IETF, Minneapolis, MN, March 1999.
PINT Security Requirements. 40th IETF, Washington, DC, December 1997.
Further work on IP-layer Security—A Personal Opinion. 39th IETF, Munich, Germany, August 1997.
Naming and Certificates. 37th IETF, San Jose, CA, December 1996.
Problems with Hostpair Keying. 32nd IETF, Danvers, MA, April 1995.