Cryptographers Paul Kocher and Taher Elgamal Awarded The 2019 Marconi Prize

Cryptographers Paul Kocher and Taher Elgamal Awarded The 2019 Marconi Prize

Creation of SSL/TLS Made a Profound Impact on Secure Communications Systems

Mountain View, CA, March 13, 2019

Paul Kocher and Taher Elgamal, whose work has had a profound impact on communication security, have been awarded the 2019 Marconi Prize for their development of SSL/TLS and other contributions to the security of communications.

The award will be given at The Marconi Society’s annual Awards Dinner San Carlos on May 17, 2019.

“By addressing the need for end-to-end confidentiality and authenticity —which the Internet’s early developers deliberately omitted from the unclassified design —Kocher’s and Elgamal’s joint efforts played a critical role in enabling further development and scaling of the Internet,” says Dr. Vinton Cerf, Chair of the Marconi Society.

SSL/TLS defines how a pair of devices, such as a customer’s web browser and a server, can communicate securely over a completely untrusted network. The protocol enables participants to authenticate themselves using digital certificates and protects the data they exchange against eavesdropping and tampering. And, SSL is largely automatic for users, whereas prior security protocols often required user choices such as selecting which cryptographic algorithms to support. Now, they simply look for the ubiquitous SSL “lock” icon in the browser. That’s because even in 1995, Elgamal and Kocher anticipated the need for a protocol that could support a broad range of cryptographic configurations while being easy for non-technical users to apply safely.

Dr. James H. Clark, a computer scientist who founded several notable Silicon Valley technology companies including NetscapeCommunications, where SSL was developed, says, “Today, SSL/TLS secures virtually all sensitive communications and commerce online. The protocol has enabled global communication at enormous scale, with a high level of security and trust over insecure communications channels. This broad adoption reflects a combination of foresight, technical innovations and leadership.”

Neither Kocher nor Elgamal initially set out to become cryptographers. Elgamal came to Stanford University in the late 70s to study Electrical Engineering, having been captivated since early childhood by numbers. There he met Dr. Martin Hellman, one of the co-inventors of Public Key Encryption, and quickly turned his attention to cryptography. After getting his PhD in 1984, he joined Hewlett Packard Labs, then left to cofound a data compression company. He subsequently served in top engineering posts at RSA Data Security and Netscape Communications, Inc., where he was Chief Scientist. It was there that Dr. Hellman connected him with Kocher, as Elgamal sought to develop Netscape’s eCommerce platform.

Kocher had also met Hellman while he was at Stanford. Although he was studying biology to become a veterinarian, he was fascinated by cryptography, and Hellman encouraged his involvement in several cryptographic initiatives. One of the initiatives Hellman suggested to Kocher was developing SSL at Netscape with Elgamal. As an undergraduate, Kocher spent summers at RSA Labs and did consulting work during the school year, including numerous security evaluation projects for Microsoft. After finishing his undergraduate degree, he co-founded the company ValiCert, which went public in 2000. He also started and ran Cryptography Research, initially focusing on cryptography consulting (although later the company expanded into other products, and was acquired by Rambus in 2011).

The Netscape project turned out to be a perfect fit for the talents of Elgamal and Kocher. Kocher’s contributions primarily focused on the development of the SSL/TLS protocol itself. Elgamal led the adoption of SSL as a free and transparent industry standard, with SSL 3.0 becoming the basis for the IETF TLS standards.

“Taher had a clear vision for SSL 3.0, but had many other things on his platter as well, so he made arrangements for me and Phil Karlton to do the main work of designing the protocol,” says Kocher. “We were trying to get ahead of consumers’ fears that eCommerce was unsafe. We weren’t trying to boil the ocean,” he adds. “We were simply trying to fix a specific problem.” (Phil Karlton tragically died in a car accident shortly after the work was finished, but Kocher considers him an equal co-author, and points to contributions from others as well.)

The project was complicated by early cryptography export controls. Kocher literally had to register as an arms exporter when he wanted to mail a diskette to a consulting client. “Before the web, cryptography was primarily the domain of governments and militaries,” says Kocher. Browsers shipped to users outside the USA were forced to use easily-broken encryption. That meant the protocol had to support various security levels without making it possible for a man-in-the-middle attacker to downgrade security. But despite these and other obstacles, the team at Netscape kept pushing forward on SSL 3.0.

In November 1996 they published a public description of how two computers could establish an encrypted channel so that anyone could create a secure tunnel between two machines. Elgamal also secured Netscape’s support for making the protocol free to everyone, including Netscape’s competitors. He subsequently led a successful effort to get IETF to use SSL 3.0 as the basis for an industry standard which became known as TLS, crucially gaining Microsoft’s support over an alternative Microsoft already had developed internally. Having a single broadly-accepted standard with compatibility between the leading companies was essential in preventing fragmentation of the web.

The elegance of SSL 3.0 is undeniable. In addition to enabling security for non-technical users, Kocher’s design efforts also anticipated that future research would lead to new algorithms, requirements and vulnerabilities to attacks. SSL 3.0’s longevity is due to its ability to negotiate sessions in a way that allows implementers to eliminate algorithms identified as weak and add support for new, stronger ones. The genius of this design is that it doesn’t break compatibility or require simultaneous upgrades of servers. And, it is still evolving; as new bugs or vulnerabilities are discovered, the technology has proved its value through its ability to change as needed.

The catastrophically-broken precursor, SSL 2.0, was also a problem. “Technologically, the hardest part was finding the path from the then current world to the SSL 3.0 solution,” says Kocher. “It would be impossible to upgrade one computer at a time, and we were navigating a complicated public policy that mandated weak security talking to a foreign server but strong security for domestic transactions.”

“The design had to solve various problems,” Elgamal says. “It’s nearly impossible to get cryptographers to agree on a single solution. We adopted an ‘agility framework’ that accommodated different encryption methods on both sides of the transaction. It happens without the user having to make choices.” Another important feature of SSL 3.0 is that it can guarantee that encrypted content hasn’t been changed, even if the encryption has been broken. Prior security protocols combined the two tasks, making it possible to break both at the same time.

Beyond SSL/TLS, both Elgamal and Kocher have made significant contributions to the practice of cryptography. In addition to designing the public-key technique known as Elgamal encryption, Elgamal developed the Elgamal digital signature algorithm which forms the basis for the U.S. digital signature standard called ECDSA. He currently serves as Chief Technical Officer of Security at Salesforce, where he is responsible for development and management of the Salesforce.com security solutions and infrastructure. Kocher is considered the father of side-channel attacks; having discovered that subtle variations in the amount of time or power a machine uses can expose the secret key, he developed countermeasures used in billions of devices. More recently, Kocher discovered the “Spectre” class of vulnerabilities in microprocessors.

“The entire Internet population benefits from the work of Kocher and Elgamal every day,” says Cerf. “Their contribution has not been widely recognized in the past, but their work has had enormous real-world impact on secure communication systems.”

“It’s clear that SSL3.0 was a critical enabler of the rapid adoption of a secure web,” said Dr. Martin Scott, SVP/GM of Cryptography and CTO at Rambus, for which Kocher remains a senior security technical advisor. “The solution that Kocher and Elgamal devised was elegant engineering that remains central to ensuring safe, trusted online exchanges to this day.”

By receiving the Marconi Prize, Elgamal and Kocher join a distinguished list of scientists whose work underlies all of modern communication technology, from the microprocessor to the Internet, and from optical fiber to GPS and the latest wireless breakthroughs.

About the Marconi Society

Established in 1974 by the daughter of Guglielmo Marconi, the Nobel Laureate who invented radio, the Marconi Society promotes awareness of key technology and policy issues in telecommunications and the Internet and recognizes significant individual achievements through the Marconi Prize and Young Scholar Awards. More information may be found at www.marconisociety.orgSubscribe. Follow: LinkedInTwitter and Facebook.