Robert G. Moskowitz

• The Early Days
• College
• Current Work
• Past Work Experience
• Standards Participation
• Writings
• Patents
• Also see him on Linkedin

The Early Days

Robert is an old-time computer person, going back to Teletypes (55 baud) and timeshare (GE 235) in High School in 1966.  Euclid High School started their computer math classes that year with 13 seniors and 1 junior, Robert.

BASIC was in its second year.

College

Robert attended Michigan State University from 1968 through 1973.

In 1972 he received two Bachleor of Science, Computer Science and Botany (Successional Ecology).  MSU had to change the rules to allow issuing two degrees at the same time.  Thus he was the first student have to be in two places at one time during commencements.  Of course he was not successful at this feat.

He is batting 500, using that C.S. degree.

Current Work

2015 - Present HTT Consulting, LLC.

The end of 2014 saw a major Reduction In Force (RIF) at Verizon Enterprise Services.  So with the start of 2015, Robert started a Security Consultancy, specializing in secure communications and identities.

Robert is funded by Huawei Communications to work in the IETF to develop standards in the DOTS, I2NSF, SACM, and MILE to support large scale Internet security issues.  This includes work in other areas that touch on secure communications and system protection.

Separate funding by Huawei Communications to develop a HIP-based mobility proposal for 5G.  This involves enhancements to HIP and participating in 3GPP.

Funding by an automotive OEM to recommend best practices to secure the new in-vehicle Ethernet standards (IEEE 802.3bw and 802.1CB).

Develop a secure communications solution for an EU IoT vendor for a 8-bit, 32K iot sensor product line.  The solution is built off of the HIP-DEX concept.

Past Work Experience

2010 - 2014 -- Verizon Enerprise Services / Innovation Labs

VES formed an Innovations lab to incubate new ideas and technologies.  Robert's role was to develop secure communications and identity standards to support the group.  Also to provide security review within the group and for other units in VES.

Other activities included supporting VES in security for NFV (Network Function Visualization) development, Vehicular Cybersecurity workshops for key automotive OEMs, and support for a PKI RFI for V2V (IEEE 1609.2).

1998 - 2010 -- ICSAlabs/TruSecure/Cybertrust/Verizon

Starting in 1998 at ICSA Inc. with writing certification specifications for IPsec, Robert's work in secure communications evolved as ICSA Inc. evolved.  The testing labs, always (and still does) perform security product certification.  The company grew through TruSecure to Cybertrust (and the Cybertrust division of Verizon) where he continued to research and develop secure communication standards.

1992 - 2006 -- Network Computing Magazine

    Contributing Editor

Regular contributor to Network Computing Magazine. Columns included "Corporate View" and "Security Watch".

1987 - 1997 -- Chrysler Motors Corporation

In IT technical support at Chrysler from 1987 though 1997 for a total of 19 years in Automotive.  Was one of the primary movers in the expansion of LANs at Chrysler and the key corporate person in the move to TCP/IP in 1992.  Orchestrated the first real performance test of MVS/TCP in the fall of 1993.

Chrysler representative to the ANX team at the AIAG where he was one of the two principle designers of the ANX.

1978 - 1987 -- American Motors Corporation

Data base supervisor from 1980 through 1983 doing CODASYL database development and online transaction processing.  In 1985, oversaw the installation of DB2, AMC being a gamma site.  Was involved in Engineering support from FEA for the first Jeep Wrangler, selection of CATIA for CAD, cracking of GDDM graphics to allow inexpensive 3rd party devices to display IBM Mainframe graphics.  Was also instrumental in bringing WANG word processing into AMC in 1983 and its later replacement by secretarial PCs in 1986.

1974 - 1978 -- State Of Michigan, Department of Commerce

    System Analyst

Significant accomplishments there included developing the Energy Distribution model in LP (Linear Programming) during the Oil Embargo, and a number of economic models exposing unfair trade practices in Michigan.

Standards Participation

1993 - Present -- The IETF

Began his involvement in the IETF in the spring of 1993, chairing the then new TN3270 Enhancements workgroup (RFCs 1576 , 1646, and 1647).  Was the originator of the private address scheme and co-author of RFC 1918.  In 1995 was appointed to the IAB where he served two 2 year terms.  Also co-chaired the Calendaring and Scheduling and the IPsec workgroups in the IETF.

Work in the Namespace Research Group in the IRTF.

As co-chair of the IPsec workgroup, sheppard the completion of the main group of RFCs in 1998:  2401 - 2412.  Recognized for successfully herding the 300+ cats in the workgroup.

Invented the HIP protocol,  RFCs 7401, 7402.  HIP defined the first cryptographically generated IP address (CGA) and self-provable Identities.

Currently working on Internet Security defense in the DOTS, I2NSF, SACM, and MILE workgroups.

2001 - Present -- The IEEE

Began his involvement in the IEEE in the spring of 2001, contributing in IEEE 802.11 (WiFi) on the 802.11i security addendum (WPA).  He continued to contribute to other efforts in 802.11 including 802.11r and 802.11s before shifting to work in 802.1 and then 802.15.

He was working in 802.1 on 802.1X-rev for supporting 802.11i when, in 2003, securing 802.3 for 802.3ah (EPON) lead to the 802.1AE (MACsec) effort.  MACsec and 802.1X drove the need for 802.1AR (Secure Device Identity) which is an X.509 certificate profile and layered PKI approach to Identities.

While working on addendum to 802.1X to support 802.1AE key management (until this point 802.1X was only authentication transport), he learned that IEEE 802.15.4 (Zigbee) lacked the MAC service layer to support any key management technology. He proposed a method to provide key management transport and chaired the IEEE 802.15.9 Key Mananagement Transport Recommended Practice that has been adopted by WiSUN.

1993 - 1997 -- The AIAG

In 1993, joined the AIAG (Automotive Industry Action Group) telecommunication team, representing Chrysler's interests.  The team developed a TCP/IP white paper in 1994, and the ANX model in 1995.  was one of the principle architects of the ANX and the architect of its IPsec and PKI based security model.  Shepherded the development of IPsec products by organizing and running a series of 6 workshops for IPsec vendors and technologists.  Since then, the vendors are self-maintaining the workshops for testing new features.

Other Standards Participation

He has also participated in NFV (Network Function Virtualization) and recently in 3GPP (Cellular standards).

Writings

• RFC 1517 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. de Groot. March 1994.
• RFC 1918 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. (Obsoletes RFC1627, RFC1597)
• Robert Moskowitz (2003). Weakness in Passphrase Choice in WPA
• Robert Moskowitz (2003). Simple Secrets/Simple Security
• Robert Moskowitz (2003-12-01). Debunking the Myth of SSID Hiding
• RFC 4423 Host Identity Protocol (HIP) Architecture. R. Moskowitz, P. Nikander. May 2006.
• RFC 5201 Host Identity Protocol. R. Moskowitz, P. Nikander, P. Jokela, Ed., T. Henderson. April 2008.
• RFC 5202 Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). P. Jokela, R. Moskowitz, P. Nikander. April 2008.
• A. Gurtov, M. Komu, R. Moskowitz, Host Identity Protocol (HIP): Identifier/Locator Split for Host Mobility and Multihoming, Internet Protocol Journal, 12(1):27-32, March 2009.
• RFC 7401 Host Identity Protocol Version 2 (HIPv2). R. Moskowitz, Ed., T. Heer, P. Jokela, T. Henderson. April 2015. (Obsoletes RFC5201)
• RFC 7402 Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). P. Jokela, R. Moskowitz, J. Melen. April 2015. (Obsoletes RFC5202)
• and more to add

Patents

• Session Layer Data Security, United States 9137216, Issued September 15, 2015
  
  A first application at a first device selects one of multiple encapsulation format types based on a cost or bandwidth associated with a network, or associated with a link of the network, connected between the first application at the first device and a second application at a second device. The first application receives, at the first application from Open Systems Interconnection (OSI) layers above an OSI session layer, payload data associated with a session, and generates one or more session layer encapsulated blocks of the payload data using the selected one of the multiple encapsulated format types. The first application encrypts the payload data, and other data of the one or more session layer encapsulated blocks, and passes the encrypted session layer encapsulated block to OSI layers below the session layer for sending to the second application at the second device.
  
  
• Enhanced shared secret provisioning protocol, United States 7398550, Issued July 8, 2008
  
  An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.
  
  
• EAP telecommunication protocol extension, United States 20040010713, Filed January 15, 2004
  
  A method for providing a network connection includes a step of initiating an EAP connection between a device seeking network access and a network by way of a network access server. The network access server is configured to selectively permit—or deny—network access. Using EAP formatted messages, the device seeking network access negotiates for an additional credential that grants an authorization for a service other than network access. The network preferably provides the credential prior to completing the EAP process for granting network access.
  
  

You can EMail Robert at   his desk...