Roger Needham, 1935-2003

Cambridge Research Lab, which he founded in 1997. Prior to joining Microsoft, he was associated with Cambridge University for nearly half a century—as an undergraduate and graduate student, as a researcher, and eventually as a professor and head of the Computer Laboratory. In this EIC message, I focus on the significance of Needham's research contributions to pervasive computing. These contributions are foundational in character. We are so dependent on them that we hardly realize that they each required a leap of imagination and creativity to bring into existence. In that respect, they meet Mark Weiser's criterion for a profound technology: they " weave themselves into the fabric of everyday lives until they are indistinguishable from it. " Every time you authenticate yourself to a remote system, you probably use a derivative of a technique that Needham and his colleague Michael Schroeder originally developed. In the mid 1970s, they were both involved in Xerox PARC's pioneering effort to create a personal computing environment. Part of that vision included using shared resources, such as laser printers and file servers, from many different clients over a network. The need to control access to these resources led naturally to the need for user authentication. Needham and Schroeder formulated the authentication problem in a fundamentally different way from its prior formulation in the context of time-sharing systems. Not only did a computer system have to be assured of the user's identity, but the reverse also had to be true: the human user had to be confident that he or she was not interacting with a compromised remote computer. In other words, the problem was one of mutual authentication between untrusted parties. What made the problem especially challenging was the assumption that the network was completely open. Malicious third-party machines could eavesdrop on all communication between the parties desiring mutual authentication. A malicious machine could also inject communication into the network, letting it masquerade as one of the parties. It could do this, for example, by replaying communication that it had recorded earlier during a genuine authentication. Needham and Schroeder's approach combined several simple ideas into an elegant whole. First, it used end-to-end encryption to convert an open network into a secure communication channel. Second, it inferred the possession of a shared secret (the keys used for encryp-tion and decryption) from the ability to generate a correctly encrypted response to a challenge. Third, it foiled replay …