My academic journey began with astronomer Clifford Stoll's The Cuckoo's Egg. Frustrated by a seventy-five cent accounting error, Stoll fixates on unearthing some faulty logic—a tantalising tale of KGB hacking ensues.
Identity. My first attack: A trusted computing system (by HP, IBM, and Intel) designed to hide user identity, whilst cryptographically proving correct operation—only it didn't, I unveiled user identities. Subsequently, proposing a fix, developing an analysis framework, and proving the patched system secure.
Communication. I went on to study decentralised systems more generally. Published a book chapter on modelling and analysing communications, wrote the manual for software that automates analysis, developed techniques for improved automation.
Infrastructure. I became fascinated with Internet infrastructure upon discovering an attack against TLS, taking full control of Microsoft accounts and partial control of Google accounts. (Onstage at Black Hat'13, audience of eight hundred, not going to lie, a little terrifying!) Subsequently writing an introductory text on TLS 1.3 and OpenJDK's implementation.
Consensus. Our elections are vulnerable to mass fraud; 'merica, in particular, is awash with voting technology that was never fit for purpose: I've broken, patched, and proven-secure numerous voting systems, using frameworks I built for the purpose.
I no longer pursue academic research, recent publications are old. (Journals take a while to publish.)
See also: Google Scholar, DBLP, AMiner, CS Authors, Semantic Scholar, ORCID