Mehdi Sotoodeh
Mission Viejo, CA *****
Mobile: 949-***-****
Email: *************@*****.***
Github: https://github.com/msotoodeh/ and https://github.com/mesoto/ Blog: http://mehdisotoodeh.wordpress.com/
LinkedIn: www.linkedin.com/in/mehdi-sotoodeh-15953a1 Patents: http://patents.justia.com/inventor/mehdi-sotoodeh Summary
A results-driven, performance-focused, innovative and analytical Senior Software Engineer who can think “out of the box”. Extensive hands-on experience in all levels of product life cycle, including design, development, testing and production.
Technical Skills
• In depth system knowledge of software and hardware platforms.
• In depth knowledge of wide range of processor architectures and micro-architectures (Intel, ARM, Motorola, Atmel, Microchip, Cypress
• Solid programming experience in C/C++, Java, Python, JavaScript, Perl, C# ... and Assembly languages.
• Environments: Windows, Linux, device driver, pre-boot/boot-loaders, Kernel/User, hypervisor.
• Solid experience in hands-on development and troubleshooting of BIOS, firmware and embedded systems.
• Hacking, debugging, reverse engineering and binary analysis.
• Hardware/software implementation of USB, JTAG, I2C, SPI, SD-CARD, NAND FLASH ...
• Understandings of on-chip debug and trace facilities. Exposure to hardware logic analyzers, oscilloscopes, bus analyzers
• Exposure to hardware and processor simulation and emulation environments.
• Design and development of flash-based file systems with wear-leveling and error correction.
• Demonstrated creative, critical thinking and troubleshooting skills.
• Impressive track record in optimum process and algorithm design balancing various system elements such as performance, scalability, integrity, security, cost, resource requirement ...
• Development of highly optimized code.
• Strong in mathematics.
• In depth knowledge of cryptography.
• FIPS, PC/SC, ISO7816, Smartcards, JavaCard, GlobalPlatform
• Constant-time and side-channel security.
• Participation in open source projects.
• Highly professional, with the ability to deliver solid work on tight schedules.
• Ability to work independently as well as cooperatively with other team members.
• Ability to grasp new technologies and react to changes in a fast-paced environment.
• 12 granted and 5 pending patents.
mehdi sotoodeh
Selected Work Experience
Kryptologik Inc. /Mission Viejo, CA.
01/2017 – 04/2018: Senior Systems Architect.
• KLOCK/FPE: Hardware & software based solution addressing database security (data protection, access control and monitoring). This product protects personally identifiable information (PII) as well as other sensitive data while maintaining database query capabilities. o KLOCK handles crypto operations and safeguards protection keys. o Advanced authentication schemes: PKI-based (EC-P256), OTP (one-time password), shared-secret (SHA256-HMAC).
o Usage control and monitoring.
o Support for X509 certification.
• KLOCK/U2F: USB HID token used as Universal 2nd Factor authentication. This token supports FIDO specification and is supported by big companies such as Google, Facebook, Github, ...
• SPP: Smart Programming Platform: Consists of hardware and software components that are targeted for software and firmware security for IOT and other similar devices. o Secure delivery of software to untrusted contract manufacturing. o Comprehensive target validation and production quality. o Customization: identification, serialization, key generation ... o Licensing and control of production quantity.
o Secure remote control, update and monitoring.
• FOLDING: Invented a new algorithm called FOLDING to speed up Elliptic Curve scalar multiplication. FOLDING improves ECC performance by a factor of 4, 8 or more. I have implemented this technique in https://github.com/msotoodeh/curve25519 project which achieves new speed record.
• Whitebox-AES/ARIA: Invented a new white-box system that can be used to implement highly secure cryptographic algorithms such that keys and intermediate state information do not show up in clear during the execution of the code. For additional info, visit https://github.com/msotoodeh/WhiteBoxCrypto and click the AES demo link.
• Whitebox-FDE: Invented a new FDE (Formatted Data Encryption) algorithm that is whitebox- friendly. Whitebox-FDE is used for encryption of formatted data such as social security and credit card numbers in untrusted environments such as point of sale systems. For additional information visit https://github.com/msotoodeh/WhiteBoxCrypto/tree/master/FDE Magtek Inc. / Seal Beach, CA.
05/2017 – 08/2017: Senior Systems Consultant.
• oDynamo: PCI DSS compliant card reader/terminal for point of sales systems. This system is based on Maxim-Jibe ARM processor utilizing embedded Linux and u-boot. o Security review for compliance with PCI in terms of data and side-channel security. o Added support for 4-bit ECC NAND flash memories for both u-boot as well as Linux kernel. This support was based on using Micron’s NAND flash chip supporting 1-bit ECC for the 1st 128KB block and 4-bit ECC for the rest of the memory. o Adding GDB stub to be able to debug the code when JTAG port is not an option. o Improved code signing design for extendibility and better key management. mehdi sotoodeh
Numecent Inc. / Irvine, CA.
01/2014 – 12/2016 Senior Systems Architect.
• AppWall Publisher: Creating virtualized documents and their associated readers utilizing cloudpaging technology.
o Design and development of a windows printer system that creates virtualized App-set packages.
o Development of SOAP-based web interfaces to push the generated packages to the servers and handle license generation.
• Security review and propose improvements for client, server and packager components.
• Development and implementation of new set of crypto routines and libraries for kernel mode drivers as well as user mode player.
• Design and development of several system components (V2 token, trusted time, server restriction access, license management
• Intel SGX: Worked with Intel development team on SGX (Software Guard eXtension). o Design and development of a virtual HSM and integration with cloudpaging player. o Created a server to handle remote attestation and secure delivery of payloads (C#, C++, JSON, and WinHTTP).
o Provided feedback on SGX security issues and improvements. o Discovered and reported a vulnerability in SGX crypto and the way key derivation was designed. Intel fixed this issue with SGXSDK 1.6.
SafeNet Inc. Irvine/Redwood City, CA
03/2001-07/2013. Senior Systems Architect / Member of CTO office.
• DUAL-VIEW: Invented a new concept using hypervisor and EPT (Extended Page Table) in order to provide dual view memory pages for the virtual machines. With this system, two different physical pages are mapped into a virtual address based on who is accessing this virtual address. One view is accessible to trusted callers and another view is visible to untrusted callers. This effectively provides exclusive execution environment which runs in the context of the guest VM while is it fully protected from un-trusted pages of the system (POC based on XEN hypervisor).
• KeySecure/DataSecure and Protect-V: Part of the design and development team (Embedded- Linux, C, C++, and Assembly).
• RMS Tokens: Developed and supported products and tools for Software Protection and Rights Management applications. These products have been in production for years and have been used by millions of clients. (USB Micro-controllers, firmware/assembly, Windows/Linux device driver, and library/C).
• SHK: Design and development of Sentinel Hardware Keys (Microchip USB microprocessor, firmware/assembly, device driver/C, and library/C, and NAND FLASH, WDM device driver).
• Compact Java VM: Design and development of a VM and tools that allow conversion of standard Java classes into a compact and proprietary byte code. This virtual machine was implemented on SHK consuming only 24KB code space. Dedicated tools enable developers to move part of their applications to a secure VM inside SHK tokens. Conversion tool generates mehdi sotoodeh
encrypted and signed VM images as well as proxy code for client applications (Java, JNI, C, C#, and Python).
Encryptix Inc. Irvine, CA
05/2000 –03/2001 Principal Software Engineer
I was one of the key engineers on the development of a system capable of handling highly secure transaction services. I was in charge of the development of the software and protocols for an embedded C/ASM system using FIPS level-4 hardware.
Rainbow Technologies Inc. Egham, UK/ Irvine, CA
12/1989 – 05/2000 Principal Software Engineer
• iKey: Design and development of iKey authentication tokens (USB microcontrollers, firmware, ISO 7816 and PC/SC, WDM device drivers).
• SuperToken is a flavor of iKey consisting of multiple CPU chips and an integral fingerprint scanner with its on board fingerprint matching firmware. Software update for the on board Atmel ARM7 CPU was carried out using its JTAG interface dealing with low level aspects of ARM7 CPU such as instruction cycles, micro-ops, pipelines, wait slots and so on.
• RFPD: Design and development of a hardware/software platform to deal with multiple aspects of token production:
o Minimize manufacturing time errors.
o Production cost reduction.
o High security. Role enforcement, cheat-detection, encrypted firmware, ...
• Smartcard-Reader: Design and development of a serial port smart card reader. I did the hardware design, firmware and PC/SC driver development. I worked with Microsoft during evolution of PC/SC. This driver is included with Windows 2000 installation CD. Education
MPhil (MSc Equivalent)
Computer Aided Circuit Design and Synthesis,
Department of Electronics and Electrical Engineering, Brunel University, Uxbridge, Middlesex, UB8 3PH, UK BSc/EE
Electronics and Digital Systems,
Electrical Engineering Department,
Sharif University of Technology, Tehran, Iran