David A. McGrew
| David A. McGrew | |
|---|---|
| Born | |
| 🎓 Alma mater | Michigan State University |
| 💼 Occupation | |
| Known for | Galois/Counter Mode, SRTP, AEAD interface |
David A. McGrew is an American cryptographer and a Cisco Fellow at Cisco Systems. He co-designed Galois/Counter Mode (GCM) with John Viega; the mode was standardized by NIST in 2007 and is now incorporated into TLS 1.3, IPsec, SSH, IEEE 802.1AE (MACsec), and other protocols. Ross Anderson's textbook Security Engineering credits the design to McGrew and Viega and describes GCM as the default mode for bulk encryption.[1] He also co-designed the Secure Real-time Transport Protocol (SRTP) and authored RFC 5116, which defined the authenticated encryption with associated data (AEAD) abstraction adopted across IETF protocol specifications. His published work has accumulated more than 12,000 citations according to Google Scholar.[2]
Career
McGrew holds a doctorate in physics from Michigan State University. Early in his career he worked at TIS Labs at Network Associates (formerly Trusted Information Systems), contributing to key management and stream cipher analysis.[3] By late 2000 he had joined Cisco Systems,[4] where he has worked since.
At Cisco, McGrew holds the title of Cisco Fellow, the company's highest individual technical designation. He managed the Crypto and VPN Software Development team in the Internet Technologies Division, then formed and led the Strategic Cryptographic Development Group and the Advanced Cryptographic Development Group, each within the Office of the CTO.[5] In 2017, his team developed Cisco's Encrypted Traffic Analytics (ETA) product, which classifies malware in encrypted network flows without decryption.[6]
Research
Galois/Counter Mode
McGrew and John Viega submitted Galois/Counter Mode to NIST in 2004 as a candidate block cipher mode of operation.[7] NIST standardized the mode as Special Publication 800-38D in November 2007, designating GCM and GMAC as recommended authenticated encryption modes for symmetric block ciphers.[8]
In Security Engineering, Anderson writes that GCM "has taken over as the default" mode for authenticated encryption since its 2007 standardization.[1] An independent evaluation of block cipher modes by cryptographer Phillip Rogaway assessed GCM as well-suited for high-speed network packet processing, noting its performance advantages from hardware parallelism, while identifying security considerations for configurations using short authentication tags or large message volumes.[9]
GCM was subsequently incorporated into TLS 1.2,Script error: No such module "RFC". TLS 1.3,Script error: No such module "RFC". IPsec,Script error: No such module "RFC". SSH,Script error: No such module "RFC". and IEEE 802.1AE (MACsec). McGrew and Viega designed GCM to be patent-free.[10]
Secure Real-time Transport Protocol
McGrew co-designed the Secure Real-time Transport Protocol (SRTP) with Mark Baugher, Mats Näslund, Elisabetta Carrara, and Karl Norrman; it was standardized as RFC 3711 in March 2004.[11] SRTP provides confidentiality, message authentication, and replay protection for RTP traffic used in Voice over IP and video conferencing. McGrew co-authored RFC 5764 with Eric Rescorla, specifying DTLS key establishment for SRTP;[12] this mechanism became the encryption basis for WebRTC. AES-GCM was added to SRTP in RFC 7714, which McGrew co-authored with Kevin Igoe.[13]
AEAD interface
In January 2008, McGrew published RFC 5116 as sole author, defining a common programming interface for authenticated encryption with associated data (AEAD) algorithms and specifying AES-GCM and AES-CCM as concrete instances.[14] The abstraction was adopted in subsequent IETF standards as the standard way to specify encryption in protocol design, replacing earlier ad hoc combinations of separate encryption and message authentication code algorithms.
Post-quantum cryptography
McGrew co-authored RFC 8554 with Michael Curcio and Scott Fluhrer, specifying Leighton–Micali Hash-Based Signatures (LMS), a hash-based post-quantum digital signature scheme.[15] He also co-authored RFC 8784, specifying a method for mixing pre-shared keys into IKEv2 to protect VPN key establishment against quantum computer attacks.[16]
Encrypted traffic analysis
Starting around 2016, McGrew and colleagues at Cisco developed machine learning methods for classifying encrypted network traffic, including malware detection in TLS sessions without decryption.[17] A 2017 paper with Blake Anderson presented at KDD described a classification system that accounts for noisy labels and non-stationarity in encrypted traffic.[18] This research became the basis for Cisco's Encrypted Traffic Analytics product.
IETF standards work
McGrew co-chaired the IRTF Crypto Forum Research Group (CFRG) with Ran Canetti from at least 2004[19] and served as chair at IETF 83 in 2012.[20] The CFRG reviews cryptographic algorithm proposals and advises IETF working groups on cryptographic design. McGrew has co-authored 19 RFCs spanning authenticated encryption, key management, elliptic curve cryptography, post-quantum signatures, and wireless authentication protocols.[21]
Open-source software
McGrew co-developed Joy,[22] a BSD-licensed tool for network flow capture and encrypted traffic analysis, and its successor Mercury,[23] both available through Cisco's GitHub organization. He also published a Python implementation of Leighton–Micali hash-based signatures.[24]
Selected publications
- McGrew, David A.; Sherman, Alan T. (2003). "Key Establishment in Large Dynamic Groups Using One-Way Function Trees". IEEE Transactions on Software Engineering. 29 (5): 444–458. doi:10.1109/tse.2003.1199073.
- McGrew, David A.; Viega, John (2004). "The Security and Performance of the Galois/Counter Mode (GCM) of Operation". Progress in Cryptology – INDOCRYPT 2004. Lecture Notes in Computer Science. 3348. Springer. doi:10.1007/978-3-540-30556-9_27. ISBN 978-3-540-30556-9. Search this book on

- McGrew, David A. (January 2008). "RFC 5116: An Interface and Algorithms for Authenticated Encryption". IETF. Retrieved May 24, 2026.
- Anderson, Blake; McGrew, David (2017). "Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity". Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM. doi:10.1145/3097983.3098163. Search this book on

References
- ↑ 1.0 1.1 Anderson, Ross (2020). Security Engineering: A Guide to Building Dependable Distributed Systems (PDF) (3rd ed.). John Wiley & Sons. p. 180. ISBN 978-1-119-64283-1.
Galois Counter Mode (GCM) has taken over as the default since being approved by NIST in 2007.
Search this book on
- ↑ "David McGrew – Google Scholar". Retrieved May 24, 2026.
- ↑ "CLIQUES: A New Approach to Group Key Agreement (Internet Draft)". IETF Datatracker. March 1999. Retrieved May 24, 2026.
- ↑ McGrew, David A. (November 2000). "The Secure Real-time Transport Protocol (SRTP) (Internet Draft)". IETF Datatracker. Retrieved May 24, 2026.
- ↑ "Speaker: David McGrew". International Cryptographic Module Conference. Retrieved May 24, 2026.
- ↑ O'Neill, Patrick Howell (June 22, 2017). "Cisco aims to detect malware hidden in encrypted traffic". CyberScoop. Retrieved May 24, 2026.
- ↑ McGrew, David A.; Viega, John (2004). "The Security and Performance of the Galois/Counter Mode (GCM) of Operation". Progress in Cryptology – INDOCRYPT 2004. Lecture Notes in Computer Science. 3348. Springer. CiteSeerX 10.1.1.1.4591. doi:10.1007/978-3-540-30556-9_27. ISBN 978-3-540-30556-9. Search this book on
- ↑ Dworkin, Morris (November 2007). Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (PDF) (Technical report). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-38D. 800-38D. Retrieved May 24, 2026.
- ↑ Rogaway, Phillip (February 2011). "Evaluation of Some Blockcipher Modes of Operation" (PDF). Cryptography Research Group, University of California, Davis. Retrieved May 24, 2026.
- ↑ McGrew, David A.; Viega, John. "The Galois/Counter Mode of Operation (GCM) Intellectual Property Statement" (PDF). Computer Security Resource Center, NIST. Retrieved May 24, 2026.
- ↑ "The Secure Real-time Transport Protocol (SRTP)". IETF. March 2004. Retrieved May 24, 2026.
- ↑ "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)". IETF. May 2010. Retrieved May 24, 2026.
- ↑ "AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP)". IETF. December 2015. Retrieved May 24, 2026.
- ↑ "An Interface and Algorithms for Authenticated Encryption". IETF. January 2008. Retrieved May 24, 2026.
- ↑ "Leighton-Micali Hash-Based Signatures". IETF. April 2019. Retrieved May 24, 2026.
- ↑ "Mixing Preshared Keys in IKEv2 for Post-quantum Security". IETF. June 2020. Retrieved May 24, 2026.
- ↑ Anderson, Blake; McGrew, David (2016). "Identifying Encrypted Malware Traffic with Contextual Flow Data". Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security. ACM. pp. 35–46. doi:10.1145/2996758.2996768. Search this book on
- ↑ Anderson, Blake; McGrew, David (2017). "Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity". Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM. doi:10.1145/3097983.3098163. Search this book on
- ↑ "Crypto Forum Research Group (CFRG)". IETF Datatracker. Retrieved May 24, 2026.
- ↑ "CFRG Meeting, IETF 83" (PDF). IETF. March 2012. Retrieved May 24, 2026.
- ↑ "David McGrew – IETF Datatracker". IETF. Retrieved May 24, 2026.
- ↑ "cisco/joy: A package for capturing and analyzing network flow data and intraflow data". Cisco Systems. Retrieved May 24, 2026.
- ↑ "cisco/mercury: Network metadata capture and analysis". Cisco Systems. Retrieved May 24, 2026.
- ↑ "davidmcgrew/hash-sigs: Hash-based digital signatures in Python". GitHub. Retrieved May 24, 2026.
External links
This article "David A. McGrew" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:David A. McGrew. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
