Junade Ali

Junade Ali CEng FIET is a British computer scientist known for research in cybersecurity.

Ali studied for a Master of Science degree aged 17, was awarded Chartered Engineer status at 23 and became the youngest ever Fellow of the IET at 27. He holds a PhD in cryptography.

He started his research career working on the UK's Motorway Incident Detection and Automatic Signalling network and working on the maximum coverage problem in road traffic sensor placement.

Ali later worked for cybersecurity firm Cloudflare as an engineering manager where he worked on developing network diagnostic tooling, a security operations center and safety-engineered natural language processing.

In February 2018, Ali created the first Compromised Credential Checking protocol (using k-anonymity and cryptographic hashing) to anonymously verify whether a password was in a data breach without fully disclosing the searched password. This protocol was implemented as a public API and is now consumed by multiple websites and services, including password managers and browser extensions. This approach was later replicated by Google's Password Checkup feature and by Apple iOS. Ali worked with academics at Cornell University to develop new versions of the protocol known as Frequency Smoothing Bucketization (FSB) and Identifier-Based Bucketization (IDB). In March 2020, cryptographic padding was added to the protocol. Ali's research was praised in Canadian cryptographer Carlisle Adams book, Introduction to Privacy Enhancing Technologies.

Ali conducts cybersecurity research on North Korea and provides expert commentary to journalists at NK News.

In January 2022, Ali told journalists at NK News and Reuters that he had observed North Korea's internet being taken offline in a second major outage that month following a missile test, Ali told journalists that data he collected was consistent with a DDoS attack. South Korean Government officials responded by saying "we are monitoring the situation under coordination with relevant government agencies," without elaborating further. Wired journalist, Andy Greenberg, later confirmed the downtime resulted from an attack and reported that a single American hacker by the pseudonym P4x had shared evidence of his responsibility. In November 2022, news outlets reported that Ali had said that North Korea's internet was hit by the largest outages in months amid increased missile launches and other military activity, with Ali saying he'd "be surprised if this wasn’t an attack". In 2023, Ali told reporters at NK News that North Korea faced another 'total internet outage' in advance of the reported Malligyong-1 satellite launch.

Ali's consultancy clients have included cybersecurity firm Risk Ledger and engineering productivity company Haystack Analytics. In July 2021, Ali commissioned a study by Survation for Haystack Analytics which found that 83% of software developers were suffering from burnout. The poll also found 57% of software engineers agreed "to a great extent" or "to a moderate extent" with the phrase "Software reliability at my workplace concerns me". Ali claimed this was "the first time representative opinion polling was used to understand software engineers."

In November 2023, Ali served as principal investigator for an investigation by the software auditing firm Engprax, which identified that 53% of software engineers in the UK have suspected wrongdoing at work with 75% reporting they faced retaliation the last time they reported wrongdoing to their employers. The research also found that Worldpay had used a gagging clause banned by the Financial Conduct Authority and shed new light on gagging clauses by Post Office Limited during the British Post Office scandal. The research also found that "industry-standard" DORA metrics used for evaluating the DevOps performance of engineering teams were solely measuring factors that both software engineers and the wider public thought were least important when using computer systems.

During the COVID-19 pandemic, Ali worked on security improvements to the (Google/Apple) Exposure Notification system used to create public health contact tracing apps.

• Li, L., Pal, B., Ali, J., Sullivan, N., Chatterjee, R. and Ristenpart, T., 2019, November. Protocols for checking compromised credentials. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1387–1403).
• Ali, J. and Dyo, V. (2020). Practical Hash-based Anonymity for MAC Addresses. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT, ISBN 978-989-758-446-6; ISSN 2184-7711, pages 572–579. DOI: 10.5220/0009825105720579.
• Ali, J. and Dyo, V., 2021, January. Cross hashing: Anonymizing encounters in decentralised contact tracing protocols. In 2021 International Conference on Information Networking (ICOIN) (pp. 181–185). IEEE.
• Pikies, M. and Ali, J., 2019, April. String similarity algorithms for a ticket classification system. In 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT) (pp. 36–41). IEEE.
• Ali, J. and Dyo, V. (2017). Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 5: WINSYS, (ICETE 2017) ISBN 978-989-758-261-5, pages 83–88.
• Ali, J. (2016). Mastering PHP Design Patterns (book). Packt Publishing Ltd.
• Ali, J. and Pikies, M. (2019). Password Authentication Attacks at Scale. The 6th International Conference on Advanced Engineering – Theory and Applications 2019.