Paul C. van Oorschot

According to our database1, Paul C. van Oorschot authored at least 163 papers between 1988 and 2019.

Collaborative distances:

Awards

ACM Fellow

ACM Fellow 2016, "For contributions to applied cryptography, authentication and computer security".

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Other 

Links

Homepages:

On csauthors.net:

Bibliography

2019
The Internet of Things: Security Challenges.
IEEE Security & Privacy, 2019

Software Security and Systematizing Knowledge.
IEEE Security & Privacy, 2019

Secure Client and Server Geolocation Over the Internet.
CoRR, 2019

2018
Secure Client and Server Geolocation over the Internet.
;login:, 2018

Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication.
ACM Trans. Priv. Secur., 2018

Letter to the Editor.
IEEE Security & Privacy, 2018

Science of Security: Combining Theory and Measurement to Reflect the Observable.
IEEE Security & Privacy, 2018

Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management.
CoRR, 2018

Comparative Analysis and Framework Evaluating Web Single Sign-On Systems.
CoRR, 2018

Securing Email.
CoRR, 2018

Comparative Analysis of Control Plane Security of SDN and Conventional Networks.
IEEE Communications Surveys and Tutorials, 2018

BP: Formal Proofs, the Fine Print and Side Effects.
Proceedings of the 2018 IEEE Cybersecurity Development, SecDev 2018, Cambridge, MA, USA, 2018

A Discussion on Security Education in Academia.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

2017
Location Verification of Wireless Internet Clients: Evaluation and Improvements.
IEEE Trans. Emerging Topics Comput., 2017

CPV: Delay-Based Location Verification for the Internet.
IEEE Trans. Dependable Sec. Comput., 2017

On the security and usability of dynamic cognitive game CAPTCHAs.
Journal of Computer Security, 2017

Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes.
CoRR, 2017

A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks.
CoRR, 2017

SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Science, Security and Academic Literature: Can We Learn from History?
Proceedings of the 2017 Workshop on Moving Target Defense, 2017

Accurate Manipulation of Delay-based Internet Geolocation.
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017

2016
Server Location Verification and Server Location Pinning: Augmenting TLS Authentication.
CoRR, 2016

Pushing on string: the 'don't care' region of password strength.
Commun. ACM, 2016

Revisiting password rules: facilitating human management of passwords.
Proceedings of the 2016 APWG Symposium on Electronic Crime Research, 2016

Device fingerprinting for augmenting web authentication: classification and analysis of methods.
Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016

2015
An Empirical Evaluation of Security Indicators in Mobile Web Browsers.
IEEE Trans. Mob. Comput., 2015

Accurate One-Way Delay Estimation With Reduced Client Trustworthiness.
IEEE Communications Letters, 2015

Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying.
IEEE Communications Letters, 2015

Quantifying the security advantage of password expiration policies.
Des. Codes Cryptogr., 2015

Passwords and the evolution of imperfect authentication.
Commun. ACM, 2015

What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks.
Proceedings of the Technology and Practice of Passwords - 9th International Conference, 2015

Heuristics for the evaluation of captchas on smartphones.
Proceedings of the 2015 British HCI Conference, Lincoln, United Kingdom, July 13-17, 2015, 2015

2014
Security Analysis and Related Usability of Motion-Based CAPTCHAs: Decoding Codewords in Motion.
IEEE Trans. Dependable Sec. Comput., 2014

Baton: certificate agility for android's decentralized signing infrastructure.
Proceedings of the 7th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2014

Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

An Administrator's Guide to Internet Password Research.
Proceedings of the 28th Large Installation System Administration Conference, 2014

Location verification on the Internet: Towards enforcing location-aware access policies over Internet clients.
Proceedings of the IEEE Conference on Communications and Network Security, 2014

A three-way investigation of a game-CAPTCHA: automated attacks, relay attacks and usability.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013
Evaluation in the absence of absolute ground truth: toward reliable evaluation methodology for scan detectors.
Int. J. Inf. Sec., 2013

Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability.
CoRR, 2013

SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

Markets for zero-day exploits: ethics and implications.
Proceedings of the New Security Paradigms Workshop, 2013

Deadbolt: locking down android disk encryption.
Proceedings of the SPSM'13, 2013

2012
Passwords for Both Mobile and Desktop Computers Appendix.
;login:, 2012

Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android.
;login:, 2012

Reducing Unauthorized Modification of Digital Objects.
IEEE Trans. Software Eng., 2012

Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism.
IEEE Trans. Dependable Sec. Comput., 2012

Revisiting Defenses against Large-Scale Online Password Guessing Attacks.
IEEE Trans. Dependable Sec. Comput., 2012

Revisiting network scanning detection using sequential hypothesis testing.
Security and Communication Networks, 2012

A Research Agenda Acknowledging the Persistence of Passwords.
IEEE Security & Privacy, 2012

The Future of Authentication.
IEEE Security & Privacy, 2012

Graphical passwords: Learning from the first twelve years.
ACM Comput. Surv., 2012

Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?
Proceedings of the Information Security - 15th International Conference, 2012

Understanding and improving app installation security mechanisms through empirical analysis of android.
Proceedings of the SPSM'12, 2012

Tapas: design, implementation, and usability evaluation of a password manager.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Back to the Future: Revisiting IPv6 Privacy Extensions.
;login:, 2011

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects.
IEEE Trans. Information Forensics and Security, 2011

Exploiting predictability in click-based graphical passwords.
Journal of Computer Security, 2011

Leveraging personal devices for stronger password authentication from untrusted computers.
Journal of Computer Security, 2011

Accommodating IPv6 Addresses in Security Visualization Tools.
Information Visualization, 2011

Secure Software Installation on Smartphones.
IEEE Security & Privacy, 2011

Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification.
Computers & Security, 2011

A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation.
Proceedings of the 2011 New Security Paradigms Workshop, 2011

Mercury: Recovering Forgotten Passwords Using Personal Devices.
Proceedings of the Financial Cryptography and Data Security, 2011

Exploration and Field Study of a Password Manager Using Icon-Based Passwords.
Proceedings of the Financial Cryptography and Data Security, 2011

Network scan detection with LQS: a lightweight, quick and stateful algorithm.
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011

2010
Purely automated attacks on passpoints-style graphical passwords.
IEEE Trans. Information Forensics and Security, 2010

A control point for reducing root abuse of file-system privileges.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

System security, platform security and usability.
Proceedings of the fifth ACM workshop on Scalable trusted computing, 2010

A methodology for empirical analysis of permission-based security models and its application to android.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

Exploring usability effects of increasing security in click-based graphical passwords.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
User interface design affects security: patterns in click-based graphical passwords.
Int. J. Inf. Sec., 2009

Internet geolocation: Evasion and counterevasion.
ACM Comput. Surv., 2009

Reducing threats from flawed security APIs: The banking PIN case.
Computers & Security, 2009

Security visualization tools and IPv6 addresses.
Proceedings of the 6th International Workshop on Visualization for Cyber Security 2009, 2009

TwoStep: An Authentication Method Combining Text and Graphical Passwords.
Proceedings of the E-Technologies: Innovation in an Open World, 2009

Passwords: If We're So Smart, Why Are We Still Using Them?
Proceedings of the Financial Cryptography and Data Security, 2009

Multiple password interference in text passwords and click-based graphical passwords.
Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

Browser interfaces and extended validation SSL certificates: an empirical study.
Proceedings of the first ACM Cloud Computing Security Workshop, 2009

2008
On predictive models and user-drawn graphical passwords.
ACM Trans. Inf. Syst. Secur., 2008

Privacy-enhanced sharing of personal content on the web.
Proceedings of the 17th International Conference on World Wide Web, 2008

Digital Objects as Passwords.
Proceedings of the 3rd USENIX Workshop on Hot Topics in Security, 2008

Improving text passwords through persuasion.
Proceedings of the 4th Symposium on Usable Privacy and Security, 2008

Persuasion for Stronger Passwords: Motivation and Pilot Study.
Proceedings of the Persuasive Technology, Third International Conference, 2008

The developer is the enemy.
Proceedings of the 2008 Workshop on New Security Paradigms, 2008

Localization of credential information to address increasingly inevitable data breaches.
Proceedings of the 2008 Workshop on New Security Paradigms, 2008

Centered Discretization with Application to Graphical Passwords.
Proceedings of the Usability, Psychology, and Security, 2008

Discovering Packet Structure through Lightweight Hierarchical Clustering.
Proceedings of IEEE International Conference on Communications, 2008

Weighing Down "The Unbearable Lightness of PIN Cracking".
Proceedings of the Financial Cryptography and Data Security, 12th International Conference, 2008

Exploring User Reactions to New Browser Cues for Extended Validation Certificates.
Proceedings of the Computer Security, 2008

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud.
Proceedings of the Computer Security, 2008

SOMA: mutual approval for included content in web pages.
Proceedings of the 2008 ACM Conference on Computer and Communications Security, 2008

Influencing users towards better passwords: persuasive cued click-points.
Proceedings of the 22nd British HCI Group Annual Conference on HCI 2008: People and Computers XXII: Culture, Creativity, Interaction, 2008

On Purely Automated Attacks and Click-Based Graphical Passwords.
Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

Improving Security Visualization with Exposure Map Filtering.
Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

2007
On interdomain routing security and pretty secure BGP (psBGP).
ACM Trans. Inf. Syst. Secur., 2007

Self-Signed Executables: Restricting Replacement of Program Binaries by Malware.
Proceedings of the 2nd USENIX Workshop on Hot Topics in Security, 2007

Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords.
Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007

Usability of anonymous web browsing: an examination of Tor interfaces and deployability.
Proceedings of the 3rd Symposium on Usable Privacy and Security, 2007

A second look at the usability of click-based graphical passwords.
Proceedings of the 3rd Symposium on Usable Privacy and Security, 2007

VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures.
Proceedings of the 2007 Workshop on New Security Paradigms, White Mountain Hotel and Resort, New Hampshire, USA, 2007

Security and usability: the gap in real-world online banking.
Proceedings of the 2007 Workshop on New Security Paradigms, White Mountain Hotel and Resort, New Hampshire, USA, 2007

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer.
Proceedings of the Financial Cryptography and Data Security, 2007

Graphical Password Authentication Using Cued Click Points.
Proceedings of the Computer Security, 2007

Tracking Darkports for Network Defense.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

2006
On countering online dictionary attacks with login histories and humans-in-the-loop.
ACM Trans. Inf. Syst. Secur., 2006

A monitoring system for detecting repeated packets with applications to computer worms.
Int. J. Inf. Sec., 2006

Exposure Maps: Removing Reliance on Attribution During Scan Detection.
Proceedings of the 1st USENIX Workshop on Hot Topics in Security, 2006

A Usability Study and Critique of Two Password Managers.
Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31, 2006

Analysis of BGP prefix origins during Google's May 2005 outage.
Proceedings of the 20th International Parallel and Distributed Processing Symposium (IPDPS 2006), 2006

A Protocol for Secure Public Instant Messaging.
Proceedings of the Financial Cryptography and Data Security, 2006

Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

2005
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance.
IEEE Trans. Dependable Sec. Comput., 2005

Pass-thoughts: Authenticating With Our Minds.
IACR Cryptology ePrint Archive, 2005

On instant messaging worms, analysis and countermeasures.
Proceedings of the 2005 ACM Workshop on Rapid Malcode, 2005

A Generic Attack on Checksumming-Based Software Tamper Resistance.
Proceedings of the 2005 IEEE Symposium on Security and Privacy (S&P 2005), 2005

Pass-thoughts: authenticating with our minds.
Proceedings of the New Security Paradigms Workshop 2005, 2005

Message authentication by integrity with public corroboration.
Proceedings of the New Security Paradigms Workshop 2005, 2005

DNS-based Detection of Scanning Worms in an Enterprise Network.
Proceedings of the Network and Distributed System Security Symposium, 2005

Pretty Secure BGP, psBGP.
Proceedings of the Network and Distributed System Security Symposium, 2005

Countering Identity Theft Through Digital Uniqueness, Location Cross-Checking, and Funneling.
Proceedings of the Financial Cryptography and Data Security, 2005

Detecting Intra-enterprise Scanning Worms based on Address Resolution.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005

Highlights from the 2005 New Security Paradigms Workshop.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005

Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management.
Proceedings of the Applied Cryptography and Network Security, 2005

2004
Graphical Dictionaries and the Memorable Space of Graphical Passwords.
Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, 2004

Secure Public Instant Messaging.
Proceedings of the Second Annual Conference on Privacy, 2004

Securing the Destination-Sequenced Distance Vector Routing Protocol (S-DSDV).
Proceedings of the Information and Communications Security, 6th International Conference, 2004

Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop (Extended Abstract).
Proceedings of the Financial Cryptography, 2004

Towards Secure Design Choices for Implementing Graphical Passwords.
Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), 2004

S-RIP: A Secure Distance Vector Routing Protocol.
Proceedings of the Applied Cryptography and Network Security, 2004

2003
Revisiting Software Protection.
Proceedings of the Information Security, 6th International Conference, 2003

2002
White-Box Cryptography and an AES Implementation.
Proceedings of the Selected Areas in Cryptography, 2002

A White-Box DES Implementation for DRM Applications.
Proceedings of the Security and Privacy in Digital Rights Management, 2002

2000
Cryptographic Information Recovery Using Key Recover.
Computers & Security, 2000

1999
Coding Theory And Cryptology.
Proceedings of the Handbook of Discrete and Combinatorial Mathematics., 1999

On the Security of Iterated Message Authentication Codes.
IEEE Trans. Information Theory, 1999

Parallel Collision Search with Cryptanalytic Applications.
J. Cryptology, 1999

Addressing the Problem of Undetected Signature Key Compromise.
Proceedings of the Network and Distributed System Security Symposium, 1999

1997
Security analysis of the message authenticator algorithm (MAA).
European Transactions on Telecommunications, 1997

Special Issue: Selected Areas in Cryptography - Introduction.
Des. Codes Cryptogr., 1997

1996
On the Security of Two MAC Algorithms.
Proceedings of the Advances in Cryptology, 1996

On Diffie-Hellman Key Agreement with Short Exponents.
Proceedings of the Advances in Cryptology, 1996

Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude.
Proceedings of the Advances in Cryptology, 1996

Handbook of Applied Cryptography
CRC Press, ISBN: 0-8493-8523-7, 1996

1995
Design Choices and Security Implications in Implementing Diffie-Hellman Key Agreement.
Proceedings of the Cryptography and Coding, 1995

MDx-MAC and Building Fast MACs from Hash Functions.
Proceedings of the Advances in Cryptology, 1995

1994
Modern key agreement techniques.
Computer Communications, 1994

On unifying some cryptographic protocol logics.
Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, 1994

Parallel Collision Search with Application to Hash Functions and Discrete Logarithms.
Proceedings of the CCS '94, 1994

On Key Distribution via True Broadcasting.
Proceedings of the CCS '94, 1994

1993
An Alternate Explanation of two BAN-logic "failures".
Proceedings of the Advances in Cryptology, 1993

Extending Cryptographic Logics of Belief to Key Agreement Protocols.
Proceedings of the CCS '93, 1993

1992
Pair-Splitting Sets in AG(m, q).
SIAM J. Discrete Math., 1992

Subgroup Refinement Algorithms for Root Finding in GF(q).
SIAM J. Comput., 1992

Authentication and Authenticated Key Exchanges.
Des. Codes Cryptogr., 1992

1990
On splitting sets in block designs and finding roots of polynomials.
Discrete Mathematics, 1990

A Known Plaintext Attack on Two-Key Triple Encryption.
Proceedings of the Advances in Cryptology, 1990

A Comparison of Practical Public Key Cryptosystems Based on Integer Factorization and Discrete Logarithms.
Proceedings of the Advances in Cryptology, 1990

1989
A geometric approach to root finding in GF(qm).
IEEE Trans. Information Theory, 1989

Applications of Combinatorial Designs in Computer Science.
ACM Comput. Surv., 1989

1988
Some Computational Aspects of Root Finding in GF(qm).
Proceedings of the Symbolic and Algebraic Computation, 1988


  Loading...