Please click here for a list of papers by topic.

Refereed research papers

Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs.
T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno.
Usenix Security, July 30-August 1, 2008.

Shining Light in Dark Places: Understanding the Tor Network.
D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker.
Privacy Enhancing Technologies Symposium, July 23-25, 2008.

Improving Wireless Privacy with an Identifier-free Link Layer Protocol.
B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall.
MobiSys, June 17-20, 2008.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Symposium on Security and Privacy, May 18-21, 2008
[ Paper FAQ, Medical Device Security Center ] [ The New York Times, Wall Street Journal, Reuters, Associated Press, Seattle PI, Boston Globe, Scientific American, IDG News Service, Schneier on Security ]

Detecting In-Flight Page Changes with Web Tripwires.
C. Reis, S. Gribble, T. Kohno, and N. Weaver.
Networked Systems Design and Implementation (NSDI), April 16-18, 2008.
[ Results Summary, Data Collection ] [ Slashdot (data collection), Slashdot (paper), PC World, Ars Technica ]

Security and Privacy for Implantable Medical Devices.
D. Halperin, T.S. Heydt-Benjamin, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Pervasive Computing, 7(1), January-March 2008.

Physical Access Control for Captured RFID Data.
T. Kriplean, E. Welbourne, N. Khoussainova, V. Rastogi, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
IEEE Pervasive Computing, 6(4), October-December 2007.

Low-resource Routing Attacks Against Tor.
K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker.
Workshop on Privacy in the Electronic Society, October 29, 2007.
[ FAQ Technical Report ] [ Slashdot ]

Expressing Privacy Policies Using Authorization Views.
V. Rastogi, E. Welbourne, N. Khoussainova, T. Kriplean, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
Workshop on UbiComp Privacy: Technologies, Users, Policy, September 16, 2007.

Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
Journal of Cryptology, to appear.

Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing.
T.S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno.
Usenix Security, August 8-10, 2007.
[ Slingbox summary, Nike+iPod FAQ ] [ Wired, Slashdot, CNN, Fox News, NPR, King 5, Seattle PI, Seattle Times, BBC, PC Magazine, Sherman's Lagoon (cartoon), (more) ]

Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era.
B. Greenstein, R. Gummadi, J. Pang, M.Y. Chen, T. Kohno, S. Seshan, and D. Wetherall.
11th Workshop on Hot Topics in Operating Systems (HotOS XI), May 7-9, 2007.

Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation.
M. Bellare, T. Kohno, and V. Shoup.
13th ACM Conference on Computer and Communications Security, October 30-November 3, 2006.

Designing voting machines for verification.
N. Sastry, T. Kohno, and D. Wagner.
Usenix Security, July 31-August 4, 2006.

Herding hash functions and the Nostradamus attack.
J. Kelsey and T. Kohno.
Advances in Cryptology -- EUROCRYPT, May 28-June 1, 2006.

Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine (extended abstract).
D. Molnar, T. Kohno, N. Sastry, and D. Wagner.
IEEE Symposium on Security and Privacy, May 21-24, 2006.

Key regression: Enabling efficient key distribution for secure distributed storage.
K. Fu, S. Kamara, and T. Kohno.
Network and Distributed System Security Symposium, February 2-3, 2006.
[ SearchSecurity.com ]

Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
Advances in Cryptology -- CRYPTO, August 14-18, 2005.

Remote physical device fingerprinting.
T. Kohno, A. Broido, and K.C. Claffy.
IEEE Transactions on Dependable and Secure Computing, 2(2), April-June 2005.

Remote physical device fingerprinting.
T. Kohno, A. Broido, and k. claffy.
IEEE Symposium on Security and Privacy, May 8-11, 2005.
[ Slashdot, CNET News.com, The Register ]

Attacking and repairing the WinZip encryption scheme.
T. Kohno.
11th ACM Conference on Computer and Communications Security, October 25-29, 2004.
[ Slashdot ]

Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm.
M. Bellare, T. Kohno, and C. Namprempre.
ACM Transactions on Information and System Security, 7(2), May 2004.

Analysis of an electronic voting system.
T. Kohno, A. Stubblefield, A.D. Rubin, and D.S. Wallach.
IEEE Symposium on Security and Privacy, May 9-12, 2004.
[ Slashdot (more), The New York Times (more), MSNBC, Forbes/Reuters, The Washington Post (more), Newsweek, Wired, This Modern World (cartoon), More ]

Hash function balance and its impact on birthday attacks.
M. Bellare and T. Kohno.
Advances in Cryptology -- EUROCRYPT, May 2-6, 2004.

New security proofs for the 3GPP confidentiality and integrity algorithms.
T. Iwata and T. Kohno.
Fast Software Encryption, February 5-7, 2004.

CWC: A high-performance conventional authenticated encryption mode.
T. Kohno, J. Viega, and D. Whiting.
Fast Software Encryption, February 5-7, 2004.

A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications.
M. Bellare and T. Kohno.
Advances in Cryptology -- EUROCRYPT, May 4-8, 2003.

Analysis of RMAC.
L.R. Knudsen and T. Kohno.
Fast Software Encryption, February 24-26, 2003.

Helix: Fast encryption and authentication in a single cryptographic primitive.
N. Ferguson, D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno.
Fast Software Encryption, February 24-26, 2003.

Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol.
M. Bellare, T. Kohno, and C. Namprempre.
Ninth ACM Conference on Computer and Communications Security, November 18-22, 2002.

Token-based scanning for source code security problems.
J. Viega, J.T. Bloch, T. Kohno, and G. McGraw.
ACM Transactions on Information and System Security, 5(3), August 2002.

On the global content PMI: Improved copy-protected Internet content distribution.
T. Kohno and M. McGovern.
Financial Cryptography: Fifth International Conference, February 19-22, 2001.

A network-flow-based scheduler: Design, performance history and experimental analysis.
H.N. Gabow and T. Kohno.
ACM Journal of Experimental Algorithmics, 6, 2001.

ITS4: A static vulnerability scanner for C and C++ code.
J. Viega, J.T. Bloch, Y. Kohno, and G. McGraw.
Annual Computer Security Applications Conference, December 11-15, 2000.

Preliminary cryptanalysis of reduced-round Serpent.
T. Kohno, J. Kelsey, and B. Schneier.
Third AES Candidate Conference, April 13-14, 2000.

Amplified boomerang attacks against reduced-round MARS and Serpent.
J. Kelsey, T. Kohno, and B. Schneier.
Fast Software Encryption, April 10-12, 2000.

A network-flow-based scheduler: Design, performance history, and experimental analysis.
H.N. Gabow and T. Kohno.
Second Workshop on Algorithm Engineering and Experiments, January 7-8, 2000.

Standards documents

SSH transport layer encryption modes.
M. Bellare, T. Kohno, and C. Namprempre.
IETF RFC 4344, January 2006.

Other writings

Software Review and Security Analysis of the Diebold Voting Machine Software.
R. Gardner, A. Yasinsac, M. Bishop, T. Kohno, Z. Hartley, J. Kerski, D. Gainey, R. Walega, E. Hollander, and M. Gerke.
Report commissioned by the Florida Department of State, July 2007.

Authenticated Encryption in Practice: Generalized Composition Methods and the Secure Shell, CWC, and WinZip Schemes.
T. Kohno
UCSD Dissertation, June 2006.

Congressional Testimony.
T. Kohno.
U.S. House of Representatives, Committee on House Administration, Hearing on Electronic Voting System Security, July 7, 2004.

Trust (and mistrust) in secure applications.
J. Viega, T. Kohno, and B. Potter.
Communications of the ACM, 44(2), February 2001.

The Twofish Team's final comments on AES selection.
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, and M. Stay.
Comments to NIST, May 15, 2000.