The online trust model built around SSL/TLS has exhibited many weakenesses. Our work surveys the cryptographic and protocol-level attacks on SSL/TLS, as well as the certificate issuing process, the weaknesses of relying on hundreds of certificate authorities, the lack of reliable revocation, and the inherent limitiations of relying on non-expert humans to make security decisions. We also systemize a large number of proposed tools for improving the trust model (e.g., Convergence, DANE, certificate pinning, etc.).

Given the number of people who carry a smartphone with them, we are interested in novel techniques for using a smartphone in addition to a password when logging into websites. We are also interested in code-signing practices in Android.

Bitcoin is a peer-to-peer electronic cash system that uses cryptographic techniques to protect a holder's coins, mint new coins, and ensure there is no double-spending. We are interested in ways that Bitcoin's network can be extended to do other interesting things. One application is CommitCoin, which allows anyone to obtain a timestamp on a message; a timestamp that can be verified without trusting any third party. We are also interested in building a distributed prediction market on top of Bitcoin.

Security researchers worry about internet voting for two main reasons: (1) voters' computers cannot be assumed to be secure and (b) someone can watch how you vote (or vote on your behalf). Our internet voting system Selections addresses the second issue by giving users panic passwords that they can use. If a vote is cast with a panic password, no one other than the voter can tell and it is verifiably descarded before producing the final tally. We are currently investigating how to solve the first issue, the untrusted platform problem, using techniques like code voting. Remotegrity is one approach.

In traditional elections, once your vote is in the box and you walk away, you have no way of knowing if your vote counted. Scantegrity is a security enhancement for optical scan electronic voting that lets voters verify that all votes were counted correctly, including their own (this is called end-to-end verifiability or E2E). Voters mark a ballot exactly the same way as in traditional optical scan, except with Scantegrity, a short 3 digit code will appear in the oval. Voters wanting verifiability can copy this code down and later confirm it online. Additionally, using cryptographic techniques, the candidates, stakeholders, or any interested person can check that codes were correctly translated back into votes without revealing how anyone voted. This is done with a small piece of software. Scantegrity was used by the municipality of Takoma Park for their 2009 and 2011 elections. Scantegrity has generated media interest.

In addition to Selections and Scantegrity, we have done other work on end-to-end verifiable (E2E) elections. In many systems, auditing the cryptographic aspects of an election involves a strong understanding of mathematics and custom code. Eperio is a very simple backend that can be audited with just a spreadsheet. Eperio can actually be run without computers at all: Aperio is its fully paper-based sibling, suitable for developing countries. Scantegrity was based on an earlier system called Punchscan. Punchscan was used in a student election and won the top award at VoComp. Punchscan has generated media interest.

Sometimes we'd like to know people are actually doing what they claim to be. Random audits are one way to acheive this in the real world, and random challenges are used in a similar way in cryptographic protocols. Random challenges should be unpredictable: if the scrutinized party knows what the challenge will be, they can fake correct behaviour. If you see that a particular challenge was issued in the past, can you be convinced it was unpredictable at the time? Is there a public source of randomness that we can all agree is high quality, unpredictable, and has an accessible history of past values? We claim that financial markets are suitable. We use tools from computational finance to determine that stocks in the S&P 500 have between 6 and 9 bits of entropy per trading day.

Have you ever wished you could have a second special password for when you are with someone else and want your service to change what is displayed in some way? Such panic passwords or duress codes have many security applications but hadn't been looked at closely. We show that the well-known model of giving a user two passwords, a ‘regular’ and a ‘panic’ password, is susceptible to attack if an adversary (who knows the system) simply asks you to authenticate twice using different passwords. We introduce several new panic password systems thnat get around this and other attacks. Panic passwords can be deployed in a wide variety of real-world applications: email, Facebook, internet voting, and search & seizures.

Tor is a popular privacy tool designed to help achieve online anonymity by anonymising web traffic. We evaluate four competing methods of deploying Tor clients, and a number of software tools designed to be used in conjunction with Tor: Vidalia, Privoxy, Torbutton, and FoxyProxy. We also considered a standalone anonymous browser that no longer uses Tor. Our results show that none of the deployment options are fully satisfactory from a usability perspective, but we offer suggestions on how to incorporate the best aspects of each tool. Our research was done over five years ago and the Tor project has made seemlingly good improvements to Tor configuration.