Research and Publications (P. Van Oorschot)

(2nd edn) Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin, P.C. van Oorschot (Springer, 2021)
Google Scholar profile (Paul C. van Oorschot)
dblp (Paul C. van Oorschot)
ORCID (Paul Van Oorschot)

Semantic Scholar
Security research statistics (Davide Balzarotti, Eurecom)
Security conference rankings (Jianying Zhou, SUTD/Singapore)

Journals and peer-reviewed periodicals (for conference papers, see further below):

  1. Srivathsan G. Morkonda, S. Chiasson, P.C. van Oorschot. Influences of displaying permission-related information in web single sign-on login decisions. Computers & Security (to appear; accepted 15-Dec-2023). Preliminary technical report, arxiv.org/abs/2308.13074, 24 Aug 2023, 16 pages.
  2. X. de Carné de Carnavalet, P.C. van Oorschot. A survey and analysis of TLS interception mechanisms and motivations. ACM Computing Surveys vol.55 issue 13s, article no.269, pp.1-40 (13 July 2023); arXiv preprint. Twitter summary.
  3. D. Barrera, C. Bellman, P.C. van Oorschot. A close look at a systematic method for analyzing sets of security advice. Journal of Cybersecurity vol.9 issue 1 (3 July 2023), 15 pages. Preliminary technical report (9 Sept 2022, 20 pages).
  4. C. Bellman, P.C. van Oorschot. Systematic analysis and comparison of security advice as datasets. Computers & Security vol.124 (Jan 2023, 102989) pp.1-12. arXiv preprint.
  5. D. Barrera, C. Bellman, P.C. van Oorschot. Security best practices: A critical analysis using IoT as a case study. ACM Transactions on Privacy and Security 26(2) 13:1-13:30, March 2023. Author's copy (arXiv preprint). Augments earlier tech report (25 Apr 2020) by Bellman and van Oorschot, "Best Practices for IoT security: What does that even mean?". Media/blog articles: Data Breach Today, Schneier on Security
  6. F. Alaca, A. Abdou, P.C. van Oorschot. Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes. IEEE TDSC 18(2):534-549, Mar-Apr 2021. Author's pdf. Preliminary version: arXiv.1708.01706 (5 Aug 2017).
  7. F. Alaca, P.C. van Oorschot. Comparative Analysis and Framework Evaluating Web Single Sign-On Systems. ACM Computing Surveys 53 (5) 112:1-112:34, Sept 2020. Author's version arXiv:1805.00094 (9 Aug 2020), updating preliminary version of 30 Apr 2018 accessible from same page.
  8. A. Abdou, P.C. van Oorschot, T. Wan. Comparative Analysis of Control Plane Security of SDN and Conventional Networks. DOI: 10.1109/COMST.2018.2839348. IEEE Comm. Surveys and Tutorials 20(4):3542-3559, 4qtr2018. Preprint: arXiv.1703.06992 [cs.NI] (arXiv.org Cornell University Library, v3 6-Dec-2017; v1 20-Mar-2017)
  9. C. Herley, P.C. van Oorschot, Science of Security: Combining Theory and Measurement to Reflect the Observable. IEEE Security & Privacy 16(1):12-22, Jan/Feb 2018. DOI 10.1109/MSP.2018.1331028. Author's copy of article: pdf. Related talk video (June 20, 2018 Aalto HAIC) and slide deck. See also C. Herley and P.C. van Oorschot, Response to "On the Science of Security", IEEE Security & Privacy 16(3):8-10, May/Jun 2018
  10. A. Abdou, P.C. van Oorschot. Server Location Verification (SLV) and server location pinning: Augmenting TLS authentication. ACM Trans. on Privacy and Security 21(1), 1:1-1:26 (Jan.2018). DOI 10.1145/3139294. Author's pdf. Preliminary technical report arXiv:1608.03939 (13 Aug 2016, 14 pages).
  11. A. Abdou, A. Matrawy, P.C. van Oorschot. Location verification of wireless internet clients: evaluations and improvements. IEEE Trans. on Emerging Topics in Computing 5(4):563-575, Oct-Dec 2017. DOI: 10.1109/TETC.2016.2608827. Author's copy: pdf.
  12. M. Mohamed, S. Gao, N. Sachdeva, N. Saxena, C. Zhang, P. Kumaraguru, P.C. van Oorschot. On the security and usability of dynamic cognitive game CAPTCHAs. Journal of Computer Security 25(3):205-230, May-June 2017. DOI 10.3233/JCS-16847, IOS Press.
  13. A. Abdou, A. Matrawy, P.C. van Oorschot. CPV: Delay-based Location Verification for the Internet. DOI 10.1109/TDSC.2015.245164. IEEE Trans. on Dependable and Secure Computing, 14(2):130-144 (March-April 2017). Author's pdf. Also real-time demo page. Two-page summary poster: pdf. Media coverage and discussion: TechRepublic, Globe and Mail, TheStack, CarletonNow, Tech Times, VPNservicePoint, Techvibes, reddit, Schneier on Security, slashdot.
  14. D. Florencio, C. Herley, P.C. van Oorschot. Pushing on string: the 'don't-care' region of password strength. Communications of the ACM 59(11):66-74 (Nov.2016). pdf (author's copy).
  15. S. Chiasson, P.C. van Oorschot. Quantifying the Security Advantage of Password Expiration Policies. DOI: 10.1007/s10623-015-0071-9. Designs, Codes and Cryptography 77(2):401-408, Springer, 2015. pdf, related slides (including graphs not in the paper) and video (talk at Microsoft Research, Redmond, 8 July 2015). Media coverage: arsTECHNICA, gcn.com.
  16. J. Bonneau, C. Herley, P.C. van Oorschot, F. Stajano. Passwords and the Evolution of Imperfect Authentication. DOI: 10.1145/2699390. Communications of the ACM vol.58 no.7 (July 2015), pp.78-87. pdf.
  17. C. Amrutkar, P. Traynor, P.C. van Oorschot. An Empirical Evaluation of Security Indicators in Mobile Web Browsers. DOI: 10.1109/TMC.2013.90. IEEE Trans. on Mobile Computing, 14(5):889-903 (May 2015). pdf. Expands and updates earlier ISC 2012 version (see conference papers below).
  18. A. Abdou, A. Matrawy, P.C. van Oorschot. Accurate One-Way Delay Estimation with Reduced Client-Trustworthiness. DOI: 10.1109/LCOMM.2015.2411591. IEEE Communications Letters 19(5):735-738 (May 2015). pdf.
  19. A. Abdou, A. Matrawy, P.C. van Oorschot. Taxing the Queue: Hindering Middleboxes from Unauthorized Large-scale Traffic Relaying. DOI: 10.1109/LCOMM.2014.2349973. IEEE Communications Letters 19(1):42-45 (Jan.2015). pdf.
  20. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot. Security Analysis and Related Usability of Motion-based CAPTCHAs: Decoding Codewords in Motion. DOI: 10.1109/TDSC.2013.52. IEEE TDSC 11(5):480-493 (Sept/Oct 2014). Updates/extends USENIX Security 2012 paper listed under Conference Papers below).
  21. M. Alsaleh, P.C. van Oorschot. Evaluation in the absence of absolute ground truth: toward reliable evaluation methodology for scan detectors. DOI: 10.1007/s10207-012-0178-1. Int. J. Inf. Security 12(2):97-110, 2013.
  22. M. Alsaleh, P.C. van Oorschot. Revisiting network scanning detection using sequential hypothesis testing. DOI: 10.1002/sec.416. Security and Communication Networks 5(12):1337-1350 (2012), Wiley. Preliminary version as TR-11-08 (Jun.30, 2011), School of Computer Science, Carleton University.
  23. R. Biddle, S. Chiasson, P.C. van Oorschot. Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys 44(4), Article 19:1-41 (August 2012). For version with numeric (IEEE-style) citations, see: Technical Report TR-11-01 (Jan.4, 2011), School of Computer Science, Carleton University. Updates and obsoletes Oct.2, 2009 version of TR-09-09 (Graphical Passwords: Learning from the First Generation).
  24. S. Chiasson, E. Stobert, A. Forget, R. Biddle, P.C. van Oorschot. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. DOI: 10.1109/TDSC.2011.55. IEEE TDSC 9(2):222-235 (March/April 2012). Author's copy. Updates and obsoletes TR-11-03 (Feb. 2011), School of Computer Science, Carleton University.
  25. C. Herley, P.C. van Oorschot. A Research Agenda Acknowledging the Persistence of Passwords. DOI: 10.1109/MSP.2011.150. IEEE Security & Privacy 10(1):28-36 (Jan/Feb 2012). Author's copy. Miscellaneous press coverage: Wall Street Journal, Wired, Network World, slashdot.
  26. P.C. van Oorschot, G. Wurster. Reducing Unauthorized Modification of Digital Objects. DOI: 10.1109/TSE.2011.7. IEEE Trans. on Software Engineering 38(1):191-204 (Jan/Feb.2012). Author's copy. Extends HotSec'07 short paper and obsoletes Technical Report TR-09-07 (Sept.14, 2009), School of Computer Science, Carleton University.
  27. M. Alsaleh, M. Mannan, P.C. van Oorschot. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks. DOI: 10.1109/TDSC.2011.24. IEEE TDSC 9(1):128-141, 2012. Author's draft (Feb.13, 2011), updates and obsoletes TR-10-16 (Sept.6, 2010), School of Computer Science, Carleton University.
  28. T. Jaeger, P.C. van Oorschot, G. Wurster. Countering Unauthorized Code Execution on Commodity Kernels: A Survey of Common Interfaces Allowing Kernel Code Modification. DOI: 10.1016/j.cose.2011.09.003. Computers & Security 30(8): 571-579 (2011). Author's copy. Updates and obsoletes preliminary Technical Report TR-11-05 (Mar.15, 2011), School of Computer Science, Carleton University.
  29. R. Biddle, M. Mannan, P.C. van Oorschot, T. Whalen. User Study, Analysis, and Usable Security of Passwords Based on Digital Objects. IEEE TIFS 6(3):970-979, Sept.2011. DOI: 10.1109/TIFS.2011.2116781. Extended version in Technical Report (Feb.16, 2010): TR-10-02, School of Computer Science, Carleton University.
  30. D. Barrera, P.C. van Oorschot. Secure Software Installation on Smartphones. DOI: 10.1109/MSP.2010.202. IEEE Security & Privacy 9(3):42-48 (May/June 2011). Author's copy.
  31. P.C. van Oorschot, J. Thorpe. Exploiting Predictability in Click-Based Graphical Passwords. DOI: 10.3233/JCS-2010-0411. Journal of Computer Security 19(4): 669-702 (2011). Author's copy. Extends USENIX Security 2007 paper and obsoletes Technical Report TR-08-21 (Nov.7, 2008), School of Computer Science, Carleton University.
  32. M. Mannan, P.C. van Oorschot. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers. DOI: 10.3233/JCS-2010-0412. Journal of Computer Security 19(4): 703-750 (2011). Authors' copy (Feb.1 2010). Extends shorter FC'07 paper and updates Technical Report TR-07-11 (March 2007), School of Computer Science, Carleton University.
  33. D. Barrera, P.C. van Oorschot. Accommodating IPv6 Addresses in Security Visualization Tools. DOI: 10.1057/ivs.2011.1. Information Visualization 10(2): 107-116 (April 2011). Author's draft.
  34. P.C. van Oorschot, A. Salehi-Abari, J. Thorpe. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Trans. Info. Forensics and Security 5(3): 393-405 (Sept.2010). Author's copy. Extends ACSAC 2008 paper and obsoletes Technical Reports TR-08-15 (June 2008) and TR-10-07 (March 2010), School of Computer Science, Carleton University.
  35. S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords. Int. J. Inf. Security 8(6):387-398 (Dec.2009, Springer). Author's copy.
  36. J.A. Muir, P.C. van Oorschot. Internet Geolocation: Evasion and Counterevasion. ACM Computing Surveys 42(1), Article 4:1-23 (Dec.2009). Preliminary technical report (April 2006): Internet geolocation and evasion, TR-06-05, Carleton University, School of Computer Science,
  37. M. Mannan, P.C. van Oorschot. Reducing Threats from Flawed Security APIs: The Banking PIN Case. Computers & Security vol.28 no.6 (Sept.2009), pp.410-420. Preliminary version: `Weighing Down "The Unbearable Lightness of PIN Cracking" (Extended Version)', Carleton University, School of Computer Science, Technical Report TR-08-08 (Apr.29 2008).
  38. P.C. van Oorschot, J. Thorpe. On Predictive Models and User-Drawn Graphical Passwords. ACM TISSEC vol.10 no.4 (Jan.2008), article 17, pp.1-33. pdf (©ACM). preprint (June 2 2007).
  39. P.C. van Oorschot, T. Wan, E. Kranakis. On Inter-domain Routing Security and Pretty Secure BGP (psBGP). ACM TISSEC vol.10 no.3 (July 2007), article 11, pp.1-41. pdf (©ACM). preprint (Jan.16 2007).
  40. P.C. van Oorschot, S. Stubblebine. On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM TISSEC vol.9 issue 3 (Aug. 2006), 235-258. pdf (©ACM). preprint (Mar.9 2006).
  41. P.C. van Oorschot, J.M. Robert, M. Vargas Martin. A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms. Int. J. Inf. Security 5(3):186-199 (July 2006, Springer). pdf (©Springer). preprint.
  42. P.C. van Oorschot, A. Somayaji, G. Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. DOI: 10.1109/TDSC.2005.24. IEEE Trans. on Dependable and Secure Computing, vol.2 no.2 (Apr.-June 2005), pp.82-92. pdf (©IEEE).
  43. M. Smith, P.C. van Oorschot, M. Willett. Cryptographic Information Recovery Using Key Recovery. Computers & Security, vol.19 no.1, pp.21-27, Elsevier Advanced Technology 2000.
  44. B. Preneel, P.C. van Oorschot. On the security of iterated message authentication codes. IEEE Trans. on Information Theory, vol.45 no.1 (Jan. 1999), pp.188-199. ps, pdf.
  45. P.C. van Oorschot, M.J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, vol.12 no.1 (Jan. 1999) pp.1-28. pdf.
  46. B. Preneel, V. Rijmen, P.C. van Oorschot. Security analysis of the Message Authenticator Algorithm (MAA), European Trans. on Telecommunications, Vol. 8, No. 5 (Sept./Oct. 1997), pp.455-470. ps, pdf.
  47. B. Preneel, P.C. van Oorschot. A key recovery attack on the ANSI X9.9 retail MAC, Electronics Letters, Aug.16 1996 (vol.32 no.17), pp.1568-1569. ps, pdf. See also 1999 IEEE-IT journal paper.
  48. R. Rueppel, P.C. van Oorschot. Modern key agreement techniques, Computer Communications, vol.17 (July 1994), pp.458-465. ps, pdf.
  49. W. Diffie, P.C. van Oorschot, M.J. Wiener. Authentication and authenticated key exchanges, Designs, Codes and Cryptography, vol.2 (1992), pp.107-125. ps, pdf.
  50. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Subgroup refinement algorithms for root finding in GF(q), SIAM Journal on Computing, vol.21 (1992), pp.228-239.
  51. A. Beutelspacher, D. Jungnickel, P.C. van Oorschot, S.A. Vanstone. Pair-splitting sets in AG(m,q), SIAM Journal on Discrete Mathematics, vol.5, Nov.1992.
  52. P.C. van Oorschot, S.A. Vanstone. On splitting sets in block designs and finding roots of polynomials, Discrete Mathematics, vol.84 (1990), pp.71-85.
  53. C.J. Colbourn, P.C. van Oorschot. Applications of combinatorial designs in computer science, ACM Computing Surveys, vol.21 (Jun. 1989), pp.223-250.
  54. P.C. van Oorschot, S.A. Vanstone. A geometric approach to root finding in GF(qm), IEEE Trans. on Information Theory, vol.35 (Mar. 1989), pp.444-453.

Conference papers, soft periodicals, technical reports, manuscripts (see above for journal papers)

    2024 (for journal papers, see above):

  1. Feng Hao, Samiran Bag, Liqun Chen, P.C. van Oorschot. Owl: An augmented password-authenticated key exchange scheme. Financial Cryptography 2024. Cryptology ePrint Archive 2023/768 (25 May 2023).
  2. F. Piessens, P.C. van Oorschot. Side-channel attacks: A short tour. IEEE Security & Privacy 22(2):75-80 (Mar-Apr 2024). Author's copy.

    2023:

  3. Srivathsan G. Morkonda, S. Chiasson, P.C. van Oorschot. Influences of displaying permission-related information in web single sign-on login decisions. Technical report, arxiv.org/abs/2308.13074, 24 Aug 2023, 16 pages. Updated version to appear in Computers & Security (accepted 15-Dec-2023).
  4. Srivathsan G. Morkonda, S. Chiasson, P.C. van Oorschot. "Sign in with ...Privacy": Timely disclosure of privacy differences among web SSO login options. Technical report, arXiv:2209.04490, 17 Aug 2023, 22pages. (Updates earlier version of 9 Aug 2022, SSOPrivateEye: Timely disclosure of single sign-on privacy design differences.)
  5. P.C. van Oorschot. Memory errors and memory safety: A look at Java and Rust. IEEE Security & Privacy 21(3):62-68, May-Jun 2023. Author's copy.
  6. P.C. van Oorschot. Memory errors and memory safety: C as a case study. IEEE Security & Privacy 21(2):70-76, Mar-Apr 2023. Author's copy.

    2022:

  7. P.C. van Oorschot. Public Key Cryptography's Impact on Society: How Diffie and Hellman Changed the World. Chapter 2 (pages 19-56) in: Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman (R. Slayton, ed.), ACM Press, August 2022. Preprint (24 Mar 2020, updated 5 Dec 2021).
  8. P.C. van Oorschot. Security as an artificial science, system administration, and tools. IEEE Security & Privacy 20(6):74-78 (Nov-Dec 2022). Author's copy.
  9. F. Hao, P.C. van Oorschot. SoK: Password-authenticated key exchange - Theory, practice, standardization and real-world lessons. AsiaCCS 2022. ACM page hosting presentation video and paper pdf. Technical report (Cryptology ePrint); slides.
  10. P.C. van Oorschot. Cyber security education: reinvention required. Cyber Today magazine (Australia), 2022 Edition 1, pages 41-45. Australian Information Security Association.
  11. P.C. van Oorschot. A view of security as 20 subject areas in four themes IEEE Security & Privacy 20(1):102-108 (Jan-Feb 2022). Author's copy.

    2021:

  12. P.C. van Oorschot. Coevolution of security's body of knowledge and curricula. IEEE Security & Privacy 19(5):83-89 (Sept/Oct 2021). Author's copy.
  13. Srivathsan G. Morkonda, P.C. van Oorschot, S. Chiasson. Exploring privacy implications in OAuth deployments. arXiv:2103.02579 (3 Mar 2021). WPES 2021 version (20th Workshop on Privacy in the Electronic Society): Empirical analysis and privacy implications in OAuth-based single sign-on systems.
  14. C. Bennett, A. Abdou, P.C. van Oorschot. Empirical scanning analysis of Censys and Shodan. MADWeb 2021 (NDSS workshop on) Measurements, Attacks, and Defenses for the Web.
  15. J. Clark, P.C. van Oorschot, S. Ruoti, K. Seamons, D. Zappala. SoK: Securing email - A stakeholder-based analysis. FC 2021 (Financial Cryptography and Data Security). Tech report arXiv.1804.07706 [cs.CR] (v3, 22 Oct 2021, 37 pages; earlier "Securing email", v1, 20 Apr 2018).

    2020:

  16. S. Matsumoto, J. Bosamiya, Y. Dai, P.C. van Oorschot, B. Parno. CAPS: Smoothly transitioning to a more resilient web PKI. ACSAC 2020. pdf.
  17. X. de Carné de Carnavalet, P.C. van Oorschot. A survey and analysis of TLS interception mechanisms and motivations. arXiv preprint, 30 Oct 2020; updated Dec 2022 (see journal version, above).

  18. 2019:

  19. C. Bellman, P.C. van Oorschot. Analysis, Implications, and Challenges of an Evolving Consumer IoT Security Landscape. International Conference on Privacy, Security and Trust (PST 2019). pdf.
  20. H. Gupta, P.C. van Oorschot. Onboarding and Software Update Architecture for IoT Devices. International Conference on Privacy, Security and Trust (PST 2019). Best Paper award. pdf.

    2018:

  21. T. Murray, P.C. van Oorschot. Formal Proofs, the Fine Print and Side Effects. Best Paper award. SecDev 2018 (IEEE Cybersecurity Development Conference), Sept.30-Oct.2, Cambridge, MA. pdf. See also Informal summary (Toby's blog). Comments in Twitter thread.
  22. Markus Miettinen, P.C.van Oorschot, Ahmad-Reza Sadeghi. Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management. Technical report arXiv:1808.03071 (9 Aug 2018).
  23. A. Abdou, P.C. van Oorschot. Secure Client and Server Geolocation Over the Internet. USENIX ;login: 43(1):19-25, Spring 2018 issue. Author's pdf (on arXiv). This gives a succinct overview of secure measurement-based geolocation work.

  24. 2017:

  25. P.C. van Oorschot. Science, Security and Academic Literature: Can We Learn from History? (Invited talk). 2017 ACM CCS Moving Target Defense Workshop (MTD'17). DOI: 10.1145/3140549.3140563. Author's copy: pdf.
  26. C. Herley, P.C. van Oorschot. SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit. 2017 IEEE Symp. Security and Privacy, San Jose, California, pp.99-120. pdf. See Jan/Feb 2018 IEEE Security&Privacy article above for slide deck and video link.
  27. A. Abdou, A. Matrawy, P.C. van Oorschot. Accurate Manipulation of Delay-based Internet Geolocation. (Distinguished Paper Award) pdf. ACM AsiaCCS'17, Abu Dhabi, UAE, April 2017. Preliminary tech report pdf (June 2, 2014), TR-14-03 (On the Evasion of Delay-Based IP Geolocation), Carleton University, School of Computer Science.

  28. 2016:

  29. F. Alaca, P.C. van Oorschot. Device Fingerprinting for Augmenting Web Authentication: Classification and Analysis of Methods. ACSAC 2016, December 5-9, Los Angeles. pdf (author's copy).
  30. L. Zhang-Kennedy, S. Chiasson, P. van Oorschot. Revisiting Password Rules: Facilitating Human Management of Passwords. APWG Symp. on Electronic Crime Research (eCrime 2016), Toronto, pp.81-90, June 1-3 2016, IEEE. pdf.

  31. 2015:

  32. A. Abdou, D. Barrera, P.C. van Oorschot. What lies beneath? Analyzing automated SSH bruteforce attacks. Passwords 2015, Cambridge U.K., 7-9 December 2015. pdf. pp.72-91, Springer LNCS vol.9551.
  33. G. Reynaga, S. Chiasson, P.C. van Oorschot. Heuristics for the evaluation of CAPTCHAs on smartphones. DOI: 10.1145/2783446.2783583. Proc. of British HCI 2015 (BCS HCI), pp.126-135, July 13-17 2015, Lincoln, U.K.
  34. G. Reynaga, S. Chiasson, P.C. van Oorschot. Exploring the Usability of CAPTCHAs on Smartphones: Comparisons and Recommendations. DOI: 10.14722/usec.2015.23006. USEC'15, 8 February 2015, San Diego. pdf.

  35. 2014:

  36. D. Florencio, C. Herley, P.C. van Oorschot. An Administrator's Guide to Internet Password Research. Proc. USENIX LISA 2014 (28th Large Installation System Administration Conference), pp.35-52, Nov.9-14, Seattle, Washington. pdf. Sophos (naked security), slashdot, wired.com, (IN)SECUREMagazine.
  37. A. Abdou, A. Matrawy, P.C. van Oorschot. Location Verification on the Internet: Towards Enforcing Location-aware Access Policies Over Internet Clients. IEEE CNS 2014, Oct.29-31, San Francisco. pdf. For demo page, 2-page overview (poster), and extended version (IEEE TDSC 2017), see "Journal papers" above.
  38. D. Florencio, C. Herley, P.C. van Oorschot. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. Proc. USENIX Security 2014, Aug.20-22, San Diego, California, pp.575-590. pdf. Press coverage: ArsTechnica, slashdot, Slate, PCWorld, InternationalBusinessTimes, Telegraph, TheIndependent, Guardian, Register, NetworkWorld, GuruDaily, Softpedia, WinBeta, gizmodo, SDTimes, security.stackexchange.com, threatpost. U.K. password guidance (2015).
  39. D. Barrera, D. McCarney, J. Clark, P.C. van Oorschot. Baton: Certificate Agility for Android's Decentralized Signing Infrastructure. ACM WiSec 2014 (7th ACM Conference on Security & Privacy in Wireless and Mobile Networks), pp.1-12, July 22-24, Oxford, UK. pdf. Preliminary version (Baton: Key Agility for Android without a Centralized Certificate Infrastructure) available as Technical Report TR-13-03 (Aug 9, 2013), School of Computer Science, Carleton University.
  40. Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot, Wei-bang Chen. A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability. Proc. ACM ASIACCS 2014, June 4-6, Kyoto, Japan, pp.195-206. Draft version (6 Oct 2013): arXiv:1310.1540v1 [cs.CR]

  41. 2013:

  42. A. Skillen, D. Barrera, P.C. van Oorschot. Deadbolt: Locking Down Android Disk Encryption. pdf. ACM SPSM 2013 (Security and Privacy in Smartphones and Mobile Devices), November 2013, Berlin.
  43. S. Egelman, C. Herley, P.C. van Oorschot. Markets for Zero-Day Exploits: Ethics and Implications. Panel note. pdf. NSPW 2013, Banff, Canada.
  44. J. Clark, P.C. van Oorschot. SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy, May 2013. Extended version as Technical Report TR-13-01 (March 7, 2013), School of Computer Science, Carleton University.

  45. 2012:

  46. D. McCarney, D. Barrera, J. Clark, S. Chiasson, P.C. van Oorschot. Tapas: Design, Implementation, and Usability of a Password Manager. ACSAC 2012. pdf.
  47. D. Barrera, J. Clark, D. McCarney, P.C. van Oorschot. Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android. 2nd ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM), October 2012. pdf. Earlier version: Technical Report TR-12-01 (May 7, 2012), School of Computer Science, Carleton University.
  48. M. Mannan, P.C. van Oorschot. Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android. USENIX ;login: 37(4):28-37 (Aug.2012). Author's copy.
  49. Chaitrali Amrutkar, Patrick Traynor, P.C. van Oorschot. Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? (Best Student Paper) ISC 2012: Information Security Conference, Germany. Technical Report version: GT-CS-11-10, Georgia Institute of Technology. Updated by IEEE TMC version (see journal papers, above).
  50. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. USENIX Security 2012. pdf.
  51. J. Bonneau, C. Herley, P.C. van Oorschot, F. Stajano. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. IEEE Symposium on Security and Privacy, May 2012. Author's copy. Full length version: University of Cambridge Computer Laboratory, Technical Report Number 817 (UCAM-CL-TR-817), March 2012. Related discussion involving UDS framework: overview (Frank Stajano), federated passwords (Thomas Scavo), authentication as machine learning (Joe Bonneau), object-based passwords on smartphones (M. Mannan), Tapas password manager with smartphone (Dan McCarney).
  52. D. Barrera, W. Enck, P.C. van Oorschot. Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems. IEEE MoST 2012 (Mobile Security Technologies workshop), San Francisco, May 2012. pdf. Updates and obsoletes earlier technical report: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, TR-11-06 (Apr.22, 2011), Carleton University, School of Computer Science.
  53. Dirk Balfanz, Richard Chow, Ori Eisen, Markus Jakobsson, Steve Kirsch, Scott Matsumoto, Jesus Molina, Paul van Oorschot. The Future of Authentication. DOI: 10.1109/MSP.2012.24. IEEE Security & Privacy 10(1):22-27 (Jan/Feb 2012).

  54. 2011:

  55. K. Bicakci, P.C. van Oorschot. A Multi-Word Password Proposal (gridWord) and Exploring Questions about Science in Security Research and Usable Security Evaluation. DOI:10.1145/2073276.2073280. NSPW 2011, Sept.12-15, Marin County, Calfornia. Author's copy.
  56. M. Alsaleh, P.C. van Oorschot. Network Scan Detection with LQS: A Lightweight, Quick and Stateful Algorithm. ACM ASIACCS 2011, pp.102-113. Author's copy.
  57. K. Bicakci, N.B. Atalay, M. Yuceel, P.C. van Oorschot. Exploration and Field Study of a Browser-based Password Manager using Icon-based Passwords. Financial Cryptography Workshops 2011: 2nd Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS'11), Gros Islet, St. Lucia. Springer (2012) LNCS 7126, pp.104-118. Extended version: Technical Report TR-11-07 (Jan.21, 2011), School of Computer Science, Carleton University.
  58. M. Mannan, D. Barrera, C. Brown, D. Lie, P.C. van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices. Proc. of FC 2011: Financial Cryptography and Data Security, LNCS 7035 pp.315-330 (Springer-Verlag, 2012). Author's preprint.
  59. D. Barrera, G. Wurster, P.C. van Oorschot. Back to the Future: Revisiting IPv6 Privacy Extensions. USENIX ;login: 36(1):16-26 (Feb.2011 issue). Preliminary version: Technical Report TR-10-17 (Sept.9, 2010), School of Computer Science, Carleton University.

  60. 2010:

  61. E. Stobert, A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. ACSAC 2010. pdf.
  62. D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android. ACM CCS 2010. pdf.
  63. G. Wurster, P.C. van Oorschot. A Control Point for Reducing Root Abuse of File-System Privileges. ACM CCS 2010. pdf.
  64. P.C. van Oorschot. System Security, Platform Security and Usability (extended abstract). 5th Annual ACM Workshop on Scalable Trusted Computing (ACM STC'10), 4 October 2010, Chicago. pdf.

  65. 2009:

  66. R. Biddle, P.C. van Oorschot, A.S. Patrick, J. Sobey, T. Whalen. Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study. CCSW 2009: ACM Cloud Computing Security Workshop, Nov. 2009. pdf. Of related interest: J. Sobey, P.C. van Oorschot, A.S. Patrick, Browser Interfaces and EV-SSL Certifictes: Confusion, Inconsistencies and HCI Challenges, Technical Report TR-09-02 (Jan. 15, 2009), School of Computer Science, Carleton University, Canada.
  67. S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, R. Biddle. Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM CCS 2009, Nov.10-12 2009, Chicago. pdf. Preliminary version: Carleton University, School of Computer Science, Technical Report TR-08-20 (Sept.25, 2008).
  68. D. Barrera, P.C. van Oorschot. Security Visualization Tools and Source Addresses in IPv6. Short paper. VizSec 2009: Workshop on Visualization for Cyber Security. October 11, 2009, Atlantic City, New Jersey. pdf.
  69. G. Wurster, P.C. van Oorschot. System Configuration as a Privilege. USENIX HotSec'09, Aug.11 2009, Montreal. pdf.
  70. P.C. van Oorschot, T. Wan. TwoStep: An Authentication Method Combining Text and Graphical Passwords. MCETECH 2009: 4th International MCETECH Conference on eTechnologies, 4-6 May 2009, Ottawa, Canada (Springer LNBIP vol.26, pp.233-239). pdf.
  71. C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We're So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados, Feb. 2009 (post-proceedings, Springer LNCS). pdf.

  72. 2008:

  73. M. Alsaleh, D. Barrera, P.C. van Oorschot. Improving Security Visualization with Exposure Map Filtering. 24th ACSAC, Dec.8-12, 2008, Anaheim, California. pdf.
  74. A. Salehi-Abari, J. Thorpe, P.C. van Oorschot. On Purely Automated Attacks and Click-Based Graphical Passwords. 24th ACSAC, Dec.8-12, 2008, Anaheim, California. pdf.
  75. T. Oda, G. Wurster, P.C. van Oorschot, A. Somayaji. Same Origin Mutual Approval (SOMA): Mutual Approval for Included Content in Web Pages. ACM CCS 2008, Oct.27-31 2008, Alexandria, VA, USA. pdf.
  76. J. Sobey, R. Biddle, P.C. van Oorschot, A.S. Patrick. Exploring User Reactions to Browser Cues for Extended Validation Certificates. ESORICS 2008 - European Symposium on Research in Computer Security. October 6-8, 2008, Malaga, Spain. pdf.
  77. D. Nali, P.C. van Oorschot. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud. ESORICS 2008 - European Symposium on Research in Computer Security. October 6-8, 2008, Malaga, Spain. pdf.
  78. G. Wurster, P.C. van Oorschot. The Developer is the Enemy. NSPW 2008 - New Security Paradigms Workshop. September 22-25, 2008, Olympic Valley, California, USA. pdf.
  79. M. Mannan, P.C. van Oorschot. Localization of Credential Information to Address Increasingly Inevitable Data Breaches. NSPW 2008 - New Security Paradigms Workshop. September 22-25, 2008, Olympic Valley, California, USA. pdf.
  80. S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. BCS HCI'08: British HCI Group Annual Conference on HCI, British Computer Society, September 2008, Liverpool. pdf.
  81. M. Mannan, P.C. van Oorschot. Digital Objects as Passwords. USENIX HotSec'08, July 28 2008, San Jose, California. pdf.
  82. A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Improving Text Passwords Through Persuasion. SOUPS 2008 (Symposium on Usable Privacy and Security), July 23-25 2008, Pittsburgh, PA. pdf.
  83. A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Persuasion for Stronger Passwords: Motivation and Pilot Study. Third International Conference on Persuasive Technology, Oulu, Finland (June 2-4 2008). Springer LNCS vol.5033/2008, pp.140-150. pdf.
  84. A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji. Discovering Packet Structure through Lightweight Hierarchical Clustering. ICC 2008, Beijing, China, May 2008. pdf.
  85. M. Mannan, P.C. van Oorschot. Privacy-Enhanced Sharing of Personal Content on the Web. WWW 2008 (pp.487-496), Beijing, China (April 21-25, 2008). pdf.
  86. S. Chiasson, J. Srinivasan, R. Biddle, P. van Oorschot. Centered Discretization with Application to Graphical Passwords. USENIX UPSEC 2008 (Usability, Psychology and Security), April 14, 2008, San Francisco. pdf.
  87. M. Mannan, P.C. van Oorschot. Weighing Down "The Unbearable Lightness of PIN Cracking". FC 2008 (12th International Conference, Financial Cryptography and Data Security). Cozumel, Mexico, January 28-31, 2008 (pp.176-181, Springer LNCS vol.5143/2008, revised papers). pdf.

  88. 2007:

  89. D. Whyte, P.C. van Oorschot, E. Kranakis. Tracking Darkports for Network Defense. (ACSAC 2007 Outstanding Paper Award.) 23rd Annual Computer Security Applications Conference (ACSAC), Dec. 10-14, 2007, Miami Beach, Florida. pdf. Extended version: Technical Report TR-07-04 (Feb. 2007).
  90. S. Chiasson, P.C. van Oorschot, R. Biddle. Graphical Password Authentication Using Cued Click Points. ESORICS, Sept.24-27 2007, Dresden, Germany. Springer-Verlag LNCS 4734 (2007), pp.359-374. pdf.
  91. M. Mannan, P.C. van Oorschot. Security and Usability: The Gap in Real-World Online Banking. New Security Paradigms Workshop (NSPW), Sept.18-21 2007, New Hampshire, USA. pdf.
  92. D. Nali, P.C. van Oorschot, A. Adler. VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certificates and Signatures. New Security Paradigms Workshop (NSPW), Sept.18-21 2007, New Hampshire, USA. pdf.
  93. J. Thorpe, P.C. van Oorschot. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. 16th USENIX Security Symposium, Aug.6-10 2007, Boston, MA. pdf.
  94. G. Wurster, P.C. van Oorschot. Self-signed Executables: Restricting Replacement of Program Binaries by Malware. USENIX HotSec'07 (2nd Workshop on Hot Topics in Security), Aug.7 2007, Boston. pdf.
  95. S. Chiasson, Robert Biddle, P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. (SOUPS 2007 Best Paper Award.) Symposium on Usable Privacy and Security, July 18-20 2007, Pittsburgh, PA. pdf.
  96. J. Clark, P.C. van Oorschot, C. Adams. Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability. Symposium on Usable Privacy and Security (SOUPS 2007), July 18-20 2007, Pittsburgh, PA. pdf.
  97. M. Mannan, P.C. van Oorschot. Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. Financial Cryptography and Data Security (FC'07), Lowlands, Scarborough, Trinidad and Tobago, Feb.12-15, 2007. pdf. See also extended and updated version (under journal papers above).

  98. 2006:

  99. D. Whyte, P.C. van Oorschot, E. Kranakis. Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. 22nd Annual Computer Security Applications Conference (ACSAC), Dec. 11-15, 2006, Miami Beach, Florida. pdf. Preliminary version: Technical Report TR-05-06 (May 2005), Carleton University, School of Computer Science.
  100. S. Chiasson, P.C. van Oorschot, R. Biddle. A Usability Study and Critique of Two Password Managers. USENIX Security 2006, Aug.2-4, Vancouver. pdf.
  101. D. Whyte, P.C. van Oorschot, E. Kranakis. Exposure Maps: Removing Reliance on Attribution During Scan Detection. USENIX HotSec'06 (1st Workshop on Hot Topics in Security), July 31 2006, Vancouver. pdf.
  102. T. Wan, P.C. van Oorschot. Analysis of BGP Prefix Origins During Google's May 2005 Outage. 2nd International Workshop on Security in Systems and Networks (SSN2006), Rhode Island, Greece, Apr.25 2006 (in conjunction with IEEE IPDPS). pdf (21 Jan. 2006).
  103. M. Mannan, P.C. van Oorschot. A Protocol for Secure Public Instant Messaging. Financial Cryptography and Data Security, 10th International Conference (FC 2006), Feb.27-Mar.2 2006, Anguilla, British West Indies, pp.20-35, Springer LNCS vol.4107/2006. Pre-proceedings pdf (25 Jan. 2006).

  104. 2005:

  105. D. Whyte, P.C. van Oorschot, E. Kranakis. Detecting Intra-Enterprise Scanning Worms Based on Address Resolution. 21st Annual Computer Security Applications Conference (ACSAC), Dec. 5-9, 2005, Tucson, Arizona. pdf. Technical report version: ARP-based Detection of Scanning Worms within an Enterprise Network, TR-05-02 (Jan.31, 2005), School of Computer Science, Carleton University, Canada.
  106. M. Mannan, P.C. van Oorschot. Instant Messaging Worms, Analysis and Countermeasures. WORM 2005 (ACM Workshop on Rapid Malcode), Nov. 2005, Fairfax, VA. pdf.
  107. J. Thorpe, P.C. van Oorschot, A. Somayaji. Pass-thoughts: Authenticating With Our Minds. 2005 New Security Paradigms Workshop, Sept. 2005, Lake Arrowhead, California pdf (©ACM). ***Note: through a proceedings error, the version which appeared in the final proceedings is not this final version.
  108. P.C. van Oorschot. Message Authentication by Integrity with Public Corroboration. 2005 New Security Paradigms Workshop, Sept. 2005, Lake Arrowhead, California. pdf, ps (©ACM).
  109. T. Wan, P.C. van Oorschot, E. Kranakis. A Selective Introduction to Border Gateway Protocol (BGP) Security Issues. Technical Report TR-05-07 (August 2005), Carleton University, School of Computer Science. Published in: Aspects of Network and Information Security (Proc. of NATO Advanced Studies Institute on Network Security and Intrusion Detection, Nork, Yerevan, Armenia, Oct.1-12 2005), IOS Press 2008.
  110. A. Matrawy, P.C. van Oorschot, A. Somayaji. Mitigating Network Denial of Service through Diversity-Based Traffic Management. Applied Cryptography and Network Security: Third International Conference, ACNS 2005, New York, June 7-10, 2005. pdf. Proceedings, Springer LNCS 3531, pp.104-121, 2005.
  111. G. Wurster, P.C. van Oorschot, A. Somayaji. A Generic Attack on Checksumming-Based Software Tamper Resistance. May 2005 IEEE Symp. Security and Privacy, Oakland, California. pdf (©IEEE). Extended version: see journal papers below.
  112. P.C. van Oorschot, S. Stubblebine. Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling. Financial Cryptography and Data Security 2005 (FC'05), Feb.28-Mar.3 2005, Commonwealth of Dominica. LNCS 3570, pp.31-43, Springer-Verlag 2005. pdf (©IFCA). Extended version (On Identity Theft and a Countermeasure based on Digital Uniqueness and Location Cross-checking): Technical Report TR-05-12 (December 2005). School of Computer Science, Carleton University, Canada.
  113. T. Wan, E. Kranakis, P.C. van Oorschot. Pretty Secure BGP. Network and Distributed System Security Symposium (NDSS'05), Feb. 2005, San Diego. pdf, ps.
  114. D. Whyte, E. Kranakis, P.C. van Oorschot. DNS-based Detection of Scanning Worms in an Enterprise Network. Network and Distributed System Security Symposium (NDSS'05), Feb.2005, San Diego. pdf.

  115. 2004:

  116. J. Thorpe, P.C. van Oorschot. Towards Secure Design Choices for Implementing Graphical Passwords. 20th Annual Computer Security Applications Conference (ACSAC), Dec. 6-10, 2004, Tucson, Arizona. pdf, ps.
  117. T. Wan, E. Kranakis, P.C. van Oorschot. Securing the Destination Sequenced Distance Vector Routing Protocol (S-DSDV). ICICS'04 (6th International Conference on Information and Communications Security), Oct. 27-29, 2004, Malaga, Spain. Springer LNCS 3269 pp.358-374. pdf, ps.
  118. M. Mannan, P.C. van Oorschot. Secure Public Instant Messaging: A Survey. Second Annual Conference on Privacy, Security and Trust, Oct. 13-15, 2004, Fredericton, New Brunswick. pdf.
  119. J. Thorpe, P.C. van Oorschot. Graphical Dictionaries and the Memorable Space of Graphical Passwords. USENIX Security 2004, August 9-13, 2004, San Diego. pdf, ps.
  120. T. Wan, E. Kranakis, P.C. van Oorschot. S-RIP: A Secure Distance Vector Routing Protocol. ACNS'04 (2nd International Conf. on Applied Cryptography and Network Security), Yellow Mountain, China, June 8-11 2004. Springer LNCS 3089 pp.103-119. pdf, ps.
  121. S. Stubblebine, P.C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. pdf (©IFCA). Financial Cryptography, 8th International Conference, FC 2004, Key West, Florida, Feb.9-12 2004, Springer LNCS 3110 (revised papers). Extended version: see journal papers below.

  122. 2003 and earlier:

  123. P.C. van Oorschot. Revisiting Software Protection (invited paper). 6th International Information Security Conference (ISC 2003), Bristol, UK, October 2003. Proceedings: pp.1-13, Springer LNCS 2851 (2003). Version of July 30, 2003: ps, pdf.
  124. S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot. White-Box Cryptography and an AES Implementation. SAC 2002 - 9th Annual Workshop on Selected Areas in Cryptography, Aug.15-16 2002, St. John's, Canada. Proceedings (revised papers): pp.250-270, Springer LNCS 2595 (2003). Sept.30 2002 version: ps. Earlier version (pre-proceedings): ps.
  125. S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot. A White-Box DES Implementation for DRM Applications. ACM CCS-9 Workshop DRM 2002 - 2nd ACM Workshop on Digital Rights Management, Nov.18 2002, Wash. D.C. Proceedings (revised papers): pp.1-15, Springer LNCS 2696 (2003). Jan.13 2003 version: ps.
  126. M. Just, P.C. van Oorschot. Addressing the problem of undetected signature key compromise, proceedings, Network and Distributed System Security - NDSS'99. ps, pdf. See also TR-98-06, Carleton University, School of Computer Science, June 1998.
  127. P.C. van Oorschot, M.J. Wiener. Improving meet-in-the-middle attacks by orders of magnitude, Crypto'96, Springer LNCS vol.1109, pp.229-236, 1996. ps, pdf. A more complete treatment is given in the 1999 Journal of Cryptology paper.
  128. B. Preneel, P.C. van Oorschot. On the security of two MAC algorithms, Eurocrypt'96, Springer LNCS vol.1070, pp.19-32, 1996. ps, pdf. See also the 1999 IEEE-IT journal paper, and for further work on MAA, the 1997 ETT journal paper.
  129. P.C. van Oorschot, M.J. Wiener. On Diffie-Hellman key agreement with short exponents. Eurocrypt'96, Springer LNCS vol.1070, pp.332-343, 1996. ps, pdf.
  130. B. Preneel, P.C. van Oorschot. MDx-MAC and building fast MACs from hash functions. Crypto'95, Springer LNCS vol.963, 1995. ps, pdf. See also the 1999 IEEE-IT paper.
  131. P.C. van Oorschot, M.J. Wiener. Parallel collision search with applications to hash functions and discrete logarithms. pp.210-218, proceedings, 2nd ACM CCS (Conference on Computer and Communications Security), Nov. 1994, Fairfax, Virginia. ps, pdf. The Crypto'96 paper builds on this, and a more complete treatment is in the 1999 Journal of Cryptology paper.
  132. M. Just, E. Kranakis, D. Krizanc, P.C. van Oorschot. On key distribution via true broadcasting. pp.81-88, proceedings, 2nd ACM CCS (Conference on Computer and Communications Security), Nov. 1994, Fairfax, Virginia. pdf.
  133. P. Syverson, P.C. van Oorschot. On unifying some cryptographic protocol logics. pp.14-28, proceedings, 1994 IEEE Symposium on Research in Security and Privacy, 1994 May 16-18, Oakland, California. ps, pdf. Extended version pdf (29 pages, 1996), titled: A unified cryptographic protocol logic, Report 5540-227, Naval Research Lab Center for High Assurance Computer Systems (NRL CHACS) USA.
  134. P.C. van Oorschot. An alternate explanation of two BAN-logic `failures’, Eurocrypt'93, Springer LNCS vol.765, pp.443-447 (1994). ps, pdf.
  135. P.C. van Oorschot. Extending cryptographic logics of belief to key agreement protocols. pp.232-243, proceedings, 1st ACM CCS (Conference on Computer and Communications Security), Nov. 1993, Fairfax, Virginia. ps, pdf.
  136. P.C. van Oorschot. A comparison of practical public-key cryptosystems based on integer factorization and discrete logarithms (extended abstract). Crypto'90, Springer LNCS vol.537, pp.576-581 (1991). The full paper appears as a chapter in the Gus Simmons' volume (see below).
  137. P.C. van Oorschot, M.J. Wiener. A known-plaintext attack on two-key triple encryption. Eurocrypt'90, Springer LNCS 473, pp.318-325, 1991. ps, pdf.
  138. P.C. van Oorschot, S.A. Vanstone. Some geometric aspects of root finding in GF(qm), pp.303-307, Contemporary Mathematics vol.111 (Finite Geometries and Combinatorial Designs), E.S. Kramer and S.S. Magliveras (eds.), AMS 1990.
  139. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Some computational aspects of root finding in GF(qm). pp.259-270, Symbolic and Algebraic Computation, Springer LNCS 358, 1989.

Books

  1. Paul C. van Oorschot. Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin (second edition). Springer, 2021.
  2. Paul C. van Oorschot. Computer Security and the Internet: Tools and Jewels. Textbook. Springer, 2020.
  3. A.J. Menezes, P.C. van Oorschot, S. Vanstone. Handbook of Applied Cryptography, CRC Press (1996), 780 pages, ISBN 0-8493-8523-7. 5th printing (July 2001) with corrections to all known errors. The standard crypto reference for engineers and practical researchers. First on the list of (all-years) Top publications in Security and Privacy (Microsoft Academic Search, per October 2010). The 2001 edition is 23rd on the list of most-cited Computer Science publications (All Years) (CiteSeerX, per Sept.14, 2010). Complete book available online (free).
  4. E. Kranakis, P.C. van Oorschot (editors). Selected Areas in Cryptography, Kluwer Academic Publishers (1997), 108 pages, ISBN 0-7923-8023-1. An invited subset of papers from SAC'95.
  5. S.A. Vanstone, P.C. van Oorschot. An Introduction to Error Correcting Codes with Applications, Kluwer Academic Publishers (1989), 289 pages, ISBN 0-7923-9017-2. An undergraduate textbook.

Other Papers (unrefereed papers in proceedings, book chapters, etc.)

  1. A. Main, P.C. van Oorschot. Software Protection and Application Security: Understanding the Battleground. International Course on State of the Art and Evolution of Computer Security and Industrial Cryptography, Heverlee, Belgium, June 2003. Proceedings (revised papers): Springer LNCS (to appear). Version of Dec.31, 2003: ps, pdf.
  2. A.J. Menezes, P.C. van Oorschot. Coding Theory and Cryptology, Chapter 14 (pp.889-954) in Handbook of Discrete and Combinatorial Mathematics, Kenneth H. Rosen (editor), CRC Press 2000.
  3. P. Syverson, P.C. van Oorschot. A unified cryptographic protocol logic. Report 5540-227, Naval Research Lab Center for High Assurance Computer Systems (NRL CHACS), USA, 1996. ps, pdf. This extends the work in our 1994 Oakland paper.
  4. B. Preneel, P.C. van Oorschot. Further comments on keyed MD5. CryptoBytes, vol.1 no.3 (summer 1995), page 15, RSA Laboratories technical newsletter. ps, pdf.
  5. P.C. van Oorschot. Security in GSM, Telesis, Issue No. 94 (July 1992), pp.58-60, Northern Telecom.
  6. P.C. van Oorschot. A comparison of practical public-key cryptosystems based on integer factorization and discrete logarithms, Chapter 5 (pp.289-322) in Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons (ed.), IEEE Press (1992). See also shorter version in Crypto'90.
  7. I.F. Blake, P.C. van Oorschot, S.A. Vanstone. Complexity issues for public-key cryptography, pp.75-97 in Performance Limits in Communication Theory and Practice, J.K. Skwirzynski (ed.), Kluwer Academic Publishers 1988.
Updated: 5 Apr 2024