Research and Publications (P. Van Oorschot)

Google Scholar profile

Top publications in Security and Privacy (Microsoft Academic Search)
Top authors in Security and Privacy (Microsoft Academic Search)
Top authors in Computer Science Overall (Microsoft Academic Search)
Top authors in Computer Science (CiteSeerX.IST)

Journals and peer-reviewed periodicals

  1. A. Abdou, A. Matrawy, P.C. van Oorschot. Taxing the queue: hindering middleboxes from unauthorized large-scale traffic relaying. IEEE Communications Letters (to appear; accepted 5 August 2014). 4 pages.
  2. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot. Security Analysis and Related Usability of Motion-based CAPTCHAs: Decoding Codewords in Motion. DOI: 10.1109/TDSC.2013.52. IEEE TDSC (to appear, accepted Nov.22, 2013; updates/extends USENIX Security 2012 paper listed under Conference Papers below).
  3. C. Amrutkar, P. Traynor, P.C. van Oorschot. An Empirical Evaluation of Security Indicators in Mobile Web Browsers. DOI: 10.1109/TMC.2013.90. IEEE Transactions on Mobile Computing (to appear; accepted April 12, 2013). Draft pdf. Updates and obsoletes earlier ISC 2012 version (see conference papers below).
  4. M. Alsaleh, P.C. van Oorschot. Evaluation in the absence of absolute ground truth: toward reliable evaluation methodology for scan detectors. DOI: 10.1007/s10207-012-0178-1. Int. J. Inf. Security 12(2):97-110, 2013.
  5. M. Alsaleh, P.C. van Oorschot. Revisiting network scanning detection using sequential hypothesis testing. DOI: 10.1002/sec.416. Security and Communication Networks 5(12):1337-1350 (2012), Wiley. Preliminary version as TR-11-08 (Jun.30, 2011), School of Computer Science, Carleton University.
  6. R. Biddle, S. Chiasson, P.C. van Oorschot. Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys 44(4), Article 19:1-41 (August 2012). For version with numeric (IEEE-style) citations, see: Technical Report TR-11-01 (Jan.4, 2011), School of Computer Science, Carleton University. Updates and obsoletes Oct.2, 2009 version of TR-09-09 (Graphical Passwords: Learning from the First Generation).
  7. S. Chiasson, E. Stobert, A. Forget, R. Biddle, P.C. van Oorschot. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. DOI: 10.1109/TDSC.2011.55. IEEE TDSC 9(2):222-235 (March/April 2012). Author's copy. Updates and obsoletes TR-11-03 (Feb. 2011), School of Computer Science, Carleton University.
  8. C. Herley, P.C. van Oorschot. A Research Agenda Acknowledging the Persistence of Passwords. DOI: 10.1109/MSP.2011.150. IEEE Security & Privacy 10(1):28-36 (Jan/Feb 2012). Author's copy. Miscellaneous press coverage: Wall Street Journal, Wired, Network World, slashdot.
  9. P.C. van Oorschot, G. Wurster. Reducing Unauthorized Modification of Digital Objects. DOI: 10.1109/TSE.2011.7. IEEE Transactions on Software Engineering 38(1):191-204 (Jan/Feb.2012). Author's copy. Extends HotSec'07 short paper and obsoletes Technical Report TR-09-07 (Sept.14, 2009), School of Computer Science, Carleton University.
  10. M. Alsaleh, M. Mannan, P.C. van Oorschot. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks. DOI: 10.1109/TDSC.2011.24. IEEE TDSC 9(1):128-141, 2012. Author's draft (Feb.13, 2011), updates and obsoletes TR-10-16 (Sept.6, 2010), School of Computer Science, Carleton University.
  11. T. Jaeger, P.C. van Oorschot, G. Wurster. Countering Unauthorized Code Execution on Commodity Kernels: A Survey of Common Interfaces Allowing Kernel Code Modification. DOI: 10.1016/j.cose.2011.09.003. Computers & Security 30(8): 571-579 (2011). Author's copy. Updates and obsoletes preliminary Technical Report TR-11-05 (Mar.15, 2011), School of Computer Science, Carleton University.
  12. R. Biddle, M. Mannan, P.C. van Oorschot, T. Whalen. User Study, Analysis, and Usable Security of Passwords Based on Digital Objects. IEEE TIFS 6(3):970-979, Sept.2011. DOI: 10.1109/TIFS.2011.2116781. Extended version in Technical Report (Feb.16, 2010): TR-10-02, School of Computer Science, Carleton University.
  13. D. Barrera, P.C. van Oorschot. Secure Software Installation on Smartphones. DOI: 10.1109/MSP.2010.202. IEEE Security & Privacy 9(3):42-48 (May/June 2011). Author's copy.
  14. P.C. van Oorschot, J. Thorpe. Exploiting Predictability in Click-Based Graphical Passwords. DOI: 10.3233/JCS-2010-0411. Journal of Computer Security 19(4): 669-702 (2011). Author's copy. Extends USENIX Security 2007 paper and obsoletes Technical Report TR-08-21 (Nov.7, 2008), School of Computer Science, Carleton University.
  15. M. Mannan, P.C. van Oorschot. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers. DOI: 10.3233/JCS-2010-0412. Journal of Computer Security 19(4): 703-750 (2011). Authors' copy (Feb.1 2010). Extends shorter FC'07 paper and updates Technical Report TR-07-11 (March 2007), School of Computer Science, Carleton University.
  16. D. Barrera, P.C. van Oorschot. Accommodating IPv6 Addresses in Security Visualization Tools. DOI: 10.1057/ivs.2011.1. Information Visualization 10(2): 107-116 (April 2011). Author's draft.
  17. P.C. van Oorschot, A. Salehi-Abari, J. Thorpe. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Trans. Info. Forensics and Security 5(3): 393-405 (Sept.2010). Author's copy. Extends ACSAC 2008 paper and obsoletes Technical Reports TR-08-15 (June 2008) and TR-10-07 (March 2010), School of Computer Science, Carleton University.
  18. S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords. Int. J. Inf. Security 8(6):387-398 (Dec.2009, Springer). Author's copy.
  19. J.A. Muir, P.C. van Oorschot. Internet Geolocation: Evasion and Counterevasion. ACM Computing Surveys 42(1), Article 4:1-23 (Dec.2009). Preliminary technical report (April 2006): Internet geolocation and evasion, TR-06-05, Carleton University, School of Computer Science,
  20. M. Mannan, P.C. van Oorschot. Reducing Threats from Flawed Security APIs: The Banking PIN Case. Computers & Security vol.28 no.6 (Sept.2009), pp.410-420. Preliminary version: `Weighing Down "The Unbearable Lightness of PIN Cracking" (Extended Version)', Carleton University, School of Computer Science, Technical Report TR-08-08 (Apr.29 2008).
  21. P.C. van Oorschot, J. Thorpe. On Predictive Models and User-Drawn Graphical Passwords. ACM TISSEC vol.10 no.4 (Jan.2008), article 17, pp.1-33. pdf (©ACM). preprint (June 2 2007).
  22. P.C. van Oorschot, T. Wan, E. Kranakis. On Inter-domain Routing Security and Pretty Secure BGP (psBGP). ACM TISSEC vol.10 no.3 (July 2007), article 11, pp.1-41. pdf (©ACM). preprint (Jan.16 2007).
  23. P.C. van Oorschot, S. Stubblebine. On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM TISSEC vol.9 issue 3 (Aug. 2006), 235-258. pdf (©ACM). preprint (Mar.9 2006).
  24. P.C. van Oorschot, J.M. Robert, M. Vargas Martin. A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms. Int. J. Inf. Security 5(3):186-199 (July 2006, Springer). pdf (©Springer). preprint.
  25. P.C. van Oorschot, A. Somayaji, G. Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. DOI: 10.1109/TDSC.2005.24. IEEE Transactions on Dependable and Secure Computing, vol.2 no.2 (Apr.-June 2005), pp.82-92. pdf (©IEEE).
  26. M. Smith, P.C. van Oorschot, M. Willett. Cryptographic Information Recovery Using Key Recovery. Computers & Security, vol.19 no.1, pp.21-27, Elsevier Advanced Technology 2000.
  27. B. Preneel, P.C. van Oorschot. On the security of iterated message authentication codes. IEEE Transactions on Information Theory, vol.45 no.1 (Jan. 1999), pp.188-199. ps, pdf.
  28. P.C. van Oorschot, M.J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, vol.12 no.1 (Jan. 1999) pp.1-28. pdf.
  29. B. Preneel, V. Rijmen, P.C. van Oorschot. Security analysis of the Message Authenticator Algorithm (MAA), European Transactions on Telecommunications, Vol. 8, No. 5 (Sept./Oct. 1997), pp.455-470. ps, pdf.
  30. B. Preneel, P.C. van Oorschot. A key recovery attack on the ANSI X9.9 retail MAC, Electronics Letters, Aug.16 1996 (vol.32 no.17), pp.1568-1569. ps, pdf. See also 1999 IEEE-IT journal paper.
  31. R. Rueppel, P.C. van Oorschot. Modern key agreement techniques, Computer Communications, vol.17 (July 1994), pp.458-465. ps, pdf.
  32. W. Diffie, P.C. van Oorschot, M.J. Wiener. Authentication and authenticated key exchanges, Designs, Codes and Cryptography, vol.2 (1992), pp.107-125. ps, pdf.
  33. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Subgroup refinement algorithms for root finding in GF(q), SIAM Journal on Computing, vol.21 (1992), pp.228-239.
  34. A. Beutelspacher, D. Jungnickel, P.C. van Oorschot, S.A. Vanstone. Pair-splitting sets in AG(m,q), SIAM Journal on Discrete Mathematics, vol.5, Nov.1992.
  35. P.C. van Oorschot, S.A. Vanstone. On splitting sets in block designs and finding roots of polynomials, Discrete Mathematics, vol.84 (1990), pp.71-85.
  36. C.J. Colbourn, P.C. van Oorschot. Applications of combinatorial designs in computer science, ACM Computing Surveys, vol.21 (Jun. 1989), pp.223-250.
  37. P.C. van Oorschot, S.A. Vanstone. A geometric approach to root finding in GF(qm), IEEE Transactions on Information Theory, vol.35 (Mar. 1989), pp.444-453.

Conference papers, soft periodicals, technical reports, manuscripts (see above for journal papers)

    2014:

  1. D. Florencio, C. Herley, P.C. van Oorschot. An Administrator's Guide to Internet Password Research. Proc. USENIX LISA 2014, Nov.9-14 (to appear), Seattle, Washington.
  2. A. Abdou, A. Matrawy, P.C. van Oorschot. Location Verification on the Internet: Towards Enforcing Location-aware Access Policies Over Internet Clients. IEEE CNS 2014, Oct.29-31, San Francisco (to appear).
  3. D. Florencio, C. Herley, P.C. van Oorschot. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. USENIX Security 2014, Aug.20-22, San Diego, California. pdf.
  4. D. Barrera, D. McCarney, J. Clark, P.C. van Oorschot. Baton: Certificate Agility for Android's Decentralized Signing Infrastructure. ACM WiSec 2014, July 22-24 (to appear), Oxford, UK. Preliminary version (Baton: Key Agility for Android without a Centralized Certificate Infrastructure) available as Technical Report TR-13-03 (Aug 9, 2013), School of Computer Science, Carleton University.
  5. Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot, Wei-bang Chen. A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability. Proc. ACM ASIACCS 2014, June 4-6, Kyoto, Japan, pp.195-206. Preliminary draft available as: arXiv:1310.1540v1 [cs.CR] (6 Oct 2013).

  6. 2013:

  7. A. Skillen, D. Barrera, P.C. van Oorschot. Deadbolt: Locking Down Android Disk Encryption. pdf. ACM SPSM 2013 (Security and Privacy in Smartphones and Mobile Devices), November 2013, Berlin.
  8. S. Egelman, C. Herley, P.C. van Oorschot. Markets for Zero-Day Exploits: Ethics and Implications. Panel note. pdf. NSPW 2013, Banff, Canada.
  9. J. Clark, P.C. van Oorschot. SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy, May 2013. Extended version as Technical Report TR-13-01 (March 7, 2013), School of Computer Science, Carleton University.

  10. 2012:

  11. D. McCarney, D. Barrera, J. Clark, S. Chiasson, P.C. van Oorschot. Tapas: Design, Implementation, and Usability of a Password Manager. ACSAC 2012. pdf.
  12. D. Barrera, J. Clark, D. McCarney, P.C. van Oorschot. Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android. 2nd ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM), October 2012. pdf. Earlier version: Technical Report TR-12-01 (May 7, 2012), School of Computer Science, Carleton University.
  13. M. Mannan, P.C. van Oorschot. Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android. USENIX ;login: 37(4):28-37 (Aug.2012). Author's copy.
  14. Chaitrali Amrutkar, Patrick Traynor, P.C. van Oorschot. Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? (Best Student Paper) ISC 2012: Information Security Conference, Germany. Technical Report version: GT-CS-11-10, Georgia Institute of Technology. Updated by IEEE TMC version (see journal papers, above).
  15. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. USENIX Security 2012. pdf. Additional information: Yi's web page.
  16. J. Bonneau, C. Herley, P.C. van Oorschot, F. Stajano. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. IEEE Symposium on Security and Privacy, May 2012. Author's copy. Full length version: University of Cambridge Computer Laboratory, Technical Report Number 817 (UCAM-CL-TR-817), March 2012. Related discussion involving UDS framework: overview (Frank Stajano), federated passwords (Thomas Scavo), authentication as machine learning (Joe Bonneau), object-based passwords on smartphones (M. Mannan), Tapas password manager with smartphone (Dan McCarney).
  17. D. Barrera, W. Enck, P.C. van Oorschot. Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems. IEEE MoST 2012 (Mobile Security Technologies workshop), San Francisco, May 2012. pdf. Updates and obsoletes earlier technical report: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, TR-11-06 (Apr.22, 2011), Carleton University, School of Computer Science.
  18. Dirk Balfanz, Richard Chow, Ori Eisen, Markus Jakobsson, Steve Kirsch, Scott Matsumoto, Jesus Molina, Paul van Oorschot. The Future of Authentication. DOI: 10.1109/MSP.2012.24. IEEE Security & Privacy 10(1):22-27 (Jan/Feb 2012).

  19. 2011:

  20. K. Bicakci, P.C. van Oorschot. A Multi-Word Password Proposal (gridWord) and Exploring Questions about Science in Security Research and Usable Security Evaluation. DOI:10.1145/2073276.2073280. NSPW 2011, Sept.12-15, Marin County, Calfornia. Author's copy.
  21. M. Alsaleh, P.C. van Oorschot. Network Scan Detection with LQS: A Lightweight, Quick and Stateful Algorithm. ACM ASIACCS 2011, pp.102-113. Author's copy.
  22. K. Bicakci, N.B. Atalay, M. Yuceel, P.C. van Oorschot. Exploration and Field Study of a Browser-based Password Manager using Icon-based Passwords. Financial Cryptography Workshops 2011: 2nd Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS'11), Gros Islet, St. Lucia. Springer (2012) LNCS 7126, pp.104-118. Extended version: Technical Report TR-11-07 (Jan.21, 2011), School of Computer Science, Carleton University.
  23. M. Mannan, D. Barrera, C. Brown, D. Lie, P.C. van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices. Proc. of FC 2011: Financial Cryptography and Data Security, LNCS 7035 pp.315-330 (Springer-Verlag, 2012). Author's preprint.
  24. D. Barrera, G. Wurster, P.C. van Oorschot. Back to the Future: Revisiting IPv6 Privacy Extensions. USENIX ;login: 36(1):16-26 (Feb.2011 issue). Preliminary version: Technical Report TR-10-17 (Sept.9, 2010), School of Computer Science, Carleton University.

  25. 2010:

  26. E. Stobert, A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. ACSAC 2010. pdf.
  27. D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android. ACM CCS 2010. pdf.
  28. G. Wurster, P.C. van Oorschot. A Control Point for Reducing Root Abuse of File-System Privileges. ACM CCS 2010. pdf.
  29. P.C. van Oorschot. System Security, Platform Security and Usability (extended abstract). 5th Annual ACM Workshop on Scalable Trusted Computing (ACM STC'10), 4 October 2010, Chicago. pdf.

  30. 2009:

  31. R. Biddle, P.C. van Oorschot, A.S. Patrick, J. Sobey, T. Whalen. Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study. CCSW 2009: ACM Cloud Computing Security Workshop, Nov. 2009. pdf. Of related interest: J. Sobey, P.C. van Oorschot, A.S. Patrick, Browser Interfaces and EV-SSL Certifictes: Confusion, Inconsistencies and HCI Challenges, Technical Report TR-09-02 (Jan. 15, 2009), School of Computer Science, Carleton University, Canada.
  32. S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, R. Biddle. Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM CCS 2009, Nov.10-12 2009, Chicago. pdf. Preliminary version: Carleton University, School of Computer Science, Technical Report TR-08-20 (Sept.25, 2008).
  33. D. Barrera, P.C. van Oorschot. Security Visualization Tools and Source Addresses in IPv6. Short paper. VizSec 2009: Workshop on Visualization for Cyber Security. October 11, 2009, Atlantic City, New Jersey. pdf.
  34. G. Wurster, P.C. van Oorschot. System Configuration as a Privilege. USENIX HotSec'09, Aug.11 2009, Montreal. pdf.
  35. P.C. van Oorschot, T. Wan. TwoStep: An Authentication Method Combining Text and Graphical Passwords. MCETECH 2009: 4th International MCETECH Conference on eTechnologies, 4-6 May 2009, Ottawa, Canada (Springer LNBIP vol.26, pp.233-239). pdf.
  36. C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We're So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados, Feb. 2009 (post-proceedings, Springer LNCS). pdf.

  37. 2008:

  38. M. Alsaleh, D. Barrera, P.C. van Oorschot. Improving Security Visualization with Exposure Map Filtering. 24th ACSAC, Dec.8-12, 2008, Anaheim, California. pdf.
  39. A. Salehi-Abari, J. Thorpe, P.C. van Oorschot. On Purely Automated Attacks and Click-Based Graphical Passwords. 24th ACSAC, Dec.8-12, 2008, Anaheim, California. pdf.
  40. T. Oda, G. Wurster, P.C. van Oorschot, A. Somayaji. Same Origin Mutual Approval (SOMA): Mutual Approval for Included Content in Web Pages. ACM CCS 2008, Oct.27-31 2008, Alexandria, VA, USA. pdf.
  41. J. Sobey, R. Biddle, P.C. van Oorschot, A.S. Patrick. Exploring User Reactions to Browser Cues for Extended Validation Certificates. ESORICS 2008 - European Symposium on Research in Computer Security. October 6-8, 2008, Malaga, Spain. pdf.
  42. D. Nali, P.C. van Oorschot. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud. ESORICS 2008 - European Symposium on Research in Computer Security. October 6-8, 2008, Malaga, Spain. pdf.
  43. G. Wurster, P.C. van Oorschot. The Developer is the Enemy. NSPW 2008 - New Security Paradigms Workshop. September 22-25, 2008, Olympic Valley, California, USA. pdf.
  44. M. Mannan, P.C. van Oorschot. Localization of Credential Information to Address Increasingly Inevitable Data Breaches. NSPW 2008 - New Security Paradigms Workshop. September 22-25, 2008, Olympic Valley, California, USA. pdf.
  45. S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. BCS-HCI'08: British HCI Group Annual Conference on HCI, British Computer Society, September 2008, Liverpool. pdf.
  46. M. Mannan, P.C. van Oorschot. Digital Objects as Passwords. USENIX HotSec'08, July 28 2008, San Jose, California. pdf.
  47. A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Improving Text Passwords Through Persuasion. SOUPS 2008 (Symposium on Usable Privacy and Security), July 23-25 2008, Pittsburgh, PA. pdf.
  48. A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Persuasion for Stronger Passwords: Motivation and Pilot Study. Third International Conference on Persuasive Technology, Oulu, Finland (June 2-4 2008). Springer LNCS vol.5033/2008, pp.140-150. pdf.
  49. A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji. Discovering Packet Structure through Lightweight Hierarchical Clustering. ICC 2008, Beijing, China, May 2008. pdf.
  50. M. Mannan, P.C. van Oorschot. Privacy-Enhanced Sharing of Personal Content on the Web. WWW 2008 (pp.487-496), Beijing, China (April 21-25, 2008). pdf.
  51. S. Chiasson, J. Srinivasan, R. Biddle, P. van Oorschot. Centered Discretization with Application to Graphical Passwords. USENIX UPSEC 2008 (Usability, Psychology and Security), April 14, 2008, San Francisco. pdf.
  52. M. Mannan, P.C. van Oorschot. Weighing Down "The Unbearable Lightness of PIN Cracking". FC 2008 (12th International Conference, Financial Cryptography and Data Security). Cozumel, Mexico, January 28-31, 2008 (pp.176-181, Springer LNCS vol.5143/2008, revised papers). pdf.

  53. 2007:

  54. D. Whyte, P.C. van Oorschot, E. Kranakis. Tracking Darkports for Network Defense. (ACSAC 2007 Outstanding Paper Award.) 23rd Annual Computer Security Applications Conference (ACSAC), Dec. 10-14, 2007, Miami Beach, Florida. pdf. Extended version: Technical Report TR-07-04 (Feb. 2007).
  55. S. Chiasson, P.C. van Oorschot, R. Biddle. Graphical Password Authentication Using Cued Click Points. ESORICS, Sept.24-27 2007, Dresden, Germany. Springer-Verlag LNCS 4734 (2007), pp.359-374. pdf.
  56. M. Mannan, P.C. van Oorschot. Security and Usability: The Gap in Real-World Online Banking. New Security Paradigms Workshop (NSPW), Sept.18-21 2007, New Hampshire, USA. pdf.
  57. D. Nali, P.C. van Oorschot, A. Adler. VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certificates and Signatures. New Security Paradigms Workshop (NSPW), Sept.18-21 2007, New Hampshire, USA. pdf.
  58. J. Thorpe, P.C. van Oorschot. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. 16th USENIX Security Symposium, Aug.6-10 2007, Boston, MA. pdf.
  59. G. Wurster, P.C. van Oorschot. Self-signed Executables: Restricting Replacement of Program Binaries by Malware. USENIX HotSec'07 (2nd Workshop on Hot Topics in Security), Aug.7 2007, Boston. pdf.
  60. S. Chiasson, Robert Biddle, P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. (SOUPS 2007 Best Paper Award.) Symposium on Usable Privacy and Security, July 18-20 2007, Pittsburgh, PA. pdf.
  61. J. Clark, P.C. van Oorschot, C. Adams. Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability. Symposium on Usable Privacy and Security (SOUPS 2007), July 18-20 2007, Pittsburgh, PA. pdf.
  62. M. Mannan, P.C. van Oorschot. Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. Financial Cryptography and Data Security (FC'07), Lowlands, Scarborough, Trinidad and Tobago, Feb.12-15, 2007. pdf. See also extended and updated version (under journal papers above).

  63. 2006:

  64. D. Whyte, P.C. van Oorschot, E. Kranakis. Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. 22nd Annual Computer Security Applications Conference (ACSAC), Dec. 11-15, 2006, Miami Beach, Florida. pdf. Preliminary version: Technical Report TR-05-06 (May 2005), Carleton University, School of Computer Science.
  65. S. Chiasson, P.C. van Oorschot, R. Biddle. A Usability Study and Critique of Two Password Managers. USENIX Security 2006, Aug.2-4, Vancouver. pdf.
  66. D. Whyte, P.C. van Oorschot, E. Kranakis. Exposure Maps: Removing Reliance on Attribution During Scan Detection. USENIX HotSec'06 (1st Workshop on Hot Topics in Security), July 31 2006, Vancouver. pdf.
  67. T. Wan, P.C. van Oorschot. Analysis of BGP Prefix Origins During Google's May 2005 Outage. 2nd International Workshop on Security in Systems and Networks (SSN2006), Rhode Island, Greece, Apr.25 2006 (in conjunction with IEEE IPDPS). pdf (21 Jan. 2006).
  68. M. Mannan, P.C. van Oorschot. A Protocol for Secure Public Instant Messaging. Financial Cryptography and Data Security, 10th International Conference (FC 2006), Feb.27-Mar.2 2006, Anguilla, British West Indies, pp.20-35, Springer LNCS vol.4107/2006. Pre-proceedings pdf (25 Jan. 2006).

  69. 2005:

  70. D. Whyte, P.C. van Oorschot, E. Kranakis. Detecting Intra-Enterprise Scanning Worms Based on Address Resolution. 21st Annual Computer Security Applications Conference (ACSAC), Dec. 5-9, 2005, Tucson, Arizona. pdf. Technical report version: ARP-based Detection of Scanning Worms within an Enterprise Network, TR-05-02 (Jan.31, 2005), School of Computer Science, Carleton University, Canada.
  71. M. Mannan, P.C. van Oorschot. Instant Messaging Worms, Analysis and Countermeasures. WORM 2005 (ACM Workshop on Rapid Malcode), Nov. 2005, Fairfax, VA. pdf.
  72. J. Thorpe, P.C. van Oorschot, A. Somayaji. Pass-thoughts: Authenticating With Our Minds. 2005 New Security Paradigms Workshop, Sept. 2005, Lake Arrowhead, California pdf (©ACM). ***Note: through a proceedings error, the version which appeared in the final proceedings is not this final version.
  73. P.C. van Oorschot. Message Authentication by Integrity with Public Corroboration. 2005 New Security Paradigms Workshop, Sept. 2005, Lake Arrowhead, California. pdf, ps (©ACM).
  74. T. Wan, P.C. van Oorschot, E. Kranakis. A Selective Introduction to Border Gateway Protocol (BGP) Security Issues. Technical Report TR-05-07 (August 2005), Carleton University, School of Computer Science. Published in: Aspects of Network and Information Security (Proc. of NATO Advanced Studies Institute on Network Security and Intrusion Detection, Nork, Yerevan, Armenia, Oct.1-12 2005), IOS Press 2008.
  75. A. Matrawy, P.C. van Oorschot, A. Somayaji. Mitigating Network Denial of Service through Diversity-Based Traffic Management. Applied Cryptography and Network Security: Third International Conference, ACNS 2005, New York, June 7-10, 2005. pdf. Proceedings, Springer LNCS 3531, pp.104-121, 2005.
  76. G. Wurster, P.C. van Oorschot, A. Somayaji. A Generic Attack on Checksumming-Based Software Tamper Resistance. May 2005 IEEE Symp. Security and Privacy, Oakland, California. pdf (©IEEE). Extended version: see journal papers below.
  77. P.C. van Oorschot, S. Stubblebine. Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling. Financial Cryptography and Data Security 2005 (FC'05), Feb.28-Mar.3 2005, Commonwealth of Dominica. LNCS 3570, pp.31-43, Springer-Verlag 2005. pdf (©IFCA). Extended version (On Identity Theft and a Countermeasure based on Digital Uniqueness and Location Cross-checking): Technical Report TR-05-12 (December 2005). School of Computer Science, Carleton University, Canada.
  78. T. Wan, E. Kranakis, P.C. van Oorschot. Pretty Secure BGP. Network and Distributed System Security Symposium (NDSS'05), Feb. 2005, San Diego. pdf, ps.
  79. D. Whyte, E. Kranakis, P.C. van Oorschot. DNS-based Detection of Scanning Worms in an Enterprise Network. Network and Distributed System Security Symposium (NDSS'05), Feb.2005, San Diego. pdf.

  80. 2004:

  81. J. Thorpe, P.C. van Oorschot. Towards Secure Design Choices for Implementing Graphical Passwords. 20th Annual Computer Security Applications Conference (ACSAC), Dec. 6-10, 2004, Tucson, Arizona. pdf, ps.
  82. T. Wan, E. Kranakis, P.C. van Oorschot. Securing the Destination Sequenced Distance Vector Routing Protocol (S-DSDV). ICICS'04 (6th International Conference on Information and Communications Security), Oct. 27-29, 2004, Malaga, Spain. Springer LNCS 3269 pp.358-374. pdf, ps.
  83. M. Mannan, P.C. van Oorschot. Secure Public Instant Messaging: A Survey. Second Annual Conference on Privacy, Security and Trust, Oct. 13-15, 2004, Fredericton, New Brunswick. pdf.
  84. J. Thorpe, P.C. van Oorschot. Graphical Dictionaries and the Memorable Space of Graphical Passwords. USENIX Security 2004, August 9-13, 2004, San Diego. pdf, ps.
  85. T. Wan, E. Kranakis, P.C. van Oorschot. S-RIP: A Secure Distance Vector Routing Protocol. ACNS'04 (2nd International Conf. on Applied Cryptography and Network Security), Yellow Mountain, China, June 8-11 2004. Springer LNCS 3089 pp.103-119. pdf, ps.
  86. S. Stubblebine, P.C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. pdf (©IFCA). Financial Cryptography, 8th International Conference, FC 2004, Key West, Florida, Feb.9-12 2004, Springer LNCS 3110 (revised papers). Extended version: see journal papers below.

  87. 2003 and earlier:

  88. P.C. van Oorschot. Revisiting Software Protection (invited paper). 6th International Information Security Conference (ISC 2003), Bristol, UK, October 2003. Proceedings: pp.1-13, Springer LNCS 2851 (2003). Version of July 30, 2003: ps, pdf.
  89. S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot. White-Box Cryptography and an AES Implementation. SAC 2002 - 9th Annual Workshop on Selected Areas in Cryptography, Aug.15-16 2002, St. John's, Canada. Proceedings (revised papers): pp.250-270, Springer LNCS 2595 (2003). Sept.30 2002 version: ps. Earlier version (pre-proceedings): ps.
  90. S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot. A White-Box DES Implementation for DRM Applications. ACM CCS-9 Workshop DRM 2002 - 2nd ACM Workshop on Digital Rights Management, Nov.18 2002, Wash. D.C. Proceedings (revised papers): pp.1-15, Springer LNCS 2696 (2003). Jan.13 2003 version: ps.
  91. M. Just, P.C. van Oorschot. Addressing the problem of undetected signature key compromise, proceedings, Network and Distributed System Security - NDSS'99. ps, pdf. See also TR-98-06, Carleton University, School of Computer Science, June 1998.
  92. P.C. van Oorschot, M.J. Wiener. Improving meet-in-the-middle attacks by orders of magnitude, Crypto'96, Springer LNCS vol.1109, pp.229-236, 1996. ps, pdf. A more complete treatment is given in the 1999 Journal of Cryptology paper.
  93. B. Preneel, P.C. van Oorschot. On the security of two MAC algorithms, Eurocrypt'96, Springer LNCS vol.1070, pp.19-32, 1996. ps, pdf. See also the 1999 IEEE-IT journal paper, and for further work on MAA, the 1997 ETT journal paper.
  94. P.C. van Oorschot, M.J. Wiener. On Diffie-Hellman key agreement with short exponents. Eurocrypt'96, Springer LNCS vol.1070, pp.332-343, 1996. ps, pdf.
  95. B. Preneel, P.C. van Oorschot. MDx-MAC and building fast MACs from hash functions. Crypto'95, Springer LNCS vol.963, 1995. ps, pdf. See also the 1999 IEEE-IT paper.
  96. P.C. van Oorschot, M.J. Wiener. Parallel collision search with applications to hash functions and discrete logarithms. pp.210-218, proceedings, 2nd ACM CCS (Conference on Computer and Communications Security), Nov. 1994, Fairfax, Virginia. ps, pdf. The Crypto'96 paper builds on this, and a more complete treatment is in the 1999 Journal of Cryptology paper.
  97. M. Just, E. Kranakis, D. Krizanc, P.C. van Oorschot. On key distribution via true broadcasting. pp.81-88, proceedings, 2nd ACM CCS (Conference on Computer and Communications Security), Nov. 1994, Fairfax, Virginia. pdf.
  98. P. Syverson, P.C. van Oorschot. On unifying some cryptographic protocol logics. pp.14-28, proceedings, 1994 IEEE Symposium on Research in Security and Privacy, 1994 May 16-18, Oakland, California. ps, pdf.
  99. P.C. van Oorschot. An alternate explanation of two BAN-logic `failures’, Eurocrypt'93, Springer LNCS vol.765, pp.443-447 (1994). ps, pdf.
  100. P.C. van Oorschot. Extending cryptographic logics of belief to key agreement protocols. pp.232-243, proceedings, 1st ACM CCS (Conference on Computer and Communications Security), Nov. 1993, Fairfax, Virginia. ps, pdf.
  101. P.C. van Oorschot. A comparison of practical public-key cryptosystems based on integer factorization and discrete logarithms (extended abstract). Crypto'90, Springer LNCS vol.537, pp.576-581 (1991). The full paper appears as a chapter in the Gus Simmons' volume (see below).
  102. P.C. van Oorschot, M.J. Wiener. A known-plaintext attack on two-key triple encryption. Eurocrypt'90, Springer LNCS 473, pp.318-325, 1991. ps, pdf.
  103. P.C. van Oorschot, S.A. Vanstone. Some geometric aspects of root finding in GF(qm), pp.303-307, Contemporary Mathematics vol.111 (Finite Geometries and Combinatorial Designs), E.S. Kramer and S.S. Magliveras (eds.), AMS 1990.
  104. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone. Some computational aspects of root finding in GF(qm). pp.259-270, Symbolic and Algebraic Computation, Springer LNCS 358, 1989.

Books

  1. A.J. Menezes, P.C. van Oorschot, S. Vanstone. Handbook of Applied Cryptography, CRC Press (1996), 780 pages, ISBN 0-8493-8523-7. 5th printing (July 2001) with corrections to all known errors. The standard crypto reference for engineers and practical researchers. First on the list of (all-years) Top publications in Security and Privacy (Microsoft Academic Search, per October 2010). The 2001 edition is 23rd on the list of most-cited Computer Science publications (All Years) (CiteSeerX, per Sept.14, 2010). Complete book available online (free).
  2. E. Kranakis, P.C. van Oorschot (editors). Selected Areas in Cryptography, Kluwer Academic Publishers (1997), 108 pages, ISBN 0-7923-8023-1. An invited subset of papers from SAC'95.
  3. S.A. Vanstone, P.C. van Oorschot. An Introduction to Error Correcting Codes with Applications, Kluwer Academic Publishers (1989), 289 pages, ISBN 0-7923-9017-2. An undergraduate textbook.

Other Papers (unrefereed papers in proceedings, book chapters, etc.)

  1. A. Main, P.C. van Oorschot. Software Protection and Application Security: Understanding the Battleground. International Course on State of the Art and Evolution of Computer Security and Industrial Cryptography, Heverlee, Belgium, June 2003. Proceedings (revised papers): Springer LNCS (to appear). Version of Dec.31, 2003: ps, pdf.
  2. A.J. Menezes, P.C. van Oorschot. Coding Theory and Cryptology, Chapter 14 (pp.889-954) in Handbook of Discrete and Combinatorial Mathematics, Kenneth H. Rosen (editor), CRC Press 2000.
  3. P. Syverson, P.C. van Oorschot. A unified cryptographic protocol logic. Report 5540-227, Naval Research Lab Center for High Assurance Computer Systems (NRL CHACS), USA, 1996. ps, pdf. This extends the work in our 1994 Oakland paper.
  4. B. Preneel, P.C. van Oorschot. Further comments on keyed MD5. CryptoBytes, vol.1 no.3 (summer 1995), page 15, RSA Laboratories technical newsletter. ps, pdf.
  5. P.C. van Oorschot. Security in GSM, Telesis, Issue No. 94 (July 1992), pp.58-60, Northern Telecom.
  6. P.C. van Oorschot. A comparison of practical public-key cryptosystems based on integer factorization and discrete logarithms, Chapter 5 (pp.289-322) in Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons (ed.), IEEE Press (1992). See also shorter version in Crypto'90.
  7. I.F. Blake, P.C. van Oorschot, S.A. Vanstone. Complexity issues for public-key cryptography, pp.75-97 in Performance Limits in Communication Theory and Practice, J.K. Skwirzynski (ed.), Kluwer Academic Publishers 1988.
Last updated: August 8, 2014.