email: paulv (insert "at" here) scs.carleton.ca voice +613.520.2600 ext.4356 Ottawa, Canada
Short biography: Paul C. Van Oorschot is a Professor of Computer Science at Carleton University (Ottawa), where he is Canada Research Chair in Authentication and Computer Security. He is an ACM Fellow, an IEEE Fellow, and a Fellow of the Royal Society of Canada (FRSC). He was Program Chair of NSPW 2014-2015, USENIX Security 2008, NDSS 2001-2002, co-author of the Handbook of Applied Cryptography (1996), and author of Computer Security and the Internet: Tools and Jewels (2020). He has served on the editorial boards of IEEE TDSC, IEEE TIFS, and ACM TISSEC/TOPS. His research interests include authentication and identity management, computer security, Internet security, security and usability, software security, and applied cryptography.
The longer story: I am a Professor of Computer Science at Carleton University, hold the Canada Research Chair in Authentication and Computer Security, and am founding Director of the Carleton Computer Security Lab. I was the Scientific Director and Principal Investigator of NSERC ISSNet (2008-2013), a strategic research network exploring computer and Internet security, involving 14 professors across 8 Canadian universities. My most recent book is an introductory text: Computer Security and the Internet: Tools and Jewels (2020). It is openly available from my personal page, and commercially available (e.g., from Springer). To many I am best-known as co-author of the Handbook of Applied Cryptography, the standard crypto reference for engineers and applied researchers, and which continues to rank top-35 (all-time) in Most-Cited Computer Science Articles and near or at the top in lists of most cited (all-years) Security and Privacy publications. It is also free online, without strings (but if you really like it, please buy a copy - we've convinced our publisher that this approach helps sales). My industrial experience includes positions at Entrust Technologies as Chief Scientist, Vice President, and Chief Security Architect; as Chief Scientest at Cloakware Corporation; and with the Secure Networks division of Bell-Northern Research (BNR Ottawa), the once-mighty R&D arm of a company called Northern Telecom (later Nortel). My Ph.D. (1988) is from the University of Waterloo (Canada), which in June 2000 also awarded me the J.W. Graham Medal in Computing and Innovation. (I had the great privilege of working under Wes, and with his son Jim, on undergrad work terms at Waterloo.) I am listed as an inventor on 20 issued patents (18 U.S., 2 Canadian). In 2011, I was inducted as a Fellow of the Royal Society of Canada (RSC), the oldest association of scientists and scholars in Canada, being elected under the Academy of Science (Division of Mathematical and Physical Sciences). I received Carleton University's Faculty Graduate Mentoring Award in 2013, was named ACM Fellow in 2016 for contributions to applied cryptography, authentication and computer security, IEEE Fellow (effective Jan 2019, for contributions to applied cryptograpy and authentication) and in 2017 appointed Professorial Fellow (Honorary Professor) at the University of Melbourne.
Upon finishing graduate school, I joined BNR as a member of scientific staff, and soon found myself in a small security group. Having a PhD, it was assumed that I was an expert in security (I did know some math and had studied number-theoretic cryptography). Other employees brought their security problems to me. This caused much rapid learning. Our security group of about five in 1993 formed the seed of what eventually spun out in January 1997 as the above-mentioned Entrust; I was a founding employee. Over the past 30 years, my research interests have ranged from applied cryptography to Internet security, including security architectures and infrastructures. My industrial work has included crypto-security research and product development, security assurance, the development and protection of core intellectual property, and cryptographic consulting. As is the fate of many cryptographers in industry, I have been involved in issues related to cryptographic policy, crypto export, and key escrow. I moved into academia proper in 2002, taking an appointment as a tenured professor and research chair.
In the early and mid 1990's, I played a role in pioneering what is known as Public Key Infrastructure (PKI), now embraced by the world's largest software companies as the basis for Internet security. This includes the use of public-key certificates for authentication and encryption for secure browser sessions (via SSL, now TLS) and large-scale Virtual Private Networks (VPNs). Although now very widely used in various forms, it turns out that more than 20 years after PKI technology was first considered "ready for prime-time", there remain many research challenges related to real-world deployment and everyday use, in the face of increasing Internet fraud and malicious activity. Surprisingly, advanced authentication technologies have failed to eliminate the escalation of ordinary passwords. Another motivation for my ongoing interest in Internet authentication is the continued practise, by many banks, of password-based authentication for online banking, despite mounting documentation of very large-scale customer losses that are not made whole.
This has fueled my renewed interest in PKI (including usability issues), text passwords, image-based passwords (graphical passwords), and more generally, authentication and identity management. I believe that an increasingly important interdisciplinary research area is usability and security: the design and study of computer-related security mechanisms that take into account human users, who represent a design constraint often addressed poorly by software and software developers. My recent research interests have included smartphone security, secure software installation, network scanning, the interconnected disciplines of software, application and web security, and computer security in general. For publications, technical conferences and activities I am currently involved in, see my university page. If you are a potential graduate student looking for a supervisor, please read this page.
Trivia from Previous Lives.
As a university undergraduate, I played four years
on the University of Waterloo
Warrior basketball team,
the last two as captain. In 1982-83, a year we were national finalists,
I was team MVP, and the university's
Athlete of the Year.
Finishing undergraduate school in 1984 with a 93.9% grade average,
the University of Waterloo awarded me the
K.D. Fryer Gold Medal.
I enjoyed serving two years on the University of Waterloo
Senate (1986-88) as well as the university's Board of Governors (1986-88).
Last updated: Dec 2020