A Book and a Card Game

	Cryptography Engineering: Design Principles and Practical Applications. N. Ferguson, B. Schneier, and T. Kohno. John Wiley & Sons, March 2010. [ Additional information ] [ Translations completed or in progress: Chinese, Italian, and Korean ]
	Control-Alt-Hack(TM): White Hat Hacking for Fun and Profit. T. Denning, T. Kohno, and A. Shostack. Fall 2012 (expected). [ Additional information ] [ Request an educational copy ] [ Amazon.com ] [ This is a computer security-themed card game for 3-6 players, designed to be both fun and informative. We licensed the mechanics from Steve Jackson Games. ] [ Black Hat slides ]

Publications and Other Writings (T. Kohno)

2012

• SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face Understanding.
  M. Enev, J. Jung, L. Bo, X. Ren, and T. Kohno.
  Annual Computer Security Applications Conference, December 3-7, 2012.

• Strengthening User Authentication through Opportunistic Cryptographic Identity Assertions.
  A. Czeskis, M. Dietz, D. Wallach, T. Kohno, and D. Balfanz.
  19th ACM Conference on Computer and Communications Security, October 16-18, 2012.

• User Interface Toolkit Mechanisms for Securing Interface Elements.
  F. Roesner, J. Fogarty, and T. Kohno.
  25th ACM Symposium on User Interface Software and Technology (UIST 2012), October 7-10, 2012.

• Security Risks, Low-tech User Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems.
  N. Paul and T. Kohno
  3rd USENIX Workshop on Health Security and Privacy (HealthSec '12), August 6-7, 2012.

• Control-Alt-Hack(TM): A Card Game for Computer Security Outreach, Education, and Fun.
  T. Denning, T. Kohno, and A. Shostack.
  University of Washington Computer Science and Engineering Technical Report, UW-CSE-12-07-01, July 2012.
  [ More information at http://www.ControlAltHack.com ]

• Computer Security in the Modern Home.
  T. Denning, T. Kohno, and H. Levy.
  Communications of the ACM, to appear.

• ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets.
  F. Roesner, C. Rovillos, T. Kohno, and D. Wetherall.
  USENIX ;login:, August 2012.
  [ The ShareMeNot website ]

• User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems.
  F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H.J. Wang, and C. Cowan.
  IEEE Symposium on Security and Privacy, May 16-19, 2010. (Best Practical Paper Award.)
  [ Technical Report ]

• Detecting and Defending Against Third-Party Tracking on the Web.
  F. Roesner, T. Kohno, and D. Wetherall.
  Networked Systems Design and Implementation (NSDI), April 25-27, 2012.
  [ The ShareMeNot Firefox / Chrome Add-on: Protecting Against Tracking From Third-party Social Media Buttons While Still Allowing You to Use Them ] [ Schneier, Boing Boing, EFF ]

2011

• A Review of the Security of Insulin Pump Infusion Systems.
  N. Paul, T. Kohno, and D.C. Klonoff.
  Journal of Diabetes Science and Technology, to appear.

• Televisions, Video Privacy, and Powerline Electromagnetic Interference.
  M. Enev, S. Gupta, T. Kohno, and S. Patel.
  18th ACM Conference on Computer and Communications Security, October 17-21, 2011.
  [ Video ] [ SecurityWeek.Com ]

• Comprehensive Experimental Analyses of Automotive Attack Surfaces.
  S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno.
  USENIX Security, August 10-12, 2011.
  [ Automotive Security Project Web Page ] [ Video of Talk ] [ Technology Review, Slashdot, Slashdot, PC World, The New York Times, Associated Press, Scientific American, Car and Driver, Bloomberg Businessweek, Communications of the ACM, Forbes ] [ NPR (Marketplace) ]

• New Directions for Self-destructing Data.
  R. Geambasu, T. Kohno, A. Krishnamurthy, A. Levy, H.M. Levy, P. Gardner, and V. Moscaritolo.
  University of Washington Technical Report, UW-CSE-11-08-01, August 2011.

• Privacy-preserving Network Forensics.
  M. Afanasyev, T. Kohno, J. Ma, N. Murphy, S. Savage, A.C. Snoeren and G.M. Voelker.
  Communications of the ACM, 54(5), May 2011.
  [ Technical Report ]

• Keypad: An Auditing File System for Theft-prone Devices.
  R. Geambasu, J.P. John, S.D. Gribble, T. Kohno, and H.M. Levy.
  European Conference on Computer Systems (EuroSys), April 10-13, 2011. (Best Student Paper Award.)

• Science Fiction Prototyping and Security Education: Cultivating Contextual and Societal Thinking in Computer Security Education and Beyond.
  T. Kohno and B.D. Johnson.
  ACM Technical Symposium on Computer Science Education (SIGCSE), March 9-12, 2011.

• Sensor Tricorder: What Does that Sensor Know About Me?
  G. Maganis, J. Jung, T. Kohno, A. Sheth, and D. Wetherall.
  12th Workshop on Mobile Computing Systems and Application (HotMobile), March 1-2, 2011.

• TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking.
  D. (Y.) Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall.
  ACM Operating Systems Review, 45(1), January 2011.
  [ Project Website ]

2010

• The Limits of Automatic OS Fingerprint Generation.
  D.W. Richardson, S.D. Gribble, and T. Kohno.
  Workshop on Artificial Intelligence and Security (AISec), October 8, 2010.

• Comet: An Active Distributed Key-Value Store.
  R. Geambasu, A. Levy, T. Kohno, A. Krishnamurthy, and H.M. Levy.
  USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 4-6, 2010.
  [ Vanish Project Web Page ]

• Seeing Through Obscure Glass.
  Q. Shan, B. Curless, and T. Kohno.
  European Conference on Computer Vision (ECCV), September 5-11, 2010.
  [ Supplementary Video ]

• Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety.
  A. Czeskis, I. Dermendjieva, H. Yapit, A. Borning, B. Friedman, B. Gill, and T. Kohno.
  Symposium On Usable Privacy and Security (SOUPS), July 14-16, 2010.
  (2011 CPDP Multidisciplinary Privacy Award.)

• Experimental Security Analysis of a Modern Automobile.
  K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage.
  IEEE Symposium on Security and Privacy, May 16-19, 2010.
  [ Automotive Security Project Web Page ] [ The New York Times, PC World, Technology Review, Slashdot ]

• Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices.
  T. Denning, A. Borning, B. Friedman, B.T. Gill, T. Kohno, and W.H. Maisel.
  28th Conference on Human Factors in Computing Systems (CHI), April 10-15, 2010.
  (2011 CPDP Multidisciplinary Privacy Award Honorable Mention.)
  [ Medical Device Security Project Web Page ] [ CNN ]

• Improving the Security and Privacy of Implantable Medical Devices.
  W.H. Maisel and T. Kohno.
  New England Journal of Medicine, 362(13), April 2010.
  [ Medical Device Security Project Web Page ] [ CNBC (1), CNBC (2), CNBC (3), ABC News, MedPage Today ]

• Cryptography Engineering: Design Principles and Practical Applications.
  N. Ferguson, B. Schneier, and T. Kohno.
  John Wiley & Sons, March 2010.
  [ Additional information ]
  [ Translations completed or in progress: Chinese, Italian, and Korean ]

2009

• EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond.
  K. Koscher, A. Juels, V. Brajkovic, and T. Kohno.
  16th ACM Conference on Computer and Communications Security, November 9-13, 2009.
  [ Technical Report, FAQ ] [ Wall Street Journal, The New York Times, Technology Review, Slashdot ]

• Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones.
  S. Lee, K. Fu, T. Kohno, B. Ransford. W.H. Maisel.
  Heart Rhythm Journal, 6(10), October 2009.
  [ Medical Device Security Project Web Page ] [ Heart Rhythm Society, HealthDay, Medical News ]

• A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons.
  T. Denning, C. Matuszek, K. Koscher, J.R. Smith, and T. Kohno
  International Conference on Ubiquitous Computing, September 30 - October 3, 2009.
  [ FAQ ] [ The New York Times, MSNBC, Popular Science, Slashdot ]

• Are Patched Machines Really Fixed?.
  R.W. Gardner, M. Bishop, and T. Kohno.
  IEEE Security and Privacy, 7(5), September/October 2009.

• Vanish: Increasing Data Privacy with Self-Destructing Data.
  R. Geambasu, T. Kohno, A.A. Levy, and H.M. Levy.
  USENIX Security, August 12-14, 2009. (Outstanding Student Paper Award.)
  [ Web Page ] [ The New York Times (1), The New York Times (2), NPR's All Things Considered, PCWorld, Slashdot ]

• Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default.
  B. Raghavan, T. Kohno, A.C. Snoeren, and D. Wetherall.
  Privacy Enhancing Technologies Symposium, August 5-7, 2009.

• Neurosecurity: Security and Privacy for Neural Devices.
  T. Denning, Y. Matsuoka, and T. Kohno.
  Neurosurgical Focus, July 2009.
  [ Medical Device Security Project Web Page, Wikipedia ] [ CNN, Slashdot ]

• Provable Security Support for the Skein Hash Family.
  M. Bellare, T. Kohno, S. Lucks, N. Ferguson, B. Schneier, D. Whiting, J. Callas, and J. Walker.
  Supporting materials for the Skein submission to the NIST Cryptographic Hash Algorithm Competition, April 2009.
  [ Skein Website ] [ NIST Competition ]

• A Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords.
  K.M. Everitt, T. Bragin, J. Fogarty, and T. Kohno.
  27th Conference on Human Factors in Computing Systems (CHI), April 4-9, 2009.

• The International Criminal Tribunal for Rwanda Information Heritage Project (aka Voices of the Rwanda Tribunal): Integrity Verification Architecture.
  A. Czeskis, K. Koscher, M. Andrews, N.C. Grey, B. Friedman, T.Kohno.
  University of Washington Computer Science and Engineering Technical Report, UW-CSE-09-01-02, March 2009.
  [ Project Website ] [ The New York Times ]

2008

• RFIDs and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications.
  A. Czeskis and K. Koscher and J.R. Smith and T. Kohno.
  15th ACM Conference on Computer and Communications Security, October 27-31, 2008.
  [ Technology Review ]

• Privacy Oracle: A System for Finding Application Leaks with Black Box Differential Testing.
  J. Jung, A. Sheth, B. Greenstein, D. Wetherall, G. Maganis, and T. Kohno.
  15th ACM Conference on Computer and Communications Security, October 27-31, 2008.

• Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 Player Headphones.
  S. Lee, B. Ransford, K. Fu, T. Kohno, and W.H. Maisel.
  Circulation, 118(18 Supplement), October 2008. (Also presented at the American Heart Association Scientific Sessions 2008.)
  [ Medical Device Security Project Web Page ] [ CNN, Reuters, Associated Press ]

• The Skein Hash Function Family.
  N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, and J. Walker.
  Submission to the NIST Cryptographic Hash Algorithm Competition, October 2008. (Document revised September 2009.)
  [ Skein Website ] [ NIST Competition ] [ The New York Times, Slashdot ]

• Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs.
  T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno.
  USENIX Security, July 30-August 1, 2008.
  [ Web Page ] [ Adeona Open Source Software ] [ PC World, Technology Review, Linux Magazine, Slashdot ]

• Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security.
  T. Denning, K. Fu, and T. Kohno.
  3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
  [ Medical Device Security Project Web Page ]

• Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications.
  A. Czeskis, D.J. St. Hilaire, K. Koscher, S.D. Gribble, T. Kohno, and B. Schneier.
  3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
  [ Dark Reading ]

• Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice.
  M. Piatek, T. Kohno, and A. Krishnamurthy.
  3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
  [ Summary, FAQ ] [ The New York Times, Slashdot ]

• Shining Light in Dark Places: Understanding the Tor Network.
  D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker.
  Privacy Enhancing Technologies Symposium, July 23-25, 2008.

• Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
  M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
  Journal of Cryptology, 21(3), July 2008.

• Improving Wireless Privacy with an Identifier-free Link Layer Protocol.
  B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall.
  MobiSys, June 17-20, 2008. (Best Paper Award.)
  [ More information (including code) ]

• Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
  D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel.
  IEEE Symposium on Security and Privacy, May 18-21, 2008. (Outstanding Paper Award.)
  [ FAQ, Medical Device Security Project Web Page ] [ The New York Times, Wall Street Journal, Reuters, Associated Press, IDG News Service, PCWorld ]

• Detecting In-Flight Page Changes with Web Tripwires.
  C. Reis, S. Gribble, T. Kohno, and N. Weaver.
  Networked Systems Design and Implementation (NSDI), April 16-18, 2008.
  [ Results Summary, Data Collection ] [ Slashdot (data collection), Slashdot (paper), PC World ] [ Measurement Lab, EFF Test Your ISP ]

• Security and Privacy for Implantable Medical Devices.
  D. Halperin, T.S. Heydt-Benjamin, K. Fu, T. Kohno, and W.H. Maisel.
  IEEE Pervasive Computing, 7(1), January-March 2008.
  [ Medical Device Security Project Web Page ]

2007

• Physical Access Control for Captured RFID Data.
  T. Kriplean, E. Welbourne, N. Khoussainova, V. Rastogi, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
  IEEE Pervasive Computing, 6(4), October-December 2007.

• Low-resource Routing Attacks Against Tor.
  K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker.
  Workshop on Privacy in the Electronic Society, October 29, 2007.
  [ FAQ Technical Report ]

• Expressing Privacy Policies Using Authorization Views.
  V. Rastogi, E. Welbourne, N. Khoussainova, T. Kriplean, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
  Workshop on UbiComp Privacy: Technologies, Users, Policy, September 16, 2007.

• Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing.
  T.S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno.
  Usenix Security, August 8-10, 2007.

• Software Review and Security Analysis of the Diebold Voting Machine Software.
  R. Gardner, A. Yasinsac, M. Bishop, T. Kohno, Z. Hartley, J. Kerski, D. Gainey, R. Walega, E. Hollander, and M. Gerke.
  Report commissioned by the Florida Department of State, July 2007.

• Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era.
  B. Greenstein, R. Gummadi, J. Pang, M.Y. Chen, T. Kohno, S. Seshan, and D. Wetherall.
  11th Workshop on Hot Topics in Operating Systems (HotOS XI), May 7-9, 2007.

2006

• Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation.
  M. Bellare, T. Kohno, and V. Shoup.
  13th ACM Conference on Computer and Communications Security, October 30-November 3, 2006.

• Designing voting machines for verification.
  N. Sastry, T. Kohno, and D. Wagner.
  Usenix Security, July 31-August 4, 2006.

• Authenticated Encryption in Practice: Generalized Composition Methods and the Secure Shell, CWC, and WinZip Schemes.
  T. Kohno
  UCSD Dissertation, June 2006.

• Herding hash functions and the Nostradamus attack.
  J. Kelsey and T. Kohno.
  Advances in Cryptology – EUROCRYPT, May 28-June 1, 2006.
  [ Extensions, Economist.com, Science Magazine ]

• Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine (extended abstract).
  D. Molnar, T. Kohno, N. Sastry, and D. Wagner.
  IEEE Symposium on Security and Privacy, May 21-24, 2006.

• Key regression: Enabling efficient key distribution for secure distributed storage.
  K. Fu, S. Kamara, and T. Kohno.
  Network and Distributed System Security Symposium, February 2-3, 2006.

• SSH transport layer encryption modes.
  M. Bellare, T. Kohno, and C. Namprempre.
  IETF RFC 4344, January 2006.

2005

• Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
  M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
  Advances in Cryptology – CRYPTO, August 14-18, 2005.

• Remote physical device fingerprinting.
  T. Kohno, A. Broido, and K.C. Claffy.
  IEEE Transactions on Dependable and Secure Computing, 2(2), April-June 2005.

• Remote physical device fingerprinting.
  T. Kohno, A. Broido, and k. claffy.
  IEEE Symposium on Security and Privacy, May 8-11, 2005. (Award Paper, forwarded to IEEE TDSC.)
  [ CNET News.com, The Register, Slashdot ]

2004

• Attacking and repairing the WinZip encryption scheme.
  T. Kohno.
  11th ACM Conference on Computer and Communications Security, October 25-29, 2004.

• Congressional Testimony.
  T. Kohno.
  U.S. House of Representatives, Committee on House Administration, Hearing on Electronic Voting System Security, July 7, 2004.

• Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm.
  M. Bellare, T. Kohno, and C. Namprempre.
  ACM Transactions on Information and System Security, 7(2), May 2004.

• Analysis of an electronic voting system.
  T. Kohno, A. Stubblefield, A.D. Rubin, and D.S. Wallach.
  IEEE Symposium on Security and Privacy, May 9-12, 2004.
  [ The New York Times, MSNBC, Discover Magazine, Slashdot ]

• Hash function balance and its impact on birthday attacks.
  M. Bellare and T. Kohno.
  Advances in Cryptology – EUROCRYPT, May 2-6, 2004.

• New security proofs for the 3GPP confidentiality and integrity algorithms.
  T. Iwata and T. Kohno.
  Fast Software Encryption, February 5-7, 2004.

• CWC: A high-performance conventional authenticated encryption mode.
  T. Kohno, J. Viega, and D. Whiting.
  Fast Software Encryption, February 5-7, 2004.
  [ Wikipedia for NIST standard GCM, based on CWC ]

2003

• A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications.
  M. Bellare and T. Kohno.
  Advances in Cryptology – EUROCRYPT, May 4-8, 2003.

• Analysis of RMAC.
  L.R. Knudsen and T. Kohno.
  Fast Software Encryption, February 24-26, 2003.

• Helix: Fast encryption and authentication in a single cryptographic primitive.
  N. Ferguson, D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno.
  Fast Software Encryption, February 24-26, 2003.

2002

• Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol.
  M. Bellare, T. Kohno, and C. Namprempre.
  Ninth ACM Conference on Computer and Communications Security, November 18-22, 2002. (Selected Paper, forwarded to ACM TISSEC.)

• Token-based scanning for source code security problems.
  J. Viega, J.T. Bloch, T. Kohno, and G. McGraw.
  ACM Transactions on Information and System Security, 5(3), August 2002.

2001

• On the global content PMI: Improved copy-protected Internet content distribution.
  T. Kohno and M. McGovern.
  Financial Cryptography: Fifth International Conference, February 19-22, 2001.

• Trust (and mistrust) in secure applications.
  J. Viega, T. Kohno, and B. Potter.
  Communications of the ACM, 44(2), February 2001.

• A network-flow-based scheduler: Design, performance history and experimental analysis.
  H.N. Gabow and T. Kohno.
  ACM Journal of Experimental Algorithmics, 6, 2001.

2000

• ITS4: A static vulnerability scanner for C and C++ code.
  J. Viega, J.T. Bloch, Y. Kohno, and G. McGraw.
  Annual Computer Security Applications Conference, December 11-15, 2000. (Outstanding Paper Award.)

• The Twofish Team's final comments on AES selection.
  B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, and M. Stay.
  Comments to NIST, May 15, 2000.

• Preliminary cryptanalysis of reduced-round Serpent.
  T. Kohno, J. Kelsey, and B. Schneier.
  Third AES Candidate Conference, April 13-14, 2000.

• Amplified boomerang attacks against reduced-round MARS and Serpent.
  J. Kelsey, T. Kohno, and B. Schneier.
  Fast Software Encryption, April 10-12, 2000.

• A network-flow-based scheduler: Design, performance history, and experimental analysis.
  H.N. Gabow and T. Kohno.
  Second Workshop on Algorithm Engineering and Experiments, January 7-8, 2000. (Selected Paper, forwarded to ACM JEA.)