Tadayoshi Kohno (aka Yoshi Kohno)

Tadayoshi Kohno (Yoshi Kohno) (he/him)

Professor
Paul G. Allen School of Computer Science & Engineering
University of Washington

Associate Dean, Faculty Success
College of Engineering
University of Washington

UW CSE Security and Privacy Research Lab
UW Tech Policy Lab

"Navigating Academia" Blog

Email: yoshi@cs.washington.edu

Scientific / Technical Articles, Papers, and Reports
See the Other Publications tab for other publications.

2025

IsolateGPT: An Execution Isolation Architecture for LLM-Based Systems.
Y. Wu, F. Roesner, T. Kohno, N. Zhang, and U. Iqbal.
Network and Distributed Security Symposium (NDSS), February 2025.
[ Previously on arXiv at arXiv:2403.04960, March 2024 ]

2024

On the (In)Accessibility of Web Ads: Measurement and User Study.
C. Yeung, T. Kohno, and F. Roesner.
ACM Internet Measurement Conference (IMC), November 2024.
Who's In and Who's Out? A Case Study of Multimodal CLIP-filtering in DataComp.
R. Hong, W. Agnew, T. Kohno, and J. Morgenstern.
Equity and Access in Algorithms, Mechanisms, and Optimization (EAAMO), October 2024.
[ Previously on arXiv at arXiv:2405.08209, May 2024 ]
LLM Platform Security: Applying a Systematic Evaluation Framework to OpenAI's ChatGPT Plugins.
U. Iqbal, T. Kohno, and F. Roesner.
AAAI/ACM Conference on AI, Ethics, and Society (AIES), October 2024.
[ Previously on arXiv at arXiv:2309.10254, September 2023 ]
Particip-AI: A Democratic Surveying Framework for Anticipating Future AI Use Cases, Harms and Benefits.
J. Mun, L. Jiang, J. Liang, I. Cheong, N. DeCairo, Y. Choi, T. Kohno, and M. Sap.
AAAI/ACM Conference on AI, Ethics, and Society (AIES), October 2024.
[ Previously on arXiv at arXiv:2403.14791, March 2024 ]
Face the Facts: Using Face Averaging to Visualize Gender-by-Race Bias in Facial Analysis Algorithms.
K. Owens, E. Freiburger, R. Hutchings, M. Sim, K. Hugenberg, F. Roesner, and T. Kohno.
AAAI/ACM Conference on AI, Ethics, and Society (AIES), October 2024.
Understanding Help-Seeking and Help-Giving on Social Media for Image-Based Sexual Abuse.
M. Wei, S. Consolvo, P.G. Kelley, T. Kohno, T. Matthews, S. Meiklejohn, F. Roesner, R. Shelby, K. Thomas, and R. Umbach.
USENIX Security Symposium, August 2024.
SoK (or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security Behaviors.
M. Wei, J. Mink, Y. Eiger, T. Kohno, E.M. Redmiles, and F. Roesner.
USENIX Security Symposium, August 2024.
But They Have Overlooked a Few Things in Afghanistan:" The Integration of Biometric Voter Verification into the 2019 Afghan Presidential Elections.
K. Panahi, S. Robertson, Y. Acar, T. Kohno, A.G. Bardas, L. Simko.
USENIX Security Symposium, August 2024.
When the User is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented Reality.
K. Cheng, A. Bhattacharya, M. Lin, J. Lee, A. Kumar, J.F. Tian, T. Kohno, and F. Roesner.
USENIX Security Symposium, August 2024.
[ UI Security Properties in AR Project Page ] [ AR/MR/XR Security and Privacy Project Page ]
"Violation of My Body:" Perceptions of AI-generated Non-consensual (Intimate) Imagery.
N.G. Brigham, M. Wei, T. Kohno, and E. Redmiles.
20th Symposium on Usable Privacy and Security (SOUPS), August 2024.
Over Fences and Into Yards: Privacy Threats and Concerns of Commercial Satellites.
R. McAmis, M. Sim, M. Bennett, and T. Kohno.
Proceedings on Privacy Enhancing Technologies (PoPETs), July 2024. (Runner Up, Andreas Pfitzmann Best Student Paper Award.)
Handling Identity and Fraud in the Metaverse.
R. McAmis, B. Durak, M. Chase, K. Laine, F. Roesner, and T. Kohno.
IEEE Security & Privacy Magazine, to appear.
It's Trying Too Hard To Look Real: Deepfake Moderation Mistakes and Identity-Based Bias.
J. Mink, M. Wei, C.W. Munyendo, K. Hugenberg, T. Kohno, E.M. Redmiles, and G. Wang.
ACM Conference on Human Factors in Computing Systems (CHI), May 2024.
Safeguarding Human Values: Rethinking US Law for Generative AI’s Societal Impacts.
I. Cheong, A. Caliskan, and T. Kohno.
AI and Ethics, May 2024.
Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning.
A. Hooda, A. Labunets, T. Kohno, E. Fernandes.
Network and Distributed Security Symposium (NDSS), February 2024.

2023

Gender Biases in Tone Analysis: A Case Study of a Commercial Wearable Device.
C. Yeung, U. Iqbal, T. Kohno, and F. Roesner.
Equity and Access in Algorithms, Mechanisms, and Optimization (EAAMO), October 2023.
The Use and Non-Use of Technology During Hurricanes.
L. Simko, H.S. Ramulu, T. Kohno, and Y. Acar.
Conference On Computer-Supported Cooperative Work And Social Computing (CSCW), October 2023.
The Case for Anticipating Undesirable Consequences of Computing Innovations Early, Often, and Across Computer Science.
R.Y. Pang, D. Grossman, T. Kohno, K. Reinecke.
arXiv preprint arXiv:2309.04456, September 2023.
A Scalable Inclusive Security Intervention to Center Marginalized & Vulnerable Populations in Security & Privacy Design.
M. Sim, K. Hugenberg, T. Kohno, and F. Roesner.
New Security Paradigms Workshop (NSPW), September 2023.
[ UW Computer Security & Privacy Educational Resources and Modules ]
Computer Security Research, Moral Dilemmas, and Ethical Frameworks.
T. Kohno, Y. Acar, and W. Loh.
USENIX ;login:, August 2023.
Ethical Frameworks and Computer Security Project Page.
Evaluation of Targeted Dataset Collection on Racial Equity in Face Recognition.
R. Hong, T. Kohno, and J. Morgenstern.
AAAI/ACM Conference on AI, Ethics, and Society (AIES), August 2023.
Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations.
T. Kohno, Y. Acar, and W. Loh.
USENIX Security Symposium, August 2023. (Distinguished Paper Award.) (Invited Paper, ;login:.)
Ethical Frameworks and Computer Security Project Page.
Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality.
K. Cheng, J.F. Tian, T. Kohno, and F. Roesner.
USENIX Security Symposium, August 2023.
The Writing on the Wall and 3D Digital Twins: Personal Information in (not so) Private Real Estate.
R. McAmis and T. Kohno.
USENIX Security Symposium, August 2023.
Skilled or Gullible? Gender Stereotypes Related to Computer Security and Privacy.
M. Wei, P. Emami-Naeini, F. Roesner, and T. Kohno.
IEEE Symposium on Security and Privacy, May 2023.
Online Advertising in Ukraine and Russia During the 2022 Russian Invasion.
C. Yeung, U. Iqbal, Y.T. O'Neil, T. Kohno, and F. Roesner.
The Web Conference (WebConf), May 2023. (Spotlight Paper.)
Cybersecurity Across the DNA-Digital Boundary: DNA Samples to Genomic Data.
P. Ney, A. Bhattacharya, L. Ceze, K. Koscher, T. Kohno, and J. Nivala.
Cyberbiosecurity, May 2023.
"There's so much responsibility on users right now:" Expert Advice for Staying Safer From Hate and Harassment.
M. Wei, S. Consolvo, P.G. Kelley, T. Kohno, F. Roesner, and K. Thomas.
ACM Conference on Human Factors in Computing Systems (CHI), April 2023.
Understanding People's Concerns and Attitudes Toward Smart Cities.
P. Emami-Naeini, J. Breda, W. Dai, T. Kohno, K. Laine, S. Patel, and F. Roesner.
ACM Conference on Human Factors in Computing Systems (CHI), April 2023.
How Language Formality in Security and Privacy Interfaces Impacts Intended Compliance.
J. Stokes, T. August, R. Marver, A. Czeskis, F. Roesner, T. Kohno, and K. Reinecke.
ACM Conference on Human Factors in Computing Systems (CHI), April 2023.
Power in Computer Security and Privacy: A Critical Lens.
E.M. Redmiles, M. Bennett, T. Kohno.
IEEE Security & Privacy Magazine, March/April 2023.
Looking Backwards (and Forwards): NSF Secure and Trustworthy Computing 20-Year Retrospective Panel Transcription.
C. Landwehr, M.K. Reiter, L. Williams, G. Tsudik, T. Jaeger, T. Kohno, A. Kapadia.
IEEE Security & Privacy Magazine, March/April 2023.

2022

Exploring Telerobotic Cardiac Catheter Ablation in a Rural Community Hospital: A Pilot Study.
B. Serafini, L. Kim, B.M. Saour, R. James, B. Hannaford, R. Hansen, T. Kohno, W. Monsky, and S.P. Seslar.
Cardiovascular Digital Health Journal, December 2022.
What Factors Affect Targeting and Bids in Online Advertising? A Field Measurement Study.
E. Zeng, R. McAmis, T. Kohno, and F. Roesner.
ACM Internet Measurement Conference (IMC), October 2022.
Exploring Deceptive Design Patterns in Voice Interfaces.
K. Owens, J. Gunawan, D. Choffnes, P. Emami-Naeini, T. Kohno, and F. Roesner.
European Symposium on Usable Security (EuroUSEC), September 2022.
Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal Perspectives.
K. Owens, A. Alem, F. Roesner, and T. Kohno.
31st USENIX Security Symposium, August 2022.
Anti-Privacy and Anti-Security Advice on TikTok: Case Studies of Technology-Enabled Surveillance and Control in Intimate Partner and Parent-Child Relationships.
M. Wei, E. Zeng, T. Kohno, and F. Roesner.
18th Symposium on Usable Privacy and Security (SOUPS), August 2022.
Telerobotic Cardiac Catheter Ablation in a Rural Hospital: A Proof-of-concept Simulation Study.
S.P. Seslar, B. Serafini, L. Kim, B. Saour, B. Hannaford, T. Kohno, R. Hansen, R. James, and W Monsky.
Heart Rhythm, 6(5), May 2022.
Doctoring Direct-to-Consumer Genetic Tests with DNA Spike-Ins.
P. Ney, A. Bhattacharya, D. Ward, L. Ceze, T. Kohno, J. Nivala.
bioRxiv, April 2022.
Defensive Technology Use During the 2018-2019 Sudanese Revolution.
A. Daffalla, L. Simko, T. Kohno, A.G. Bardas.
IEEE Security & Privacy Magazine, March/April 2022.

2021

Reliable and Trustworthy Machine Learning for Health Using Dataset Shift.
C. Park, A. Awadalla, T. Kohno, S. Patel.
Conference on Neural Information Processing Systems (NeurIPS), December, 2021
Polls, Clickbait, and Commemorative $2 Bills: Problematic Political Advertising on News and Media Websites Around the 2020 U.S. Elections.
E. Zeng, M. Wei, T. Gregersen, T. Kohno, and F. Roesner.
ACM Internet Measurement Conference (IMC), November 2021. (Runner Up, Best Paper Award.)
Opportunities and Barriers to Rural Telerobotic Surgical Health Care in 2021: Report and Research Agenda from a Stakeholder Workshop.
R.N. Hansen, B.M. Saour, B. Serafini, B. Hannaford, L. Kim, T. Kohno, R. James, W. Monsky, and S.P. Seslar
Telemedicine and e-Health, November 2021.
Understanding Privacy Attitudes and Concerns Towards Remote Communications During the COVID-19 Pandemic.
P. Emami-Naeini, T. Francisco, T. Kohno, and F. Roesner.
Symposium On Usable Privacy and Security (SOUPS), August 2021.
Security and Privacy for Augmented Reality: Our 10-Year Retrospective.
F. Roesner and T. Kohno.
VR4Sec: 1st International Workshop on Security for XR and XR for Security, August 2021.
[ AR/MR/XR Security and Privacy Project Page ]
Disrupting Model Training with Adversarial Shortcuts.
I. Evtimov, I. Covert, A. Kusupati, and T. Kohno.
A Blessing in Disguise: The Prospects and Perils of Adversarial Machine Learning (ICML Workshop), July 2021.
DNA Sequencing Flow Cells and the Security of the Molecular-digital Interface.
P. Ney, L. Organick, J. Nivala, L. Ceze, and T. Kohno.
Proceedings on Privacy Enhancing Technologies (PoPETs), 2021.
[ DNA/CyBio Security Project Page ]
FoggySight: A Scheme for Facial Lookup Privacy.
I. Evtimov, P. Sturmfels, and T. Kohno.
Proceedings on Privacy Enhancing Technologies (PoPETs), 2021.
Would You Rather: A Focus Group Method for Eliciting and Discussing Formative Design Insights with Children.
L. Simko, B. Chin, S. Na, H.K. Saluja, T.Q. Zhu, T. Kohno, A. Hiniker, J. Yip, and C. Cobb.
Interaction Design and Children (IDC), 2021.
Background and Context to the Our Reality Novella.
T. Kohno.
Manuscript, June 2021.
[ Companion document for the Our Reality novella ]
Defensive Technology use by Political Activists During the Sudanese Revolution.
A. Daffalla, L. Simko, T. Kohno, and A.G. Bardas.
IEEE Symposium on Security and Privacy, May 2021. (Selected Paper, IEEE Security & Privacy Magazine.)
(Honorable Mention, 10th Annual Best Scientific Cybersecurity Paper Competition (2023).)
What Makes a "Bad" Ad? User Perceptions of Problematic Online Advertising.
E. Zeng, T. Kohno, and F. Roesner.
Conference on Human Factors in Computing Systems (CHI), May 2021.
[ Dataset ]

2020

COVID-19 Contact Tracing and Privacy: A Longitudinal Study of Public Opinion.
L. Simko, J.L. Chang, M. Jiang, R. Calo, F. Roesner, and T. Kohno.
Report Version 2.0 (technical report), December 2020.
Accept the Risk and Continue: Measuring the Long Tail of Government https Adoption.
S. Singanamalla, E.H.B. Jang, R. Anderson, T. Kohno, and K. Heimerl.
Internet Measurement Conference, October 2020.
Security and Machine Learning in the Real World.
I. Evtimov, W. Cui, E. Kamar, E. Kiciman, T. Kohno, and J. Li.
arXiv preprint arXiv:2007.07205, July 2020.
Smart Devices in Airbnbs: Considering Privacy and Security for Both Guests and Hosts.
S. Mare, F. Roesner, and T. Kohno.
Privacy Enhancing Technologies Symposium, July 2020.
A Privacy-focused Systematic Analysis of Online Status Indicators.
C. Cobb, L. Simko, T. Kohno, and A. Hiniker.
Privacy Enhancing Technologies Symposium, July 2020.
Bad News: Clickbait and Deceptive Ads on News and Misinformation Websites.
E. Zeng, F. Roesner, and T. Kohno.
Workshop on Technology and Consumer Protection (ConPro), May 2020.
[ Dataset ]
COVID-19 Contact Tracing and Privacy: Studying Opinion and Preferences.
L. Simko, R. Calo, F. Roesner, and T. Kohno.
Report Version 1.0 (technical report), May 2020.
PACT: Privacy-sensitive Protocols and Mechanisms for Mobile Contact Tracing.
J. Chan, D. Foster, S. Gollakota, E. Horvitz, J. Jaeger, S. Kakade, T. Kohno, J. Langford, J. Larson, P. Sharma, S. Singanamalla, J. Sunshine, and S. Tessar.
Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 43(2):15–35, 2020.
2019 Industry-Academia Summit on Mixed Reality Security, Privacy, and Safety: Summit Report.
F. Roesner and T. Kohno, editors.
Report from Summit held in September 2019 at the University of Washington, April 2020.
[ Project Page ]

User Experiences with Online Status Indicators.
C. Cobb, L. Simko, T. Kohno, and A. Hiniker.
Conference on Human Factors in Computing Systems (CHI), April 2020.

Toward a Secure Internet of Things: Directions for Research.
J. Camp, R. Henry, T. Kohno, S. Mare, S. Myers, S.N. Patel.
IEEE Security & Privacy, February 2020.

Genotype Extraction and False Relative Attacks: Security Risks to Third-party Genetic Genealogy Services Beyond Identity Inference.
P. Ney, L. Ceze, and T. Kohno.
Network and Distributed System Security Symposium (NDSS), February 2020.
[ Project Page ] [ Newsweek, Technology Review ]

2019

Is Tricking a Robot Hacking?.
I. Evtimov, D. O'Hair, E. Fernandes, R. Calo, T. Kohno.
Berkeley Technology Law Journal, Volume 34, Issue 3, 2019.

Secure Multi-user Content Sharing for Augmented Reality Applications.
K. Ruth, T. Kohno, and F. Roesner.
28th USENIX Security Symposium, August 2019.
[ Project Page and ShareAR Toolkit Page ]

Enabling Multiple Applications to Simultaneously Augment Reality: Challenges and Directions.
K. Lebeck, T. Kohno, and F. Roesner.
Workshop on Mobile Computing Systems and Applications (HotMobile), February 2019.
[ Project Page ]

Consumer Smart Homes: Where We Are and Where We Need to Go.
S. Mare, L. Girvin, F. Roesner, and T. Kohno.
Workshop on Mobile Computing Systems and Applications (HotMobile), February 2019.

2018

Physical Adversarial Examples for Object Detectors.
K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahmati, F. Tramer, A. Prakash, T. Kohno, and D. Song.
USENIX Workshop on Offensive Technologies (WOOT), August 2018.

Recognizing and Imitating Programmer Style: Adversaries in Program Authorship Attribution.
L. Simko, L. Zettlemoyer, and T. Kohno.
Privacy Enhancing Technologies Symposium, July 2018.

Challenges and New Directions in Augmented Reality, Computer Security, and Neuroscience -- Part 1: Risks to Sensation and Perception.
S. Baldassi, T. Kohno, F. Roesner, and M. Tian.
arXiv:1806.10557, June 2018.
[ Project Page ]

Robust Physical-world Attacks on Deep Learning Visual Classification.
K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahmati, C. Xiao, A. Prakash, T. Kohno, and D. Song.
Computer Vision and Pattern Recognition (CVPR), June 2018.
[ Science Museum in London (on Exhibit) ] [ IEEE Spectrum, Ars Technica, Schneier on Security ]
[ Project Page (University of Michigan) ]
[ Previously on arXiv at arXiv:1707.08945, July 2017 ]

Computer Security and Privacy for Refugees in the United States.
L. Simko, A. Lerner, S. Ibtasam, F. Roesner, and T. Kohno.
IEEE Symposium on Security and Privacy, May 2018.

Towards Security and Privacy for Multi-user Augmented Reality: Foundations with end users.
K. Lebeck, K. Ruth, T. Kohno, and F. Roesner.
IEEE Symposium on Security and Privacy, May 2018.
[ Project Page ]

Computer Security for Data Collection Technologies.
C. Cobb, S. Sudar, N. Reiter, R. Anderson, F. Roesner, and T. Kohno.
Development Engineering, 2018.
Arya: Operating System Support for Securely Augmenting Reality.
K. Lebeck, K. Ruth, T. Kohno, and F. Roesner.
IEEE Security & Privacy Magazine, February 2018.
[ Project Page ]

2017

Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob.
P. Vines, F. Roesner, and T. Kohno.
16th ACM Workshop on Privacy in the Electronic Society (WPES 2017), October 30, 2017.
[ Project Page ] [ Wired ] [ See minute 21:00 and onward of Last Week Tonight ]

Rewriting History: Changing the Archived Web from the Present.
A. Lerner, T. Kohno, and F. Roesner.
ACM Conference on Computer and Communications Security, October 30-November 3, 2017.
[ Project Page ]

CovertBand: Activity Information Leakage using Music.
R. Nandakumar, A. Takakuwa, T. Kohno, and S. Gollakota.
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), 2017. (Presentation at UbiComp 2017.)
[ Project Page ]

Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More.
P. Ney, K. Koscher, L. Organick, L. Ceze, and T. Kohno.
USENIX Security, August 16-18, 2017.
[ Project Page, Talk Video ] [ Wired, The Wall Street Journal, MIT Technology Review, The Atlantic, BioQuest, Tech Crunch ]

SeaGlass: A City-wide Cell-site Simulator Detection Network.
P. Ney, I. Smith, G. Cadamuro, and T. Kohno.
Privacy Enhancing Technologies Symposium, July 18-21, 2017.
[ Project Page ] [ Video of PETS talk ] [ Wired, TechCrunch ]

Securing Augmented Reality Output.
K. Lebeck, K. Ruth, T. Kohno, and F. Roesner.
IEEE Symposium on Security and Privacy, May 22-24 2017. (Selected Paper, IEEE Security & Privacy Magazine.)
[ AR Security Project Website ] [ Science ]

Internet Censorship in Thailand: User Practices and Potential Threats.
G. Gebhart, Anonymous, and T. Kohno.
IEEE European Symposium on Security and Privacy, April 26-28, 2017.

How Public Is My Private Life? Privacy in Online Dating.
C. Cobb and T. Kohno.
26th International World-Wide Web Conference (WWW), April 3-7, 2017.

Securing Vulnerable Home IoT Devices with an In-Hub Security Manager.
A.K. Simpson, F. Roesner, and T. Kohno.
International Workshop on Pervasive Smart Living Spaces (PerLS), March 13, 2017.

2016

Excavating Web Trackers Using Web Archaeology.
A. Lerner, A.K. Simpson, T. Kohno, and F. Roesner.
USENIX ;login:, Winter 2016.
[ Tracking Excavator Web Page ]

Why Would You Do That? Predicting the Uses and Gratifications Behind Smartphone-Usage Behaviors.
A. Hiniker, S.N. Patel, T. Kohno, and J.A. Kientz.
ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '16), September 12-16, 2016.

Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016.
A. Lerner, A. Kornfeld Simpson, T. Kohno, and F. Roesner.
USENIX Security, August 10-12, 2016. (Invited Paper, ;login:.)
[ Tracking Excavator Web Page ] [ USA Today, IEEE Spectrum, TechCrunch]

Automobile Driver Fingerprinting.
M. Enev, A. Takakuwa, K. Koscher, and T. Kohno.
Privacy Enhancing Technologies Symposium, July 19-22, 2016.
[ Car Security Project Website Wired Gizmodo ]

Satellite: Joint Analysis of CDNs and Network-Level Interference.
W. Scott, T. Anderson, T. Kohno, and A. Krishnamurthy.
USENIX Annual Technical Conference, June 22-24, 2016. (Best Student Paper Award.)

Computer Security for Data Collection Technologies.
C. Cobb, S. Sudar, N. Reiter, R. Anderson, F. Roesner, and T. Kohno.
International Conference on Information and Communication Technologies and Development (ICTD2016), June 3-6, 2016.

Keeping Ahead of Our Adversaries.
J. Cleland-Huang, T. Denning, T. Kohno, F. Shull, and S. Weber.
IEEE Software, May/June, 2016.

MyTime: Designing and Evaluating an Intervention for Smartphone Non-Use.
A. Hiniker, S. Hong, T. Kohno, and J.A. Kientz.
Conference on Human Factors in Computing Systems (CHI), May 7-12, 2016.
[ Facebook Implementation ]

How to Safely Augment Reality: Challenges and Directions.
K. Lebeck, T. Kohno, and F. Roesner.
17th Workshop on Mobile Computing Systems and Applications (HotMobile), February 23-24, 2016.
[ AR Security Project Website ]

WearFit: Security Design Analysis of a Wearable Fitness Tracker.
J. West, T. Kohno, D. Lindsay, and J. Sechman.
IEEE Center for Secure Design, 2016.
[ This is an example application of the IEEE Center for Secure Design's earlier "Avoiding the Top 10 Security Flaws" document ]

2015

Rook: Using Video Games as a Low-Bandwidth Censorship Resistant Communication Platform.
P. Vines and T. Kohno.
Workshop on Privacy in the Electronic Society, October 12, 2015.
[ Technical Report ]

Augmented Reality: A Technology and Policy Primer.
R. Calo, T. Denning, B. Friedman, T. Kohno, L. Magassa, E, McReynolds, B.C. Newell, F. Roesner, and J. Woo.
Tech Policy Lab, University of Washington, September 2015.
[ AR Security Project Website ]

SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems.
K. Koscher, T. Kohno, and D. Molnar.
9th USENIX Workshop on Offensive Technologies (WOOT '15), August 10-11, 2015.

Analyzing the Use of Quick Response Codes in the Wild.
A. Lerner, A. Saxena, K. Ouimet, B. Turley, A. Vance, T. Kohno, and F. Roesner.
13th International Conference on Mobile Systems, Applications, and Services (MobiSys), May 20-22, 2015.

Securing RFIDs by Randomizing the Modulation and Channel.
H. Hassanieh, J. Wang, D. Katabi, and T. Kohno.
Networked Systems Design and Implementation (NSDI), May 4-6, 2015.

To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots.
T. Bonaci, J. Herron, T. Yusuf, J. Yan, T. Kohno, H. J. Chizeck.
arXiv, April 2015.
[ Technology Review ]

Experimental Analysis of Denial-of-Service Attacks on Teleoperated Robotic Systems.
T. Bonaci, J. Yan, J. Herron, T. Kohno and H. J. Chizeck.
ACM/IEEE International Conference on Cyber-Physical Systems, April 14-16, 2015.

Display Leakage and Transparent Wearable Displays: Investigation of Risk, Root Causes, and Defenses.
T. Kohno, J. Kollin, D. Molnar, and F. Roesner.
Microsoft Research Technical Report, MSR-TR-2015-18, February 2015.
[ AR Security Project Website ]

Surreptitiously Weakening Cryptographic Systems.
B. Schneier, M. Fredrikson, T. Kohno, and T. Ristenpart.
Cryptology ePrint Archive, Report 2015/097, February 2015.

Cryptographic Currencies from a Tech-Policy Perspective: Policy Issues and Technical Directions.
E. McReynolds, A. Lerner, W. Scott, F. Roesner, and T. Kohno
2nd Workshop on Bitcoin Research, January 30, 2015.

2014

CPS: Beyond Usability: Applying Value Sensitive Design Based Methods to Investigate Domain Characteristics for Security for Implantable Cardiac Devices.
T. Denning, B. Friedman, B. Gill, D.B. Kramer, M.R. Reynolds, and T. Kohno.
Annual Computer Security Applications Conference (ACSAC), December 10-12, 2014.

Per-App Profiles with AppFork: The Security of Two Phones with the Convenience of One.
T. Oluwafemi, E. Fernandes, O. Riva, F. Roesner, S. Nath, and T. Kohno.
Microsoft Research Technical Report, MSR-TR-2014-153, December 2014.

World-Driven Access Control for Continuous Sensing.
F. Roesner, D. Molnar, A. Moshchuk, T. Kohno, and H.J. Wang.
ACM Conference on Computer and Communications Security, November 4-6, 2014.
[ AR Security Project Website ]

Augmented Reality: Hard Problems of Law and Policy.
F. Roesner, T. Denning, B.C. Newell, T. Kohno, and R. Calo.
UbiComp 2014 Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE), September 14, 2014.
[ AR Security Project Website ]

Avoiding the Top 10 Security Flaws.
I. Arce, N. Daswani, J. DelGrosso, D. Dhillon, C. Kern, T. Kohno, C. Landwehr, G. McGraw, B. Schoenfield, M. Seltzer, D. Spinellis, I. Tarandach, and J. West
IEEE Center for Secure Design, 2014.
[ Also in HTML ]
[ See this document for an example application of these recommendations ]

Practical Lessons From Creating the Control-Alt-Hack Card Game and Research Challenges for Games In Education and Research.
T. Denning, A. Shostack, T. Kohno.
USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE '14), August 18, 2014.

Security and Privacy for Augmented Reality Systems.
F. Roesner, T. Kohno, and D. Molnar.
Communications of the ACM, 57(4), April 2014.
[ AR Security Project Website ]

In Situ with Bystanders of Augmented Reality Glasses: Perspectives on Recording and Privacy-Mediating Technologies.
T. Denning, Z. Dehlawi, and T. Kohno.
Conference on Human Factors in Computing Systems (CHI), April 26-May 1, 2014.
[ AR Security Project Website ]

Sex, Lies, or Kittens? Investigating the Use of Snapchat's Self-Destructing Messages.
F. Roesner, B. Gill, and T. Kohno.
18th International Conference on Financial Cryptography and Data Security, March 3-7, 2014.

2013

Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education.
T. Denning, A. Lerner, A. Shostack, and T. Kohno.
20th ACM Conference on Computer and Communications Security, November 4-8, 2013.
[ More information at http://www.ControlAltHack.com ]
Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security.
T. Oluwafemi, S. Gupta, S. Patel, and T. Kohno.
Learning from Authoritative Security Experiment Results (LASER) 2013, October 16-17, 2013.

DeadDrop/Strongbox Security Assessment.
A. Czeskis, D. Mah, O. Sandoval, I. Smith, K. Koscher, J. Appelbaum, T. Kohno, B. Schneier.
University of Washington Technical Report, UW-CSE-13-08-02, August 2013.
[ The New Yorker's reply, Freedom of the Press, Washington Post, Time Business and Money ]
Securing Embedded User Interfaces: Android and Beyond.
F. Roesner and T. Kohno.
USENIX Security, August 14-16, 2013.
[ Source Code ]
Vulnerability Research in the Cyberphysical World.
S. Savage and T. Kohno.
Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS), May 23, 2013.
Operating System Support for Augmented Reality Applications.
L. D'Antoni, A. Dunn, S. Jana, T. Kohno, B. Livshits, D. Molnar, A. Moshchuk, E. Ofek, F. Roesner, S. Saponas, M. Veanes, and H.J. Wang.
14th Workshop on Hot Topics in Operating Systems (HotOS XIV), May 13-15, 2013.
[ AR Security Project Website ]
Lightweight Server Support for Browser-based CSRF Protection.
A. Czeskis, A. Moshchuk, T. Kohno, and H.J. Wang.
23rd International World-Wide Web Conference (WWW), May 13-17, 2013.

Computer Security in the Modern Home.
T. Denning, T. Kohno, and H. Levy.
Communications of the ACM, 56(1), January 2013.

2012

SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face Understanding.
M. Enev, J. Jung, L. Bo, X. Ren, and T. Kohno.
Annual Computer Security Applications Conference, December 3-7, 2012.
Strengthening User Authentication through Opportunistic Cryptographic Identity Assertions.
A. Czeskis, M. Dietz, D. Wallach, T. Kohno, and D. Balfanz.
19th ACM Conference on Computer and Communications Security, October 16-18, 2012.
User Interface Toolkit Mechanisms for Securing Interface Elements.
F. Roesner, J. Fogarty, and T. Kohno.
25th ACM Symposium on User Interface Software and Technology (UIST 2012), October 7-10, 2012.
Security Risks, Low-tech User Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems.
N. Paul and T. Kohno
3rd USENIX Workshop on Health Security and Privacy (HealthSec '12), August 6-7, 2012.
ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets.
F. Roesner, C. Rovillos, T. Kohno, and D. Wetherall.
USENIX ;login:, August 2012.
[ The ShareMeNot website ]
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems.
F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H.J. Wang, and C. Cowan.
IEEE Symposium on Security and Privacy, May 16-19, 2012. (Best Practical Paper Award.)
[ Technical Report ]
Detecting and Defending Against Third-Party Tracking on the Web.
F. Roesner, T. Kohno, and D. Wetherall.
Networked Systems Design and Implementation (NSDI), April 25-27, 2012. (Invited Paper, ;login:.) (2023 Test of Time Award.)
[ Software: ShareMeNot ] [ Now Part of the EFF Privacy Badger ]
[ Software: TrackingObserver (Web Tracking Detection Platform) ]
[ Schneier, Boing Boing, EFF ]

2011

A Review of the Security of Insulin Pump Infusion Systems.
N. Paul, T. Kohno, and D.C. Klonoff.
Journal of Diabetes Science and Technology, to appear.
Televisions, Video Privacy, and Powerline Electromagnetic Interference.
M. Enev, S. Gupta, T. Kohno, and S. Patel.
18th ACM Conference on Computer and Communications Security, October 17-21, 2011.
[ Video ] [ SecurityWeek.Com ]
Comprehensive Experimental Analyses of Automotive Attack Surfaces.
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno.
USENIX Security, August 10-12, 2011.
(2021 Golden Goose Award.)
[ Car Security Project Website ] [ Video of Talk ] [ AAAS Golden Goose Award Article ] [ Technology Review, Slashdot, Slashdot, PC World, The New York Times, Associated Press, Scientific American, Car and Driver, Bloomberg Businessweek, Communications of the ACM, Forbes ] [ NPR (Marketplace) ]

New Directions for Self-destructing Data.
R. Geambasu, T. Kohno, A. Krishnamurthy, A. Levy, H.M. Levy, P. Gardner, and V. Moscaritolo.
University of Washington Technical Report, UW-CSE-11-08-01, August 2011.
Augmented Reality: Challenges and Opportunities for Security and Privacy.
F. Roesner, T. Kohno, and D. Molnar.
Manuscript, May 2011.

Privacy-preserving Network Forensics.
M. Afanasyev, T. Kohno, J. Ma, N. Murphy, S. Savage, A.C. Snoeren and G.M. Voelker.
Communications of the ACM, 54(5), May 2011.
[ Technical Report ]
Keypad: An Auditing File System for Theft-prone Devices.
R. Geambasu, J.P. John, S.D. Gribble, T. Kohno, and H.M. Levy.
European Conference on Computer Systems (EuroSys), April 10-13, 2011. (Best Student Paper Award.)
Science Fiction Prototyping and Security Education: Cultivating Contextual and Societal Thinking in Computer Security Education and Beyond.
T. Kohno and B.D. Johnson.
ACM Technical Symposium on Computer Science Education (SIGCSE), March 9-12, 2011.
Sensor Tricorder: What Does that Sensor Know About Me?
G. Maganis, J. Jung, T. Kohno, A. Sheth, and D. Wetherall.
12th Workshop on Mobile Computing Systems and Application (HotMobile), March 1-2, 2011.

TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking.
D. (Y.) Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall.
ACM Operating Systems Review, 45(1), January 2011.
[ Project Website ]

2010

The Limits of Automatic OS Fingerprint Generation.
D.W. Richardson, S.D. Gribble, and T. Kohno.
Workshop on Artificial Intelligence and Security (AISec), October 8, 2010.
Comet: An Active Distributed Key-Value Store.
R. Geambasu, A. Levy, T. Kohno, A. Krishnamurthy, and H.M. Levy.
USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 4-6, 2010.
[ Vanish Project Web Page ]
Seeing Through Obscure Glass.
Q. Shan, B. Curless, and T. Kohno.
European Conference on Computer Vision (ECCV), September 5-11, 2010.
[ Supplementary Video, YouTube version, Additional information ]
Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety.
A. Czeskis, I. Dermendjieva, H. Yapit, A. Borning, B. Friedman, B. Gill, and T. Kohno.
Symposium On Usable Privacy and Security (SOUPS), July 14-16, 2010.
(2011 CPDP Multidisciplinary Privacy Award.)
Experimental Security Analysis of a Modern Automobile.
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage.
IEEE Symposium on Security and Privacy, May 16-19, 2010. (2020 Test of Time Award.)
(2021 Golden Goose Award.)
[ Car Security Project Website ] [ AAAS Golden Goose Award Article ] [ The New York Times, PC World, Technology Review, Slashdot ]

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices.
T. Denning, A. Borning, B. Friedman, B.T. Gill, T. Kohno, and W.H. Maisel.
28th Conference on Human Factors in Computing Systems (CHI), April 10-15, 2010.
(2011 CPDP Multidisciplinary Privacy Award Honorable Mention.)
[ Medical Device Security Project Web Page ] [ CNN ]

Improving the Security and Privacy of Implantable Medical Devices.
W.H. Maisel and T. Kohno.
New England Journal of Medicine, 362(13), April 2010.
[ Medical Device Security Project Web Page ] [ CNBC (1), CNBC (2), CNBC (3), ABC News, MedPage Today ]
Cryptography Engineering: Design Principles and Practical Applications.
N. Ferguson, B. Schneier, and T. Kohno.
John Wiley & Sons, March 2010.
[ Additional information ]
[ Translations completed or in progress: Chinese, Italian, and Korean ]

2009

EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond.
K. Koscher, A. Juels, V. Brajkovic, and T. Kohno.
16th ACM Conference on Computer and Communications Security, November 9-13, 2009.
[ Technical Report, FAQ ] [ Wall Street Journal, The New York Times, Technology Review, Slashdot ]

Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones.
S. Lee, K. Fu, T. Kohno, B. Ransford. W.H. Maisel.
Heart Rhythm, 6(10), October 2009.
[ Medical Device Security Project Web Page ] [ Heart Rhythm Society, HealthDay, Medical News ]

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons.
T. Denning, C. Matuszek, K. Koscher, J.R. Smith, and T. Kohno
International Conference on Ubiquitous Computing, September 30 - October 3, 2009.
[ FAQ ] [ The New York Times, MSNBC, Popular Science, Slashdot ]

Are Patched Machines Really Fixed?.
R.W. Gardner, M. Bishop, and T. Kohno.
IEEE Security and Privacy Magazine, 7(5), September/October 2009.
Vanish: Increasing Data Privacy with Self-Destructing Data.
R. Geambasu, T. Kohno, A.A. Levy, and H.M. Levy.
USENIX Security, August 12-14, 2009. (Outstanding Student Paper Award.)
[ Web Page ] [ The New York Times (1), The New York Times (2), NPR's All Things Considered, PCWorld, Slashdot ]
Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default.
B. Raghavan, T. Kohno, A.C. Snoeren, and D. Wetherall.
Privacy Enhancing Technologies Symposium, August 5-7, 2009.
Neurosecurity: Security and Privacy for Neural Devices.
T. Denning, Y. Matsuoka, and T. Kohno.
Neurosurgical Focus, July 2009.
[ Medical Device Security Project Web Page, Wikipedia ] [ CNN, Slashdot ]

Provable Security Support for the Skein Hash Family.
M. Bellare, T. Kohno, S. Lucks, N. Ferguson, B. Schneier, D. Whiting, J. Callas, and J. Walker.
Supporting materials for the Skein submission to the NIST Cryptographic Hash Algorithm Competition, April 2009.
[ Skein Website ] [ NIST Competition ]
A Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords.
K.M. Everitt, T. Bragin, J. Fogarty, and T. Kohno.
27th Conference on Human Factors in Computing Systems (CHI), April 4-9, 2009.

The International Criminal Tribunal for Rwanda Information Heritage Project (aka Voices of the Rwanda Tribunal): Integrity Verification Architecture.
A. Czeskis, K. Koscher, M. Andrews, N.C. Grey, B. Friedman, T. Kohno.
University of Washington Computer Science and Engineering Technical Report, UW-CSE-09-01-02, March 2009.
[ Project Website ] [ The New York Times ]

2008

RFIDs and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications.
A. Czeskis and K. Koscher and J.R. Smith and T. Kohno.
15th ACM Conference on Computer and Communications Security, October 27-31, 2008.
[ Technology Review ]
Privacy Oracle: A System for Finding Application Leaks with Black Box Differential Testing.
J. Jung, A. Sheth, B. Greenstein, D. Wetherall, G. Maganis, and T. Kohno.
15th ACM Conference on Computer and Communications Security, October 27-31, 2008.

Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 Player Headphones.
S. Lee, B. Ransford, K. Fu, T. Kohno, and W.H. Maisel.
Circulation, 118(18 Supplement), October 2008. (Also presented at the American Heart Association Scientific Sessions 2008.)
[ Medical Device Security Project Web Page ] [ CNN, Reuters, Associated Press ]

The Skein Hash Function Family.
N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, and J. Walker.
Submission to the NIST Cryptographic Hash Algorithm Competition, October 2008. (Document revised September 2009.)
[ Skein Website ] [ NIST Competition ] [ The New York Times, Slashdot ]
Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs.
T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno.
USENIX Security, July 30-August 1, 2008.
[ Web Page ] [ Adeona Open Source Software ] [ PC World, Technology Review, Linux Magazine, Slashdot ]
Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security.
T. Denning, K. Fu, and T. Kohno.
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
[ Medical Device Security Project Web Page ]
Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications.
A. Czeskis, D.J. St. Hilaire, K. Koscher, S.D. Gribble, T. Kohno, and B. Schneier.
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
[ Dark Reading ]
Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice.
M. Piatek, T. Kohno, and A. Krishnamurthy.
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008.
[ Summary, FAQ ] [ The New York Times, Slashdot ]
Shining Light in Dark Places: Understanding the Tor Network.
D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker.
Privacy Enhancing Technologies Symposium, July 23-25, 2008.
Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
Journal of Cryptology, 21(3), July 2008.
Improving Wireless Privacy with an Identifier-free Link Layer Protocol.
B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall.
MobiSys, June 17-20, 2008. (Best Paper Award.)
[ More information (including code) ]
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Symposium on Security and Privacy, May 18-21, 2008. (Outstanding Paper Award.) (2019 Test of Time Award.)
[ FAQ, Medical Device Security Project Web Page ] [ The New York Times, Wall Street Journal, Reuters, Associated Press, IDG News Service, PCWorld ] [ Homeland TV Show ]
Detecting In-Flight Page Changes with Web Tripwires.
C. Reis, S. Gribble, T. Kohno, and N. Weaver.
Networked Systems Design and Implementation (NSDI), April 16-18, 2008.
[ Results Summary, Data Collection ] [ Slashdot (data collection), Slashdot (paper), PC World ] [ Measurement Lab, EFF Test Your ISP ]
Security and Privacy for Implantable Medical Devices.
D. Halperin, T.S. Heydt-Benjamin, K. Fu, T. Kohno, and W.H. Maisel.
IEEE Pervasive Computing, 7(1), January-March 2008.
[ Medical Device Security Project Web Page ]

2007

Physical Access Control for Captured RFID Data.
T. Kriplean, E. Welbourne, N. Khoussainova, V. Rastogi, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
IEEE Pervasive Computing, 6(4), October-December 2007.
Low-resource Routing Attacks Against Tor.
K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker.
Workshop on Privacy in the Electronic Society, October 29, 2007.
[ FAQ Technical Report ]
Expressing Privacy Policies Using Authorization Views.
V. Rastogi, E. Welbourne, N. Khoussainova, T. Kriplean, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu.
Workshop on UbiComp Privacy: Technologies, Users, Policy, September 16, 2007.
Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing.
T.S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno.
Usenix Security, August 8-10, 2007.

Software Review and Security Analysis of the Diebold Voting Machine Software.
R. Gardner, A. Yasinsac, M. Bishop, T. Kohno, Z. Hartley, J. Kerski, D. Gainey, R. Walega, E. Hollander, and M. Gerke.
Report commissioned by the Florida Department of State, July 2007.
Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era.
B. Greenstein, R. Gummadi, J. Pang, M.Y. Chen, T. Kohno, S. Seshan, and D. Wetherall.
11th Workshop on Hot Topics in Operating Systems (HotOS XI), May 7-9, 2007.

2006

Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation.
M. Bellare, T. Kohno, and V. Shoup.
13th ACM Conference on Computer and Communications Security, October 30-November 3, 2006.
Designing voting machines for verification.
N. Sastry, T. Kohno, and D. Wagner.
Usenix Security, July 31-August 4, 2006.

Authenticated Encryption in Practice: Generalized Composition Methods and the Secure Shell, CWC, and WinZip Schemes.
T. Kohno
UCSD Dissertation, June 2006.
Herding hash functions and the Nostradamus attack.
J. Kelsey and T. Kohno.
Advances in Cryptology – EUROCRYPT, May 28-June 1, 2006.
[ Extensions, Economist.com, Science Magazine ]
Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine (extended abstract).
D. Molnar, T. Kohno, N. Sastry, and D. Wagner.
IEEE Symposium on Security and Privacy, May 21-24, 2006.
Key regression: Enabling efficient key distribution for secure distributed storage.
K. Fu, S. Kamara, and T. Kohno.
Network and Distributed System Security Symposium, February 2-3, 2006.
SSH transport layer encryption modes.
M. Bellare, T. Kohno, and C. Namprempre.
IETF RFC 4344, January 2006.

2005

Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.
M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi.
Advances in Cryptology – CRYPTO, August 14-18, 2005.
Remote physical device fingerprinting.
T. Kohno, A. Broido, and K.C. Claffy.
IEEE Transactions on Dependable and Secure Computing, 2(2), April-June 2005.
Remote physical device fingerprinting.
T. Kohno, A. Broido, and k. claffy.
IEEE Symposium on Security and Privacy, May 8-11, 2005. (Award Paper; Selected Paper, IEEE TDSC.)
[ CNET News.com, The Register, Slashdot ]

2004

Attacking and repairing the WinZip encryption scheme.
T. Kohno.
11th ACM Conference on Computer and Communications Security, October 25-29, 2004.

Congressional Testimony.
T. Kohno.
U.S. House of Representatives, Committee on House Administration, Hearing on Electronic Voting System Security, July 7, 2004.
Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm.
M. Bellare, T. Kohno, and C. Namprempre.
ACM Transactions on Information and System Security, 7(2), May 2004.
Analysis of an electronic voting system.
T. Kohno, A. Stubblefield, A.D. Rubin, and D.S. Wallach.
IEEE Symposium on Security and Privacy, May 9-12, 2004.
[ The New York Times, MSNBC, Discover Magazine, Slashdot ]
Hash function balance and its impact on birthday attacks.
M. Bellare and T. Kohno.
Advances in Cryptology – EUROCRYPT, May 2-6, 2004.
New security proofs for the 3GPP confidentiality and integrity algorithms.
T. Iwata and T. Kohno.
Fast Software Encryption, February 5-7, 2004.
CWC: A high-performance conventional authenticated encryption mode.
T. Kohno, J. Viega, and D. Whiting.
Fast Software Encryption, February 5-7, 2004.
[ Wikipedia for NIST standard GCM, based on CWC ]

2003

A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications.
M. Bellare and T. Kohno.
Advances in Cryptology – EUROCRYPT, May 4-8, 2003.
Analysis of RMAC.
L.R. Knudsen and T. Kohno.
Fast Software Encryption, February 24-26, 2003.
Helix: Fast encryption and authentication in a single cryptographic primitive.
N. Ferguson, D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno.
Fast Software Encryption, February 24-26, 2003.

2002

Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol.
M. Bellare, T. Kohno, and C. Namprempre.
Ninth ACM Conference on Computer and Communications Security, November 18-22, 2002. (Selected Paper, ACM TISSEC.)
Token-based scanning for source code security problems.
J. Viega, J.T. Bloch, T. Kohno, and G. McGraw.
ACM Transactions on Information and System Security, 5(3), August 2002.

2001

On the global content PMI: Improved copy-protected Internet content distribution.
T. Kohno and M. McGovern.
Financial Cryptography: Fifth International Conference, February 19-22, 2001.

Trust (and mistrust) in secure applications.
J. Viega, T. Kohno, and B. Potter.
Communications of the ACM, 44(2), February 2001.
A network-flow-based scheduler: Design, performance history and experimental analysis.
H.N. Gabow and T. Kohno.
ACM Journal of Experimental Algorithmics, 6, 2001.

2000

ITS4: A static vulnerability scanner for C and C++ code.
J. Viega, J.T. Bloch, Y. Kohno, and G. McGraw.
Annual Computer Security Applications Conference, December 11-15, 2000. (Outstanding Paper Award.) (2019 Test of Time Award.)

The Twofish Team's final comments on AES selection.
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, and M. Stay.
Comments to NIST, May 15, 2000.
Preliminary cryptanalysis of reduced-round Serpent.
T. Kohno, J. Kelsey, and B. Schneier.
Third AES Candidate Conference, April 13-14, 2000.
Amplified boomerang attacks against reduced-round MARS and Serpent.
J. Kelsey, T. Kohno, and B. Schneier.
Fast Software Encryption, April 10-12, 2000.
A network-flow-based scheduler: Design, performance history, and experimental analysis.
H.N. Gabow and T. Kohno.
Second Workshop on Algorithm Engineering and Experiments, January 7-8, 2000. (Selected Paper, ACM JEA.)