|
Thomas Ristenpart
My research is in computer security, with recent topics including cloud
computing security, applied and theoretical cryptography, and privacy.
After 4.5 great years at Wisconsin, I'll be moving to Cornell Tech in New
York City this May. I therefore won't be able to take on any new students
at Wisconsin.
Thanks to the Sloan Foundation for their support of my work via a
2015 Sloan
Research Fellowship!
I do a lot of work with other members of
WISDoM, the
Wisconsin Institute on Software-defined Datacenters in Madison.
I'm also a co-PI for the NSF-funded Frontier Project Silver focused on security in
cloud computing.
We are holding a curriculum development workshop this coming summer on the
topic of cloud computing security. If you are interested, check it out here.
I'm a signatory on a letter calling
for surveillance reforms by US academics in computer security and
cryptography.
Some examples of my work are below, or
click here for my publications.
| Pharmacogenetics, model inversion, and privacy |
|---|
| Papers: |
USENIX Security 2014
|
| Awards: | Received Best Paper Award at USENIX
Security 2014.
|
| Description: |
We perform a case study of privacy in pharmacogenetics, wherein doctors use
machine learning models to help guide clinical assessments. We show that
machine learning models can be abused by a clever attacker to infer genetic
information about a person via a technique that we call model inversion. We
show that previously suggested countermeasures based on the principle of
differential privacy would prevent the attacks, but only while prohibitively increasing
risk of negative patient outcomes.
|
| Format-transforming encryption and censorship avoidance |
|---|
| Papers: |
CCS 2013,
USENIX Security 2014,
CCS 2014
|
| Awards: |
My collaborators at Portland State University received a "New Digital
Age" grant for our work on FTE. These awards are funded by a generous
donation by Google Executive Chairman Eric Schmidt. News articles: ZDnet
- Bloomberg
Our CCS 2013 paper was runner up for the Award for Outstanding
Research in Privacy Enhancing Technologies
|
| Practical impact: |
We introduce format-transforming encryption (FTE), and build particular encryption schemes
whose ciphertexts are guaranteed to match against a regular expression of one's choosing.
This proves useful in a variety of
settings: we show in particular how it can be used to force protocol
misclassification by the kinds of deep-packet inspection (DPI) systems used to detect and block
censorship circumvention tools such as Tor.
Check out the FTE webpage
for source code and more details.
|
| Encryption for deduplicated cloud storage |
|---|
| Papers: |
Eurocrypt 2013,
USENIX Security 2013
|
| Practical impact: |
We introduce new encryption mechanisms for which ciphertexts
can be usefully deduplicated by a storage service (without the keys). A prototype of our system, DupLESS, that can be used by organizations
to perform encryption on client side but take advantage of cloud storage that is deduplicated,
can be downloaded here.
|
| Security of embedded devices |
|---|
| Papers: |
WOOT 2012,
USENIX Security 2013
|
| Practical impact: |
We discovered (and helped fix) security vulnerabilities in a widely used smartphone-based point-of-sale system (used to process credit card transactions).
See the vulnerability report here. In subsequent work, we built a tool Fie for analyzing embedded firmware to find such vulnerabilities and even verify their absence in some cases.
|
| Security of Critical Cryptographic Standards |
|---|
| Papers: | Asiacrypt 2011, Crypto 2012(a), Crypto 2012(b)
|
| Practical impact: |
We uncovered a new attack against the TLS record layer, uncovered weak key pairs in HMAC, and provided the first formal security analysis for PKCS#5 (password-based
cryptography).
|
Professional activities:
|
|