Thomas Ristenpart

Thomas Ristenpart

Assistant Professor
Department of Computer Sciences
University of Wisconsin - Madison

Office: 7387 Computer Sciences
Address: 1210 West Dayton Street, Madison, WI 53715
Email: rist at cs dot wisc dot edu
Office phone: 608-262-7971

Publications
Students
Teaching
Brief bio
CV

My research is in computer security, with recent topics including cloud computing security, applied and theoretical cryptography, and privacy.

I do a lot of work with other members of WISDoM, the Wisconsin Institute on Software-defined Datacenters in Madison.

I'm looking for students, both undergraduate and graduate, to work with me on cutting-edge security research. If you are interested, let me know.

Some examples of my work are below, or click here for my publications.

New security threats in cloud computing
Papers:	CCS 2009, CCS 2012(a), CCS 2012(b)
Media coverage (2009):	MIT Technology Review - MIT Technology Review (2) - MIT Technology Review (3) - The New York Times - Network World - Network World (2) - Computer World - Data Center Knowledge - IT Business Edge - Cloudsecurity.org - Infoworld
Media coverage (2012):	InformationWeek - MIT Technology Review - Arstechnica - Slashdot - Threatpost - Dark Reading - Hacker News
Practical impact:	Our work is helping inform industry best practices. For example, we are referenced in the Cloud Security Alliance's cloud security guide and the European Network and Information Security Agency's report on cloud security.

Security of Point-of-Sale Systems
Paper:	WOOT 2012
Practical impact:	We discovered (and helped fix) security vulnerabilities in a widely used smartphone-based point-of-sale system (used to process credit card transactions). See the vulnerability report here.

Security of Critical Cryptographic Standards
Papers:	Asiacrypt 2011, Crypto 2012(a), Crypto 2012(b)
Practical impact:	We uncovered a new attack against the TLS record layer, uncovered weak key pairs in HMAC, and provided the first formal security analysis for PKCS#5 (password-based cryptography).

Privacy-preserving device tracking for helping locate lost or stolen mobile devices
Paper:	USENIX Security 2008
Media coverage:	Slashdot - PC World - The New York Times - The New York Times (2) - CNET News - Linux.com - Linux Magazine - Reader's Digest - ABC News - MIT Technology Review - more...
Practical impact:	Check out Adeona's web page for the open source software.

New approaches for building the next generation of secure cryptographic hash functions
Papers:	Asiacrypt 2006, ICALP 2007, Asiacrypt 2007, Eurocrypt 2009, Eurocrypt 2011
Practical impact:	Our design and analysis techniques are being used by contenders (such as Skein) for NIST's new cryptographic hash function standard SHA-3.

Professional activities:

Program committee, Crypto 2013
Program committee, IEEE Symposium on Security and Privacy 2013
Program committee, Network and Distributed Systems Security 2013
Program committee, Cloud Computing Security Workshop 2012
Program committee, Computer and Communications Security (CCS) 2012
Program committee, HotCloud 2012
Program committee, IEEE Symposium on Security and Privacy 2012
Program committee, Eurocrypt 2012
Program co-chair, Cloud Computing Security Workshop 2011
Program committee, Computer and Communications Security (CCS) 2011
Program committee, ECRYPT2 Hash Workshop 2011
Program committee, HotCloud 2011
Program committee, Financial Cryptography and Data Security 2011
Invited participant, DARPA ISAT Future Ideas Symposium, June 2010
Program committee, Selected Areas in Cryptography 2010
Program committee, Cloud Computing Security Workshop 2010
Program committee, Fast Software Encryption 2010
Program committee, Fast Software Encryption 2009
Invited Panelist, "How to Choose SHA-3?", Lorentz Center Workshop on Hash Functions, 2008