My current research is in network security and usable security, with a particular focus on authentication systems. I am generally interested in any situations that humans interact with security and privacy features.

Current Projects

Let's Authenticate

We are creating a system to replace password authentication for websites and mobile applications, based on issuing certificates to users. Our system provide automated registration and login, while providing privacy for users, since websites see only anonymous identifiers and certificate authorities can't track logins. More details can be found in our NDSS paper.

Grass Roots Adoption of Encryption

We are interested in understanding obstacles to the adoption of encryption by the general public. We are working to understand how people choose to use secure email systems and how they decide which methods they use to secure their physical and digital assets.

Past Research

Past research topics include improving the usabilty of the authentication ceremony in secure messaging applications, the Secure Socket API, automating interactions with secure email systems, measurements of TLS proxies, measurements of the Steam game network, cloud storage, sentiment analysis, wireless networks, streaming video algorithms, peer-to-peer networking, and multicast routing. See Publications for more details.