Thomas Ristenpart

Last updated
Thomas Ristenpart
Alma mater University of California, San Diego (PhD)
Scientific career
Fields Computer Security
Institutions Cornell Tech
Doctoral advisor Mihir Bellare

Thomas Ristenpart is a professor of computer security at Cornell Tech.

Contents

Biography

Ristenpart received his B.S. in computer science and engineering from the University of California, Davis in 2003, where he also received his M.S. under Matt Bishop in 2005. He then moved to the University of California, San Diego where he received his Ph.D. in computer science under Mihir Bellare.

Research

Ristenpart's research touches on many areas of computer security. Three of his papers are among the highest cited computer security papers of all time. [1] In cryptography, Ristenpart developed Honey Encryption, a technique that can encrypt data in a way that, if decrypted incorrectly, will return fake data. [2] Ristenpart also developed techniques to develop typo-tolerant passwords [3] , allowing users to authenticate even if they have mistyped their password.

In his cloud security work, Ristenpart found that users on Microsoft's Azure and Amazon's EC2 services could arrange to be placed on the same virtual machine as another user and therefore exploit a side-channel attack to learn information about their data.

Recently, Ristenpart has studied machine learning privacy and security. He was one of the first researchers to show that machine learning models can leak details about their training datasets [4] . He showed that if a machine learning model is trained on images of peoples faces, then it is possible to reconstruct images of the people contained in the training dataset.

Ristenpart also showed that it is possible to "steal" a machine learning model and reverse-engineer how it works querying the model [5] . Once stolen, it is possible to use the stolen model to generate proprietary data used to train it.

Ristenpart was the Program Chair the USENIX Security Symposium in 2017; Crypto in 2020, and the IEEE Symposium on Security and Privacy in 2022 and 2023.

Awards

Ristenpart received a Best Paper at USENIX Security 2014, ACM CHI 2018, USENIX Security 2020, CSCW 2020, CHI 2022, USENIX Security 2023, and test of time awards for his paper at CCS 2009 and CCS 2012. [6]

Related Research Articles

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

<span class="mw-page-title-main">Dan Boneh</span> Israeli–American professor

Dan Boneh is an Israeli–American professor in applied cryptography and computer security at Stanford University.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as either hard or soft privacy technologies.

Lorrie Faith Cranor is an American academic who is the FORE Systems Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University, Director and Bosch Distinguished Professor in Security and Privacy Technologies of Carnegie Mellon Cylab, and director of the Carnegie Mellon Usable Privacy and Security Laboratory. She has served as Chief Technologist of the Federal Trade Commission, and she was formerly a member of the Electronic Frontier Foundation Board of Directors. Previously she was a researcher at AT&T Labs-Research and taught in the Stern School of Business at New York University. She has authored over 110 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics.

Private biometrics is a form of encrypted biometrics, also called privacy-preserving biometric authentication methods, in which the biometric payload is a one-way, homomorphically encrypted feature vector that is 0.05% the size of the original biometric template and can be searched with full accuracy, speed and privacy. The feature vector's homomorphic encryption allows search and match to be conducted in polynomial time on an encrypted dataset and the search result is returned as an encrypted match. One or more computing devices may use an encrypted feature vector to verify an individual person or identify an individual in a datastore without storing, sending or receiving plaintext biometric data within or between computing devices or any other entity. The purpose of private biometrics is to allow a person to be identified or authenticated while guaranteeing individual privacy and fundamental human rights by only operating on biometric data in the encrypted space. Some private biometrics including fingerprint authentication methods, face authentication methods, and identity-matching algorithms according to bodily features. Private biometrics are constantly evolving based on the changing nature of privacy needs, identity theft, and biotechnology.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist and hacker (born 1980)

Elie Bursztein, is a French computer scientist and software engineer. He is Google and DeepMind AI cybersecurity technical and research lead.

<span class="mw-page-title-main">Niels Provos</span> German-American computer scientist and software engineer

Niels Provos is a German-American researcher in security engineering, malware, and cryptography. He received a PhD in computer science from the University of Michigan. From 2003 to 2018, he worked at Google as a Distinguished Engineer on security for Google. In 2018, he left Google to join Stripe as its new head of security. In 2022, Provos left Stripe and joined Lacework as head of Security Efficacy.

<span class="mw-page-title-main">Moti Yung</span> Israeli computer scientist

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Attribute-based encryption is a generalisation of public-key encryption which enables fine grained access control of encrypted data using authorisation policies. The secret key of a user and the ciphertext are dependent upon attributes. In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.

In cryptography, a pepper is a secret added to an input such as a password during hashing with a cryptographic hash function. This value differs from a salt in that it is not stored alongside a password hash, but rather the pepper is kept separate in some other medium, such as a Hardware Security Module. Note that the National Institute of Standards and Technology refers to this value as a secret key rather than a pepper. A pepper is similar in concept to a salt or an encryption key. It is like a salt in that it is a randomized value that is added to a password hash, and it is similar to an encryption key in that it should be kept secret.

<span class="mw-page-title-main">Roger Dingledine</span> American computer scientist

Roger Dingledine is an American computer scientist known for having co-founded the Tor Project. A student of mathematics, computer science, and electrical engineering, Dingledine is also known by the pseudonym arma. As of December 2016, he continues in a leadership role with the Tor Project, as a project Leader, Director, and Research Director.

NordPass is a proprietary password manager launched in 2019. It allows its users to organize their passwords and secure notes by keeping them in a single encrypted vault. NordPass, which operates on a freemium business model, was developed by the VPN service NordVPN.

An oblivious pseudorandom function (OPRF) is a cryptographic function, similar to a keyed-hash function, but with the distinction that in an OPRF two parties cooperate to securely compute a pseudorandom function (PRF).

Vitaly Shmatikov is a professor in computer security at Cornell Tech.

References

  1. Rieck, Konrad. "Top-100 Security Papers". www.mlsec.org. Retrieved 2024-06-10.
  2. ""Honey Encryption" Will Bamboozle Attackers with Fake Secrets". MIT Technology Review. Retrieved 2024-06-10.
  3. "Password Autocorrect Without Compromising Security". threatpost.com. 2016-06-06. Retrieved 2024-06-10.
  4. "Artificial intelligence may put private data at risk | Cornell Chronicle". news.cornell.edu. Retrieved 2024-06-10.
  5. "Stealing an AI algorithm and its underlying data is a "high-school level exercise"". Quartz. 2016-09-22. Retrieved 2024-06-10.
  6. "Cornell Tech - Cornell Tech Faculty Win Test of Time Award at CCS 2022". Cornell Tech. 2022-12-15. Retrieved 2024-06-10.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.