Joseph Bonneau
  (PGP key)

I am a fellow at the Center For Information Technology Policy, Princeton. I'm focused on web security, authentication, and TLS, though my past research has spanned side-channel cryptanalysis, protocol verification, software obfuscation, and privacy in social networks.

I completed my PhD in 2012 with the Security Group of the University of Cambridge Computer Laboratory, supervised by Professor Ross Anderson and funded as a Gates Cambridge Scholar. My PhD thesis formalises the analysis of human-chosen distributions of secrets, specifically passwords and PINs.

My background is in computer science, math, and cryptography, in which I earned my BS and MS from Stanford. I've worked on cryptography and security at Google, Cryptography Research, Inc and as a private consultant.

Selected publications

  • The science of guessing: analyzing an anonymized corpus of 70 million passwords
    Joseph Bonneau. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
    Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • A birthday present every eleven wallets? The security of customer-chosen banking PINs
    Joseph Bonneau, Sören Preibusch and Ross Anderson. FC '12: The 16th International Conference on Financial Cryptography.
    Abstract Citation
  • The password thicket: technical and market failures in human authentication on the web
    Joseph Bonneau and Sören Preibusch. WEIS '10: The 9th Workshop on the Economics of Information Security.
    Abstract Citation
  • Cache Collision Timing Attacks Against AES
    Joseph Bonneau and Ilya Mironov. CHES '06: Workshop on Cryptographic Hardware and Embedded Systems.
    Abstract Citation