Here you may find some of my publications, papers, unpublished manuscripts, and other writings. Comments welcomed.

Also available are some of my talks, as well as my posts on cryptography and related issues.

Papers

ROP is Still Dangerous: Breaking Modern Defenses
Nicholas Carlini and David Wagner. To appear at Usenix Security 2014.
The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior
Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negrón-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. CHI 2014.
Symbolic Software Model Validation
Cynthia Sturton, Rohit Sinha, Thurston Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit Seshia, and David Wagner. 11th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2013), October 19, 2013.
Bifocals: Analyzing WebView Vulnerabilities in Android Applications
Erika Chin and David Wagner. 14th International Workshop on Information Security Applications (WISA 2013), August 19, 2013.
An Empirical Study of Vulnerability Rewards Programs
Matthew Finifter, Devdatta Akhawe, and David Wagner. Usenix Security 2013, August 15, 2013.
Improved Support for Machine-Assisted Ballot-Level Audits
Eric Kim, Nicholas Carlini, Andrew Chang, George Yiu, Kai Wang, and David Wagner. USENIX Journal of Election Technology and Systems (JETS), volume 1 number 1. Presented at EVT/WOTE 2013, August 13, 2013.
When It's Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources
Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King. SOUPS 2013, July 25-26, 2013.
CALEA II: Risks of Wiretap Modifications to Endpoints
Ben Adida, Collin Anderson, Annie I. Anton, Matt Blaze, Roger Dingledine, Edward W. Felten, Matthew D. Green, J. Alex Halderman, David R. Jefferson, Cullen Jennings, Susan Landau, Navroop Mitter, Peter G. Neumann, Eric Rescorla, Fred B. Schneider, Bruce Schneier, Hovav Shacham, Micah Sherr, David Wagner, and Philip Zimmermann. Public report, May 17, 2013. (Coordinated by the CDT.)
An Empirical Study on the Effectiveness of Security Code Review
Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter, Adrian Mettler, and David Wagner. ESSOS 2013, March 1, 2013.
Do Android Users Write About Electric Sheep? Examining Consumer Reviews in Google Play
Elizabeth Ha and David Wagner. IEEE Consumer Communications & Networking Conference (CCNC) 2013, Mobile Devices, Platforms & Applications track, January 8-11, 2013. (This version corrects two minor errors in the printed version.)
Verification with Small and Short Worlds
Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, and David Wagner. Formal Methods in Computer-Aided Design (FMCAD) 2012, October 23, 2012.
I've Got 99 Problems, But Vibration Ain't One: A Survey of Smartphone Users' Concerns
Adrienne Porter Felt, Serge Egelman, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012.
Short Paper: Location Privacy: User Behavior in the Field
Drew Fisher, Leah Dorner, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012. [poster]
Reducing Attack Surfaces for Intra-Application Communication in Android
David Kantola, Erika Chin, Warren He, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012.
How To Ask For Permission
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner. HotSec 2012.
Operator-Assisted Tabulation of Optical Scan Ballots
Kai Wang, Eric Kim, Nicholas Carlini, Ivan Motyashov, Daniel Nguyen, and David Wagner. EVT/WOTE 2012.
Automated Analysis of Election Audit Logs
Patrick Baxter, Anne Edmundson, Keishla Ortiz, Ana Maria Quevedo, Samuel Rodriguez, Cynthia Sturton, David Wagner. EVT/WOTE 2012.
An Evaluation of the Google Chrome Extension Security Architecture
Nicholas Carlini, Adrienne Porter Felt, and David Wagner. Usenix Security 2012.
Choice Architecture and Smartphone Privacy: There's A Price for That
Serge Egelman, Adrienne Porter Felt, and David Wagner. Workshop on the Economics of Information Security (WEIS) 2012.
Measuring User Confidence in Smartphone Security and Privacy
Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner. SOUPS 2012.
Android Permissions: User Attention, Comprehension, and Behavior
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. SOUPS 2012.
AdDroid: Privilege Separation for Applications and Advertisers in Android
Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. ASIACCS 2012.
Evidence-Based Elections
Philip B. Stark and David A. Wagner. IEEE Security and Privacy magazine, vol. 10 no. 5, Sept.-Oct. 2012, special issue on electronic voting.
A Survey of Mobile Malware in the Wild
Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner. ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011, October 17, 2011. [malware data set]
Android Permissions Demystified
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. ACM CCS 2011. [data and tools are available at android-permissions.org]
Computing the Margin of Victory in IRV Elections
Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner. EVT/WOTE 2011, August 8, 2011.
An Analysis of Write-in Marks on Optical Scan Ballots
Theron Ji, Eric Kim, Raji Srikantan, Alan Tsai, Arel Cordero, and David Wagner. EVT/WOTE 2011, August 8, 2011.
Tweakable Block Ciphers
Moses Liskov, Ronald L. Rivest, and David Wagner. Journal of Cryptology, volume 24, number 3, July 2011.
Analyzing Inter-Application Communication in Android
Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. MobiSys 2011, June 30, 2011. [tool available at comdroid.org]
The Effectiveness of Application Permissions
Adrienne Porter Felt, Kate Greenwood, and David Wagner. WebApps 2011, June 15, 2011.
Exploring the Relationship Between Web Application Development Tools and Security
Matthew Finifter and David Wagner. WebApps 2011, June 15, 2011.
Phishing on Mobile Devices
Adrienne Porter Felt and David Wagner. W2SP 2011, May 26, 2011.
Defeating UCI: Building Stealthy and Malicious Hardware
Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. IEEE Security & Privacy 2011.
Diesel: Applying Privilege Separation to Database Access
Adrienne Porter Felt, Matthew Finifter, Joel Weinberger, David Wagner. ASIACCS 2011, March 23, 2011. [the full version]
Efficient User-Guided Ballot Image Verification
Arel Cordero, Theron Ji, Alan Tsai, Keaton Mowery, and David Wagner. EVT/WOTE 2010, August 9, 2010.
Voting Systems Audit Log Study
David Wagner. Report commissioned by the California Secretary of State. June 1, 2010.
Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper)
Adrian Mettler and David Wagner. PLAS 2010, June 10, 2010.
Fine-Grained Privilege Separation for Web Applications
Akshay Krishnamurthy, Adrian Mettler, and David Wagner. WWW 2010, April 26-30, 2010.
Joe-E: A Security-Oriented Subset of Java
Adrian Mettler, David Wagner, and Tyler Close. ISOC NDSS 2010, March 3, 2010.
Efficient Character-level Taint Tracking for Java
Erika Chin and David Wagner. 2009 ACM Workshop on Secure Web Services, November 13, 2009.
On Voting Machine Design for Verification and Testability
Cynthia Sturton, Susmit Jha, Sanjit A. Seshia, and David Wagner. ACM CCS 2009.
Weight, Weight, Don't Tell Me: Using Scales to Select Ballots for Auditing
Cynthia Sturton, Eric Rescorla, and David Wagner. EVT/WOTE '09.
Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
David Molnar, Xue Cong Li, and David A. Wagner. Usenix Security 2009.
Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication
Chris Karlof, J.D. Tygar, and David Wagner. 16th Annual Network and Distributed Systems Security Symposium (NDSS 2009), February 11, 2009.
Portably solving file races with hardness amplification
Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. ACM Transactions on Storage, volume 4, issue 3, November 2008.
Software Review and Security Analysis of Scytl Remote Voting Software
Michael Clarkson, Brian Hay, Meador Inge, abhi shelat, David Wagner, Alec Yasinsac. Report commissioned by the Florida Division of Elections. September 19, 2008.
Verifiable Functional Purity in Java
Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner. 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.
The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"
Dan Tsafrir, Dilma Da Silva, and David Wagner. ;login:, June 2008, Volume 33, Number 3, pp.55-66.
You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems
J. Alex Halderman, Eric Rescorla, Hovav Shacham, and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
Replayable Voting Machine Audit Logs
Arel Cordero and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
A User Study Design for Comparing the Security of Registration Protocols
Chris Karlof, J.D. Tygar, and David Wagner. Proceedings of the First USENIX Workshop on Usability, Psychology, and Security (UPSEC 2008), April 15, 2008.
Portably Solving File TOCTTOU Races with Hardness Amplification
Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. USENIX Conference on File and Storage Technologies (FAST 2008), February 28, 2008.
Algebraic and Slide Attacks on KeeLoq
Nicolas T. Courtois, Gregory V. Bard, and David Wagner. Fast Software Encryption (FSE 2008), February 11, 2008.
Risks of e-voting
Matt Bishop and David Wagner. Communications of the ACM, Inside Risks column, volume 50, issue 11, p.120, November 2007.
Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers
Chris Karlof, J.D. Tygar, David Wagner, and Umesh Shankar. ACM CCS 2007. November 2007. [ps]
Source Code Review of the Diebold Voting System
Joseph A. Calandrino, Ariel J. Feldman, J. Alex Halderman, David Wagner, Harlan Yu, William P. Zeller. Report commissioned as part of the California Secretary of State's Top-To-Bottom Review of California voting systems. July 20, 2007.
Large-Scale Analysis of Format String Vulnerabilities in Debian Linux
Karl Chen and David Wagner. ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), June 14, 2007. [ps]
Software Review and Security Analysis of the ES&S iVotronic 8.0.1.2 Voting Machine Firmware
Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. February 23, 2007. Report commissioned by the Florida State Division of Elections.
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
Philippe Golle and David Wagner. IEEE Security & Privacy 2007, May 21, 2007. (Earlier version: IACR ePrint Archive, Report 2006/258, July 31, 2006.)
From Weak to Strong Watermarking
Nicholas Hopper, David Molnar, and David Wagner. TCC 2007, February 23, 2007. (Full version: IACR ePrint Archive, Report 2006/430, November 18, 2006.)
Prerendered User Interfaces for Higher-Assurance Electronic Voting
Ka-Ping Yee, David Wagner, Marti Hearst, and Steven M. Bellovin. USENIX/ACCURATE Electronic Voting Technology Workshop, August 1, 2006. [html]
The Role of Dice in Election Audits -- Extended Abstract
Arel Cordero, David Wagner, and David Dill. IAVoSS Workshop On Trustworthy Elections (WOTE 2006), June 29, 2006.
Security considerations for incremental hash functions based on pair block chaining
Raphael C.-W. Phan and David Wagner. Computers & Security, 25(2):131-136, 2006.
Designing voting machines for verification
Naveen Sastry, Tadayoshi Kohno, and David Wagner. Usenix Security 2006, August 4, 2006. [ps]
Private Circuits II: Keeping Secrets in Tamperable Circuits
Yuval Ishai, Manoj Prabhakaran, Amit Sahai, and David Wagner. Eurocrypt 2006, May 31, 2006.
Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage -or- How to Store Ballots on a Voting Machine (Extended Abstract)
David Molnar, Tadayoshi Kohno, Naveen Sastry, and David Wagner. 2006 IEEE Symposium on Security and Privacy, May 24, 2006. [ps] [full version]
Generic On-line/Off-line Threshold Signatures
Chris Crutchfield, David Molnar, David Turner, and David Wagner. Public Key Cryptography (PKC) 2006, April 24, 2006. [ps]
Preventing Secret Leakage from fork(): Securing Privilege-Separated Applications
Umesh Shankar and David Wagner. Proceedings of the 2006 IEEE International Conference on Communications (Network Security and Information Assurance Symposium at ICC 2006), June 2006. [ps]
Statewide Databases of Registered Voters: Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues
Paula Hawthorn, Barbara Simons, Chris Clifton, David Wagner, Steven M. Bellovin, Rebecca N. Wright, Arnon Rosenthal, Ralph Spencer Poore, Lillie Coney, Robert Gellman, Harry Hochheiser. Study commissioned by the U.S. Public Policy Committee of the Association for Computing Machinery, February 16, 2006. [overview; ACM's copy]
Security Analysis of the Diebold AccuBasic Interpreter
David Wagner, David Jefferson, Matt Bishop, Chris Karlof, Naveen Sastry. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), February 14, 2006. [CA SOS copy]
Analysis of Volume Testing of the AccuVote TSx/AccuView
Matt Bishop, Loretta Guarino, David Jefferson, David Wagner. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), October 11, 2005. [CA SOS copy]
The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks
David Molnar, Matt Piotrowski, David Schultz, and David Wagner. ICISC 2005, December 1, 2005. [proceedings version (abridged): pdf, ps]
Model Checking An Entire Linux Distribution for Security Violations
Benjamin Schwarz, Hao Chen, David Wagner, Geoff Morrison, Jacob West, Jeremy Lin, and Wei Tu. ACSAC 2005, December 6, 2005. [ps] [proceedings version (abridged): pdf, ps]
Fault Attacks on Dual-Rail Encoded Systems
Jason Waddle and David Wagner. ACSAC 2005, December 8, 2005. [ps]
A class of polynomially solvable range constraints for interval analysis without widenings
Zhendong Su and David Wagner. Theoretical Computer Science, November 21, 2005, pp.122-138. [TCS web page]
Privacy For RFID Through Trusted Computing (Short Paper)
David Molnar, Andrea Soppera, and David Wagner. WPES 2005, November 7, 2005. [ps]
A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags
David Molnar, Andrea Soppera, and David Wagner. SAC 2005, August 11-12, 2005. [ps]
Killing, Recoding, and Beyond
David Molnar, Ross Stapleton-Gray, and David Wagner. Chapter 23 of RFID Applications, Security and Privacy, Addison Wesley Professional, July 6, 2005. [ps]
Security and Privacy Issues in E-passports
Ari Juels, David Molnar, and David Wagner. Proceedings of SECURECOMM 2005, September 6, 2005. [ps]
Fixing Races for Fun and Profit: How to abuse atime
Nikita Borisov, Rob Johnson, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 5, 2005. [ps]
Cryptographic Voting Protocols: A Systems Perspective
Chris Karlof, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 3, 2005. [ps]
The Promise of Cryptographic Voting Protocols
Chris Karlof, Naveen Sastry, and David Wagner. June 2005. [ps]
An Analysis of PMF Based Tests for Detection of Least Significant Bit Image Steganography
Stark Draper, Prakash Ishwar, David Molnar, Vinod Prabhakaran, Kannan Ramchandran, Daniel Schonberg, and David Wagner. Information Hiding Workshop 2005, June 8, 2005. [ps]
Towards a Privacy Measurement Criterion for Voting Systems
Lillie Coney, Joseph L. Hall, Poorvi L. Vora, David Wagner. Poster Paper, National Conference on Digital Government Research, May 2005.
Radio Frequency Id and Privacy with Information Goods
Nathan Good, David Molnar, Jennifer M. Urban, Deirdre Mulligan, Elizabeth Miles, Laura Quilter, and David Wagner. 2004 ACM Workshop on Privacy in the Electronic Society (WPES 2004), October 28, 2004.
Analyzing Internet Voting Security
David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Communications of the ACM, 47(10), October 2004, Special issue: The problems and potentials of voting systems, pp.59-64. [ACM's archive]
Resilient Aggregation in Sensor Networks
David Wagner. 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), October 25, 2004. [ps]
Cryptanalysis of a Provably Secure CRT-RSA Algorithm
David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Security Considerations for IEEE 802.15.4 Networks
Naveen Sastry and David Wagner. ACM WiSe 2004, October 1, 2004. [ps]
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks
Chris Karlof, Naveen Sastry, and David Wagner. ACM SenSys 2004, November 3-5, 2004. [ps]
Privacy and Security in Library RFID: Issues, Practices, and Architectures
David Molnar and David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Towards Efficient Second-Order Power Analysis
Jason Waddle and David Wagner. CHES 2004, August 11, 2004.
Finding User/Kernel Pointer Bugs With Type Inference
Rob Johnson and David Wagner. 13th USENIX Security Symposium, August 12, 2004. [proceedings version (abridged)]
Security in wireless sensor networks
Adrian Perrig, John Stankovic, and David Wagner. Communications of the ACM, 47(6), June 2004, Special Issue on Wireless sensor networks, pp.53-57. [ACM's archive]
Model Checking One Million Lines of C Code
Hao Chen, Drew Dean, and David Wagner. Network and Distributed System Security (NDSS 2004), February 2004.
A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)
David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Report to the Department of Defense (DoD) Federal Voting Assistance Program (FVAP), January 20, 2004. [more info]
Towards a unifying view of block cipher cryptanalysis
David Wagner. Fast Software Encryption 2004, invited paper, February 7, 2004. [slides, powerpoint]
The EAX Mode of Operation: A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Efficiency
Mihir Bellare, Phillip Rogaway, and David Wagner. Fast Software Encryption 2004. [slides, powerpoint]
A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings
Zhendong Su and David Wagner. TACAS 2004. [ps, slides]
On Compressing Encrypted Data Without the Encryption Key
Mark Johnson, David Wagner, and Kannan Ramchandran. Theory of Cryptography Conference (TCC 2004).
Secure Verification of Location Claims
Naveen Sastry, Umesh Shankar, and David Wagner. CryptoBytes volume 6, no 1, Spring 2004, RSA Labs. Shortened version of our WiSe conference paper (below). [ps]
Secure Verification of Location Claims
Naveen Sastry, Umesh Shankar, and David Wagner. ACM Workshop on Wireless Security (WiSe 2003), September 19, 2003. [pdf]
Cryptanalysis of an Algebraic Privacy Homomorphism (revised version)
David Wagner. ISC 2003, October 1-3, 2003.
Warning: The proceedings version has a bug. See this erratum.
[slides: pdf, ps]
Hidden Markov Model Cryptanalysis
Chris Karlof and David Wagner. CHES 2003. Full version available as tech report UCB//CSD-03-124.
Private Circuits: Securing Hardware against Probing Attacks
Yuval Ishai, Amit Sahai, and David Wagner. CRYPTO 2003. (Revised Feb 2013 to correct an error reported by Jean-Sebastien Coron.)
Security flaws in 802.11 data link protocols
Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. Communications of the ACM, 46(5), May 2003, Special Issue on Wireless networking security, pp.35-39. [ACM's archive]
A Critique of CCM
P. Rogaway and D. Wagner. IACR ePrint Archive, Report 2003/070, April 13, 2003.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Chris Karlof and David Wagner. Ad Hoc Networks, vol 1, issues 2--3 (Special Issue on Sensor Network Applications and Protocols), pp. 293-315, Elsevier, September 2003. [Also: the conference version, as it appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003.]
Comments on RMAC
David Wagner. Formal contribution to the NIST Advanced Encryption Standard modes of operation standardization process, December 5, 2002.
Markov truncated differential cryptanalysis of Skipjack
Ben Reichardt and David Wagner. SAC 2002. [ps]
MOPS: an Infrastructure for Examining Security Properties of Software
Hao Chen and David Wagner. ACM CCS 2002. [ps]
Mimicry Attacks on Host-Based Intrusion Detection Systems
David Wagner and Paolo Soto. ACM CCS 2002. [ps] [slides: ps, ppt]
Tweakable Block Ciphers
Moses Liskov, Ronald L. Rivest, and David Wagner. CRYPTO 2002. [ps]
A Generalized Birthday Problem
David Wagner. Extended abstract published in CRYPTO 2002. [slides; errata]
Setuid Demystified
Hao Chen, David Wagner, and Drew Dean. 11th USENIX Security Symposium, 2002. [ps]
Insecurity in ATM-based passive optical networks
Stephen Thomas and David Wagner. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium. [ps]
Multiplicative Differentials
Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner. Fast Software Encryption 2002.
Integral Cryptanalysis (Extended abstract)
Lars Knudsen and David Wagner. Fast Software Encryption 2002.
A Cryptanalysis of the High-Bandwidth Digital Content Protection System
Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner. Workshop on Security and Privacy in Digital Rights Management 2001 (proceedings here).
Homomorphic Signature Schemes
Robert Johnson, David Molnar, Dawn Song, and David Wagner. RSA 2002, Cryptographer's track. [ps]
A Note on NSA's Dual Counter Mode of Encryption
Pompiliu Donescu, Virgil D. Gligor, and David Wagner. Preliminary version, September 28, 2001. [ps]
Intercepting Mobile Communications: The Insecurity of 802.11
Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001. [ps]
Detecting Format String Vulnerabilities With Type Qualifiers
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. 10th USENIX Security Symposium, 2001. [pdf]
Timing Analysis of Keystrokes and Timing Attacks on SSH
Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001. [ps] [a review of our work]
Intrusion Detection via Static Analysis
David Wagner and Drew Dean. 2001 IEEE Symposium on Security and Privacy. [ps, slides]
Static analysis and computer security: New techniques for software assurance
David Wagner. Ph.D. dissertation, Dec. 2000, University of California at Berkeley.
Comments to NIST Concerning AES-modes of Operations: CTR-mode Encryption
Helger Lipmaa, Phillip Rogaway, and David Wagner. Contribution to the NIST Modes of Operation Workshop (unpublished).
On The Structure of Skipjack
Lars Knudsen and David Wagner. Discrete Applied Mathematics, special issue on coding and cryptology, volume 111, issue 1-2, 15 July 2001, pp.103--116, C. Carlet (ed.).
Proofs of security for the Unix password hashing algorithm
David Wagner and Ian Goldberg. ASIACRYPT 2000. [slides]
Cryptanalysis of the Yi-Lam hash
David Wagner. ASIACRYPT 2000. [slides]
Real Time Cryptanalysis of A5/1 on a PC
Alex Biryukov, Adi Shamir, and David Wagner. FSE 2000.
Security Weaknesses in Maurer-Like Randomized Stream Ciphers
Niels Ferguson, Bruce Schneier, and David Wagner. ACISP 2000.
Practical Techniques for Searches on Encrypted Data
Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000 IEEE Symposium on Security and Privacy (`Oakland').
Advanced Slide Attacks
Alex Biryukov and David Wagner. EUROCRYPT 2000.
Improved Cryptanalysis of Rijndael
Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. FSE 2000.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. NDSS 2000. [ps, slides]
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Bruce Schneier, Mudge, and David Wagner. Secure Networking--CQRE [Secure] '99, Springer-Verlag LNCS 1740. [ps]
The Ninja Jukebox
Ian Goldberg, Steven D. Gribble, David Wagner, and Eric A. Brewer. USITS'99.
Janus: an approach for confinement of untrusted applications
David A. Wagner. Master's thesis. Also available as tech. report UCB//CSD-99-1056, UC Berkeley, Computer Science division.
Truncated differentials and Skipjack
Lars R. Knudsen, M.J.B. Robshaw, and David Wagner. CRYPTO'99. [slides]
Equivalent keys for HPC
David Wagner. Rump session talk at AES'99.
Slide attacks
Alex Biryukov and David Wagner. FSE'99.
The boomerang attack
David Wagner. FSE'99. [slides]
Mod n Cryptanalysis, with Applications Against RC5P and M6
John Kelsey, Bruce Schneier, and David Wagner. FSE'99. [ps]
New Results on the Twofish Encryption Algorithm
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Key Schedule Weaknesses in SAFER+
John Kelsey, Bruce Schneier, and David Wagner. AES'99.
Performance Comparison of the AES Submissions
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Empirical Verification of Twofish Key Uniqueness Properties
Doug Whiting and David Wagner. Counterpane technical report (Twofish #2).
Cryptanalysis of ORYX.
D. Wagner, L. Simpson, E. Dawson, John Kelsey, W. Millan, and B. Schneier. SAC'98. [slides]
On the Twofish Key Schedule
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. SAC'98.
Cryptanalysis of FROG.
David Wagner, Niels Ferguson, and Bruce Schneier. Corrected version of a paper that appeared at AES'99. [slides, old version (submitted to AES'99), very old version (handed out at AES'98)]
Cryptanalysis of SPEED.
Chris Hall, John Kelsey, Vincent Rijmen, Bruce Schneier, and David Wagner. SAC'98.
Cryptanalysis of SPEED (extended abstract).
Chris Hall, John Kelsey, Bruce Schneier, and David Wagner. Financial Cryptography '98. [ps]
Architectural considerations for cryptanalytic hardware.
Ian Goldberg and David Wagner. Chapter 10 of Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, O'Reilly, July 1998. (Initially submitted as a term paper for CS 252, May 1996.) [html, ps]
Twofish: a 128-bit block cipher.
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Submission to the AES competition. [ps]
Building PRFs from PRPs.
Chris Hall, David Wagner, John Kelsey, and Bruce Schneier. CRYPTO '98. [published version, full version]
Side Channel Cryptanalysis of Product Ciphers.
John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Journal of Computer Security, vol 8, pp. 141--158, 2000. (An earlier version was published in ESORICS 1998.)
Cryptanalysis of TWOPRIME.
Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey. Fast Software Encryption 1998. [slides]
Cryptanalytic Attacks on Pseudorandom Number Generators.
John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Fast Software Encryption 1998.
Differential Cryptanalysis of KHF.
David Wagner. Fast Software Encryption 1998. [slides]
Cryptanalysis of some recently-proposed multiple modes of operation.
David Wagner. Fast Software Encryption 1998. [slides]
Secure Applications of Low-Entropy Keys.
John Kelsey, Bruce Schneier, Chris Hall, and David Wagner. 1997 Information Security Workshop.
Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA.
John Kelsey, Bruce Schneier, and David Wagner. 1997 International Conference on Information and Communications Security, Beijing.
Protocol Interactions and the Chosen Protocol Attack.
John Kelsey, Bruce Schneier, and David Wagner. 1997 Security Protocols Workshop, Cambridge.
Cryptanalysis of the Cellular Message Encryption Algorithm.
David Wagner, Bruce Schneier, and John Kelsey. CRYPTO '97. [html version, slides]
TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web.
Ian Goldberg and David Wagner. Published in the First Monday electronic journal, vol 3 no 4. [local copy]
System Security: A Management Perspective.
David Oppenheimer, David Wagner, and Michele Crabb. Booklet from the SAGE Short Topics in System Administration Series.
Privacy-enhancing technologies for the Internet.
Ian Goldberg, David Wagner, and Eric A. Brewer. IEEE COMPCON '97, February 1997. [html version, slides]
Analysis of the SSL 3.0 protocol (revised version).
David Wagner and Bruce Schneier. 2nd USENIX Workshop on Electronic Commerce, November 1996. [slides, a summary of the talk]
A secure environment for untrusted helper applications: confining the wily hacker.
Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996 USENIX Security Symposium. [source availability] [other formats: DVI]
Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES.
John Kelsey, Bruce Schneier, and David Wagner. CRYPTO '96.
Time-lock puzzles and timed-release Crypto.
Ronald Rivest, Adi Shamir, and David Wagner. Unpublished manuscript, March 1996.
Randomness and the Netscape Browser.
Ian Goldberg and David Wagner. Dr. Dobb's Journal, January 1996, pp. 66--70. [resources, DDJ's copy, copy at ACM digital library]
A ``bump in the stack'' encryptor for MS-DOS systems.
David Wagner and Steven M. Bellovin. Proceedings of the 1996 ISOC Symposium on Network & Distributed System Security. [slides]
The security of MacGuffin.
June 1995. Accepted by Cryptologia. [more info]
The security of MacGuffin.
Princeton University senior thesis, April 1995. [more info]
A programmable plaintext recognizer.
David Wagner and Steven M. Bellovin. Unpublished manuscript, September 1994.