a picture of me

Chris Karlof

Software Engineering Director



I am currently an engineering director at Mozilla working on Firefox.

Interests. Identity systems. Computer security. Usable security. Web and mobile security and privacy. Full stack software development.

I finished my Ph.D. at UC-Berkeley in February 2009. My advisors were David Wagner and Doug Tygar. You can check out my recent work history on LinkedIn.

Publications and Reports.

Is it too late for PAKE?
John Engler, Chris Karlof, Elaine Shi, and Dawn Song.
Proceedings of the Web 2.0 Security and Privacy Workshop 2009 (W2SP 2009), May 2009. [bibtex]

Human Factors in Web Authentication
Chris Karlof.
Ph.D. dissertation, University of California Berkeley, February 2009. [bibtex]

Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication
Chris Karlof, J.D. Tygar, and David Wagner.
Proceedings of the Sixteenth Annual Network and Distributed Systems Security Symposium (NDSS 2009), February 2009. [bibtex]
Related: A User Study Design for Comparing the Security of Registration Protocols. The design of our user study previously appeared in the proceedings of the First USENIX Workshop on Usability, Psychology, and Security (UPSEC 2008), April 2008. [bibtex]

Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers
Chris Karlof, Umesh Shankar, J.D. Tygar, and David Wagner.
Proceedings of the Fourteenth ACM Conference on Computer and Communications Security (CCS 2007), pages 58-71, October 2007. [bibtex]

Source Code Review of the Sequoia Voting System
Matt Blaze, Arel Cordero, Sophie Engle, Chris Karlof, Naveen Sastry, Micah Sherr, Till Stegers, Ka-Ping Yee.
This report was part of the California Secretary of State's "Top to Bottom Review" of electronic voting systems conducted during the summer of 2007. July 20, 2007. [bibtex]

A Practical Evaluation of Radio Signal Strength for Ranging-based Localization
Kamin Whitehouse, Chris Karlof, and David Culler.
ACM Mobile Computing and Communications Review (MC2R), Special Issue on Localization. Volume 11, Issue 1, pages 41-52, January 2007. [bibtex]

Doppelganger: Better Browser Privacy Without the Bother
Umesh Shankar and Chris Karlof.
Proceedings of the Thirteenth ACM Conference on Computer and Communications Security (CCS 2006), pages 154-167, November 2006. [ps] [bibtex]
Also: A Usability Study of Doppelganger, A Tool for Better Browser Privacy, Technical Report UCB/EECS-2007-116, University of California at Berkeley, September 2007. [bibtex]
Install Doppelganger and try it out yourself.

Security Analysis of the Diebold AccuBasic Interpreter
David Wagner, David Jefferson, Matt Bishop, Chris Karlof, and Naveen Sastry.
Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB). February 14, 2006. [bibtex]
Our report contains a detailed technical analysis of the security issues associated with the AccuBasic interpreter in Diebold voting machines. The California Secretary of State's office commissioned the report. Compare our results with the analysis done by CIBER, an Independent Testing Authority responsible for evaluating the trustworthiness of electionic voting systems.

Cryptographic Voting Protocols: A Systems Perspective
Chris Karlof, Naveen Sastry, and David Wagner.
Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), pages 33-50, August 2005. [ps] [bibtex]
Also: The Promise of Cryptographic Voting Protocols. An opinion piece on cryptographic voting protocols. June 2005. [ps] [bibtex]

The Effects of Ranging Noise on Multihop Localization: An Empirical Study
Kamin Whitehouse, Chris Karlof, Alec Woo, Fred Jiang, and David Culler.
Proceedings of the Fourth International Conference on Information Processing in Sensor Networks (IPSN 2005), pages 73-80, April 2005. [bibtex]

Design and Implementation of a Sensor Network System for Vehicle Tracking and Autonomous Interception
Cory Sharp, Shawn Schaffert, Alec Woo, Naveen Sastry, Chris Karlof, Shankar Sastry, and David Culler.
Proceedings of the Second European Workshop on Wireless Sensor Networks (EWSN 2005), pages 93-107, January 2005. [ps] [bibtex]

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks
Chris Karlof, Naveen Sastry, and David Wagner.
Proceedings of the Second ACM Conference on Embedded Networked Sensor Systems (SenSys 2004), pages 162-175, November 2004. [ps] [bibtex]
Also: the TinySec user manual for TinyOS.

Distillation Codes and Applications to DoS Resistant Multicast Authentication
Chris Karlof, Naveen Sastry, Yaping Li, Adrian Perrig, and J.D. Tygar.
Proceedings of the Eleventh Annual Network and Distributed Systems Security Symposium (NDSS 2004), pages 37-56, February 2004. [ps] [bibtex]

Hidden Markov Model Cryptanalysis
Chris Karlof and David Wagner.
Proceedings of the Fifth Workshop on Cryptographic Hardware and Embedded Systems (CHES 2003), LNCS 2779, pages 17-34, September 2003. [ps] [bibtex]
The full version: [ps] [pdf] Technical Report UCB//CSD-03-1244, University of California at Berkeley, June 2003.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Chris Karlof and David Wagner.
Elsevier's AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols, Volume 1, Issues 2-3, pages 293-315, September 2003. [bibtex]
A preliminary version of this paper appeared in proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications (SNPA 2003), pages 113-127, May 2003.

ARRIVE: Algorithm for Robust Routing in Volatile Environments
Chris Karlof, Yaping Li, Joe Polastre.
Technical Report UCB/CSD-03-1233, University of California at Berkeley, May 2002. [bibtex]