Paul van Oorschot

Paul van Oorschot
Name	Paul van Oorschot
Nationality	Canadian
Occupation	Computer scientist, cryptographer, author
Alma mater	University of Toronto
Known for	Cryptography, computer security, digital forensics, textbook authorship

Paul van Oorschot

Paul van Oorschot is a Canadian computer scientist and cryptographer noted for contributions to cryptography, computer security, digital forensics, and security engineering. He is recognized for authoring influential textbooks and leading research on authentication, key management, and security protocols while holding academic appointments and collaborating with government and industry groups like Communications Security Establishment and MITRE Corporation. His work intersects with standards and practices involving organizations such as Internet Engineering Task Force, National Institute of Standards and Technology, and IEEE.

Early life and education

Van Oorschot completed undergraduate and graduate studies at the University of Toronto, earning degrees in computing and electrical disciplines and a doctorate focused on cryptographic protocols and authentication mechanisms. During his doctoral research he engaged with topics related to the RSA (cryptosystem), Diffie–Hellman key exchange, and practical aspects of public-key infrastructure and collaborated with contemporaries linked to projects at institutions like Carnegie Mellon University and MIT. His thesis work drew on theoretical foundations from researchers such as Whitfield Diffie, Martin Hellman, and Ron Rivest, and was informed by literature including texts by Ross Anderson and Bruce Schneier.

Academic and professional career

Van Oorschot held faculty appointments at the School of Computer Science, Carleton University and later at the School of Computer Science, University of Ottawa and the School of Computer Science, University of Toronto during periods of his career, contributing to programs in cybersecurity and computer science. He served in roles that bridged academia and applied security, collaborating with research laboratories and agencies including the Communications Security Establishment and participating in cross-institution initiatives with Ottawa Research and Development Centre and industry partners such as Bell Canada and BlackBerry Limited. He has been active in professional societies including ACM, IEEE Computer Society, and USENIX, serving on program committees and editorial boards for venues like ACM CCS, IEEE S&P, and NDSS.

Research contributions and publications

Van Oorschot’s research spans cryptographic engineering, authentication protocols, key management, biometrics, and digital forensics. He co-authored foundational studies on password security, presenting empirical analyses that relate to attacks studied in contexts like the John the Ripper research community and password-cracking methods influenced by Markus Jakobsson and Clifford Cocks. His work on two-factor authentication and one-time password systems connects to standards and deployments involving RFC 6238 and initiatives by OATH (Open Authentication) and FIDO Alliance. He contributed to literature on TLS and SSL protocol analyses related to deployments of certificates in ecosystems including the Let's Encrypt initiative and enterprise certificate authorities such as DigiCert and Entrust.

Van Oorschot co-authored widely used textbooks and monographs covering topics that include network security, cryptographic practice, and digital forensics; his publications are cited alongside texts by William Stallings, Douglas Stinson, Jonathan Katz, and Yvo Desmedt. He has published in journals and conferences including Journal of Cryptology, IEEE Transactions on Information Forensics and Security, ACM Transactions on Information and System Security, USENIX Security Symposium, and Eurocrypt. His empirical studies on human factors in authentication informed policy dialogues involving National Cyber Security Centre (UK), European Union Agency for Cybersecurity (ENISA), and Canadian Centre for Cyber Security.

Van Oorschot’s collaborative projects examined cryptanalytic techniques, side-channel considerations, and the security of deployed systems; these projects intersect with work by researchers at Bell Labs, Microsoft Research, and Google security teams. He has also addressed issues in digital evidence handling and chain-of-custody practices relevant to courts and agencies including the Royal Canadian Mounted Police.

Awards and recognition

Van Oorschot has received professional recognition through awards and fellowships from academic and security communities. His contributions to pedagogy and research were acknowledged by peer organizations such as ACM SIGSAC and regional computing associations like Canada Research Chairs programs and provincial innovation awards. He has been invited to present keynote addresses at prominent conferences including IEEE Symposium on Security and Privacy, ACM CCS, and Black Hat USA, reflecting recognition by both academic and practitioner communities. Committees that set standards, including working groups within the Internet Engineering Task Force and advisory panels for national cyber initiatives, have sought his expertise.

Teaching and mentorship

As a professor, Van Oorschot taught undergraduate and graduate courses in topics drawn from curricula at institutions like the University of Toronto School of Continuing Studies and supervised graduate students who went on to roles at organizations such as Google, Microsoft, Amazon Web Services, and governmental labs including National Research Council (Canada). His mentorship emphasized rigorous empirical methods, reproducible security experiments, and engagement with the wider research community through venues like IEEE INFOCOM and student-focused workshops at RSA Conference. Many of his former students and collaborators have become contributors to standards bodies and industry research groups including the FIDO Alliance and IETF Security Area.

Category:Computer scientists Category:Cryptographers Category:Canadian academics