Photo of Paul Van Oorschot

Paul Van Oorschot


Degrees:Ph.D. Waterloo (1988)
Website:Paul Van Oorschot Homepage

Research Interests

Authentication, Computer Security, Internet Security, Applied Cryptography, Information Security

Specific Research Interests

Authentication and Identity Management, System Security, Software Security, Application and Web Security, Network Security, Smartphone Security, Usability and Security, Passwords, Public-Key Infrastructure, SSL/TLS.

Current Research

Dr. Van Oorschot’s research is centred on authentication, Internet security infrastructure such as SSL/TLS and certificate-based architectures, software security, client device security, and usable security. His interest in Internet authentication includes methods to augment ordinary passwords with additional dimensions such as geolocation, device recognition, and other means with zero or minimal burden on users. This complements his interest in public-key infrastructure (PKI), text and image-based passwords, and more generally, identity management taking into account both human users and software design constraints. Other current research interests include smartphone security, secure software installation, network scanning, and the interconnected areas of software, application and web security.


Dr. Van Oorschot is a Professor and from 2002 to 2023 was Canada Research Chair in Authentication and Computer Security. He is also the co-author of the Handbook of Applied Cryptography. From 2008 to 2013 he was the Scientific Director of NSERC Internetworked Systems Security Network, a pan-Canadian strategic research network exploring computer and Internet security.  Dr. Van Oorschot received both his Master’s and Ph.D. from the University of Waterloo, which also later awarded him the  J.W. Graham Medal in Computing and Innovation in 2000. In 2011, he was inducted as a Fellow of the Royal Society of Canada, the oldest association of scientists and scholars in Canada. He joined the School of Computer Science at Carleton University in 2002.


Research Group

Carleton Computer Security Lab (CCSL)