I'm a first second third year PhD student at UC Berkeley. I've been working with Prof. David Wagner on usable security, primarily focusing on Android and other mobile devices.

I finished my Bachelor's degree in computer science at the University of Minnesota in the spring of 2012. I worked with Prof. Hopper on Internet routing security and anonymity, privacy, and anti-censorship systems. My honor's thesis was on privacy-preserving random sampling schemes.


2013-08-13: Our paper at WOOT '13, "Breaking Cell Phone Authentication", is now publicly available.

2013-03-19: Jethro Beekman and I have gone public with a certificate validation bug we found in T-Mobile's Wi-Fi Calling feature on Android phones. We've released a tech report, and we've gotten some media coverage.


Conference and Workshop Papers

Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negron-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. "The effect of developer-specified explanations for permission requests on smartphone user behavior", at CHI 2014.

Jethro Beekman and Christopher Thompson. "Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS and Android," at WOOT 2013.

Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner and Jennifer King. "When It's Better to Ask Forgiveness than Get Permission: Usable Attribution Mechanisms for Smartphone Resources," at SOUPS 2013.

Maxfield Shuchard, Christopher Thompson, Nicholas Hopper and Yongdae Kim. "Peer Pressure: Exerting Malicious Influence on Routers at a Distance," at ICDCS 2013.

Maxfield Schuchard, John Geddes, Christopher Thompson and Nicholas Hopper. "Routing Around Decoys," at CCS 2012. Best Student Paper Award.

Conference Posters

Christopher Thompson, Serge Egelman, and David Wagner. "The Effects of Developer-Specified Explanations for Smartphone Permission Requests," at USENIX Security 2013.

Short Papers

Max Schuchard, Christopher Thompson, Nicholas Hopper and Yongdae Kim. "Taking Routers Off Their Meds: Why Assumptions of BGP Stability Are Dangerous," at NDSS 2012.

Tech Reports

Jethro Beekman and Christopher Thompson, "Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2013-18, March 2013.

Max Schuchard, Christopher Thompson, Nicholas Hopper and Yongdae Kim. "Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them," 2011, University of Minnesota CS&E TR 11-030.


Usable Security for Mobile Devices: Mobile systems such as Android smartphones give us a new field for designing usably secure systems. How do people expect their phones to work? How can we align security systems with these mental models? How can we align protection mechanisms with the actual needs of users? My work with Prof. Wagner focuses on redesigning the permission systems for Android, and looking at how we can design better authentication, audit, and installation systems for these new devices.

IP Telephony Security on Android: Are modern IP telephony implementations on Android secure? I'm working with Jethro Beekman to analyze such systems and whether the underlying OS features are secure.


Berkeley CS161 - Computer Security, Spring 2014, Graduate Student Instructor

Past Projects

Privacy-Preserving Random Sampling: How do we collect random samples from a population that is sensitive to even their frequency being leaked? For applications like Tor and other anonymity systems, performing generalizable population analysis of the user base while preserving user privacy is a challenging problem. My senior thesis work looked at cryptographic designs to gather random samples from users without leaking how many total samples the user created. Future work is looking at a distributed version of the design.

Virtualization Security (2010-2011): Detecting virtualization and investigating random number generation in virtual machines (slides) (class projects for UMN CS5271 and CS5471).

"Curious Observers" (2010): How to protect email from curious observers at the mail provider, using an "encrypt on receipt" mechanism. A poster and a rudimentary implementation as a mail filter. This work was done while I was a research intern at the Information Trust Institute at the University of Illinois Urbana-Champaign working with Prof. Nikita Borisov.

Me, around the web

My GPG fingerprint is 8116 76DF 35EB 2DF8 3134 B4C1 E709 3D76 7E85 39A7