Kevin Lee kvnl@duck.com

Hello, I'm Kevin! I'm a research scientist at J.P. Morgan AI Research. My interests are in usable security and technology policy.

I earned my Ph.D. in Computer Science from Princeton University, where I was advised by Arvind Narayanan. I was also affiliated with the Center for Information Technology Policy. My dissertation was about the gap between research and practice in user authentication.

My CV is available upon request.

Publications (Google Scholar)

The Research-Practice Gap in User Authentication
Kevin Lee.
Dissertation.
[DataSpace]

Security policy audits: why and how
Arvind Narayanan and Kevin Lee.
arXiv preprint.
[arXiv]

Password policies of most top websites fail to follow best practices
Kevin Lee, Sten Sjöberg, and Arvind Narayanan.
Symposium on Usable Privacy and Security (SOUPS). 2022.
[PDF] [Citation] [Project website]

Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
Kevin Lee and Arvind Narayanan.
APWG Symposium on Electronic Crime Research (eCrime). 2021.
Awarded best student paper.
[PDF] [Publisher] [Citation] [Project website]

Adapting Security Warnings to Counter Online Disinformation
Ben Kaiser, Jerry Wei, Eli Lucherini, Kevin Lee, J. Nathan Matias, and Jonathan Mayer.
USENIX Security Symposium. 2021.
[PDF] [Citation]

BlockSci: Design and applications of a blockchain analysis platform
Harry Kalodner, Malte Möser, Kevin Lee, Steven Goldfeder, Martin Plattner, Alishah Chator, and Arvind Narayanan.
USENIX Security Symposium. 2020.
[PDF] [Citation] [Code]

An Empirical Study of Wireless Carrier Authentication for SIM Swaps
Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan.
Symposium on Usable Privacy and Security (SOUPS). 2020.
Cited in FCC proposed rulemaking.
[PDF] [Citation] [Project website]

An Empirical Analysis of Traceability in the Monero Blockchain
Malte Möser, Kyle Soska, Ethan Heilman, Kevin Lee, Henry Heffan, Shashvat Srivastava, Kyle Hogan, Jason Hennessey, Andrew Miller, Arvind Narayanan, and Nicolas Christin.
Proceedings on Privacy Enhancing Technologies, Volume 2018, Issue 3, pp 143-163.
[arXiv] [Publisher] [Citation] [Code]

Authenticated Data Structures for Privacy-Preserving Monero Light Clients
Kevin Lee and Andrew Miller.
IEEE Security & Privacy on the Blockchain (IEEE S&B). 2018.
[Publisher] [Citation]

Talks

The Research-Practice Gap in User Authentication
Dissertation defense.
June 30, 2022.
[Slides]