Tadayoshi (Yoshi) Kohno is a computer science professor at the University of Washington whose research spans cryptography, privacy, and the security of physical and embedded systems. He is best known in the context of Schneier's work as the third co-author of cryptography-engineering (2010), joining Schneier and niels-ferguson to update and expand the earlier practical-cryptography into a more comprehensive treatment of modern cryptographic engineering practice.
Cryptography Engineering
cryptography-engineering represented a significant revision and expansion of practical-cryptography. Kohno joined Ferguson and Schneier to extend the book's coverage and update it for a decade of cryptographic development: new standards, new attack techniques, new deployment contexts. His contribution brought fresh academic perspective to what had been primarily an industry-practitioner text, and his research background in applied cryptographic protocols and systems security complemented Ferguson's mathematical depth and Schneier's architectural range.
The book is the mature statement of the engineering philosophy that practical-cryptography introduced: cryptography should be used correctly, sparingly, and in service of real security goals — not deployed because it is available but because it solves a specific, well-defined problem. This philosophy extends Schneier's broader security-mindset to the specific domain of cryptographic implementation, and Kohno's involvement in the revision helped ensure the guidance remained current with both the academic literature and real-world deployment experience.
Research Trajectory
Kohno's own research trajectory overlaps with themes central to Schneier's work but extends them in directions Schneier did not pursue in depth. His work on the security of implantable medical devices — demonstrating that pacemakers and insulin pumps could be attacked wirelessly — prefigured the IoT security crisis that Schneier analyzed in click-here-to-kill-everybody. His research on automotive security, biometric systems, and the privacy properties of consumer electronics reflects the same conviction that security analysis must follow technology into new domains, not wait for problems to become crises.
This research orientation aligns with Schneier's security-is-a-process framework: security is not a property you achieve once but a discipline of continuous analysis as systems evolve. Kohno's academic work embodies that discipline in the domain of emerging computing platforms.