- CADETS Causal, Adaptive, Distributed, and Efficient Tracing System (CADETS), will address flaws in current audit and information-flow systems through fundamental improvements in dynamic instrumentation, scalable distributed tracing, and programming-language support. CADETS has three major components: Event Query (EQ) is a new query language, loosely based on DTrace’s D, that will drive in-application, whole-system, and distributed tracing using temporal expressions and information flow. Watchman is a host-based tracing framework that dynamically introduces variable-granularity instrumentation within and between executing programs. DEQUE distributes EQ expressions over many hosts to track inter-node information flows and temporal sequences, implementing post-hoc trace aggregation, or as needed, tagging of TCP/IP packets, filesystem RPCs, and application-layer protocols with temporal and information-flow labels.
- Pico without public keys Pico is an existing research project seeking to replace passwords with physical tokens. In its existing embodiment, the Pico device authenticates the user to remote services using a public key based security protocol called SIGMA-I.
- Pico Passwords are a pain. Pico is a more usable and more secure replacement that does not require you to memorize any secrets.
- Practical authentication to everyday objects
This project will replace SIGMA-I with a symmetric key based alternative. The advantages of this approach include: minimizing changes required for service providers to adopt Pico, lower energy/computing requirements for wearable platforms and future proofing for attacks against public key cryptography.
I am an academic researcher working at the University of Cambridge Computer Laboratory. I am available for private consulting tasks in the areas of software, security and usability research through Cambridge Enterprise Consulting Service.
- 2016 Graeme Jenkinson and Maria Blakemore. Quantifying the Disruption to User Goals from Authentication Events. In submission.
- 2015 Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer and Quentin Staford-Fraser. Pico without Public Keys. Proc. Security Protocols Workshop 2015, Springer LNCS. © Springer
- 2014 Frank Stajano, Max Spencer, Graeme Jenkinson. Password-manager friendly (PMF): Semantic annotations to improve the effectiveness of password managers. Proc. Passwords 2014, Springer LNCS. In proceedings.
- 2013 Alan Cullen, Christopher Dearlove, Graeme Jenkinson. Security. WO2013144618 A1. Mar 30 2013.
- 2000 Graeme Jenkinson, Michael Stephenson. Single-phase switched reluctance motor design. IEE Proc. Electrical Power Applications 2000.
- 1999 Graeme Jenkinson, Michael Stephenson. Starting of a single-phase switched reluctance motor. Proc. 9th International Conference on Electrical Machines and Drives 1999.
Brian Glass, Graeme Jenkinson, Yuqi Lio, Angela Sasse and Frank Stajano. The usability canary in the security coal mine: A cognitive framework for evaluation and design of usable authentication solutions. Proc. EuroUSEC workshop of SPW 2016.
Ian Goldberg, Graeme Jenkinson, Frank Stajano. Low-cost Mitigation against Cold Boot Attacks for an Authentication Token. Proc. 14th International Conference on Applied Cryptography and Network Security 2016, Springer LNCS. © Springer
Frank Stajano, Stig Fr. Mjølsnes, Graeme Jenkinson, Per Thorsheim: Technology and Practice of Passwords - 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings. Lecture Notes in Computer Science 9551, Springer 2016, ISBN 978-3-319-29937-2
David Llewellyn-Jones, Graeme Jenkinson, Frank Stajano. Explicit Delegation using Configurable Cookies. Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
Ian Goldberg, Graeme Jenkinson, David-Llewellyn-Jones, Frank Stajano. Red button and yellow button: usable security for lost security tokens (Position paper). Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
Jeunese Payne, Graeme Jenkinson, Frank Stajano, Angela Sasse and Max Spencer. Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens. Proc. USEC workshop of NDSS 2016.
Quentin Stafford-Fraser, Frank Stajano, Chris Warrington, Graeme Jenkinson, Max Spencer, Jeunese Payne. To Have and Have Not: Variations on Secret Sharing to Model User Presence. Proc. UPSIDE workshop of UBICOMP 2014.
Frank Stajano, Graeme Jenkinson, Jeunese Payne, Max Spencer, Quentin Stafford-Fraser, Chris Warrington. Bootstrapping Adoption of the Pico Password Replacement System. Proc. Security Protocols Workshop 2014, Springer LNCS. © Springer.
Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano. I bought a new security token and all I got was this lousy phish— Relay attacks on visual code authentication schemes. Proc. Security Protocols Workshop 2014, Springer LNCS. © Springer.
graeme.jenkinson [at] cl.cam.ac.uk
+44 1223 763681
15 JJ Thomson Avenue
Cambridge CB3 0FD