Ross Anderson's Web Log for 2006

This is being phased out and replaced by our Security Group Blog.

[Home page] [Blog for 2005][Blog for 2004] [Research] [My Book] [Music] [Contact Details]

8 June 2006 - I've been helping upgrade the security of Homeplug, an industry standard for broadband communication over the power mains. A paper on what we did and why has been accepted for SOUPS. The core problem is this: how can you be sure you're recruiting the right device to your network, rather than a similar one nearby?

11 April 2006 - colleagues and I have signed an open letter to the Health Select Committee calling for an inquiry into the NHS computer programme, which is wasting billions of pounds as well as endangering patient safety and privacy. See press coverage in e-health insider, The Times and Computer Weekly, as well as background information on how this crisis developed.

29 March 2006 - our paper on The Man-in-the-Middle Defence shows how to turn protocol weaknesses to advantage. For example, a bank customer can take an electronic attorney along to a chip-and-PIN transaction to help ensure that neither the bank nor the merchant rips him off. This appeared at SPW 2006 this week; the talk slides are here. It builds on another SPW paper of ours, Phish and Chips, which documents protocol weaknesses in EMV (the protocol used for chip-and-PIN transactions).

6 February 2006 - we now have a Security Group Blog at www.lightbluetouchpaper.org. Unlike this blog it's interactive - you can post comments. We'll see how it develops. Maybe over time much of my own blog material will migrate there.

12 January 2006 - here is a consultation response on DRM written on behalf of the Foundation for Information Policy Research for the All Party Parliamentary Internet group.

2005 blog highlights included research papers on The topology of covert conflict, on combining cryptography with biometrics, on Sybil-resistant DHT routing, and on Robbing the bank with a theorem prover; and a survey paper on cryptographic processors, a shortened version of which will appear this February in Proceedings of the IEEE. For fuller details, see my blog for 2005.

2004 blog highlights included academic papers on cipher composition, key establishment in ad-hoc networks and the economics of censorship resistance. I also spent some time lobbying for amentments to the EU IP Enforcement Directive and organising a workshop on copyright which led to a common position adopted by a number of European NGOs. Finally, I started a web page for out-of-copyright recordings of traditional music. For fuller details, see my blog for 2004.

I don't execute programs sent to me by strangers unless I have good reason, and then only after appropriate precautions. This means, in particular, that I don't read attachments in formats such as Microsoft Word, unless by prior arrangement. I also discard html-format emails, as the vast majority of them are spam, as well as emails asking for `summer research positions', which we don't do.

If you're contacting me about coming to Cambridge to do a PhD, please read the relevant web pages first.