Dr Steven J. Murdoch
I am a Principal Research Fellow in the Information Security Research Group of the Department of Computer Science at University College London. I am also a visiting researcher in the Security Group
of the University of Cambridge,
based in the Computer
Laboratory, a bye-fellow of Christ's College, Security Architect at the VASCO Innovation Center, Cambridge, and a member of the Tor Project.
Some of my writings can be found on the Security Group blog: Light Blue
Cambridge students may be interested in my Part II project proposals.
[ follow me on Twitter ]
News and Updates
10 October 2014
Added new paper, published in IET Electronics Letters: “Optimising node selection probabilities in multi-hop M/D/1 queuing networks to reduce latency of Tor”.
29 August 2014
Added slides for my invited lecture at University College London: “Online Payment Methods”.
31 July 2014
Added edited volumes: Privacy Enhancing Technologies 2014 and Internet Censorship and Control.
30 July 2014
Added panel session with audio from Royal Society Summer Science Exhibition – “Privacy with technology: where do we go from here?”.
28 July 2014
Added video for my keynote at OWASP AppSec EU 2014 – “Anonymous Communications and Tor: History and Future Challenges”.
[ older news ]
Kumar Sharad (PhD student): security in social networks – anonymisation and fraud prevention.
Sheharbano Khattak (Research Assistant & PhD student): measurement of censorship and censorship resistance systems.
14th Privacy Enhancing Technologies Symposium,
16–18 July, 2014, Amsterdam, Netherlands.
Financial Cryptography and Data Security '11,
15th International Conference, 28 February–4 March 2011, St. Lucia.
Organized by the International Financial Cryptography Association.
Previous programme committee membership
European Symposium on Research in Computer Security (ESORICS) 2011
ACM Conference on Computer and Communications Security: 2007, 2008, 2010, 2011.
Privacy Enhancing Technologies Symposium (PETS): 2007, 2008, 2009, 2011.
Financial Cryptography and Data Security (FC): 2010.
Workshop on Privacy in the Electronic Society (WPES): 2006, 2007, 2009.
ACM Symposium on Applied Computing (Computer Security track): 2007.
Workshop on Foundations of Security and Privacy (FCS-PrivMod): 2010.
FIDIS/IFIP Internet Security & Privacy Summer School: 2008.
Includes IEEE Transactions on Dependable and Secure Computing (2009), ACM Transactions on Information and System Security (2008), IEEE Transactions on Software Engineering (2008), IEEE/ACM Transactions on Networking (2007), IEEE Security & Privacy (2007), The Triple Helix (2008), Identity in the Information Society (2008).
For information on my availability for consultancy or expert witness work,
please contact me.
- Side-channels, covert channels, watermarking and steganography
- Operating system and network security
- Data collection and visualisation techniques
- Software engineering, maintainability and reverse-engineering
- Cryptography and security protocols
- Distributed databases, filesystems and versioning
- Smartcards and financial security
- Privacy, anonymity and traffic analysis
- Structured information formats (XML, SGML, LDAP, etc.) and markup languages
- Physical security and optical document security
Currently, my most active research topics are on anonymous communications (specifically the Tor Project) and banking security. For other activities, see my project list.
A full list of my papers can be found on the publications page.
- Optimising node selection probabilities in multi-hop M/D/1 queuing networks to reduce latency of Tor
Steven Herbert, Steven J. Murdoch, Elena Punskaya
The expected cell latency for multi-hop M/D/1 queuing networks, where users choose nodes randomly according to some distribution, is derived. It is shown that the resulting optimisation surface is convex, and thus gradient-based methods can be used to find the optimal node assignment probabilities. This is applied to a typical snapshot of the Tor anonymity network at 50% usage, and leads to a reduction in expected cell latency from 11.7 ms using the original method of assigning node selection probabilities to 1.3 ms. It is also shown that even if the usage is not known exactly, the proposed method still leads to an improvement.
IET Electronics Letters Volume 50, Issue 17, Pages 1205–1207, 14 August 2014.
[ paper | DOI 10.1049/el.2014.2136 ]
- Privacy Enhancing Technologies 2014
Emiliano De Cristofaro, Steven J. Murdoch
Either through a deliberate desire for surveillance or an accidental consequence of design, there are a growing number of systems and applications that record and process sensitive information. As a result, the role of privacy-enhancing technologies becomes increasingly crucial, whether adopted by individuals to avoid intrusion in their private life, or by system designers to offer protection to their users. The 14th Privacy Enhancing Technologies Symposium (PETS 2014) addressed the need for better privacy by bringing together experts in privacy and systems research, cryptography, censorship resistance, and data protection, facilitating the collaboration needed to tackle the challenges faced in designing and deploying privacy technologies.
14th Privacy Enhancing Technologies Symposium (PETS 2014), Amsterdam, Netherlands, 16–18 July 2014. (Program Chair and Editor). Published in LNCS 8555, Springer-Verlag.
[ DOI 10.1007/978-3-319-08506-7 | papers | opening slides ]
- EMV: Why Payment Systems Fail
Ross Anderson, Steven J. Murdoch
What lessons might we learn from the chip cards used for payments in Europe, now that the U.S. is adopting them too?
Communications of the ACM Volume 57, Number 6, Pages 24–28, June 2014.
[ paper | DOI 10.1145/2602321 | ACM version ]
- Chip and Skim: cloning EMV cards with the pre-play attack
Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson
EMV, also known as “Chip and PIN”, is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered two serious problems: a widespread implementation flaw and a deeper, more difficult to fix flaw with the EMV protocol itself. The first flaw is that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this nonce. This exposes them to a “pre-play” attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically. Card cloning is the very type of fraud that EMV was supposed to prevent. We describe how we detected the vulnerability, a survey methodology we developed to chart the scope of the weakness, evidence from ATM and terminal experiments in the field, and our implementation of proof-of-concept attacks. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit. The second problem was exposed by the above work. Independent of the random number quality, there is a protocol failure: the actual random number generated by the terminal can simply be replaced by one the attacker used earlier when capturing an authentication code from the card. This variant of the pre-play attack may be carried out by malware in an ATM or POS terminal, or by a man-in-the-middle between the terminal and the acquirer. We explore the design and implementation mistakes that enabled these flaws to evade detection until now: shortcomings of the EMV specification, of the EMV kernel certification process, of implementation testing, formal analysis, and monitoring customer complaints. Finally we discuss countermeasures. More than a year after our initial responsible disclosure of these flaws to the banks, action has only been taken to mitigate the first of them, while we have seen a likely case of the second in the wild, and the spread of ATM and POS malware is making it ever more of a threat.
2014 IEEE Symposium on Security and Privacy, San Jose, CA, US, 18–21 May 2014.
[ paper ]
- Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture
Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Michael Roe
This document describes the rapidly maturing design for the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA), which is being developed by SRI International and the University of Cambridge. The document is intended to capture our evolving architecture, as it is being refined, tested, and formally analyzed. We have now reached 70% of the time for our research and development cycle.
CHERI is a hybrid capability-system architecture that combines new processor primitives with the commodity 64-bit RISC ISA enabling software to efficiently implement fine-grained memory protection and a hardware-software object-capability security model. These extensions support incrementally adoptable, high-performance, formally based, programmer-friendly underpinnings for fine-grained software decomposition and compartmentalization, motivated by and capable of enforcing the principle of least privilege. The CHERI system architecture purposefully addresses known performance and robustness gaps in commodity ISAs that hinder the adoption of more secure programming models centered around the principle of least privilege. To this end, CHERI blends traditional paged virtual memory with a per-address-space capability model that includes capability registers, capability instructions, and tagged memory that have been added to the 64-bit MIPS ISA via a new capability coprocessor.
CHERI’s hybrid approach, inspired by the Capsicum security model, allows incremental adoption of capability-oriented software design: software implementations that are more robust and resilient can be deployed where they are most needed, while leaving less critical software largely unmodified, but nevertheless suitably constrained to be incapable of having adverse effects. For example, we are focusing conversion efforts on low-level TCB components of the system: separation kernels, hypervisors, operating system kernels, language runtimes, and userspace TCBs such as web browsers. Likewise, we see early-use scenarios (such as data compression, image processing, and video processing) that relate to particularly high-risk software libraries, which are concentrations of both complex and historically vulnerability-prone code combined with untrustworthy data sources, while leaving containing applications unchanged.
This report describes the CHERI architecture and design, and provides reference documentation for the CHERI instruction-set architecture (ISA) and potential memory models, along with their requirements. It also documents our current thinking on integration of programming languages and operating systems. Our ongoing research includes two prototype processors employing the CHERI ISA, each implemented as an FPGA soft core specified in the Bluespec hardware description language (HDL), for which we have integrated the application of formal methods to the Bluespec specifications and the hardware-software implementation.
Technical Report UCAM-CL-TR-850, University of Cambridge, Computer Laboratory, April 2014.
[ paper ]
A full list of my talks can be found on the talks page. Talks accompanying papers can be found in the publications section.
- Payment Security: Attacks & Defences
Steven J. Murdoch
Card fraud is going up, despite the wider deployment of Chip and PIN. How has the security been bypassed and why did fraud increase after Chip and PIN was introduced? This talk descibes how poor tamper resistance led to fallback-fraud, how the no-PIN vulnerability allows criminals to use stolen cards without knowing the PIN, and how EMV-CAP still allows online banking fraud to occur.
The Payments Knowledge Forum, London, UK, 29 September 2014.
[ slides ]
- Privacy with technology: where do we go from here?
Jon Crowcroft, Ross Anderson, Bashar Nuseibeh, Steven J. Murdoch
Recent revelations surrounding internet privacy have garnered global attention. As people live more of their lives online, and with growing ‘always on’ and wearable technology, the amount of data available for observation and analysis is growing faster than ever. Are current technologies robust enough to keep us protected, and what is being developed to better manage and protect our identities and privacy? Our panel of experts discussed the implications and challenges of the changing technological landscape.
Panel session at Royal Society Summer Science Exhibition, London, UK, 05 July 2014.
[ audio | summary | further details ]
- Anonymous Communications and Tor: History and Future Challenges
Steven J. Murdoch
The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this talk I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising censorship-resistance over privacy. The growing popularity of anonymous communication systems has also led to commercial and political realities effecting how projects are run and software is designed. In particular, I will discuss how the Tor software has changed, and the Tor project evolved in this environment. I will conclude by summarising what might be the future for anonymous communication systems and how they may have to adapt themselves to changing circumstances.
Keynote talk at OWASP AppSecEU, Cambridge, UK, 26 June 2014.
[ slides | slides (PDF) | video ]
- Introduction to Trusted Execution Environments (TEE)
Steven J. Murdoch
Learning objectives are to: understand what a TEE is and why it is of interest; appreciate the range of standards and products that offer TEE capability; be able to describe the basic building blocks of a typical TEE; compare the attack resistance of a TEE product w.r.t. security evaluated smart cards; contrast ownership and management issues w.r.t. a traditional smart card/SIM model.
Invited lecture as part of IY5606: Smart Cards/Token Security and Applications, Royal Holloway, University of London, 25 March 2014.
[ slides ]
- Online Payment Methods
Steven J. Murdoch
This lecture discusses online payment methods, including payment schemes such as Visa and MasterCard, contrasting card-present and card-not-present transactions. Attacks against online banking systems are described, along with the techniques used to defend against them. The EMV-CAP authentication scheme is outlined, along with the potential weaknesses it introduces. Typical methods for integrating online payments into a website are described, including how 3D-Secure attempts to reduce card-not-present fraud. Other innovative payment techniques are introduced, including SOFORT Überweisung and mobile payments.
Invited lecture as part of COMPM041 - Web Economics, University College London, 18 March 2014.
[ slides ]
- OpenID protocol diagram
Steven J. Murdoch
I found that the OpenID
specifications did not give a clear overview of the
protocol message flow. So I produced a protocol diagram, which summarises
the roles of the various parties, messages sent between them and their
important components. Not all details are covered, and only the normal
protocol traces are considered so it certainly should not be considered
as an alternative to the specification, but I hope it will provide
[ protocol diagram (PDF 68K) ]
s.murdoch at ucl.ac.uk
Dr Steven J. Murdoch
Computer Science Department
University College London
+44 1223 763566 (Cambridge) or +44 20 3108 1629 (UCL)
+44 7866 807 628
Last modified 2015-02-06 16:39:05 +0000
Note for search engines: My name is commonly misspelt as Steve Murdoch, Steve J. Murdoch, Stephen Murdoch, Stephen J. Murdoch, even sjm217 and sjmurdoch. I haven't seen anyone try 9803674m or murdocsj, which were my identifiers at the University of Glasgow, but in principle they might.