Dr Steven J. Murdoch

[ Portrait photographer Roland Eva | More photos ]

I am a researcher in the Security Group of the University of Cambridge, based in the Computer Laboratory, a fellow of Christ's College, and a member of the Tor project.

Some of my writings can be found on the Security Group blog: Light Blue Touchpaper.

[ follow me on Twitter | see my travel plans ]

News and Updates

19 August 2010
The updated version of my paper at the 2008 Security Protocols Workshop – “Hardened Stateless Session Cookies” – is now available.

09 August 2010
The slides from my presentation at the International Crime Science Conference are now available.

04 August 2010
My paper “Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks”, presented at the Privacy Enhancing Technologies Symposium (PETS 2010), is now available.

07 June 2010
My book chapter, Destructive Activism: The Double-Edged Sword of Digital Tactics, appearing in Digital Activism Decoded: The New Mechanics of Change, is now online. It is also available for sale on Amazon UK and Amazon US.

19 May 2010
The slides from my presentation at IEEE Security and Privacy (Oakland) are now available, and the final paper (Chip and PIN is Broken) is also online.

[ older news ]

Professional activities

Program committee member

FCS-PrivMod 2010

Workshop on Foundations of Security and Privacy, 14–15 July 2010, Edinburgh, UK. Affiliated with FLoC 2010. Submission deadline is 23 March 2010 (see the CFP for further information).

CCS 2010

17th ACM Conference on Computer and Communications Security (CCS), 4–8 October 2010, Chicago, IL, US. Submission deadline is 17 April 2010 (see the CFP for further information).

Financial Cryptography 2010

Financial Cryptography and Data Security '10, Fourteenth International Conference, 25–28 January 2010, Tenerife, Canary Islands, Spain. Organized by the International Financial Cryptography Association.

Previous programme committee membership

ACM Conference on Computer and Communications Security: 2007, 2008.

Privacy Enhancing Technologies Symposium (PETS): 2007, 2008, 2009.

Workshop on Privacy in the Electronic Society (WPES): 2006, 2007, 2009.

ACM Symposium on Applied Computing (Computer Security track): 2007.

FIDIS/IFIP Internet Security & Privacy Summer School: 2008.

Journal reviewing

Includes IEEE Transactions on Dependable and Secure Computing (2009), ACM Transactions on Information and System Security (2008), IEEE Transactions on Software Engineering (2008), IEEE/ACM Transactions on Networking (2007), IEEE Security & Privacy (2007), The Triple Helix (2008), Identity in the Information Society (2008).

Research interests

• Side-channels, covert channels, watermarking and steganography
• Operating system and network security
• Data collection and visualisation techniques
• Software engineering, maintainability and reverse-engineering
• Cryptography and security protocols
• Distributed databases, filesystems and versioning
• Smartcards and financial security
• Privacy, anonymity and traffic analysis
• Structured information formats (XML, SGML, LDAP, etc.) and markup languages
• Physical security and optical document security

Projects

Currently, my most active research topics are on anonymous communications (specifically the Tor Project) and banking security. For other activities, see my project list.

Recent publications

A full list of my papers can be found on the publications page.

• Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks
  Claudia Diaz, Steven J. Murdoch, Carmela Troncoso
  Low-latency anonymous communication networks require padding to resist timing analysis attacks, and dependent link padding has been proven to prevent these attacks with minimal overhead. In this paper we consider low-latency anonymity networks that implement dependent link padding, and examine various network topologies. We find that the choice of the topology has an important influence on the padding overhead and the level of anonymity provided, and that Stratified networks offer the best trade-off between them. We show that fully connected network topologies (Free Routes) are impractical when dependent link padding is used, as they suffer from feedback effects that induce disproportionate amounts of padding; and that Cascade topologies have the lowest padding overhead at the cost of poor scalability with respect to anonymity. Furthermore, we propose an variant of dependent link padding that considerably reduces the overhead at no loss in anonymity with respect to external adversaries. Finally, we discuss how Tor, a deployed large-scale anonymity network, would need to be adapted to support dependent link padding.
  10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, 21–23 July 2010. [ paper | slides ]
• Destructive Activism: The Double-Edged Sword of Digital Tactics
  Steven J. Murdoch
  So far this book has viewed the empowerment of citizens through digital means as largely positive. However, the ability of the Internet to share information, coordinate action, and launch transnational campaigns can also be used for destructive ends. This chapter describes how some of the tactics adopted by digital activists have been used to disrupt communications, deface or destroy virtual property, organize malicious actions offline, and publish personal information or disinformation. Actions that cause physical harm to human beings or endanger property have yet to be engaged as a tactic of activism, but this chapter will describe how other groups have taken this route. We address physical harm in this chapter because its represents the next frontier of destructive digital activism. We often view digital activism as a series of positive practices that have the power to remedy injustice. However, digital tools—and the very infrastructure of the Internet—are value neutral and can be used for a variety of activities. The tools and practices can thus be seen as a double-edged sword to be used constructively or destructively. This dual nature raises ethical questions that I will address at the end of the chapter.
  In Digital Activism Decoded: The New Mechanics of Change, Mary Joyce, ed., (New York: iDebate Press), 2010. [ chapter | full book | book website | buy from Amazon UK | buy from Amazon US ]
• Chip and PIN is Broken
  Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
  EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund, asserting that a card cannot be used without the correct PIN, and concluding that the customer must be grossly negligent or lying. Our attack can explain a number of these cases, and exposes the need for further research to bridge the gap between the theoretical and practical security of bank payment systems.
  2010 IEEE Symposium on Security and Privacy, Oakland, CA, US, 16–19 May 2010. [ paper | slides | slides (PDF) | FAQ | video ]
• Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication
  Steven J. Murdoch, Ross Anderson
  Banks worldwide are starting to authenticate online card transactions using the ‘3-D Secure’ protocol, which is branded as Verifed by Visa and MasterCard SecureCode. This has been partly driven by the sharp increase in online fraud that followed the deployment of EMV smart cards for cardholder-present payments in Europe and elsewhere. 3-D Secure has so far escaped academic scrutiny; yet it might be a textbook example of how not to design an authentication protocol. It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. Also, it provides a fascinating lesson in security economics. While other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology they got the economics wrong, and their schemes have not been adopted. 3-D Secure has lousy technology, but got the economics right (at least for banks and merchants); it now boasts hundreds of millions of accounts. We suggest a path towards more robust authentication that is technologically sound and where the economics would work for banks, merchants and customers – given a gentle regulatory nudge.
  Financial Cryptography and Data Security, Tenerife, Canary Islands, 25–28 January 2010. [ paper ]
• A Case Study on Measuring Statistical Data in the Tor Anonymity Network
  Karsten Loesing, Steven J. Murdoch, Roger Dingledine
  The Tor network is one of the largest deployed anonymity networks, consisting of 1500+ volunteer-run relays and probably hundreds of thousands of clients connecting every day. Its large user-base has made it attractive for researchers to analyze usage of a real deployed anonymity network. The recent growth of the network has also led to performance problems, as well as attempts by some governments to block access to the Tor network. Investigating these performance problems and learning about network blocking is best done by measuring usage data of the Tor network. However, analyzing a live anonymity system must be performed with great care, so that the users’ privacy is not put at risk. In this paper we present a case study of measuring two different types of sensitive data in the Tor network: countries of connecting clients, and exiting traffic by port. Based on these examples we derive general guidelines for safely measuring potentially sensitive data, both in the Tor network and in other anonymity networks.
  Workshop on Ethics in Computer Security Research, Tenerife, Canary Islands, 28 January 2010. [ paper (draft) ]

Recent talks

A full list of my talks can be found on the talks page. Talks accompanying papers can be found in the publications section.

• Payment card fraud and banking regulation
  Steven J. Murdoch
  Card fraud is one of the most common types of theft in the UK. According to the 2008/2009 British Crime Survey, 6.4% of card owners were the victim of fraud in the past 12 months, rising from 4.7% in 2007/2008. Fear of card fraud is also dramatically higher than that of other types of crime. Despite the introduction of enhanced security measures such as chip and PIN, fraud levels continue to rise. In this talk I will describe the vulnerabilities in the card payment system that criminals are exploiting, and others which they may use in the future. Finally, I will discuss the results of previous policy decisions on levels of fraud, and how these developments may guide the future actions of policymakers.
  4th International Crime Science Conference, London, UK, 15 July 2010. [ slides | slides (PDF) ]
• Chip & PIN: 5 years on
  Steven J. Murdoch
  Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
  Achieving Sustainable Improvements in the Security of Retail Payments (keynote), Federal Reserve Bank of Philadelphia, PA, US, 16–17 February 2010. [ slides ]
• Optimised to fail: Card readers for online banking
  Saar Drimer, Steven J. Murdoch, Ross Anderson
  Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.
  26th Chaos Communication Congress, Berlin, Germany, 27–30 December 2009. [ slides | website | related paper | talk information ]
• Anonymity and censorship resistance
  Steven J. Murdoch
  The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
  Part II Security, Cambridge, UK, 04 November 2009. [ slides ]
• Evidence in Fraud Cases: Complexity and Access
  Steven J. Murdoch
  It is well known that technology is complicating fraud investigations, by increasing the complexity and quantity of evidence. This talk covers two particular examples: Cloud Computing and Chip & PIN. Cloud Computing means that now significant amounts of evidence will be held by third parties. These may be abroad, so require the use of Mutual Legal Assistance. Establishing a chain of custody and searching information may also be difficult. With Chip & PIN, cards now contain their own logs and create a cryptographic audit trail. Processing this information is helpful, but often banks will not co-operate or destroy evidence before it can be investigated.
  The Cambridge International Symposium on Economic Crime, Cambridge, UK, 30 August–06 September 2009. [ slides ]

Miscellaneous

• OpenID protocol diagram
  Steven J. Murdoch
  I found that the OpenID specifications did not give a clear overview of the protocol message flow. So I produced a protocol diagram, which summarises the roles of the various parties, messages sent between them and their important components. Not all details are covered, and only the normal protocol traces are considered so it certainly should not be considered as an alternative to the specification, but I hope it will provide some clarification.
  [ protocol diagram (PDF 68K) ]

Contact Details

email (preferred):

post:

phone:

mobile:

fax:

Last modified 2010-08-09 16:04 +0100