Dr Steven J. Murdoch

[ Portrait photographer Roland Eva | More photos ]

I am a researcher in the Security Group of the University of Cambridge, based in the Computer Laboratory, a fellow of Christ's College, and a member of the Tor project.

Some of my writings can be found on the Security Group blog: Light Blue Touchpaper.

[ follow me on Twitter | see my travel plans ]

News and Updates

22 September 2011
Added “Wall 2.0”, an article published in The European, in both German and the original English.

20 April 2011
Added a few missing talks and my paper at FC11.

22 November 2010
The slides for my guest lecture in the Part II Security course – “Anonymity and Censorship Resistance” – are now available.

26 October 2010
Added new poster (Anonymous Communications and Censorship Resistance, Royal Society Web Science meeting) and talk (Chip and PIN is Broken, ISSE GI-Sicherheit 2010).

21 October 2010
Updated professional activities: added CCS 2011 and PETS 2011 (program committee member) and FC 2011 (general chair).

[ older news ]

Professional activities

Program committee member

CCS 2011

18th ACM Conference on Computer and Communications Security, 17–21 October 2011, Chicago, IL, US. Submission deadline: 6 May 2011 (see CFP for details).

ESORICS 2011

16th European Symposium on Research in Computer Security, 12–14 September 2011, Leuven, BE. Submission deadline: 21 March 2011.

PETS 2011

11th Privacy Enhancing Technologies Symposium (PETS), 27–29 July 2011, Waterloo, ON, Canada. Submission deadline: 28 February 2011 (see CFP for details).

General chair

Financial Cryptography 2011

Financial Cryptography and Data Security '11, 15th International Conference, 28 February–4 March 2011, St. Lucia. Organized by the International Financial Cryptography Association.

Previous programme committee membership

ACM Conference on Computer and Communications Security: 2007, 2008, 2010.

Privacy Enhancing Technologies Symposium (PETS): 2007, 2008, 2009.

Financial Cryptography and Data Security (FC): 2010.

Workshop on Privacy in the Electronic Society (WPES): 2006, 2007, 2009.

ACM Symposium on Applied Computing (Computer Security track): 2007.

Workshop on Foundations of Security and Privacy (FCS-PrivMod): 2010.

FIDIS/IFIP Internet Security & Privacy Summer School: 2008.

Journal reviewing

Includes IEEE Transactions on Dependable and Secure Computing (2009), ACM Transactions on Information and System Security (2008), IEEE Transactions on Software Engineering (2008), IEEE/ACM Transactions on Networking (2007), IEEE Security & Privacy (2007), The Triple Helix (2008), Identity in the Information Society (2008).

Consultancy

For information on my availability for consultancy or expert witness work, please contact me.

Research interests

• Side-channels, covert channels, watermarking and steganography
• Operating system and network security
• Data collection and visualisation techniques
• Software engineering, maintainability and reverse-engineering
• Cryptography and security protocols
• Distributed databases, filesystems and versioning
• Smartcards and financial security
• Privacy, anonymity and traffic analysis
• Structured information formats (XML, SGML, LDAP, etc.) and markup languages
• Physical security and optical document security

Projects

Currently, my most active research topics are on anonymous communications (specifically the Tor Project) and banking security. For other activities, see my project list.

Recent publications

A full list of my papers can be found on the publications page.

• Wall 2.0
  Steven J. Murdoch
  The “Great Firewall of China” inherited its name (and technology) from network firewall products, designed to protect a company from attackers on the Internet. Physical firewalls are designed to protect a building from the spread of fire, network firewalls are designed to protect the controlled corporate environment from the more the chaotic Internet, and the Great Wall of China was designed to protect from outside invaders. The analogy is clear, but can be misleading – Internet censorship is different in many ways to physical walls.
  The European, 13 August 2011. [ article (English and German) | original (German) ]
• Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV
  Ross Anderson, Mike Bond, Omar Choudary, Steven J. Murdoch, Frank Stajano
  The credit card system has been one of the world’s great successes because of its adaptability. By the mid-1990s, a credit card had become a mechanism for authenticating a transaction by presenting a username (the card number) and a password (the expiry date, plus often a CVV) that was already used in mail order and could be adapted with little fuss to the Internet. Now banks in Europe, and increasingly elsewhere, have moved to the EMV “Chip and PIN” system which uses not just smart cards but also “trusted” hardware. The cryptography supported by this equipment has made some kinds of fraud much rarer – although other kinds have increased, and the jury is still out on the net effect. In the USA in particular, some banks and others oppose EMV on the grounds that it will damage innovation to move to a monolithic and inflexible system.
  We discuss the effects that cryptographic lock-down might have on competition and innovation. We predict that EMV will be adapted to use cards as keys; we have found, for example, that the DDA signature can be used by third parties and expect this to be used when customers use a card to retrieve already-purchased goods such as air tickets. This will stop forged credit cards being used to board airplanes.
  We also investigate whether EMV can be adapted to move towards a world in which people can use bank cards plus commodity consumer electronics to make and accept payments. Can the EMV payment ecology be made more open and competitive, or will it have to be replaced? We have already seen EMV adapted to the CAP system; this was possible because only one bank, the card issuer, had to change its software. It seems the key to innovation is whether its benefits can be made sufficiently local and incremental. We therefore explore whether EMV can be adapted to peer-to-peer payments by making changes solely to the acquirer systems. Finally, we discuss the broader issue of how cryptographic protocols can be made extensible. How can the protocol designer steer between the Scylla of the competition authorities and the Charybdis of the chosen protocol attack?
  Financial Cryptography and Data Security, St Lucia, 28 February–04 March 2011. [ paper ]
• Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks
  Claudia Diaz, Steven J. Murdoch, Carmela Troncoso
  Low-latency anonymous communication networks require padding to resist timing analysis attacks, and dependent link padding has been proven to prevent these attacks with minimal overhead. In this paper we consider low-latency anonymity networks that implement dependent link padding, and examine various network topologies. We find that the choice of the topology has an important influence on the padding overhead and the level of anonymity provided, and that Stratified networks offer the best trade-off between them. We show that fully connected network topologies (Free Routes) are impractical when dependent link padding is used, as they suffer from feedback effects that induce disproportionate amounts of padding; and that Cascade topologies have the lowest padding overhead at the cost of poor scalability with respect to anonymity. Furthermore, we propose an variant of dependent link padding that considerably reduces the overhead at no loss in anonymity with respect to external adversaries. Finally, we discuss how Tor, a deployed large-scale anonymity network, would need to be adapted to support dependent link padding.
  10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, 21–23 July 2010. [ paper | slides ]
• Destructive Activism: The Double-Edged Sword of Digital Tactics
  Steven J. Murdoch
  So far this book has viewed the empowerment of citizens through digital means as largely positive. However, the ability of the Internet to share information, coordinate action, and launch transnational campaigns can also be used for destructive ends. This chapter describes how some of the tactics adopted by digital activists have been used to disrupt communications, deface or destroy virtual property, organize malicious actions offline, and publish personal information or disinformation. Actions that cause physical harm to human beings or endanger property have yet to be engaged as a tactic of activism, but this chapter will describe how other groups have taken this route. We address physical harm in this chapter because its represents the next frontier of destructive digital activism. We often view digital activism as a series of positive practices that have the power to remedy injustice. However, digital tools—and the very infrastructure of the Internet—are value neutral and can be used for a variety of activities. The tools and practices can thus be seen as a double-edged sword to be used constructively or destructively. This dual nature raises ethical questions that I will address at the end of the chapter.
  In Digital Activism Decoded: The New Mechanics of Change, Mary Joyce, ed., (New York: iDebate Press), 2010. [ chapter | full book | book website | buy from Amazon UK | buy from Amazon US ]
• Chip and PIN is Broken
  Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
  EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund, asserting that a card cannot be used without the correct PIN, and concluding that the customer must be grossly negligent or lying. Our attack can explain a number of these cases, and exposes the need for further research to bridge the gap between the theoretical and practical security of bank payment systems.
  2010 IEEE Symposium on Security and Privacy, Oakland, CA, US, 16–19 May 2010. Awarded outstanding paper award by IEEE Security & Privacy Magazine. [ paper | slides | slides (PDF) | FAQ | video ]

Recent talks

A full list of my talks can be found on the talks page. Talks accompanying papers can be found in the publications section.

• Chip & PIN is Broken: What Next?
  Steven J. Murdoch
  The EMV protocol, its flaws, and their impact on Chip & PIN security.
  MAS Information Technology Supervision Workshop 3 for Financial Regulators, Singapore, 14–18 March 2011. [ slides | slides (PDF) ]
• The Economics of Payment Card Security and Shifting Fraud Liability
  Steven J. Murdoch
  Introduction to security economics and its relevance to payment card security.
  MAS Cybercrime, eBanking and Payment Card Security Seminar, Singapore, 17 March 2011. [ slides | slides (PDF) ]
• Chip & PIN: 5 Years On
  Steven J. Murdoch
  Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
  BCS Hertfordshire Branch, Hemel Hempstead, UK, 26 January 2011. [ slides | slides (PDF) | audio part 1 | audio part 2 | audio part 3 ]
• Chip and PIN is Broken: Vulnerabilities in the EMV Protocol
  Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
  EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network.
  27th Chaos Communication Congress, Berlin, Germany, 27–30 December 2010. [ slides | slides (PDF) | website | related paper | talk information | video ]
• Anonymity and censorship resistance
  Steven J. Murdoch
  The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
  Part II Security, Cambridge, UK, 22 November 2010. [ slides ]

Miscellaneous

• OpenID protocol diagram
  Steven J. Murdoch
  I found that the OpenID specifications did not give a clear overview of the protocol message flow. So I produced a protocol diagram, which summarises the roles of the various parties, messages sent between them and their important components. Not all details are covered, and only the normal protocol traces are considered so it certainly should not be considered as an alternative to the specification, but I hope it will provide some clarification.
  [ protocol diagram (PDF 68K) ]

Contact Details

email (preferred):

post:

phone:

mobile:

fax:

Last modified 2011-04-20 17:34:23 +0100