Talks

• Chip & PIN is Broken: What Next?
  Steven J. Murdoch
  The EMV protocol, its flaws, and their impact on Chip & PIN security.
  MAS Information Technology Supervision Workshop 3 for Financial Regulators, Singapore, 14–18 March 2011. [ slides | slides (PDF) ]
• The Economics of Payment Card Security and Shifting Fraud Liability
  Steven J. Murdoch
  Introduction to security economics and its relevance to payment card security.
  MAS Cybercrime, eBanking and Payment Card Security Seminar, Singapore, 17 March 2011. [ slides | slides (PDF) ]
• Chip & PIN: 5 Years On
  Steven J. Murdoch
  Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
  BCS Hertfordshire Branch, Hemel Hempstead, UK, 26 January 2011. [ slides | slides (PDF) | audio part 1 | audio part 2 | audio part 3 ]
• Chip and PIN is Broken: Vulnerabilities in the EMV Protocol
  Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
  EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network.
  27th Chaos Communication Congress, Berlin, Germany, 27–30 December 2010. [ slides | slides (PDF) | website | related paper | talk information | video ]
• Anonymity and censorship resistance
  Steven J. Murdoch
  The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
  Part II Security, Cambridge, UK, 22 November 2010. [ slides ]
• Chip and PIN is Broken
  Steven J. Murdoch
  Chip and PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed, including the recently published no-PIN attack. An introduction to the Chip and PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud, customer liability, and whether Chip and PIN was a worthwhile investment.
  ISSE GI-Sicherheit 2010, Berlin, Germany, 05–07 October 2010. [ slides | slides (PDF) ]
• Anonymous Communications and Censorship Resistance: Using Tor to Defeat Internet Surveillance
  Steven J. Murdoch
  When you use the Internet, you are being tracked. The websites which you visit know who you are; marketers track your behaviour and your preferences. Even criminals exploit the traces people leave online. Anonymous communication systems help defeat such monitoring. One such system, Tor, is used by over 500,000 people daily including law enforcement, human rights workers, military personnel, and ordinary citizens worldwide. While originally designed for enhancing privacy and safety, Tor is increasingly used for allowing its users to circumvent censorship, and access commonly blocked websites including social networking, reference and news. Anonymous communication systems introduce some unique challenges, but many of the problems faced by the Tor network mirror those which are found on the wider Internet. For this reason, the study of Tor and similar systems will be informative in general, and allow the testing of hypotheses which would be difficult to evaluate on larger systems.
  Web Science: Exploring the Frontier, Kavli Royal Society Centre, UK, 29–30 September 2010. [ poster ]
• Payment card fraud and banking regulation
  Steven J. Murdoch
  Card fraud is one of the most common types of theft in the UK. According to the 2008/2009 British Crime Survey, 6.4% of card owners were the victim of fraud in the past 12 months, rising from 4.7% in 2007/2008. Fear of card fraud is also dramatically higher than that of other types of crime. Despite the introduction of enhanced security measures such as chip and PIN, fraud levels continue to rise. In this talk I will describe the vulnerabilities in the card payment system that criminals are exploiting, and others which they may use in the future. Finally, I will discuss the results of previous policy decisions on levels of fraud, and how these developments may guide the future actions of policymakers.
  4th International Crime Science Conference, London, UK, 15 July 2010. [ slides | slides (PDF) ]
• Chip & PIN: 5 years on
  Steven J. Murdoch
  Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
  Achieving Sustainable Improvements in the Security of Retail Payments (keynote), Federal Reserve Bank of Philadelphia, PA, US, 16–17 February 2010. [ slides ]
• Optimised to fail: Card readers for online banking
  Saar Drimer, Steven J. Murdoch, Ross Anderson
  Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.
  26th Chaos Communication Congress, Berlin, Germany, 27–30 December 2009. [ slides | website | related paper | talk information ]
• Anonymity and censorship resistance
  Steven J. Murdoch
  The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
  Part II Security, Cambridge, UK, 04 November 2009. [ slides ]
• Evidence in Fraud Cases: Complexity and Access
  Steven J. Murdoch
  It is well known that technology is complicating fraud investigations, by increasing the complexity and quantity of evidence. This talk covers two particular examples: Cloud Computing and Chip & PIN. Cloud Computing means that now significant amounts of evidence will be held by third parties. These may be abroad, so require the use of Mutual Legal Assistance. Establishing a chain of custody and searching information may also be difficult. With Chip & PIN, cards now contain their own logs and create a cryptographic audit trail. Processing this information is helpful, but often banks will not co-operate or destroy evidence before it can be investigated.
  The Cambridge International Symposium on Economic Crime, Cambridge, UK, 30 August–06 September 2009. [ slides ]
• Verified by Visa and MasterCard SecureCode
  Steven J. Murdoch
  Verified by Visa and MasterCard SecureCode (brand names for 3-D Secure) authenticate cardholders performing online transactions. This talk describes how the system operates, and how it is vulnerable to attack. Because users cannot tell whether they are accessing their real bank, 3-D Secure trains customers to enter their password into untrustworthy sites. Phishing websites are already exploiting this vulnerability. Furthermore, the terms and conditions associated with 3-D Secure often leave customers in a weaker position than before, despite not being given the ability to reasonably detect fraudulent sites.
  The Cambridge International Symposium on Economic Crime, Cambridge, UK, 30 August–06 September 2009. [ slides ]
• System-Level Failures in Security
  Steven J. Murdoch
  Many security critical systems may appear to be secure in theory, but fail when deployed in real life. This talk will discuss examples of this problem, drawn from the fields of banking security and anonymous communications. The causes for these failings include interactions between security mechanisms, inappropriate abstractions, and lack of consideration for usability. In this talk I will argue that security is a system property, and that managing the complexity of the design process is the biggest challenge in building secure systems.
  Microsoft Research Lecture, Cambridge, UK, 01 April 2009. [ slides ]
• Freedom of Speech and the Internet
  Steven J. Murdoch
  The Internet was once hailed as being uncensorable and borderless, and as such, a benefit for freedom of speech and human rights in general. The reality is more complex. While the Internet has allowed groups to reach far larger audiences, and has complicated the roles of censors, the growth of the Internet has carried a cost. Pervasive surveillance, at scales only before imagined of, is now possible and the re-writing of history is commonplace. This talk will discuss the effects of the Internet, both good and bad, and how groups such as the Tor project are working to protect privacy and resist censorship.
  Cambridge University Amnesty International, Cambridge, UK, 11 February 2009. [ slides ]
• Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof
  Saar Drimer, Steven J. Murdoch, Ross Anderson
  PIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics.
  25th Chaos Communication Congress, Berlin, Germany, 27–30 December 2008. [ slides | website | related paper ]
• Anonymity and censorship resistance
  Steven J. Murdoch
  The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
  Part II Security, Cambridge, UK, 14 November 2008. [ slides ]
• Internet censorship and how it is resisted
  Steven J. Murdoch
  A growing number of countries and non-state entities are deploying mechanisms to block content and services on the Internet. Motivations include maintaining moral values and public order, reducing political dissent, constraining freedom of expression and practice of religion, as well as enforcing compliance with local laws. This talk will describe the systems which implement such blocking, both technological and social. It will then look at censorship circumvention methods, the effectiveness of these techniques, and ethical issues raised by both censorship and censorship circumvention.
  Cambridge University Student Pugwash Society, Cambridge, UK, 30 October 2008. [ slides ]
• The convergence of ATM and online transactions
  Steven J. Murdoch
  Payment cards, previously only used for ATM and POS transactions, are increasingly a component of online shopping and banking. This presentation will discuss some of the threats, and their mitigation techniques, from this change in the risk landscape.
  ATM Security 2008, London, UK, 27–28 October 2008. [ slides ]
• The Future of Anonymity and Censorship Resistant Publishing
  Steven J. Murdoch
  Introduction to anonymous communication networks, censorship resistance, and future directions for research in the field.
  FIDIS/IFIP Internet Security & Privacy Summer School (keynote), Brno, Czech Republic, 01–07 September 2008. [ slides ]
• Relay attacks on card payment: vulnerabilities and defences
  Saar Drimer, Steven J. Murdoch
  Relay attacks allow criminals to use credit or debit cards for fraudulent transactions, completely bypassing protections in today's electronic payment systems. This talk will show how using easily available electronics, it is possible to carry out such attacks. Also, we will describe techniques for improving payment systems in order to close this vulnerability.
  The UK, like many other countries, has moved from comparatively insecure magnetic stripe cards to smartcards, for electronic payment. These smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and while implementation standards varies, have the potential to provide good security. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can still be exploited for fraud.
  Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence is described and implemented, which requires only modest alterations to current hardware and software. This allows payment terminals to securely establish a maximum distance bound between itself and the legitimate card. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications.
  24th Chaos Communication Congress, Berlin, Germany, 27–30 December 2007. [ slides | video | related paper ]
• Hot or Not: Fingerprinting hosts through clock skew
  Steven J. Murdoch, Sebastian Zander
  Every computer has a unique clock skew, even ones of the same model, so this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this phenomenon.
  By collecting TCP timestamps or sequence numbers, clock skew can be accurately remotely measured. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computer's environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the same location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries.
  The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide.
  The talk will also present a separate illustration of the temperature covert channel technique, such as investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.
  Invited talk, EuroBSDCon 2007, Copenhagen, Denmark, 14–15 September 2007. [ slides | video ]
• Experiences as an e-counting election observer in the UK
  Steven J. Murdoch
  In May 2007, I acted as an election observer during the e-counting trials in the UK, on behalf of the Open Rights Group (ORG). This talk summarizes the ORG report and I add a few personal observations.
  Workshop on Trustworthy Elections, Ottawa, Canada, 20–21 June 2007. [ slides ]
• EMV flaws and fixes: vulnerabilities in smart card payment systems
  Steven J. Murdoch
  The EMV protocol suite, used for smart card based payments worldwide, was devised in 1993, and has been revised a number of times to fix flaws and adapt to new threats. Despite this long heritage there remains several vulnerabilities, some in the EMV protocol itself, others as a result of how it has been deployed and yet more when smart card based payments are considered as part of the wider financial landscape. This talk will describe the EMV protocol both in the abstract and as a concrete implementation. Examples of flaws will be given, as well as mitigation techniques. Particular emphasis will be put on defences which respect existing implementation and business restrictions, so making their deployment more likely than conventional protocol fixes.
  COSIC Seminar, K.U. Leuven, Belgium, 11 June 2007. [ slides ]
• Chip and Spin
  Steven J. Murdoch
  Introduction to the types of card fraud currently being carried out in the UK, techniques that might be used in the future, and how customers can defend themselves.
  Girton Neighbourhood Watch, Girton, UK, 15 May 2007. [ slides ]
• Internet censorship in China
  Steven J. Murdoch
  With 137 million Internet users and rising, China has created the largest and consequently most sophisticated Internet censorship system in the world. However, this is just one of the many means by which the state tries to ensure its stability and control over the population. Technical measures are complemented by social techniques, which grant both greater subtlety and strength of enforcement, when compared to the blunt and easily circumvented "Great Firewall of China". Through a matrix of regulation and allocation of liability, the authorities have succeeded in deputising members of the public into enforcing censorship rules, while insulating the state from criticism. Also, with the selective enforcement of vague laws, coupled with harsh punishment, the public are strongly encouraged not test the boundaries of censorship, lest they become a victim of the sophisticated "Golden Shield" surveillance network. The resulting self censorship is far more effective than crude technical means, and in the extreme case the people it controls might not even be aware of its existence. This talk will describe the censorship mechanisms deployed in China, along with the targets of their blocking. It will also cover some of the means by which it can be circumvented. Finally the social mechanisms in place will be covered, as well as their interaction with the technological infrastructure.
  Inter-Disciplinary China Studies Forum: Annual Conference, Cambridge, UK, 14 April 2007. [ slides ]
• Detecting temperature through clock skew – Hot or Not: Defeating anonymity by monitoring clock skew to remotely detect the temperature of a PC
  Steven J. Murdoch
  The end of my 22C3 talk showed how a side effect of TCP/IP steganography detection was to precisely measure the error of a computers system clock (skew). This talk will review and expand on that material, showing the various other mechanisms for monitoring clock skew and discussing the tradeoffs involved. Because every computer has a unique clock skew, even ones of the same model, this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries. The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide. The talk will also present a separate illustration of the temperature covert channel technique, investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.
  23rd Chaos Communication Congress, Berlin, Germany, 27–30 December 2006. [ slides | code | related paper ]
• Censorship resistant technologies
  Steven J. Murdoch
  A growing number of countries and non-state entities are deploying mechanisms to block content and services on the Internet. Motivations include maintaining moral values and public order, reducing political dissent, constraining freedom of expression and practice of religion, as well as enforcing compliance with local laws. This talk will describe the systems which implement such blocking, both technological and social. It will then look at censorship circumvention methods, the effectiveness of these techniques, and future directions for research.
  Horizon seminar: Risk, Threat & Detection, Cambridge, UK, 05 December 2006. [ slides ]
• Out of Character: Are the Chinese Creating a Second Internet?
  Steven J. Murdoch
  In February 2006, China announced that they had added three new Chinese script top level domains (TLDs) augment the existing country code (e.g. .uk, .cn) and global (e.g. .com, .org) TLDs. Not only was this the first deployment of internationalised TLDs, but China also bypassed the conventional, but much criticised, international agreement process. This talk will describe the organisational structure of the domain name system (DNS), how the Chinese additions fit into this and discuss their potential impact.
  Inter-Disciplinary China Studies Forum workshop: China in the UK, Cambridge, UK, 24 June 2006. [ slides ]
• Covert channels in TCP/IP: attack and defence
  Steven J. Murdoch, Stephen Lewis
  This talk shows how idiosyncrasies in TCP/IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used, through extracting clock skew.
  22nd Chaos Communication Congress, Berlin, Germany, 27–30 December 2005. [ slides | related paper ]
• The Convergence of Anti-Counterfeiting and Computer Security
  Steven J. Murdoch, Ben Laurie
  This talk examines the similarities between computer security and optical document security. Also we describe our work on reverse engineering anti-counterfeiting measures, included in much modern graphics software, and discuss its impact on Open Source.
  21st Chaos Communication Congress, Berlin, Germany, 27–29 December 2004. Also presented at the Security Group Seminar, Computer Laboratory, University of Cambridge, 15 February 2005. [ slides ]
• Hidden Data in Internet Published Documents
  Steven J. Murdoch, Maximillian Dornseif
  Many files are being published on the Internet which hold unexpected (and potentially embarrassing) data. We examine different cases of hidden data in file formats (including Word, PDF and JPEG) and show examples of these from a crawl of the Internet.
  21st Chaos Communication Congress, Berlin, Germany, 27–29 December 2004. [ slides | source code and demonstration ]
• Software Detection of Currency
  Steven J. Murdoch
  This talk was presented at the rump session of the 2004 Information Hiding Workshop on some initial results from my experiments with the currency detection feature in recent printers, scanners and image manipulation software.
  6th Information Hiding Workshop, Toronto, Ontario, Canada, 23–25 May 2004. [ slides ]
• Collusion in Online Competitions Using Covert Channels
  Steven J. Murdoch
  How collusion in games can be achieved when no conventional communication channel exists and what implications collusion can have on a player's rankings. Also how these techniques were successfully applied in a real life Connect-4 programming competition.
  Inference Group meeting, Cavendish Laboratory, University of Cambridge, 02 July 2003. [ slides ]
• Security-Enhanced Linux (SE Linux)
  Steven J. Murdoch
  Introduction to SE Linux, its policy structure, architecture and an example of how it can reduce the impact of security bugs.
  See the SE Linux homepage for downloads and more information. Also the talk by Russell Coker on SE Linux which was given at the Computer Laboratory (abstract) may be of interest.
  Security Group meeting, Computer Laboratory, University of Cambridge, 29 November 2002. [ slides ]

Last modified 2011-04-20 17:34:40 +0100

[ Home ]