Richard Clayton
image | margin | info |
 |
|
How you can contact me:
Richard Clayton
University of Cambridge
Computer Laboratory, GE21
William Gates Building,
JJ Thomson Avenue,
Cambridge CB3 0FD
United Kingdom
Phone: +44 1223 7-63570
Mobile: +44 7887 794090
Email: <Richard.Clayton AT cl.cam.ac.uk>
<rnc1 AT cl.cam.ac.uk>
<richard AT highwayman.com>
If you want to know where I thought I was going to be today then look at my calendar
here; and please pay attention to timezones if I am not in the UK!
|
What I study
I am a security researcher in the Computer Laboratory of the
University of Cambridge and the Director of the
Cambridge Cloud Cybercrime Center.
I work in the field of "security economics".
When there is security failure (or the occasional success!) a technical
investigation will tell you what failed and how it did so -- but looking
at the economic forces in play will often tell you why it was built that
way and why it was allowed to fail.
I mainly study ecrime; I've done a lot of work on phishing with my
long-term collaborator
Tyler Moore.
But I am also very interested in many other types of online crime and in
developing innovative ways of detecting and mitigating email spam.
I'm very keen on measuring things, because I find that many insights come
directly from trying to understand why the figures change over time, or
why we measure different values from apparently similar subgroups.
My PhD was on "traceability" -- whether or not we can tell "who did
that?" and I maintain a keen interest in this topic, along with the related
field of anonymity and the not quite so related field of traffic blocking.
I teach a handful of lectures each year: the notes for the various undergraduate (Part 1B & II) lectures I've given can be found here.
Ancient Part II project proposals are here.
I'm usually also prepared to consider supervising other projects in the security or cryptanalysis milieu.
I've given a great many talks about my work which I list
here
along with the slides (and sometimes notes and occasionally videos).
I have also started to collate
the various media articles that refer to me and my work.
I keep a formal list of my academic publications in
date order; for a topic oriented list (which is usually much more useful) see below.
NB: I often write about what I've been doing on the Security Group "blog" www.lightbluetouchpaper.org. It's well worth a visit.
Phishing
Phishing is the theft of credentials from people who incorrecly believe
that they are using those credentials to access a legitimate service.
- Tyler Moore and Richard Clayton:
Discovering phishing dropboxes using email metadata.
Seventh APWG eCrime Researchers Summit (eCrime), Las Croabas, PR, October 2012.
- Tyler Moore and Richard Clayton:
Ethical Dilemmas in Take-down Research.
Second Workshop on Ethics in Computer Security Research (WECSR 2011), St Lucia, 4 March 2011.
- Tyler Moore and Richard Clayton:
The Impact of Public Information on Phishing Attack and Defense.
Communications & Strategies, 81, 2011, pp. 45--68.
- Tyler Moore and Richard Clayton:
How hard can it be to measure phishing?
Mapping and Measuring Cybercrime, Oxford, UK, January 22 2010.
- Tyler Moore, Richard Clayton and Henry Stern:
Temporal Correlations between Spam and Phishing Websites.
2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET09). Boston, MA, USA, April 21, 2009.
- Tyler Moore and Richard Clayton:
Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing.
In: Roger Dingledine and Philippe Golle (editors):
13th International Financial Cryptography and Data Security Conference (FC09), Barbados, February 23--26, 2009, LNCS 5628, Springer-Verlag, pp. 256--272.
- Tyler Moore and Richard Clayton:
The Consequence of Non-Cooperation in the Fight Against Phishing.
Third APWG eCrime Researchers Summit, Atlanta GA, USA, October 15--16 2008.
- Tyler Moore and Richard Clayton:
Evaluating the Wisdom of Crowds in Assessing Phishing Websites.
In: Gene Tsudik (editor):
Financial Cryptography and Data Security, 12th International Financial Cryptography and Data Security Conference (FC08),
Cozumel, Mexico, January 28-31 2008, volume 5143 of LNCS,
pages 16--30, Springer Berlin/Heidelberg.
- Tyler Moore and Richard Clayton:
The Impact of Incentives on Notice and Take-down.
Seventh Annual Workshop on Economics and Information Security (WEIS08), Dartmouth NH, USA, June 25--28 2008.
In: M. Eric Johnson (editor):
Managing Information Risk and the Economics of Security, pages 199--223, Springer, New York, 2008.
- Tyler Moore and Richard Clayton:
Examining the Impact of Website Take-Down on Phishing.
Second APWG eCrime Researchers Summit, Pittsburgh PA, USA, October 4--5 2007.
- Tyler Moore and Richard Clayton:
An Empirical Analysis of the Current State of Phishing Attack and Defence.
Sixth Annual Workshop on Economics and Information Security (WEIS07), Pittsburgh PA, USA, June 7--8 2007.
- Richard Clayton:
Insecure Real-World Authentication Protocols (or Why Phishing is so Profitable).
Thirteenth International Workshop on Security Protocols, Cambridge, UK, April 20--22 2005.
- Richard Clayton:
Who'd phish from the summit of Kilimanjaro?
In: Andrew S. Patrick and Moti Yung (editors):
Financial Cryptography and Data Security: Ninth International Conference FC 2005, Roseau, The Commonwealth of Dominica, February 28--March 3 2005,
volume 3570 of LNCS, pages 91--92, Springer Verlag.
High Yield Investment Programs (HYIPs)
HYIPs are online ponzi schemes (so they count as fraud in pretty much
every jurisdiction). Unlike many other forms of online criminality they
operate in plain sight -- so they can be measured and tracked somewhat
more easily than other scams.
Security Economics
These papers show how security economics can be applied to a wide range
of issues.
- Tyler Moore and Richard Clayton:
The Ghosts of Banking Past: Empirical Analysis of Closed Bank Websites.
Eighteenth International Financial Cryptography and Data Security Conference (FC14), 3--7 March 2014, Barbados.
- Ross Anderson, Chris Barton, Rainer Boehme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, Stefan Savage:
Measuring the Cost of Cybercrime.
Eleventh Annual Workshop on Economics and Information Security (WEIS12), Berlin, DE, June 25--26 2012.
- Chris Hall, Ross Anderson, Richard Clayton, Evangelos Ouzounis and Panagiotis Trimintzios:
Resilience of the Internet Interconnection Ecosystem.
Tenth Annual Workshop on Economics and Information Security (WEIS11), Fairfax VA, US, June 4--15 2011.
- Richard Clayton:
Might governments clean up malware?
Communications & Strategies, 81, 2011, pp. 87--104.
- Tyler Moore, Richard Clayton and Ross Anderson:
The Economics of Online Crime.
Journal of Economic Perspectives, 23(3), 2009, pages 3--20.
- Richard Clayton:
Internet Multi-Homing Problems: Explanations from Economics.
Eighth Annual Workshop on Economics and Information Security (WEIS09), London, UK, June 24--25 2009.
- Ross Anderson, Rainer Boehme, Richard Clayton, Tyler Moore:
Security Economics and the Internal Market.
European Network and Information Security Agency, January 2008.
- Richard Clayton:
The Rising Tide: DDoS by Defective Designs.
Second Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'06), San Jose CA, USA, 7 July 2006.
Email spam
Email spam remains a scourge -- but most people see less of it than they
used to because the filters are now so good. I used to do a lot of work on
practical methods to detect spam, these days I mainly look at spam data with
a view to better understanding the ecrime that it facilitates.
- Richard Clayton:
On the difficulty of counting spam sources.
Seventh Conference on Email and Anti-Spam (CEAS 2010), Redmond WA, USA, July 13--14 2010.
- Richard Clayton:
How much did shutting down McColo help?
Sixth Conference on Email and Anti-Spam (CEAS 2009), Mountain View CA, USA, July 16--17 2009.
- Richard Clayton:
Do Zebras get more Spam than Aardvarks?
Fifth Conference on Email and Anti-Spam (CEAS 2008), Mountain View CA, USA, Aug 21--22 2008.
- Richard Clayton:
Email Traffic: a quantitative snapshot.
Fourth Conference on Email and Anti-Spam (CEAS 2007), Mountain View CA, USA, Aug 2--3 2007.
- Richard Clayton:
Using Early Results from the 'spamHINTS' Project to Estimate an ISP Abuse Team's Task.
Third Conference on Email and Anti-Spam (CEAS 2006), Mountain View CA, USA, July 28--29 2006.
- Richard Clayton:
Stopping Outgoing Spam by Examining Incoming Server Logs.
Second Conference on Email and Anti-Spam (CEAS 2005), Stanford CA, USA, July 21--22 2005.
- Andrei Serjantov and Richard Clayton:
Modelling Incentives for Email Blocking Strategies.
Fourth Annual Workshop on Economics and Information Security (WEIS05), Boston MA, USA, June 2--3 2005.
- Richard Clayton:
Stopping Spam by Extrusion Detection.
First Conference on Email and Anti-Spam (CEAS 2004), Mountain View CA, USA, July 30--31 2004.
- Ben Laurie and Richard Clayton:
Proof-of-Work Proves Not to Work.
Third Annual Workshop on Economics and Information Security (WEIS04), Minneapolis MN, May 13--14 2004.
Traceability
Traceability is all about knowing "who did that?" on the Internet.
It's often more interesting to look at where traceability fails, and why.
- Richard Clayton:
Extending the requirements for traceability.
LightBlueTouchpaper, 2010-01-12.
- Richard Clayton:
Practical mobile Internet access traceability.
LightBlueTouchpaper, 2010-01-13.
- Richard Clayton:
Mobile Internet access data retention (not!).
LightBlueTouchpaper, 2010-01-14.
- Richard Clayton:
Can CLI be trusted?
Information Security Technical Report, Elsevier. 12(2), 2007, pages 74--79.
- Richard Clayton:
Online traceability: who did that?
Consumer Focus, 26 July 2012, 40pp.
- Richard Clayton:
Anonymity and Traceability in Cyberspace.
Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory, November 2005.
Blocking
I'm very interested in the systems that are deployed in the vain hope
of blocking access to Internet content.
- Richard Clayton:
Technical aspects of the censoring of Wikipedia.
LightBlueTouchpaper, 2011-12-11.
- Richard Clayton:
DCMS illustrates the key issue about blocking.
LightBlueTouchpaper, 2011-08-03.
- Richard Clayton:
TalkTalk's new blocking system.
LightBlueTouchpaper, 2011-05-10.
- Richard Clayton:
Ineffective self-blocking by the National Enquirer.
LightBlueTouchpaper, 2010-03-17.
- Richard Clayton:
What does Detica detect?
LightBlueTouchpaper, 2009-12-07.
- Richard Clayton:
Twisty little passages, all alike.
LightBlueTouchpaper, 2008-05-18.
- Richard Clayton:
The Phorm "Webwise" System
LightBlueTouchpaper, 2008-04-04.
- Richard Clayton, Steven J. Murdoch and Robert N.M. Watson:
Ignoring the Great Firewall of China.
I/S A Journal of Law and Policy for the Information Society, 3(2), Fall 2007, pp: 273--298.
- Richard Clayton:
Failures in a Hybrid Content Blocking System.
In: George Danezis and David Martin (editors):
Privacy Enhancing Technologies, Fifth International Workshop, PET 2005, Cavtat, Croatia,
May 30--June 1 2005, volume 3856 of LNCS,
pages 78--92, Springer Verlag.
Anonymity
Anonymity is the flipside of traceability -- and much of my work in this
area has been about how these systems break in the real world. Doing things
randomly may make you easier to find than you expected!
- George Danezis and Richard Clayton:
Introducing Traffic Analysis.
In: Alessandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis, Sabrina di Vimercati (editors):
Digital Privacy: Theory, Technologies, and Practices, Auerbach Publications, Nov 2007.
- George Danezis and Richard Clayton:
Route Fingerprinting in Anonymous Communications.
Sixth IEEE International Conference on Peer-to-Peer Computing,
Cambridge UK, 6--8 September 2006.
- Richard Clayton:
Improving Onion Notation.
In: Roger Dingledine (editor):
Privacy Enhancing Technologies, Third International Workshop, PET 2003,
Dresden, Germany, March 26--28 2003, volume 2760 of LNCS,
pages 81--87, Springer Verlag.
- Richard Clayton and George Danezis:
Chaffinch: Confidentiality in the Face of Legal Threats.
In: Fabien A. P. Petitcolas (editor):
Information Hiding Workshop (IH 2002) Noordwijkerhout, The Netherlands, October 7--9 2002,
volume 2578 of LNCS, pages 70--86, Springer Verlag.
- Richard Clayton, George Danezis and Markus G. Kuhn:
Real World Patterns of Failure in Anonymity Systems.
In: Ira S. Moskowitz (editor):
Information Hiding Workshop (IH 2001) Pittsburgh PA, USA, April 25--27 2001, volume 2137 of LNCS, pages 230--244, Springer Verlag.
Brute force
Brute force ("proof-of-work") isn't much use in dealing
with email spam (the bad guys have more computers than we do). However, it
can be useful in breaking (pretty weak) cryptographic keys and I've done
some work, long ago on that. I've an ancient
bibliography and list of brute force results
and
a lot of detailed material about our DES cracker.
- Richard Clayton and Mike Bond:
Experience Using a Low-Cost FPGA Design to Crack DES Keys.
In: Burton S. Kaliski Jr., Çetin K. Koç and Christof Paar (editors):
Cryptographic Hardware and Embedded Systems -- CHES 2002, Redwood Shores CA, USA, August 13--15 2002, volume 2523 of LNCS, pages 579--592, Springer Verlag.
Policy etc.
I have acted a specialist adviser to committees of the House of Commons
and House of Lords on various inquiries:
-
Scientific advice and evidence in emergencies.
House of Commons Science and Technology Committee,
Session 2010-2011, Third Report, 2 March 2011.
-
Protecting Europe against large-scale cyber-attacks.
House of Lords European Union Committee,
Session 2009-2010, Fifth Report, 18 March 2010.
-
Personal Internet Security: Follow-up.
House of Lords Science and Technology Committee,
Session 2007-2008, Fourth Report, 8 July 2008.
-
Personal Internet Security.
House of Lords Science and Technology Committee,
Session 2006-2007, Fifth Report, 10 August 2007.
I have acted a specialist adviser to the All Party Internet Group (APIG),
latterly the All Party Parliamentary Communications Group (apComms) in various
inquiries that they have held:
I've written a assortment of submissions to consultations, think pieces
and so on. some of which get quoted from time to time:
PGP Keys
If you wish to write to me then I welcome PGP encrypted email.
If I write to you then I usually sign what I send and, if I know your key, will encrypt it as well (please say if this annoys!).
You can find my keys (and an explanation of how they all interact)
here.
last modified 29 DEC 2015 -- http://www.cl.cam.ac.uk/~rnc1/