News archive

10 October 2014
Added new paper, published in IET Electronics Letters: “Optimising node selection probabilities in multi-hop M/D/1 queuing networks to reduce latency of Tor”.

29 August 2014
Added slides for my invited lecture at University College London: “Online Payment Methods”.

31 July 2014
Added edited volumes: Privacy Enhancing Technologies 2014 and Internet Censorship and Control.

30 July 2014
Added panel session with audio from Royal Society Summer Science Exhibition – “Privacy with technology: where do we go from here?”.

28 July 2014
Added video for my keynote at OWASP AppSec EU 2014 – “Anonymous Communications and Tor: History and Future Challenges”.

09 July 2014
Added ACM Author-Izer Service for my ACM publications.

27 June 2014
Added CTSRD-related publications: “CHERI: a research platform deconflating hardware virtualization and protection”, “Towards a Theory of Application Compartmentalisation”, “CHERI Instruction-Set Architecture”, “CHERI User’s Guide”, “BERI Hardware Reference”, and “BERI Software Reference”.

26 June 2014
Added slides for my OWASP AppSecEU keynote: “Anonymous Communications and Tor: History and Future Challenges”.

19 June 2014
Added new article, appearing in the Inside Risks column of the Communications of the ACM: “EMV: Why Payment Systems Fail”.

18 May 2014
Added new paper, presented at IEEE Security and Privacy: “Chip and Skim: cloning EMV cards with the pre-play attack”.

09 April 2014
Added slides for my invited lecture at Royal Holloway, University of London: “Introduction to Trusted Execution Environments”.

07 April 2014
Added keynote talk and invited paper from ESORICS workshops: “Quantifying and Measuring Anonymity”.

26 March 2014
Added article from Index on Censorship: “No magic formula”.

03 March 2014
Added pre-proceedings draft of my paper “Security Protocols and Evidence: Where Many Payment Systems Fail”, and slides presented at Financial Cryptography and Data Security '14.

03 February 2014
The Digital Evidence and Electronic Signature Law Review is now open access, including my article, “Reliability of Chip & PIN evidence in banking disputes”. For other details see my publication list.

05 March 2013
Added slides for my invited talk at OWASP Belgium: “Banking security: attacks and defences”.

17 January 2013
Added “How Certification Systems Fail: Lessons from the Ware Report”, which appeared in the Nov/Dec 2012 edition of IEEE Security & Privacy.

12 September 2012
Added slides for my invited talk at CHES 2012: “Banking security: attacks and defences”.

11 September 2012
Added “Chip and Skim: cloning EMV cards with the pre-play attack”, the paper accompanying my invited talk at CHES 2012.

22 September 2011
Added “Wall 2.0”, an article published in The European, in both German and the original English.

20 April 2011
Added a few missing talks and my paper at FC11.

22 November 2010
The slides for my guest lecture in the Part II Security course – “Anonymity and Censorship Resistance” – are now available.

26 October 2010
Added new poster (Anonymous Communications and Censorship Resistance, Royal Society Web Science meeting) and talk (Chip and PIN is Broken, ISSE GI-Sicherheit 2010).

21 October 2010
Updated professional activities: added CCS 2011 and PETS 2011 (program committee member) and FC 2011 (general chair).

19 August 2010
The updated version of my paper at the 2008 Security Protocols Workshop – “Hardened Stateless Session Cookies” – is now available.

09 August 2010
The slides from my presentation at the International Crime Science Conference are now available.

04 August 2010
My paper “Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks”, presented at the Privacy Enhancing Technologies Symposium (PETS 2010), is now available.

07 June 2010
My book chapter, Destructive Activism: The Double-Edged Sword of Digital Tactics, appearing in Digital Activism Decoded: The New Mechanics of Change, is now online. It is also available for sale on Amazon UK and Amazon US.

19 May 2010
The slides from my presentation at IEEE Security and Privacy (Oakland) are now available, and the final paper (Chip and PIN is Broken) is also online.

26 February 2010
My article for the Digital Evidence and Electronic Signature Law Review, “Reliability of Chip & PIN evidence in banking disputes” is now available.

17 February 2010
The slides for my presentation at Achieving Sustainable Improvements in the Security of Retail Payments, hosted by the Federal Reserve Bank of Philadelphia, “Chip & PIN: 5 years on”, are now available.

11 February 2010
Published draft of my paper “Chip and PIN is Broken”, to be presented at the 2010 IEEE Symposium on Security & Privacy. See also our blog post, press release and FAQ. This work was featured on BBC Newsnight (YouTube video).

26 January 2010
Added pre-proceedings draft of my paper “Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication”, presented at Financial Cryptography and Data Security '10.

03 January 2010
The slides for my presentation at the Chaos Communication Congress (26C3), “Optimised to fail: Card readers for online banking”, are now available.

30 December 2009
Added pre-proceedings draft of my paper “A Case Study on Measuring Statistical Data in the Tor Anonymity Network”, to be presented at the Workshop on Ethics in Computer Security Research.

08 December 2009
My article in the November/December 2009 issue of the IEEE Security & Privacy magazine, “Failures of Tamper-Proofing in PIN Entry Devices”, is now available.

29 November 2009
Added RSS feed for site updates, and linked to my Twitter feed.

28 November 2009
Updated programme committee memberships, added FCS-PrivMod 2010, and CCS 2010.

04 November 2009
The slides for my guest lecture in the Part II Security course – “Anonymity and Censorship Resistance” – are now available.

03 September 2009
Added two new talks, given at the Cambridge Crime Symposium: Verified by Visa and MasterCard SecureCode and Evidence in Fraud Cases: Complexity and Access.

25 May 2009
Replaced main photo with a portrait by Roland Eva. Added photo archive.

19 May 2009
Added new programme committee membership for WPES 2009 and updated other entries.

04 May 2009
Released v0.1 of screentimelock, a simple utility that locks GNU screen for a time period, to reduce the temptation to always check mail, IRC, and Twitter.

01 April 2009
The slides for my talk at Microsoft Research, Cambridge – “System-Level Failures in Security” – are now available.

20 March 2009
Published two patent applications, originally filed in September 2007: Dynamic Host Configuration Protocol and Secure Network Location Awareness.

15 March 2009
Updated professional activities, including new programme committee membership for Financial Cryptography 2010.

04 March 2009
Published the slides and papers for some presentations which I forgot to link to from their respective pages:

25 February 2009
The paper and slides for “Optimised to fail: Card readers for online banking”, presented at Financial Cryptography, are now available. See also the associated blog post.

11 February 2009
The slides for “Freedom of Speech and the Internet”, presented at Cambridge University Amnesty International, are now available.

30 December 2008
The slides for my presentation at the Chaos Communication Congress (25C3), “Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof”, are now available.

14 November 2008
The slides for my guest lecture in the Part II Security course, “Anonymity and Censorship Resistance”, are now available.

31 October 2008
The slides for “Internet censorship and how it is resisted” presented at the Cambridge University Student Pugwash Society, are now available.

31 October 2008
The slides for “The convergence of ATM and online transactions” presented at ATM Security 2008, are now available.

14 October 2008
The slides and paper for “An Improved Clock-skew Measurement Technique for Revealing Hidden Services” presented at the 2008 USENIX Security Symposium, are now available.

30 September 2008
The full text of “Tools and Technology of Internet Filtering” is now available. This is a book chapter from Access Denied: The Practice and Policy of Global Internet Filtering, which publishes the results of the OpenNet Initative survey of Internet filtering.

23 July 2008
The slides and paper for “Metrics for Security and Performance in Low-Latency Anonymity Systems”, presented at the 2008 Privacy Enhancing Technologies Symposium, are now available.

18 May 2008
The slides and paper for “Thinking Inside the Box: System-level Failures of Tamper Proofing”, presented at the 2008 IEEE Symposium on Security and Privacy, are now available.

17 April 2008
My paper, “Hardened Stateless Session Cookies”, presented at the Cambridge Protocols Workshop 2008, is now available.

19 March 2008
My paper, “Securing Network Location Awareness with Authenticated DHCP”, presented at SecureComm 2007, is now available.

26 February 2008
For more information on the BBC Newsnight coverage of our Chip & PIN story, see our background website and press release. Full details can be found in our academic paper, to be presented at the IEEE Symposium on Security and Privacy.

29 December 2007
The slides from my talk at 24C3, “Relay attacks on card payment: vulnerabilities and defences”, are now available.

17 December 2007
My article, “Shifting Borders”, published in the current issue of Index on Censorship (DOI link), is now available.

07 December 2007
My PhD thesis, “Covert channel vulnerabilities in anonymity systems”, has now been published as UCAM-CL-TR-706.

19 November 2007
The slides from my talk at the 2007 Workshop on Trustworthy Elections, "Experiences as an e-counting election observer in the UK", are now available.

14 September 2007
The slides from my invited talk at EuroBSDCon 2007, held in Copenhagen, Denmark today, are now available.

05 July 2007
My slides, from the presentation of "Sampled Traffic Analysis by Internet-Exchange-Level Adversaries", at the PET Workshop, held in Ottawa, Canada last month, are now available.

15 June 2007
On 11 June 2007, I gave a talk to the COSIC group at K.U. Leuven – "EMV flaws and fixes: vulnerabilities in smart card payment systems". The slides from this talk are now available.

28 May 2007
The pre-proceedings version of my paper, co-authored with Piotr Zieliński – "Sampled Traffic Analysis by Internet-Exchange-Level Adversaries" – is now available. This paper is to be presented at the PET Workshop, Ottawa, Canada, 20–22 June 2007.

21 May 2007
The final version of my paper, co-authored with Saar Drimer – "Keep Your Enemies Close: Distance bounding against smartcard relay attacks" – is now available. This paper is to be presented at USENIX Security, Boston, MA, USA, 6–10 August 2007.

07 February 2007
For further information on the Chip & PIN relay attack, as featured on Watchdog, please see this press release and our summary of the attack.

27 December 2006
The slides from my talk – “Detecting temperature through clock skew”, presented at the 23rd Chaos Communication Congress, are now online. This presentation is based on the paper “Hot or Not: Revealing Hidden Services by their Clock Skew”, for which I wrote some software to perform remote clock skew analysis. The source code for these tools is now available.

21 December 2006
The slides from my talk – “Out of Character: Are the Chinese Creating a Second Internet?” are now online. They are from a presentation I gave at a workshop of the Inter-Disciplinary China Studies Forum, held in the University of Cambridge.

19 December 2006
Links added to conferences I am on the program committee for: PET 2007 and ACM CCS 2007.

13 December 2006
The slides from my talk – “Censorship resistant technologies” – are now online. They are from a presentation I gave at the Horizon Seminar: Risk, Threat & Detection, held in the University of Cambridge.


Last modified 2014-10-10 14:41:45 +0100


[ Home ]