Professor Steven J. Murdoch
I am Professor of Security Engineering and a Royal Society University Research Fellow in the Information Security Research Group of the Department of Computer Science at University College London. I am also a bye-fellow of Christ’s College, Innovation Security Architect at the OneSpan Innovation Center, Cambridge, a member of the Tor Project, and a Fellow of the IET and BCS.
I am always interested in recruiting talented researchers to join my team at UCL, both as PhD students and for post-doctoral positions. Interested candidates should email me their curriculum vitae and a short research proposal.
- Briefing Note: The legal rule that computers are presumed to be operating correctly – unforeseen and unjust consequences
Nicholas Bohm, James Christie, Peter Bernard Ladkin, Bev Littlewood, Paul Marshall, Stephen Mason, Martin Newby, Steven J. Murdoch, Harold Thimbleby, Martyn Thomas
In England and Wales, courts consider computers, as a matter of law, to have been working correctly unless there is evidence to the contrary. Therefore, evidence produced by computers is treated as reliable unless other evidence suggests otherwise. This way of handling evidence is known as a ‘rebuttable presumption’. A court will treat a computer as if it is working perfectly unless someone can show why that is not the case. The legal presumption, as applied in practice, has exposed widespread misunderstanding about the nature of computer failures – in particular, the fact that computer failures are usually failures of software – because of the naïve belief that computers were just ‘mechanical instruments’. The presumption has been the cause of widespread injustice. We propose that the presumption that computer evidence is reliable be replaced with a process where if computer evidence is challenged, a party must justify the correctness of the evidence upon which they rely. The procedural and evidential safeguards of the kind we propose would probably have avoided the disastrous repeated miscarriages of justice over the past 20 years. The Post Office Horizon scandal is not unique.
Digital Evidence and Electronic Signature Law Review, Volume 19, pages 123–127, ISSN 1756-4611, 2022. [ article | alternative link | preprint | DOI 10.14296/deeslr.v19i0.5476 ]
- Multi-party Updatable Delegated Private Set Intersection
Aydin Abadi, Changyu Dong, Steven J. Murdoch, Sotirios Terzis
With the growth of cloud computing, the need arises for Private Set Intersection protocols (PSI) that can let parties outsource the storage of their private sets and securely delegate PSI computation to a cloud server. The existing delegated PSIs have two major limitations; namely, they cannot support (1) efficient updates on outsourced sets and (2) efficient PSI among multiple clients. This paper presents “Feather”, the first lightweight delegated PSI that addresses both limitations simultaneously. It lets clients independently prepare and upload their private sets to the cloud once, then delegate the computation an unlimited number of times. We implemented Feather and compared its costs with the state of the art delegated PSIs. The evaluation shows that Feather is more efficient computationally, in both update and PSI computation phases.
Financial Cryptography and Data Security DOI 10.1007/978-3-031-18283-9_6 LNCS 13411, Springer.">additional, Grenada, 02–06 May 2022. [ paper ]
- Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown
Colin C. Ife, Yun Shen, Steven J. Murdoch, Gianluca Stringhini
The malware and botnet phenomenon is among the most significant threats to cybersecurity today. Consequently, law enforcement agencies, security companies, and researchers are constantly seeking to disrupt these malicious operations through so-called takedown counter-operations. Unfortunately, the success of these takedowns is mixed. Furthermore, very little is understood as to how botnets and malware delivery operations respond to takedown attempts. We present a comprehensive study of three malware delivery operations that were targeted for takedown in 2015–16 using global download metadata provided by Symantec. In summary, we found that: (1) Distributed delivery architectures were commonly used, indicating the need for better security hygiene and coordination by the (ab)used service providers. (2) A minority of malware binaries were responsible for the majority of download activity, suggesting that detecting these “super binaries” would yield the most benefit to the security community. (3) The malware operations exhibited displacing and defiant behaviours following their respective takedown attempts. We argue that these “predictable” behaviours could be factored into future takedown strategies. (4) The malware operations also exhibited previously undocumented behaviours, such as Dridex dropping competing brands of malware, or Dorkbot and Upatre heavily relying on upstream dropper malware. These “unpredictable” behaviours indicate the need for researchers to use better threat-monitoring techniques.
International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 06–08 October 2021. [ paper | DOI 10.1145/3471621.3471844 ]
For more detail see my full list of talks
- Post Office Horizon Scandal
Steven J. Murdoch
Computer bugs were found to be the reason many sub-postmasters and sub-postmistresses were wrongly convicted of stealing and false accounting. Professor Steven Murdoch, a professor of Security Engineering and a Royal Society University Research Fellow at UCL explains the sorts of faults that were found.
Computerphile, 09 July 2021. [ video | video (extra bits) ]
- Designing for Dispute Resolution
Steven J. Murdoch
No computer system is perfect, so some people may dispute a computer’s decision (whether or not it is actually correct), and the system may be required to help resolve this disagreement. This requirement is particularly important when the computer system tracks who owns what, whether money or goods. The state of the art for reliably tracking account balances is double-entry bookkeeping, developed in the 13th century and translated more or less unchanged to computers. Double-entry accounting can identify losses but is less good at identifying the cause. As shown in the Post Office trial, companies may tend to hold the weaker party liable for such losses, and there’s not much they can do to show otherwise. In this talk, I argue that we need to move away from tracking balances and track items – which would be inconceivable with 13th-century technology but tractable with modern computing. This is one approach to addressing the challenges of evidence-critical systems, which must produce accurate and interpretable information to resolve disputes.
Workshop on Security and Human Behaviour (SHB 2021), 03–04 June 2021. [ slides ]
- Making sense of EMV card data – decoding the TLV format
Steven J. Murdoch
EMV (sometimes known as Chip and PIN) is the worldwide standard for smart card payments. It was designed to allow credit and debit cards issued by any bank work to make a payment through any terminal, even across international borders and despite chip cards being extremely limited in the computation they can perform. In this talk I’ll discuss how EMV achieves this difficult task, through the use of the TLV (Tag-Length-Value) data format. I will demonstrate how to decode TLV data found on real EMV chip cards, and what significance this data has in the wider payment ecosystem. Finally I’ll discuss how the use of TLV, despite its advantages, has contributed to the creation of security vulnerabilities in Chip and PIN.
DEF CON 28 Safe Mode, Payment Village, 07–09 August 2020. [ video | video (alternate) | slides (interactive) | slides (static) | code | code (alternate) | notes (interactive) | notes (alternate) ]
Killian Davitt (PhD student, 2018–): understanding, measuring and improving the security of collaboration tools.
Alexander Hicks (PhD student, 2017–): privacy preserving continuous authentication.
Andreas Gutmann (PhD student, 2016–): privacy-preserving transaction authentication for mobile devices.
Shehar Bano (Research Assistant & PhD student, 2013–2016): measurement of censorship and censorship resistance systems.
Kumar Sharad (PhD student, 2012–2016): security in social networks – anonymisation and fraud prevention.
14th Privacy Enhancing Technologies Symposium, 16–18 July, 2014, Amsterdam, Netherlands.
15th Privacy Enhancing Technologies Symposium, 30 June–2 July 2015, Philadelphia, PA, USA.
Financial Cryptography and Data Security 2011, 15th International Conference, 28 February–4 March 2011, St. Lucia.
Programme committee membership
- IEEE European Symposium on Security and Privacy 2019
- IFIP Summer School 2016, 2017, 2018
- Financial Cryptography and Data Security (FC): 2010, 2016, 2018
- Privacy Enhancing Technologies Symposium (PETS): 2007, 2008, 2009, 2011, 2017, 2018
- Network and Distributed System Security Symposium (NDSS): 2017
- ACM Conference on Computer and Communications Security (CCS): 2007, 2008, 2010, 2011, 2016
- Annual Privacy Forum 2014
- Free and Open Communications on the Internet (FOCI) 2013
- USENIX Security 2012
- European Symposium on Research in Computer Security (ESORICS) 2011
- Workshop on Foundations of Security and Privacy (FCS-PrivMod): 2010
- Workshop on Privacy in the Electronic Society (WPES): 2006, 2007, 2009
- FIDIS/IFIP Internet Security & Privacy Summer School: 2008
- ACM Symposium on Applied Computing (Computer Security track): 2007
Includes Proceedings on Privacy Enhancing Technologies (2017, 2018, 2019), ACM Transactions on Internet Technology (TOIT) (2017), International Journal of Computer Security (2016), IEEE Transactions on Dependable and Secure Computing (2009), ACM Transactions on Information and System Security (2008), IEEE Transactions on Software Engineering (2008), IEEE/ACM Transactions on Networking (2007), IEEE Security & Privacy (2007), The Triple Helix (2008), Identity in the Information Society (2008).
s.murdoch at ucl.ac.uk
post:Professor Steven J. Murdoch
Computer Science Department
University College London