Professor Steven J. Murdoch

I am Professor of Security Engineering, a Royal Society University Research Fellow and head of the Information Security Research Group of the Department of Computer Science at University College London. I am also a bye-fellow of Christ’s College, a member of the Tor Project, and a Fellow of the IET and BCS.

Open positions

I am always interested in recruiting talented researchers to join my team at UCL, both as PhD students and for post-doctoral positions. Interested candidates should email me their curriculum vitae and a short research proposal.

Professor Steven J. Murdoch
Photo by James Tye (other photos)

Recent publications

For more details see my full list of publications or my Google Scholar page. I also write articles on information security for the UCL Information Security Group blog – Bentham’s Gaze.

  • CoStricTor: Collaborative HTTP Strict Transport Security in Tor Browser
    Killian Davitt, Dan Ristea, Duncan Russell, Steven J. Murdoch
    HTTP Strict Transport Security (HSTS) is a widely-deployed security feature in modern web browsing. It is also, however, a potential vector for user tracking and surveillance. Tor Browser, a web browser primarily concerned with online anonymity, disables HSTS as a result of this tracking potential. We present the CoStricTor protocol which crowdsources HSTS data among Tor Browser clients. It gives Tor Browser users increased resistance to man-in-the-middle attacks without exposing them to HSTS tracking. Our protocol adapts other privacy-preserving data aggregation algorithms to share data effectively among users with strong local differential privacy guarantees. The CoStricTor protocol resists denial of service attacks by design through our innovative use of Bloom filters to represent complementary data. Our simulations show our protocol can model up to 150,000 websites, providing 10,000 upgrades to HSTS for users.
    Proceedings on Privacy Enhancing Technologies, Volume 2024, Number 1, pages 343–356, 2024. (Journal of the 24th Privacy Enhancing Technologies Symposium, Bristol, UK). [ paper | DOI 10.56553/popets-2024-0020 ]
  • Payment with Dispute Resolution: A Protocol for Reimbursing Frauds Victims
    Aydin Abadi, Steven J. Murdoch
    An “Authorised Push Payment” (APP) fraud refers to a case where fraudsters deceive a victim to make payments to bank accounts controlled by them. The total amount of money stolen via APP frauds is swiftly growing. Although regulators have provided guidelines to improve victims’ protection, the guidelines are vague, the implementation is lacking in transparency, and the victims are not receiving sufficient protection. To facilitate victims’ reimbursement, in this work, we propose a protocol called “Payment with Dispute Resolution” (PwDR) and formally define it. The protocol lets an honest victim prove its innocence to a third-party dispute resolver while preserving the protocol participants’ privacy. It makes black-box use of a standard online banking system. We implement its most computationally-intensive subroutine and analyse its runtime. We also evaluate its asymptotic cost. Our evaluation indicates that the protocol is efficient. It imposes only 𝑂(1) overheads to the customer and bank. Moreover, it takes a dispute resolver only 0.09 milliseconds to settle a dispute between the two parties.
    ACM ASIA Conference on Computer and Communications Security (ASIACCS), Melbourne, Australia, 10–14 July 2023. [ paper | DOI 10.1145/3579856.3595789 ]
  • Recurring Contingent Service Payment
    Aydin Abadi, Steven J. Murdoch, Thomas Zacharias
    Fair exchange protocols let two mutually distrustful parties exchange digital data in a way that neither party can cheat. They have various applications such as the exchange of digital items, or the exchange of digital coins and digital services between a buyer/client and seller/server. In this work, we formally define and propose a generic blockchain-based construction called "Recurring Contingent Service Payment" (RC-S-P). It (i) lets a fair exchange of digital coins and verifiable service reoccur securely between clients and a server while ensuring that the server is paid if and only if it delivers a valid service, and (ii) ensures the parties' privacy is preserved. RC-S-P supports arbitrary verifiable services, such as "Proofs of Retrievability" (PoR) or verifiable computation and imposes low on-chain overheads. Our formal treatment and construction, for the first time, consider the setting where either client or server is malicious. We also present a concrete efficient instantiation of RC-S-P when the verifiable service is PoR. We implemented the concrete instantiation and analysed its cost. When it deals with a 4-GB outsourced file, a verifier can check a proof in only 90 milliseconds, and a dispute between a prover and verifier is resolved in 0.1 milliseconds. At CCS 2017, two blockchain-based protocols were proposed to support the fair exchange of digital coins and a certain verifiable service; namely, PoR. In this work, we show that these protocols (i) are susceptible to a free-riding attack which enables a client to receive the service without paying the server, and (ii) are not suitable for cases where parties' privacy matters, e.g., when the server's proof status or buyer's file size must remain private from the public. RC-S-P simultaneously mitigates the above attack and preserves the parties' privacy.
    2023 IEEE European Symposium on Security and Privacy (EuroS&P), Delft, The Netherlands, 03–07 July 2023. [ paper | DOI 10.1109/EuroSP57164.2023.00049 ]

Recent talks

For more detail see my full list of talks

  • Electronic Evidence
    Steven J. Murdoch
    Computer-generated evidence is playing an increasing role in legal disputes. This talk discusses the potential impact of computer bugs on the reliability of electronic evidence, and what documentation may be available to assess to what extent it is appropriate to depend on such evidence.
    Royal Society Science and the Law Seminar Series, 13 December 2023. [ slides | video (re-recording) | transcript ]
  • Post Office Horizon Scandal
    Steven J. Murdoch
    Computer bugs were found to be the reason many sub-postmasters and sub-postmistresses were wrongly convicted of stealing and false accounting. Professor Steven Murdoch, a professor of Security Engineering and a Royal Society University Research Fellow at UCL explains the sorts of faults that were found.
    Computerphile, 09 July 2021. [ video | video (extra bits) ]
  • Designing for Dispute Resolution
    Steven J. Murdoch
    No computer system is perfect, so some people may dispute a computer’s decision (whether or not it is actually correct), and the system may be required to help resolve this disagreement. This requirement is particularly important when the computer system tracks who owns what, whether money or goods. The state of the art for reliably tracking account balances is double-entry bookkeeping, developed in the 13th century and translated more or less unchanged to computers. Double-entry accounting can identify losses but is less good at identifying the cause. As shown in the Post Office trial, companies may tend to hold the weaker party liable for such losses, and there’s not much they can do to show otherwise. In this talk, I argue that we need to move away from tracking balances and track items – which would be inconceivable with 13th-century technology but tractable with modern computing. This is one approach to addressing the challenges of evidence-critical systems, which must produce accurate and interpretable information to resolve disputes.
    Workshop on Security and Human Behaviour (SHB 2021), 03–04 June 2021. [ slides ]

Professional activities

Research supervision

Killian Davitt (PhD student, 2018–): understanding, measuring and improving the security of collaboration tools.

Alexander Hicks (PhD student, 2017–): privacy preserving continuous authentication.

Andreas Gutmann (PhD student, 2016–2020): privacy-preserving transaction authentication for mobile devices.

Shehar Bano (Research Assistant & PhD student, 2013–2016): measurement of censorship and censorship resistance systems.

Kumar Sharad (PhD student, 2012–2016): security in social networks – anonymisation and fraud prevention.

Program chair

14th Privacy Enhancing Technologies Symposium, 16–18 July, 2014, Amsterdam, Netherlands.

15th Privacy Enhancing Technologies Symposium, 30 June–2 July 2015, Philadelphia, PA, USA.

General chair

Financial Cryptography and Data Security 2011, 15th International Conference, 28 February–4 March 2011, St. Lucia.

Programme committee membership

  • IEEE European Symposium on Security and Privacy 2019
  • IFIP Summer School 2016, 2017, 2018
  • Financial Cryptography and Data Security (FC): 2010, 2016, 2018
  • Privacy Enhancing Technologies Symposium (PETS): 2007, 2008, 2009, 2011, 2017, 2018
  • Network and Distributed System Security Symposium (NDSS): 2017
  • ACM Conference on Computer and Communications Security (CCS): 2007, 2008, 2010, 2011, 2016
  • Annual Privacy Forum 2014
  • Free and Open Communications on the Internet (FOCI) 2013
  • USENIX Security 2012
  • European Symposium on Research in Computer Security (ESORICS) 2011
  • Workshop on Foundations of Security and Privacy (FCS-PrivMod): 2010
  • Workshop on Privacy in the Electronic Society (WPES): 2006, 2007, 2009
  • FIDIS/IFIP Internet Security & Privacy Summer School: 2008
  • ACM Symposium on Applied Computing (Computer Security track): 2007

Journal reviewing

Includes Proceedings on Privacy Enhancing Technologies (2017, 2018, 2019), ACM Transactions on Internet Technology (TOIT) (2017), International Journal of Computer Security (2016), IEEE Transactions on Dependable and Secure Computing (2009), ACM Transactions on Information and System Security (2008), IEEE Transactions on Software Engineering (2008), IEEE/ACM Transactions on Networking (2007), IEEE Security & Privacy (2007), The Triple Helix (2008), Identity in the Information Society (2008).

Contact Details

email (preferred):

s.murdoch at


Professor Steven J. Murdoch
Computer Science Department
University College London
Gower Street
United Kingdom


+44 20 3108 1629 (internal x51629)

mobile and Signal:

+44 7866 807 628