Projects
Current projects
Collaborative ResistancE to Web Surveillance (CREWS) (2021–)
Steven J. Murdoch (PI, UCL), Killian Davitt (PhD student, UCL), Matthew Finkel (Tor Project), Duncan Russell (Tor Project)
Much engagement between individuals is now through the world-wide-web, but here respect for the tenets of Human Data Interaction (HDI) is notably lacking. Websites apply tracking techniques to link a user’s activity between websites to build up a profile of the individual that is more detailed than any one site would be able to create. Such linkage violates the principle of contextual integrity, by breaking boundaries between aspects of a person’s life that they wish to be separate.
The GDPR has resulted in some data controls being made available, but so far these are inadequate. Legibility is purported to be provided through privacy-policies, but these are incomprehensible. Agency is purported to be provided through opt-in/opt-out privacy notices, but these don’t offer a genuine choice. Negotiability is purported to be provided through cookie-dialogs, but the PI’s research has shown that websites commonly block individuals exercising their right to privacy. Even if cookies are blocked, websites can and do use IP-address tracking to perform linkage and geolocation.
Resistance to web tracking allows an individual to unilaterally assert their agency, rather than waiting for websites to offer controls for how their personal data is used. This resistance must cover both tracking through cookies and equivalent web features, as well as tracking based on IP-addresses. The most popular technology for achieving resistance to web-tracking is the Tor Browser, created by the project PI in 2009. Tor Browser employs advanced anti-tracking measures within the browser to prevent linkage through web-features and routes communication over the Tor network to prevent linkage through IP addresses.
Tor Browser blocks the information implicitly disclosed by web-tracking, granting users the agency of whether or not to disclose information explicitly. Changing information disclosures from implicit to explicit enhances legibility around what information is disclosed, and agency over whether or not to disclose it.
In CREWS, we will explore how Tor Browser is used as a form of resistance in an area where the tenets of HDI are not available. Furthermore, we will explore how to apply the tenets of HDI to enhance the effectiveness of this resistance further. Specifically, we will evaluate approaches for encrypting web browsing data as it leaves the Tor network to prevent it from being eavesdropped. Firstly, we will evaluate individual resistance by informing users of the risks of unencrypted browsing (legibility) and give users the agency to allow it or not. Secondly, we will evaluate collective resistance by giving users the agency to share anonymised web browsing data to protect themselves and other users better. Finally, we will explore active resistance to augment passive resistance, to increase the level of privacy achieved by Tor Browser.
This work is supported by EPSRC through the HDI Network Plus [grant number EP/R045178/1].
UCL COVID-19 case reporting (2020–2022)
Steven J. Murdoch (PI)
UCL publishes a daily snapshot of the number of confirmed cases of COVID-19 in UCL staff and students. Sometimes trends are more important than individual snapshots in understanding a situation, so I am collecting and publishing how these statistics are changing over time.
Understanding, Measuring and Improving the Security of Collaboration Tools (2018–)
Steven J. Murdoch (PI), Killian Davitt (PhD student)
Whenever you communicate with someone electronically there are intermediaries that process and carry your communication, helping it reliably get to the intended destination, or storing it until the recipient goes online to collect it. We hope that these intermediaries behave properly, but sometimes they get hacked, or the people running them act maliciously, and your communications can then be tampered with and eavesdropped, with potentially severe consequences. End-to-end encryption is designed to protect against such threats and has been available for decades, but it’s still rarely used because it interferes with modern ways of working. Even if data is encrypted end-to-end, analysis of the meta-data can still violate privacy, for example disclosing who is working with whom. Anonymous communication systems like Tor can help protect meta-data but the delay that the most secure systems (e.g. Loopix) introduce would prevent standard collaboration technologies from working properly. This project will develop techniques to build collaboration applications that are end-to-end secure, and protect privacy. We will quantify how secure and effective they are, working with investigative journalists who need high levels of security in their collaboration applications.
This work is supported by the Royal Society [grant number RGF\EA\180191].
Demonstrating trustworthiness through providing transparency in communicating resilience (2017–)
Steven J. Murdoch (PI), Alexander Hicks (PhD student)
In addition to ensuring that a computer system is secure, it is often necessary to assure parties that rely on the system that it is operating correctly. An increasingly common scenario of this type is when evidence from a computer system is used in legal cases (e.g. when transaction logs are used in banking disputes, or when telephone or Internet records are used in criminal prosecutions). Currently, courts are asked to simply accept that a computer is working correctly. This risks evidence being ruled invalid despite being correct, or being accepted despite being incorrect. This project will develop methods for enhancing the transparency of computer systems, such that their level of security can be scrutinised and the extent to which they can be relied upon can be assessed.
Publications
- VAMS: Verifiable Auditing of Access to Confidential Data, arXiv:1805.04772, May 2018
- Incentives in Security Protocols, International Workshop on Security Protocols, March 2018 (Springer)
This work is supported by OneSpan and UCL through an EPSRC Research Studentship.
Privacy-preserving Transaction Authentication for Mobile Devices (2016–)
Steven J. Murdoch (PI), Andreas Gutmann (PhD student)
With the rapid accumulation and processing of personal data by numerous organizations, it is of paramount importance to protect people from adverse uses of their data, while allowing them to enjoy the benefits the use of these data can possibly provide. This is the question of protecting citizens’ privacy, while enabling them to make informed decisions regarding their actions with privacy implications. In this project, part of the Privacy & Us Marie Sklodowska-Curie Innovative Training Network and based at OneSpan, we will explore techniques for privacy-preserving authentication, then extend these to develop and evaluate innovative solutions for secure and usable authentication that respects user privacy.
This work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [project 675730].
Vulnerability research (2005–)
Steven J. Murdoch (PI)
Although vulnerability discovery is not one of my primary areas of research, I do sometimes identify security vulnerabilities during the course of research and other activities. For a summary of some of these, see my vulnerability research page.
Previous projects
Censorship resistance and anonymity (2013–2017)
Steven J. Murdoch (PI), Shehar Bano (Research Assistant & PhD student)
A growing number of countries are using Internet censorship to control the flow of information available to their population. The technologies being used are also increasing in sophistication, as are tools for circumvention censorship. This project studies tools and techniques used to perform censorship, as well as censorship circumvention technologies, in terms of their effectiveness, security and performance.
Publications
- Scanning the Internet for Liveness, ACM SIGCOMM Computer Communication Review, April 2018
- Characterization of Internet censorship from multiple perspectives, PhD thesis, University of Cambridge Computer Laboratory, January 2017
- SoK: Making Sense of Censorship Resistance Systems, Proceedings on Privacy Enhancing Technologies, July 2016
- The Adblocking Tug-of-War, ;login:, 2016
- Adblocking and Counter-Blocking: A Slice of the Arms Race, USENIX Workshop on Free and Open Communications on the Internet (FOCI), August 2016
- Do You See What I See? Differential Treatment of Anonymous Users, Network and Distributed System Security Symposium, February 2016
- A Look at the Consequences of Internet Censorship Through an ISP Lens, ACM SIGCOMM conference on Internet measurement (IMC), November 2014
This work is supported by the Engineering and Physical Sciences Research Council [grant number EP/L003406/1].
Graph anonymisation and de-anonymisation (2012–2016)
Steven J. Murdoch (PI), Kumar Sharad (PhD student)
Graph data sets provide a valuable source of data, with examples including communication patterns, relationships on social networks, and genetic data. However sharing such data must be done with care because of its sensitivity and consequent legal and ethical implications for improper use. This project focuses on techniques to measure and quantify the effectiveness of graph anonymisation schemes, in terms of the level of protection they offer and the impact on data accuracy.
Publications
- Change of Guard: The Next Generation of Social Graph De-anonymization Attacks, Workshop on Artificial Intelligence and Security (AISec), October 2016.
- True Friends Let You Down: Benchmarking Social Graph Anonymization Schemes, Workshop on Artificial Intelligence and Security (AISec), October 2016.
- An Automated Social Graph De-anonymization Technique, Workshop on Privacy in the Electronic Society (WPES), November 2014.
This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/J500665/1]; and Microsoft Research through its PhD Scholarship Programme.