Demonstrating trustworthiness through providing transparency in communicating resilience (2017–)
Steven J. Murdoch (PI), Alexander Hicks (PhD student)
In addition to ensuring that a computer system is secure, it is often necessary to assure parties that rely on the system that it is operating correctly. An increasingly common scenario of this type is when evidence from a computer system is used in legal cases (e.g. when transaction logs are used in banking disputes, or when telephone or Internet records are used in criminal prosecutions). Currently, courts are asked to simply accept that a computer is working correctly. This risks evidence being ruled invalid despite being correct, or being accepted despite being incorrect. This project will develop methods for enhancing the transparency of computer systems, such that their level of security can be scrutinised and the extent to which they can be relied upon can be assessed.
- VAMS: Verifiable Auditing of Access to Confidential Data, arXiv:1805.04772, May 2018
This work is supported by OneSpan and UCL through an EPSRC Research Studentship.
Privacy-preserving Transaction Authentication for Mobile Devices (2016–)
Steven J. Murdoch (PI), Andreas Gutmann (PhD student)
With the rapid accumulation and processing of personal data by numerous organizations, it is of paramount importance to protect people from adverse uses of their data, while allowing them to enjoy the benefits the use of these data can possibly provide. This is the question of protecting citizens’ privacy, while enabling them to make informed decisions regarding their actions with privacy implications. In this project, part of the Privacy & Us Marie Sklodowska-Curie Innovative Training Network and based at OneSpan, we will explore techniques for privacy-preserving authentication, then extend these to develop and evaluate innovative solutions for secure and usable authentication that respects user privacy.
This work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [grant number project 675730].
Censorship resistance and anonymity (2013–2017)
Steven J. Murdoch (PI), Shehar Bano (Research Assistant & PhD student)
A growing number of countries are using Internet censorship to control the flow of information available to their population. The technologies being used are also increasing in sophistication, as are tools for circumvention censorship. This project studies tools and techniques used to perform censorship, as well as censorship circumvention technologies, in terms of their effectiveness, security and performance.
- Scanning the Internet for Liveness, ACM SIGCOMM Computer Communication Review, April 2018
- Characterization of Internet censorship from multiple perspectives, PhD thesis, University of Cambridge Computer Laboratory, January 2017
- SoK: Making Sense of Censorship Resistance Systems, Proceedings on Privacy Enhancing Technologies, July 2016
- The Adblocking Tug-of-War, ;login:, 2016
- Adblocking and Counter-Blocking: A Slice of the Arms Race, USENIX Workshop on Free and Open Communications on the Internet (FOCI), August 2016
- Do You See What I See? Differential Treatment of Anonymous Users, Network and Distributed System Security Symposium, February 2016
- A Look at the Consequences of Internet Censorship Through an ISP Lens, ACM SIGCOMM conference on Internet measurement (IMC), November 2014
This work is supported by the Engineering and Physical Sciences Research Council [grant number EP/L003406/1].
Graph anonymisation and de-anonymisation (2012–2016)
Steven J. Murdoch (PI), Kumar Sharad (PhD student)
Graph data sets provide a valuable source of data, with examples including communication patterns, relationships on social networks, and genetic data. However sharing such data must be done with care because of its sensitivity and consequent legal and ethical implications for improper use. This project focuses on techniques to measure and quantify the effectiveness of graph anonymisation schemes, in terms of the level of protection they offer and the impact on data accuracy.
- Change of Guard: The Next Generation of Social Graph De-anonymization Attacks, Workshop on Artificial Intelligence and Security (AISec), October 2016.
- True Friends Let You Down: Benchmarking Social Graph Anonymization Schemes, Workshop on Artificial Intelligence and Security (AISec), October 2016.
- An Automated Social Graph De-anonymization Technique, Workshop on Privacy in the Electronic Society (WPES), November 2014.
This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/J500665/1]; and Microsoft Research through its PhD Scholarship Programme.