Talks
Details of my talks can be found below, including slides where available. Many of my recorded talks are also available on YouTube. Talks that accompany papers can be found in my list of publications.
- Re-designing computer systems for reliable electronic evidence
Steven J. Murdoch
Computer systems are increasingly relied upon for a wide range of important tasks, but much of the research on reliability has been restricted to the control systems for safety-critical hardware. For other systems, efforts to assess their effectiveness has been more ad-hoc and of questionable validity, even those relied upon to produce legally admissible evidence. From breathalyzers and forensic software to the infamous Post Office Horizon system, computer bugs can make the difference between someone being imprisoned and going free. This talk will discuss some examples of computer evidence failures risking causing miscarriages of justice, and what can be done to mitigate such risks in the future. In particular, it will motivate the idea that computer systems relied upon for computer evidence should be built with rigorous engineering techniques, but that these techniques are distinct from what are needed for safety-critical systems. When combined with appropriate treatment by the legal system, we can help avoid future miscarriages of justice.
CANS Workshop on Mobile Systems Security and Privacy, 27 September 2024. [ slides ] - Electronic Evidence
Steven J. Murdoch
Computer-generated evidence is playing an increasing role in legal disputes. This talk discusses the potential impact of computer bugs on the reliability of electronic evidence, and what documentation may be available to assess to what extent it is appropriate to depend on such evidence.
Royal Society Science and the Law Seminar Series, 13 December 2023. [ slides | video (re-recording) | transcript ] - Post Office Horizon Scandal
Steven J. Murdoch
Computer bugs were found to be the reason many sub-postmasters and sub-postmistresses were wrongly convicted of stealing and false accounting. Professor Steven Murdoch, a professor of Security Engineering and a Royal Society University Research Fellow at UCL explains the sorts of faults that were found.
Computerphile, 09 July 2021. [ video | video (extra bits) ] - Designing for Dispute Resolution
Steven J. Murdoch
No computer system is perfect, so some people may dispute a computer’s decision (whether or not it is actually correct), and the system may be required to help resolve this disagreement. This requirement is particularly important when the computer system tracks who owns what, whether money or goods. The state of the art for reliably tracking account balances is double-entry bookkeeping, developed in the 13th century and translated more or less unchanged to computers. Double-entry accounting can identify losses but is less good at identifying the cause. As shown in the Post Office trial, companies may tend to hold the weaker party liable for such losses, and there’s not much they can do to show otherwise. In this talk, I argue that we need to move away from tracking balances and track items – which would be inconceivable with 13th-century technology but tractable with modern computing. This is one approach to addressing the challenges of evidence-critical systems, which must produce accurate and interpretable information to resolve disputes.
Workshop on Security and Human Behaviour (SHB 2021), 03–04 June 2021. [ slides ] - Making sense of EMV card data – decoding the TLV format
Steven J. Murdoch
EMV (sometimes known as Chip and PIN) is the worldwide standard for smart card payments. It was designed to allow credit and debit cards issued by any bank work to make a payment through any terminal, even across international borders and despite chip cards being extremely limited in the computation they can perform. In this talk I’ll discuss how EMV achieves this difficult task, through the use of the TLV (Tag-Length-Value) data format. I will demonstrate how to decode TLV data found on real EMV chip cards, and what significance this data has in the wider payment ecosystem. Finally I’ll discuss how the use of TLV, despite its advantages, has contributed to the creation of security vulnerabilities in Chip and PIN.
DEF CON 28 Safe Mode, Payment Village, 07–09 August 2020. [ video | video (alternate) | slides (interactive) | slides (static) | code | code (alternate) | notes (interactive) | notes (alternate) ] - Evidence-critical systems: what they are and why we need them
Steven J. Murdoch
It may be impossible (or undesirable) to programmatically enforce all relevant security policies. In which case we can replace enforcement with transparency (to detect violation), provision of redress to the victim (to ameliorate the harm of the violation), and punishment for the violator (to deter future violations). Achieving the latter two properties requires evidence of a violation and a system for turning evidence into justice. In this talk, I discuss that we need to create evidence-critical systems that provide assurance that justice can be obtained. The design of evidence-critical systems can draw from the well-established field of safety-critical systems but has several significant differences.
Workshop on Security and Human Behaviour (SHB 2020), 18–19 June 2020. [ slides | video | video (alternate) ] - Phish for Thought: Combatting Modern Email Threats
Steven J. Murdoch
The email inbox is an invaluable, and in many cases irreplaceable, cog in the functioning of any modern business. However, as recent years have proven, the email inbox is also the favorite attack target for cyber-criminals. Phishing emails may be nothing new, but they remain the first phase in over 95% of cyber-threat campaigns – something that too many businesses still find out the hard way. In this session, a panel of security experts will explore the phishing threat landscape in 2020, assess recent advancements in attack methods and outline what businesses need to do to defend themselves against the dangers of email-based phishing attacks.
Infosecurity Magazine EMEA Online Summit, 25 March 2020. [ slides ] - Applying mix de-anonymisation techniques for good
Steven J. Murdoch
Mix-network de-anonymisation algorithms, designed to allow an adversary to violate the privacy of network users, can be applied for good – to facilitate privacy-preserving prediction of mobility patterns. A mix-network protects outgoing messages by arranging that each could potentially be the result of many different incoming messages. Privacy-preserving wifi measurement protects individuals by truncating the MAC address such that many potential devices may have caused a particular event. Mix-network de-anonymisation algorithms infer profiles of user’s messaging behaviour. In the context of privacy-preserving wifi measurement, the same algorithm can infer profiles of users’ mobility behaviour.
Privacy Enhancing Technologies Symposium (PETS 2019), Stockholm, Sweden, 16–20 July 2019. [ slides | blog post ] - Context and decontextualization as a cause of payment fraud
Steven J. Murdoch
Although 2FA is increasingly widespread, payment fraud remains commonplace. I will discuss a root cause for such failures – that transactions are losing the context previously associated with traditional in-branch payments and this lack of context is being taken advantage by criminals. I will propose some methods to identify such failures to help avoid the mistakes of the past.
2FA WTF? What‘s the Future of CX/UX Digital Authentication, London, 30 October 2018. [ slides ] - Anti Bank-Fraud Technology
Steven J. Murdoch
What's being done to stop criminals in online banking? Dr Steven Murdoch (Principal Research Fellow) in the UCL Info Security Group.
Computerphile, 08 December 2017. [ video | video (extra bits) ] - Payment Security: Attacks & Defences
Steven J. Murdoch
This lecture provides an introduction to payment card and online banking security mechanisms and the fraud techniques which are designed to break or bypass these measures. An overview of the EMV protocol is given, along with an illustration of how skimming attacks and the no-PIN attack exploit protocol weaknesses. The man-in-the-browser attack is outlined, and how transaction authentication is intended to defend against this.
Guest lecture as part of COMPGA03 - Introduction to Cryptography, University College London, 13 December 2016. [ slides ] - Decentralising Data Collection and Anonymisation
Steven J. Murdoch
A frequent approach for anonymising datasets is for individuals to submit sensitive data records to a central authority. The central authority then is responsible for safely storing and sharing the data, for example by aggregating or perturbing records. However, this approach introduces the risk that the central authority may be compromised, whether this from an externally originated hacking attempt or as a result of an insider attack. As a result, central authorities responsible for handling sensitive data records must be well protected, often at great expense, and even then the risk of compromise will not be eliminated. In this talk I will discuss an alternative anonymisation approach, where sensitive data records have identifiable information removed before being submitted to the central authority. In order for this approach to work, not only must this first-stage anonymisation prevent the data from disclosing the identity of the submitter, but also the data records must be submitted in such a way as to prevent the central authority from being able to establish the identity of the submitter from submission metadata. I will show how advances in network metadata anonymisation can be applied to facilitate this approach, including techniques to preserve validity of data despite not knowing the identity of contributors.
New Developments in Data Privacy, Isaac Newton Institute, 09 December 2016. [ slides | video ] - Anonymity & Censorship-Free Communication
Steven J. Murdoch
This talk discusses the history of anonymous communication systems, their applications (including censorship resistance), how they are designed, and what cryptographic mechanisms they use. Techniques to measure and quantify the security levels provided by anonymous communication systems are also covered. Finally, challenges faced by such systems are discussed, along with future directions for research.
Invited talk at IFIP Summer School 2016, Karlstad, Sweden, 21–26 August 2016. [ slides | slides (PDF) ] - Banking Security: Attacks & Defences
Steven J. Murdoch
This lecture provides an introduction to payment card and online banking security mechanisms and the fraud techniques which are designed to break or bypass these measures. An overview of the EMV protocol is given, along with an illustration of how skimming attacks and the no-PIN attack exploit protocol weaknesses. The man-in-the-browser attack is outlined, and how transaction authentication is intended to defend against this.
Invited lecture as part of 3F6: Software Engineering, Department of Engineering, University of Cambridge, 03 February 2015. [ slides ] - Anonymous Communications and Tor
Steven J. Murdoch
The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this lecture I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising censorship-resistance over privacy. The growing popularity of anonymous communication systems has also led to commercial and political realities effecting how projects are run and software is designed. In particular, I will discuss how the Tor software has changed, and the Tor project evolved in this environment. I will conclude by summarising what might be the future for anonymous communication systems and how they may have to adapt themselves to changing circumstances.
Invited lecture as part of Part II Security, Cambridge, UK, 30 January 2015. [ slides ] - Banking Security: Attacks & Defences
Steven J. Murdoch
This lecture provides an introduction to payment card and online banking security mechanisms and the fraud techniques which are designed to break or bypass these measures. An overview of the EMV protocol is given, along with an illustration of how skimming attacks and the no-PIN attack exploit protocol weaknesses. The man-in-the-browser attack is outlined, and how transaction authentication is intended to defend against this.
Guest lecture as part of COMPGA03 - Introduction to Cryptography, University College London, 02 December 2014. [ slides ] - Challenges in building overlay networks: a case study of Tor
Steven J. Murdoch
The successful deployment of Tor is partially the result of it being an overlay network, greatly simplifying its roll-out. However this approach also creates challenges because Tor‘s design is not a precise match for how the Internet works. In this talk I discuss some of these challenges and how they are addressed, specifically: source routing, congestion control, and Tor‘s clique topology.
RIPE69, London, UK, 04 November 2014. [ slides | video ] - Payment Security: Attacks & Defences
Steven J. Murdoch
Card fraud is going up, despite the wider deployment of Chip and PIN. How has the security been bypassed and why did fraud increase after Chip and PIN was introduced? This talk descibes how poor tamper resistance led to fallback-fraud, how the no-PIN vulnerability allows criminals to use stolen cards without knowing the PIN, and how EMV-CAP still allows online banking fraud to occur.
Keynote talk at The Payments Knowledge Forum, London, UK, 29 September 2014. [ slides ] - Privacy with technology: where do we go from here?
Jon Crowcroft, Ross Anderson, Bashar Nuseibeh, Steven J. Murdoch
Recent revelations surrounding internet privacy have garnered global attention. As people live more of their lives online, and with growing ‘always on’ and wearable technology, the amount of data available for observation and analysis is growing faster than ever. Are current technologies robust enough to keep us protected, and what is being developed to better manage and protect our identities and privacy? Our panel of experts discussed the implications and challenges of the changing technological landscape.
Panel session at Royal Society Summer Science Exhibition, London, UK, 05 July 2014. [ audio | summary | further details ] - Anonymous Communications and Tor: History and Future Challenges
Steven J. Murdoch
The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this talk I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising censorship-resistance over privacy. The growing popularity of anonymous communication systems has also led to commercial and political realities effecting how projects are run and software is designed. In particular, I will discuss how the Tor software has changed, and the Tor project evolved in this environment. I will conclude by summarising what might be the future for anonymous communication systems and how they may have to adapt themselves to changing circumstances.
Keynote talk at OWASP AppSecEU, Cambridge, UK, 26 June 2014. [ slides | slides (PDF) | video ] - Introduction to Trusted Execution Environments (TEE)
Steven J. Murdoch
Learning objectives are to: understand what a TEE is and why it is of interest; appreciate the range of standards and products that offer TEE capability; be able to describe the basic building blocks of a typical TEE; compare the attack resistance of a TEE product w.r.t. security evaluated smart cards; contrast ownership and management issues w.r.t. a traditional smart card/SIM model.
Invited lecture as part of IY5606: Smart Cards/Token Security and Applications, Royal Holloway, University of London, 25 March 2014. [ slides ] - Online Payment Methods
Steven J. Murdoch
This lecture discusses online payment methods, including payment schemes such as Visa and MasterCard, contrasting card-present and card-not-present transactions. Attacks against online banking systems are described, along with the techniques used to defend against them. The EMV-CAP authentication scheme is outlined, along with the potential weaknesses it introduces. Typical methods for integrating online payments into a website are described, including how 3D-Secure attempts to reduce card-not-present fraud. Other innovative payment techniques are introduced, including SOFORT Überweisung and mobile payments.
Invited lecture as part of COMPM041 - Web Economics, University College London, 18 March 2014. [ slides ] - Banking security: attacks and defences
Steven J. Murdoch
Designers of banking security systems are faced with a difficult challenge of developing technology within a tightly constrained budget, yet which must be capable of defeating attacks by determined, well-equipped criminals. This talk will summarise banking security technologies for protecting Chip and PIN/EMV card payments, online shopping, and online banking. The effectiveness of the security measures will be discussed, along with vulnerabilities discovered in them both by academics and by criminals. These vulnerabilities include cryptographic flaws, failures of tamper resistance, and poor implementation decisions, and have led not only to significant financial losses, but in some cases unfair allocation of liability. Proposed improvements will also be described, not only to the technical failures but also to the legal and regulatory regimes which are the underlying reason for some of these problems not being properly addressed.
Invited talk at OWASP Belgium, Leuven, Belgium, 05 March 2013. [ slides ] - Banking security: attacks and defences
Steven J. Murdoch
Designers of banking security systems are faced with a difficult challenge of developing technology within a tightly constrained budget, yet which must be capable of defeating attacks by determined, well-equipped criminals. This talk will summarise banking security technologies for protecting Chip and PIN/EMV card payments, online shopping, and online banking. The effectiveness of the security measures will be discussed, along with vulnerabilities discovered in them both by academics and by criminals. These vulnerabilities include cryptographic flaws, failures of tamper resistance, and poor implementation decisions, and have led not only to significant financial losses, but in some cases unfair allocation of liability. Proposed improvements will also be described, not only to the technical failures but also to the legal and regulatory regimes which are the underlying reason for some of these problems not being properly addressed.
Invited talk at CHES 2012, Leuven, Belgium, 11 September 2012. [ slides ] - Chip & PIN is Broken: What Next?
Steven J. Murdoch
The EMV protocol, its flaws, and their impact on Chip & PIN security.
MAS Information Technology Supervision Workshop 3 for Financial Regulators, Singapore, 14–18 March 2011. [ slides | slides (PDF) ] - The Economics of Payment Card Security and Shifting Fraud Liability
Steven J. Murdoch
Introduction to security economics and its relevance to payment card security.
MAS Cybercrime, eBanking and Payment Card Security Seminar, Singapore, 17 March 2011. [ slides | slides (PDF) ] - Chip & PIN: 5 Years On
Steven J. Murdoch
Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
BCS Hertfordshire Branch, Hemel Hempstead, UK, 26 January 2011. [ slides | slides (PDF) | audio ] - Chip and PIN is Broken: Vulnerabilities in the EMV Protocol
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network.
27th Chaos Communication Congress, Berlin, Germany, 27–30 December 2010. [ slides | slides (PDF) | website | related paper | talk information | video ] - Anonymity and censorship resistance
Steven J. Murdoch
The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
Part II Security, Cambridge, UK, 22 November 2010. [ slides ] - Chip and PIN is Broken
Steven J. Murdoch
Chip and PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed, including the recently published no-PIN attack. An introduction to the Chip and PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud, customer liability, and whether Chip and PIN was a worthwhile investment.
ISSE GI-Sicherheit 2010, Berlin, Germany, 05–07 October 2010. [ slides | slides (PDF) ] - Anonymous Communications and Censorship Resistance: Using Tor to Defeat Internet Surveillance
Steven J. Murdoch
When you use the Internet, you are being tracked. The websites which you visit know who you are; marketers track your behaviour and your preferences. Even criminals exploit the traces people leave online. Anonymous communication systems help defeat such monitoring. One such system, Tor, is used by over 500,000 people daily including law enforcement, human rights workers, military personnel, and ordinary citizens worldwide. While originally designed for enhancing privacy and safety, Tor is increasingly used for allowing its users to circumvent censorship, and access commonly blocked websites including social networking, reference and news. Anonymous communication systems introduce some unique challenges, but many of the problems faced by the Tor network mirror those which are found on the wider Internet. For this reason, the study of Tor and similar systems will be informative in general, and allow the testing of hypotheses which would be difficult to evaluate on larger systems.
Web Science: Exploring the Frontier, Kavli Royal Society Centre, UK, 29–30 September 2010. [ poster ] - Bringing the Customer into Audit
Steven J. Murdoch
In this talk, I present three examples of disputed card transactions (both ATM and point-of-sale). In each of them, the customer was motivated to discover how these transactions had occurred; in particular, whether the correct card was used and whether the correct PIN was entered. However, they had not been given sufficient information to establish what had happened and whether it was fair for them to be held liable. In cases like this, customers could be empowered to act as auditors, mitigating the known weaknesses of existing audit processes. I propose three different ways in which the customer-auditor could be facilitated. First, standard procedure should be for customers to retain cards for which there is a dispute (not to destroy them). Second, the log of events which occur on an account should be processed to form a hash-chain, and this should be provided on customer statements. Finally, receipts for transactions should include enough information to allow the corresponding transaction MAC to be verified.
Insider Threats: Strategies for Prevention, Mitigation, and Response, Dagstuhl Seminar 10341, 22–26 August 2010. [ slides ] - Payment card fraud and banking regulation
Steven J. Murdoch
Card fraud is one of the most common types of theft in the UK. According to the 2008/2009 British Crime Survey, 6.4% of card owners were the victim of fraud in the past 12 months, rising from 4.7% in 2007/2008. Fear of card fraud is also dramatically higher than that of other types of crime. Despite the introduction of enhanced security measures such as chip and PIN, fraud levels continue to rise. In this talk I will describe the vulnerabilities in the card payment system that criminals are exploiting, and others which they may use in the future. Finally, I will discuss the results of previous policy decisions on levels of fraud, and how these developments may guide the future actions of policymakers.
4th International Crime Science Conference, London, UK, 15 July 2010. [ slides | slides (PDF) ] - Chip & PIN: 5 years on
Steven J. Murdoch
Chip & PIN has now been deployed in the UK for 5 years. This talk will describe the experiences learned. Vulnerabilities discovered in the system will be discussed including PED tampering, YES-cards, and the recently published no-PIN attack. An introduction to the Chip & PIN (EMV) protocol is given, and the talk concludes with a discussion of its affect on fraud and whether Chip & PIN was a worthwhile investment.
Achieving Sustainable Improvements in the Security of Retail Payments (keynote), Federal Reserve Bank of Philadelphia, PA, US, 16–17 February 2010. [ slides ] - Optimised to fail: Card readers for online banking
Saar Drimer, Steven J. Murdoch, Ross Anderson
Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.
26th Chaos Communication Congress, Berlin, Germany, 27–30 December 2009. [ slides | website | related paper | talk information ] - Anonymity and censorship resistance
Steven J. Murdoch
The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
Part II Security, Cambridge, UK, 04 November 2009. [ slides ] - Evidence in Fraud Cases: Complexity and Access
Steven J. Murdoch
It is well known that technology is complicating fraud investigations, by increasing the complexity and quantity of evidence. This talk covers two particular examples: Cloud Computing and Chip & PIN. Cloud Computing means that now significant amounts of evidence will be held by third parties. These may be abroad, so require the use of Mutual Legal Assistance. Establishing a chain of custody and searching information may also be difficult. With Chip & PIN, cards now contain their own logs and create a cryptographic audit trail. Processing this information is helpful, but often banks will not co-operate or destroy evidence before it can be investigated.
The Cambridge International Symposium on Economic Crime, Cambridge, UK, 30 August–06 September 2009. [ slides ] - Verified by Visa and MasterCard SecureCode
Steven J. Murdoch
Verified by Visa and MasterCard SecureCode (brand names for 3-D Secure) authenticate cardholders performing online transactions. This talk describes how the system operates, and how it is vulnerable to attack. Because users cannot tell whether they are accessing their real bank, 3-D Secure trains customers to enter their password into untrustworthy sites. Phishing websites are already exploiting this vulnerability. Furthermore, the terms and conditions associated with 3-D Secure often leave customers in a weaker position than before, despite not being given the ability to reasonably detect fraudulent sites.
The Cambridge International Symposium on Economic Crime, Cambridge, UK, 30 August–06 September 2009. [ slides ] - System-Level Failures in Security
Steven J. Murdoch
Many security critical systems may appear to be secure in theory, but fail when deployed in real life. This talk will discuss examples of this problem, drawn from the fields of banking security and anonymous communications. The causes for these failings include interactions between security mechanisms, inappropriate abstractions, and lack of consideration for usability. In this talk I will argue that security is a system property, and that managing the complexity of the design process is the biggest challenge in building secure systems.
Microsoft Research Lecture, Cambridge, UK, 01 April 2009. [ slides ] - Freedom of Speech and the Internet
Steven J. Murdoch
The Internet was once hailed as being uncensorable and borderless, and as such, a benefit for freedom of speech and human rights in general. The reality is more complex. While the Internet has allowed groups to reach far larger audiences, and has complicated the roles of censors, the growth of the Internet has carried a cost. Pervasive surveillance, at scales only before imagined of, is now possible and the re-writing of history is commonplace. This talk will discuss the effects of the Internet, both good and bad, and how groups such as the Tor project are working to protect privacy and resist censorship.
Cambridge University Amnesty International, Cambridge, UK, 11 February 2009. [ slides ] - Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof
Saar Drimer, Steven J. Murdoch, Ross Anderson
PIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics.
25th Chaos Communication Congress, Berlin, Germany, 27–30 December 2008. [ slides | website | related paper ] - Anonymity and censorship resistance
Steven J. Murdoch
The extent of Internet censorship is rapidly increasing, and along with it interest in censorship resistance technologies. This talk will discuss some of the motivations and targets of censorship, and describe the technologies and social controls used to implement blocking. Anonymous communication systems will then be introduced, as well as how they can help provide censorship resistance. One such system, Tor, will be described in detail, and an overview of the operation of two other systems – Freenet and Psiphon – will be given.
Part II Security, Cambridge, UK, 14 November 2008. [ slides ] - Internet censorship and how it is resisted
Steven J. Murdoch
A growing number of countries and non-state entities are deploying mechanisms to block content and services on the Internet. Motivations include maintaining moral values and public order, reducing political dissent, constraining freedom of expression and practice of religion, as well as enforcing compliance with local laws. This talk will describe the systems which implement such blocking, both technological and social. It will then look at censorship circumvention methods, the effectiveness of these techniques, and ethical issues raised by both censorship and censorship circumvention.
Cambridge University Student Pugwash Society, Cambridge, UK, 30 October 2008. [ slides ] - The convergence of ATM and online transactions
Steven J. Murdoch
Payment cards, previously only used for ATM and POS transactions, are increasingly a component of online shopping and banking. This presentation will discuss some of the threats, and their mitigation techniques, from this change in the risk landscape.
ATM Security 2008, London, UK, 27–28 October 2008. [ slides ] - The Future of Anonymity and Censorship Resistant Publishing
Steven J. Murdoch
Introduction to anonymous communication networks, censorship resistance, and future directions for research in the field.
FIDIS/IFIP Internet Security & Privacy Summer School (keynote), Brno, Czech Republic, 01–07 September 2008. [ slides ] - Relay attacks on card payment: vulnerabilities and defences
Saar Drimer, Steven J. Murdoch
Relay attacks allow criminals to use credit or debit cards for fraudulent transactions, completely bypassing protections in today's electronic payment systems. This talk will show how using easily available electronics, it is possible to carry out such attacks. Also, we will describe techniques for improving payment systems in order to close this vulnerability.
The UK, like many other countries, has moved from comparatively insecure magnetic stripe cards to smartcards, for electronic payment. These smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and while implementation standards varies, have the potential to provide good security. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can still be exploited for fraud.
Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence is described and implemented, which requires only modest alterations to current hardware and software. This allows payment terminals to securely establish a maximum distance bound between itself and the legitimate card. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications.
24th Chaos Communication Congress, Berlin, Germany, 27–30 December 2007. [ slides | video | related paper ] - Hot or Not: Fingerprinting hosts through clock skew
Steven J. Murdoch, Sebastian Zander
Every computer has a unique clock skew, even ones of the same model, so this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this phenomenon.
By collecting TCP timestamps or sequence numbers, clock skew can be accurately remotely measured. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computer's environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the same location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries.
The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide.
The talk will also present a separate illustration of the temperature covert channel technique, such as investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.
Invited talk, EuroBSDCon 2007, Copenhagen, Denmark, 14–15 September 2007. [ slides | video ] - Experiences as an e-counting election observer in the UK
Steven J. Murdoch
In May 2007, I acted as an election observer during the e-counting trials in the UK, on behalf of the Open Rights Group (ORG). This talk summarizes the ORG report and I add a few personal observations.
Workshop on Trustworthy Elections, Ottawa, Canada, 20–21 June 2007. [ slides ] - EMV flaws and fixes: vulnerabilities in smart card payment systems
Steven J. Murdoch
The EMV protocol suite, used for smart card based payments worldwide, was devised in 1993, and has been revised a number of times to fix flaws and adapt to new threats. Despite this long heritage there remains several vulnerabilities, some in the EMV protocol itself, others as a result of how it has been deployed and yet more when smart card based payments are considered as part of the wider financial landscape. This talk will describe the EMV protocol both in the abstract and as a concrete implementation. Examples of flaws will be given, as well as mitigation techniques. Particular emphasis will be put on defences which respect existing implementation and business restrictions, so making their deployment more likely than conventional protocol fixes.
COSIC Seminar, K.U. Leuven, Belgium, 11 June 2007. [ slides ] - Chip and Spin
Steven J. Murdoch
Introduction to the types of card fraud currently being carried out in the UK, techniques that might be used in the future, and how customers can defend themselves.
Girton Neighbourhood Watch, Girton, UK, 15 May 2007. [ slides ] - Internet censorship in China
Steven J. Murdoch
With 137 million Internet users and rising, China has created the largest and consequently most sophisticated Internet censorship system in the world. However, this is just one of the many means by which the state tries to ensure its stability and control over the population. Technical measures are complemented by social techniques, which grant both greater subtlety and strength of enforcement, when compared to the blunt and easily circumvented "Great Firewall of China". Through a matrix of regulation and allocation of liability, the authorities have succeeded in deputising members of the public into enforcing censorship rules, while insulating the state from criticism. Also, with the selective enforcement of vague laws, coupled with harsh punishment, the public are strongly encouraged not test the boundaries of censorship, lest they become a victim of the sophisticated "Golden Shield" surveillance network. The resulting self censorship is far more effective than crude technical means, and in the extreme case the people it controls might not even be aware of its existence. This talk will describe the censorship mechanisms deployed in China, along with the targets of their blocking. It will also cover some of the means by which it can be circumvented. Finally the social mechanisms in place will be covered, as well as their interaction with the technological infrastructure.
Inter-Disciplinary China Studies Forum: Annual Conference, Cambridge, UK, 14 April 2007. [ slides ] - Detecting temperature through clock skew – Hot or Not: Defeating anonymity by monitoring clock skew to remotely detect the temperature of a PC
Steven J. Murdoch
The end of my 22C3 talk showed how a side effect of TCP/IP steganography detection was to precisely measure the error of a computers system clock (skew). This talk will review and expand on that material, showing the various other mechanisms for monitoring clock skew and discussing the tradeoffs involved. Because every computer has a unique clock skew, even ones of the same model, this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries. The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide. The talk will also present a separate illustration of the temperature covert channel technique, investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.
23rd Chaos Communication Congress, Berlin, Germany, 27–30 December 2006. [ slides | code | related paper ] - Censorship resistant technologies
Steven J. Murdoch
A growing number of countries and non-state entities are deploying mechanisms to block content and services on the Internet. Motivations include maintaining moral values and public order, reducing political dissent, constraining freedom of expression and practice of religion, as well as enforcing compliance with local laws. This talk will describe the systems which implement such blocking, both technological and social. It will then look at censorship circumvention methods, the effectiveness of these techniques, and future directions for research.
Horizon seminar: Risk, Threat & Detection, Cambridge, UK, 05 December 2006. [ slides ] - Out of Character: Are the Chinese Creating a Second Internet?
Steven J. Murdoch
In February 2006, China announced that they had added three new Chinese script top level domains (TLDs) augment the existing country code (e.g. .uk, .cn) and global (e.g. .com, .org) TLDs. Not only was this the first deployment of internationalised TLDs, but China also bypassed the conventional, but much criticised, international agreement process. This talk will describe the organisational structure of the domain name system (DNS), how the Chinese additions fit into this and discuss their potential impact.
Inter-Disciplinary China Studies Forum workshop: China in the UK, Cambridge, UK, 24 June 2006. [ slides ] - Covert channels in TCP/IP: attack and defence
Steven J. Murdoch, Stephen Lewis
This talk shows how idiosyncrasies in TCP/IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used, through extracting clock skew.
22nd Chaos Communication Congress, Berlin, Germany, 27–30 December 2005. [ slides | related paper ] - The Convergence of Anti-Counterfeiting and Computer Security
Steven J. Murdoch, Ben Laurie
This talk examines the similarities between computer security and optical document security. Also we describe our work on reverse engineering anti-counterfeiting measures, included in much modern graphics software, and discuss its impact on Open Source.
21st Chaos Communication Congress, Berlin, Germany, 27–29 December 2004. Also presented at the Security Group Seminar, Computer Laboratory, University of Cambridge, 15 February 2005. [ slides ] - Software Detection of Currency
Steven J. Murdoch
This talk was presented at the rump session of the 2004 Information Hiding Workshop on some initial results from my experiments with the currency detection feature in recent printers, scanners and image manipulation software.
6th Information Hiding Workshop, Toronto, Ontario, Canada, 23–25 May 2004. [ slides ] - Collusion in Online Competitions Using Covert Channels
Steven J. Murdoch
How collusion in games can be achieved when no conventional communication channel exists and what implications collusion can have on a player's rankings. Also how these techniques were successfully applied in a real life Connect-4 programming competition.
Inference Group meeting, Cavendish Laboratory, University of Cambridge, 02 July 2003. [ slides ] - Security-Enhanced Linux (SE Linux)
Steven J. Murdoch
Introduction to SE Linux, its policy structure, architecture and an example of how it can reduce the impact of security bugs.
See the SE Linux homepage for downloads and more information. Also the talk by Russell Coker on SE Linux which was given at the Computer Laboratory (abstract) may be of interest.
Security Group meeting, Computer Laboratory, University of Cambridge, 29 November 2002. [ slides ]