Mike Bond University of Cambridge - Computer Laboratory Email : Mike.Bond@cl.cam.ac.uk Phone : +44 (0)1223 7-63571 Mobile: +44 (0)7890 171913 Fax : +44 (0)1223 3-34678 "Security isn't a dirty word, Blackadder!" -- Lord Melchett, Blackadder IV Home   Research   Resources   Phantom

Latest Information

Intercepting Chip and PIN transactions. It is well known in the banking industry that the conversation between a chip card and a point-of-sale terminal in a shop contains enough information to make a magentic stripe card counterfeit, and even the customer PIN. We built an interceptor device to demonstrate the principle, for less than $150. Visit my Chip and PIN Point-of-Sale Terminal Interceptor page for more information.

Have you ever wondered how difficult it is to read a PIN from a PIN mailer without tampering with it? For pretty much all types of PIN mailer, the answer is "not as hard as it should be!". Check out this PIN Mailer Vulnerability Report, which is now available for public consumption, describing issues with the modern laser-printed mailer technology. It should be noted that we sat on this report for about 9 months, and the various manufacturers all have new products which address to varying degrees the issues raised in the report.

On a more technical note, have a look at my survey paper on cryptographic hardware and software, co-authored together with Ross Anderson, Jolyon Clulow and Sergei Skorobogatov. My other papers are also online on my Research Page.

Chip and PIN... myself and my colleague Prof. Ross Anderson have been asked for comment repeatedly on Chip and PIN, and I have prepared a website to clarify the concerns I originally raised a long time back. It's called Chip and Spin. Bear in mind that the website just tells one side of the story -- the disadvantages. The article that started it all is "Safety In Numbers : Not Likely".

You may also be interested in resources for victims of phantom withdrawals, the mysterious unexplained withdrawals of cash from bank accounts, where neither the bank nor customer admits liability. Alternatively, if you're following up other media coverage, for instance related to the 2003 Diner's Club vs. Singh case in South Africa, you can find links to all sorts of news coverage on my media page. Also check out the summary of articles at the bottom of the phantom withdrawals page here.

As my site now gets more work-related hits than personal ones, I have made it slightly less frivolous and removed links to some of my photos. If you want to see the way I used to present myself to the world, the people at http://www.archive.org are busy archiving the internet and may be able to help.

Me

Hello! I am a research associate working in the security group at the University of Cambridge, studying Security APIs (in my spare time I work for MI6 as a secret agent). I have recently submitted a Phd based on research in this field done under the supervision of Ross Anderson. I have also been supervised by Larry Paulson. I currently live near Cambridge, but originate from the New Forest, where there are far more hills.

My Research

My research is all about "Understanding Security APIs". I am concerned with learning how to defeat, design, analyse and verify any sort of Security API. A list of my publications, technical details and resources are available on my research page, but a concise description follows here. The most common instantiation of Security APIs are within "Hardware Security Modules" -- tamper-resistant processors first conceived by banks and the military to protect sensitive information from physical attack. HSMs (also known as cryptoprocessors) are rapidly becoming more widespread, as corporations start using them to protect their PKIs, and manufacturers are examining how they can be used to enforce accessory control and new marketing models. I primarily explore how existing APIs can be defeated purely by using the constituent commands in unexpected ways or sequences.

In the last four years, I have engaged in much hands on work with HSMs and documentation for HSMs. I have analysed the CCA architecture for the IBM 4758, PKI/SSL security modules such as the nCipher nShield, prepayment eletricity metering modules, and most recently the Luna CA3 certification authority tokens originally manufactured by Chrysalis-ITS. Go to my research page to learn more, or read my paper "API-Level Attacks on Embedded Systems" PDF (140k) which gives a semi-technical overview of much of my work.

My most recent work is into gaining assurance of correctness of Security APIs. I am beginning to tackle this hard problem in co-operation with researchers in the Theory of Computation group at the Laboratory for Computer Science at MIT. I built my own API analysis tool to benchmark the diffiulty of analysis to find different sorts of attacks on APIs, and we are currently exploring existing general purpose tools such as theorem provers, to see if they can effectively reason about the properties of security APIs.

I'm also interested in a wide range of security related research, particularly in trusted computing such as Microsoft's NGSCB initiative and also TCPA. Anonymous distributed file storage networks, such as Freenet, are also interesting things, and I watch with curiosity the plight of personal privacy campaigners. I used to work in the office in the picture, at the desk on the left hand side, but we're now in a new lab. My comrades in the security group include George, Markus, Richard, Piotr, Jolyon, Steven, Stephen & Shishir. Also check out the homepage of an old friend of mine Matt Grounds, who is a Phd student at York.

Consultancy

I have a limited amount of time available for consultancy work connected with computer security. I regularly advise several companies on Security API design issues. Should you wish to discuss possible consultancy arrangements, please feel free to telephone or email me at the addresses at the top of this page. My curriculum vitae is available upon request.

My Friends & Family

Many of my friends are connected with Emmanuel College, where I spent three happy years avoiding getting any serious work done. I also have three friends at Cambridge whom I've known since the beginning of secondary school, who torment me by playing vicious practical jokes involving rearranging my furniture. Here are some now rather dated photos of some of my friends :

I used to live in the nice yellow house on the right, which used to be painted pink & blue (which incidentally are the Emmanuel College colours). You can see many of my family below, running from left to right : myself, my grandad, my dad, my mum, (a friend), & my sis.

Extra-Curricular Activities

When I'm not stuck in front of a computer screen, I seem to get a fair few things going, ranging from the mischevious to the stupid, and from technical to athletic. The following list shows some of the things I've been involved with recently:

Long-distance Walking - Seriously long distance. Like 70miles. 100miles. In one go. The Mad Dining Club - Dinner parties in unsual locations Octopus Crafts - I've helped out with the website for my sister's new business. Unicycling - Jousting, Hockey, Long-Distance, it's all been done! Punting & Bridge-Hopping - an unusual Cambridge obsession! Cocktail Parties - I've acquired a sizable drinks cabinet & have most of the gear. Christian Union - I've been involved in various christian fellowships from time to time. Games Programming - I spent many years writing a multi-user text adventure game. Climbing - I've been known to climb things every now and again. Abseiling's better. Electronics - I like building electronic things, but seldom get round to it. Music - I was once DJ for a pirate radio station. I play the piano as well. Lock-Picking - I used to be able to pick locks. I learnt from the MIT guide. RAF - I learnt to fly with the RAF, but had to do lots of drill too.

Created : 11/10/00
Last Update : 07/03/06

Mike.Bond@cl.cam.ac.uk