Jolyon Clulow's Home Page

Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
Jolyon Clulow's Home Page Comrades 2003: Crossing the line with my buddy Greg. Thanks Greg!

Comrades 2003: Crossing the line with my buddy Greg. Thanks Greg!

About me

I am currently a Ph.D. student in the Security Group of the Computer Laboratory at the University of Cambridge. My supervisor is Ross Anderson and I'm currently working closely with Mike Bond on API Security. I hail from Durban, South Africa where I received degrees in Mathematics (M.Sc. (cum laude), B.Sc. Hons (cum laude), B.Sc. (summa cum laude)). In between, I've done some time in industry as a software engineer. In my free time, I've been known to run long distances such as the Comrades Marathon (which has real claim to be the ultimate human race and is highly recommended), climb mountains and dabble in sport.

Contact Details

University of Cambridge
Computer Laboratory
15 JJ Tompson Avenue
Cambridge CB3 0FD
United Kingdom

Contact details

E-mail: Jolyon dot Clulow at cl.cam.ac.uk
Office: +44 (0)1223 7-63568
Fax: +44 (0)1223 3-34678

Research Interests

Currently, I am interested in the security of Application Programming Interfaces (APIs) and cryptographic standards and using formal methods to analyse them. Formal methods have been used successfully in protocol analysis and this gives us a useful starting point for the study of security APIs and standards. Hopefully, we will be able to apply the knowledge that we gain from the investigation security APIs and standards to the fields of security protocols and formal methods. Indeed, we are encouraging researchers interested in either formal methods or security protocols to consider analysing security APIs. Apart from being a fruitful source of vulnerabilities (as Mike and my earlier research shows), security APIs are of genuine, real-world concern.

My research interests are closely related to Tamper Resistant/Responding Security Modules (TRSM), which are often referred to as crypto coprocessors, host security modules (HSM) or hardware security modules (HSM). For some time, I have been a member of the engineering development teams at Prism and Nanoteq building such devices and deploying solutions typically for the financial and banking industries.

Particular interests include:

the design, security and uses of such devices,
the security of the financial/banking industries, and
API attacks against security devices.

The API attacks represent my most interesting work. In 2001, I discovered a set of six (6) families of attacks that led to the recovery of bank PINs from the existing networks. My M.Sc. dissertation below contains a comprehensive treatment of the topic (in Chapter 3 (Pdf, Zipped Pdf)). It demonstrates that it is possible for a malicious insider to cause massive and widespread financial fraud against both individual cardholders and institutions. The technical details are very interesting while the financial implications are potentially crippling and the social ramifications significant.

Of particular interest is that, based solely on the transaction information (audit logs, etc), it is impossible to differentiate between an innocent victim and a malicious fraudster. Hence you cannot tell (on that evidence alone) whether you are defending the good guy or the bad guy. And that's a bit of an issue in the campaign for justice. Nonetheless, it remains a hugely interesting case study of the development and life cycle of security, as well as of significance for anyone who holds an account at a bank

In order to give a high level description of the vulnerabilities and an accurate, (and hopefully) impartial assessment of the risks, I've teamed up with industry experts RedPay Consulting. We've produced a report aimed at financial and banking institutions (from Senior Managers to Security Officers). Hopefully this will address many of your questions as well as giving you some clear guidance.

Research Outputs

Paul Youn, Ben Adida, Mike Bond, Jolyon Clulow, Jonathan Herzog, Amerson Lin, Ronald L. Rivest and Ross Anderson
"Robbing the Bank with a Theorem Prover." Security Protocols, 15th International Workshop, Brno, Czech Republic, April 18-20 , 2007. (To appear)
Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ronald L. Rivest and Ross Anderson
"On the Security of the EMV Secure Messaging API." Security Protocols, 15th International Workshop, Brno, Czech Republic, April 18-20 , 2007. (To appear)
Mike Bond, Jolyon Clulow and Amerson Lin
"Modelling Information Leakage and Entropy Attacks." Security Protocols, 15th International Workshop, Brno, Czech Republic, April 18-20 , 2007. (To appear)
Tyler Moore and Jolyon Clulow
"Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks." IFIP Security, 22nd International Information Security Conference, Sandton, South Africa, May 14-16, 2007. (To appear)
Clulow, J. , Hancke, G., Kuhn, M. and Moore, T.
"So Near and yet So Far: Distance-Bounding Attacks in Wireless Networks." Third European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS). September 20-21, 2006: Hamburg, Germany.
Clulow, J. and Moore, T.
"Suicide for the Common Good: a New Strategy for Credential Revocation in Self-Organizing Systems." In ACM SIGOPS Operating Systems Reviews, volume 40, no. 3, July 2006.
Anderson R., Bond M., Clulow J., and Skorobogatov S.
"Cryptographic Processors -- A Survey" , In Proceedings of the IEEE, Volume 94, Issue 2, IEEE, 2006, pp. 357–369.
Adida, B., Bond, M., Clulow, J., Lin, A., Murdoch, S., Anderson, R., and Rivest, R.
"Phish and Chips (Traditional and New Recipes for Attacking EMV)." Security Protocols, 14th International Workshop, Cambridge, England, March 27–29 , 2006.
Danezis G., and Clulow J.
"Compulsion Resistant Anonymous Communications" 7th Information Hiding Workshop, Barcelona, Spain, June 6-8, 2005.
Bond, M. and Clulow, J.
"Encrypted? Randomised? Compromised? (When Cryptographically Secured Data is Not Secure.)" , Cryptographic Algorithms and Their Uses, Eracom Workshop 2004, Queensland, Australia.
Bond, M. and Clulow, J.
"Extending Security Protocol Analysis: New Challenges" , Automated Reasoning and Security Protocols Analysis 2004, Cork, Ireland.
Clulow, J.S.
"On the Security of PKCS#11", CHES 2003, LNCS 2779, 2003. (Pdf, Zipped Pdf , ppt)
Clulow, J.S.
"The Design and Analysis of Cryptographic APIs for Security Devices", M.Sc. Dissertation, University of Natal, Durban, South Africa, 2003. (<Pdf,Zipped Pdf). Supervisor: Prof. H. C. Swart.
The dissertation covers materials from a number of technical reports I’ve authored previously while in the employ of Prism, including:

Clulow, J.S. "PIN Recovery Attacks", Technical Report 0520 00296, October 2001. Revised October 2002.

Clulow, J.S. "Related Key Attacks against Symmetric Ciphers and Security APIs", Technical Report 0520 00297, 2001. Revised October 2002.

Clulow, J.S. "Vulnerabilities in Financial Crypto Transaction Sets", Technical Report 0520 00298, 2001. Revised October 2002.
Clulow, J.S.
"I Know Your PIN, RSA Europe, 2003. ( Ppt, Zipped Ppt )

Current Research Proposal

The significance of security devices that protect the numerous transactions, which take place in today's distributed virtual environment, cannot be underestimated. The importance of such devices will increase as our society continues to evolve into a cashless electronic society. There has been a transformation of the traditional security analysis from one focused on mathematical primitives and physical engineering solutions to a holistic approach that seeks to protect against subtle interactions between the cryptographic, logical and physical aspects of such devices that can collude to compromise the security thereof. In the above setting and in a continuation of my own previous work, I propose to further investigate the electronic interface to security devices (i.e. the application programming interface or API) as a source of vulnerabilities. In particular, I would like to the extend this work from the retail financial security arena to the developing field of digital rights management (DRM) and 'trusted computing' (TCPA) and join the attempt to develop formal methods for analysis. As one of the earliest electronic security products, I believe that retail financial security devices can provide an instructive reference and case study for the development, adoption and maturation of security related products.