Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456 Steven J. Murdoch
In my spare time, I also enjoy photography. You may be interested
in my
photo collection.
My research interests include:
Side-channels, covert channels, watermarking and steganography
Operating system and network security
Data collection and visualisation techniques
Software engineering, maintainability and reverse-engineering
Cryptography and security protocols
Distributed databases, filesystems and versioning
Smartcards and financial security
Privacy, anonymity and traffic analysis
Structured information formats (XML, SGML, LDAP, etc.) and markup languages
Physical security and optical document security
News and Updates
23 July 2008
The slides and paper for “Metrics for Security and Performance in
Low-Latency Anonymity Systems”, presented at the 2008 Privacy
Enhancing Technologies Symposium, are now
available.
18 May 2008
The slides and paper for “Thinking Inside the Box: System-level Failures of Tamper Proofing”, presented at the 2008 IEEE Symposium on Security and Privacy, are now available.
17 April 2008
My paper, “Hardened Stateless Session Cookies”, presented at the Cambridge Protocols Workshop 2008, is now available.
19 March 2008
My paper, “Securing Network Location Awareness with Authenticated DHCP”, presented at SecureComm 2007, is now available.
I am interested in improving the explanatory power and
typographical quality of graphical representations of data in papers I
write. To this end, I have written some functions for GNU R to produce data-rich
graphs, based on ideas presented by Edward Tufte in his book, The Visual Display
of Quantitative Information.
In the course of a different research project, I have worked with
Dallas iButtons. I dismantled two of them, and while these are
sensors, not designed to have any significant security properties, the
photos
may still be of interest.
Chip and PIN
Along with colleagues from the Security Group, I have been
investigating security aspects of the recent Chip and PIN deployment.
Our initial comments are summarised in Chip and Spin.
Since that document was published, we have been looking at issues in
PIN distribution and, in particular, the tamper-evidence of
laser-printed PIN mailers. Our Laser-printed
PIN Mailer Vulnerability Report describes some problems we found.
This document was distributed to users and manufacturers of
tamper-evident mailers in November 2004 and since then they have been
working to deploy improved products. As of August 2005 this report
is now publicly available.
Our work on "snooping" the account number and PIN over the
communication between card and terminal was featured in a program on
ARD
TV's Plusminus, by Sabina Wolf and on ITN news by Chris Choi.
There is further information about this work on our interceptor
page.
Recent printers, scanners and image manipulation software identify
images of currency, will not process the image and display an error
message linking to www.rulesforuse.org. The
detection algorithm is not disclosed, however it is possible to test
sample images as to whether they are identified as currency. This
webpage shows an initial analysis of the algorithm's properties, based
on results from the automated generation and testing of images.
In order to allow information to be easily exchanged a data format
must exist, which facilitates sharing between different applications
and different geographical locations throughout the evolution of both
the data schema and software. There are a great number of existing
solutions for this problem, each making different trade-offs and so
resulting in radically different approaches. As a first step in
exploring this area I have compiled a growing survey of general-purpose data-representation formats and markup languages.
I have done some work on developing software
for the Symbian OS, in
particular on the Sony Ericsson
P800. As part of that work I have written a brief "getting
started" guide for developing Symbian OS applications on
Windows using GCC.
Metrics for Security and Performance in Low-Latency Anonymity Systems Steven J. Murdoch, Robert N.M. Watson
In this paper we explore the tradeoffs between security and
performance in anonymity networks such as Tor. Using probability of
path compromise as a measure of security, we explore the behaviour of
various path selection algorithms with a Tor path simulator. We
demonstrate
that assumptions about the relative expense of IP addresses and
cheapness of bandwidth break down if attackers are allowed to purchase
access to botnets, giving plentiful IP addresses, but each with
relatively
poor symmetric bandwidth. We further propose that the expected latency
of data sent through a network is a useful performance metric,
show how it may be calculated, and demonstrate the counter-intuitive
result that Tor's current path selection scheme, designed for
performance,
both performs well and is good for anonymity in the presence of a
botnet based
adversary. 8th Privacy Enhancing
Technologies Symposium (PETS 2008), Leuven, Belgium, 23–25 July 2008.
[ paper (PDF 613K) |
slides (PDF 2.1M) ]
Thinking Inside the Box: System-level Failures of Tamper Proofing Saar Drimer, Steven J. Murdoch, Ross Anderson
PIN entry devices (PEDs) are critical security components
in EMV smartcard payment systems as they receive
a customer's card and PIN. Their approval is subject to
an extensive suite of evaluation and certification procedures.
In this paper, we demonstrate that the tamper proofing
of PEDs is unsatisfactory, as is the certification process.
We have implemented practical low-cost attacks on
two certified, widely-deployed PEDs – the Ingenico i3300
and the Dione Xtreme. By tapping inadequately protected
smartcard communications, an attacker with basic technical
skills can expose card details and PINs, leaving cardholders
open to fraud. We analyze the anti-tampering mechanisms
of the two PEDs and show that, while the specific
protection measures mostly work as intended, critical vulnerabilities
arise because of the poor integration of cryptographic,
physical and procedural protection. As these
vulnerabilities illustrate a systematic failure in the design
process, we propose a methodology for doing it better in
the future. These failures also demonstrate a serious problem
with the Common Criteria. So we discuss the incentive
structures of the certification process, and show how they
can lead to problems of the kind we identified. Finally, we
recommend changes to the Common Criteria framework in
light of the lessons learned. 2008 IEEE Symposium on Security and Privacy
, Oakland, CA, US, 18–21 May 2008.
[ paper (PDF 1.2M) |
slides (PDF 4.0M) |
extended technical report – UCAM-CL-TR-711 (PDF 5.4M) |
further information – videos, letters from vendors, FAQ ]
Hardened Stateless Session Cookies Steven J. Murdoch
Stateless session cookies allow web applications to alter their behaviour based on user preferences and access rights, without maintaining server-side state for each session.
This is desirable because it reduces the impact of denial of service attacks and eases database replication issues in load-balanced environments.
The security of existing session cookie proposals depends on the server protecting the secrecy of a symmetric key, which for engineering reasons is usually stored in a database, and thus at risk of accidental leakage or disclosure via application vulnerabilities.
In this paper we show that by including a salted iterated hash of the user password in the database, and its pre-image in a session cookie, an attacker with read access to the server is unable to spoof an authenticated session.
By extending an existing session cookie scheme, we maintain all the previous security guarantees, but also preserve security under partial compromise. Sixteenth International Workshop on Security Protocols, Cambridge,
UK, 16–18 April 2008.
[ paper (PDF 137K) |
slides (PDF 247K) ]
Shifting Borders Steven J. Murdoch, Ross Anderson
In A Declaration of the Independence of Cyberspace, John Perry Barlow called
for communities built around the Internet to be independent of national governments
and borders: a Utopian ideal that has failed to materialise. The Internet
does have borders, for similar reasons that national boundaries exist:
they ease administration, permit collective defence and can be founded in
culture.
While it is true that Internet borders do not have to be the same as political
boundaries, the two have naturally mirrored each other. This is hardly
a surprise since the Internet was built on the infrastructure of telecommunications
companies, often controlled or regulated by nation states. Index on Censorship (DOI link), Volume 36, Issue 4, pages 156–159, November 2007.
[ article (PDF 63K) ]
Covert channel vulnerabilities in anonymity systems (PhD thesis) Steven J. Murdoch
The spread of wide-scale Internet surveillance has spurred interest in anonymity systems that protect users' privacy by restricting unauthorised access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I apply previous research on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way. This thesis demonstrates how theoretical models and generic methodologies relating to covert channels may be applied to find practical solutions to problems in real-world anonymity systems. These findings confirm the existing hypothesis that covert channel analysis, vulnerabilities and defences developed for multilevel secure systems apply equally well to anonymity systems. Technical
Report UCAM-CL-TR-706, University of Cambridge, Computer
Laboratory, December 2007.
[ thesis
(PDF 1.8M) ]
Awarded prize for best PhD thesis by ERCIM security and trust
management working group.
Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Saar Drimer, Steven J. Murdoch
Modern smartcards, capable of sophisticated cryptography,
provide a high assurance of tamper resistance and
are thus commonly used in payment applications. Although
extracting secrets out of smartcards requires resources
beyond the means of many would-be thieves,
the manner in which they are used can be exploited for
fraud. Cardholders authorize financial transactions by
presenting the card and disclosing a PIN to a terminal
without any assurance as to the amount being charged
or who is to be paid, and have no means of discerning
whether the terminal is authentic or not. Even the most
advanced smartcards cannot protect customers from being
defrauded by the simple relaying of data from one
location to another. We describe the development of
such an attack, and show results from live experiments
on the UK's EMV implementation, Chip & PIN. We discuss
previously proposed defences, and show that these
cannot provide the required security assurances. A new
defence based on a distance bounding protocol is described
and implemented, which requires only modest
alterations to current hardware and software. As far as
we are aware, this is the first complete design and implementation
of a secure distance bounding protocol. Future
smartcard generations could use this design to provide
cost-effective resistance to relay attacks, which are a
genuine threat to deployed applications. We also discuss
the security-economics impact to customers of enhanced
authentication mechanisms. 16th USENIX Security Symposium, Boston, MA,
USA, 6–10 August 2007.
[ paper (PDF 967K) ]
Securing Network Location Awareness with Authenticated DHCP
Tuomas Aura, Michael Roe, Steven J. Murdoch
Network location awareness (NLA) enables mobile
computers to recognize home, work and public networks and wireless
hotspots and to behave differently at different locations. The location
information is used to change security settings such as firewall rules.
Current NLA mechanisms, however, do not provide authenticated
location information on all networks. This paper describes a novel
mechanism, based on public-key authentication of DHCP servers, for
securing NLA at home networks and wireless hotspots. The main
contributions of the paper are the requirements analysis, a naming
and authorization scheme for network locations, and the extremely
simple protocol design. The mobile computer can remember and
recognize previously visited networks securely even when there is no
PKI available. This is critical because we do not expect the majority
of small networks to obtain public-key certificates. The protocol also
allows a network administrator to pool multiple, heterogeneous
access links, such as a campus network, to one logical network
identity. Another major requirement for the protocol was that it must
not leak information about the mobile host's identity or affiliation.
The authenticated location information can be used to minimize
attack surface on the mobile host by making security-policy
exceptions specific to a network location. 3rd International Conference on Security and Privacy in Communication Networks (SecureComm), Nice, France, 17–20 September 2007.
[ paper (PDF 145K) ]
Sampled Traffic Analysis by
Internet-Exchange-Level Adversaries Steven J. Murdoch, Piotr
ZieliĆski
Existing low-latency anonymity networks are vulnerable to traffic
analysis, so location diversity of nodes is essential to defend
against attacks. Previous work has shown that simply ensuring
geographical diversity of nodes does not resist, and in some cases
exacerbates, the risk of traffic analysis by ISPs. Ensuring high
autonomous-system (AS) diversity can resist this weakness. However,
ISPs commonly connect to many other ISPs in a single location, known
as an Internet eXchange (IX). This paper shows that IXes are a single
point where traffic analysis can be performed. We examine to what
extent this is true, through a case study of Tor nodes in the UK.
Also, some IXes sample packets flowing through them for performance
analysis reasons, and this data could be exploited to de-anonymize
traffic. We then develop and evaluate Bayesian traffic analysis
techniques capable of processing this sampled data. 7th Workshop on
Privacy Enhancing Technologies, Ottawa,
Canada, 20–22 June 2007.
[ paper (PDF 1.5M) |
slides (PDF 2.9M) ]
Hot or Not: Revealing Hidden Services by their Clock
Skew Steven J. Murdoch
Location-hidden services, as offered by anonymity systems such as Tor,
allow servers to be operated under a pseudonym. As Tor is an overlay
network, servers hosting hidden services are accessible both directly
and over the anonymous channel. Traffic patterns through one channel
have observable effects on the other, thus allowing a service's
pseudonymous identity and IP address to be linked. One proposed
solution to this vulnerability is for Tor nodes to provide fixed
quality of service to each connection, regardless of other traffic,
thus reducing capacity but resisting such interference
attacks. However, even if each connection does not influence the
others, total throughput would still affect the load on the CPU, and
thus its heat output. Unfortunately for anonymity, the result of
temperature on clock skew can be remotely detected through observing
timestamps. This attack works because existing abstract models of
anonymity-network nodes do not take into account the inevitable
imperfections of the hardware they run on. Furthermore, we suggest the
same technique could be exploited as a classical covert channel and
can even provide geolocation. 13th ACM Conference on
Computer and Communications Security (CCS), Alexandria, Virginia,
USA, 30 October–3 November 2006.
[ paper (PDF 1.5M) |
slides (PDF 5.2M) | code ]
Also presented at NoVA Sec, 2 November 2006.
Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch,
Robert N. M. Watson
The so-called "Great Firewall of China" operates, in part, by
inspecting TCP packets for keywords that are to be blocked. If the
keyword is present, TCP reset packets (viz: with the RST flag set) are
sent to both endpoints of the connection, which then close. However,
because the original packets are passed through the firewall
unscathed, if the endpoints completely ignore the firewall's resets,
then the connection will proceed unhindered. Once one connection has
been blocked, the firewall makes further easy-to-evade attempts to
block further connections from the same machine. This latter behaviour
can be leveraged into a denial-of-service attack on third-party
machines. 6th Workshop on Privacy
Enhancing Technologies, Cambridge, England, 28–30 June 2006.
[ paper (PDF 267K) ]
Published in LNCS 4258, Springer-Verlag.
Message Splitting Against the Partial
Adversary Andrei Serjantov, Steven J. Murdoch
We review threat models used in the evaluation of anonymity systems'
vulnerability to traffic analysis. We then suggest that, under the
partial adversary model, if multiple packets have to be sent through
these systems, more anonymity can be achieved if senders route the
packets via different paths. This is in contrast to the normal
technique of using the same path for them all. We comment on the
implications of this for message-based and connection-based
anonymity systems. We then proceed to examine the only remaining
traffic analysis attack -- one which considers the entire system as
a black box. We show that it is more difficult to execute than the
literature suggests, and attempt to empirically estimate the
parameters of the Mixmaster and the Mixminion systems needed in
order to successfully execute the attack. 5th Workshop on Privacy Enhancing Technologies, Dubrovnik
(Cavtat), Croatia, 30 May–1 June 2005.
[ paper (PDF 639K) | data ]
Published in LNCS 3856, Springer-Verlag.
Embedding Covert Channels into TCP/IP Steven J. Murdoch, Stephen Lewis
It is commonly believed that steganography within TCP/IP is easily
achieved by embedding data in header fields seemingly filled with
“random” data, such as the IP identifier, TCP initial
sequence number or the least significant bit of the TCP timestamp.
We show that this is not the case; these fields naturally exhibit
sufficient structure and non-uniformity to be efficiently and
reliably differentiated from unmodified ciphertext. Previous work
on TCP/IP steganography does not take this into account and, by
examining TCP/IP specifications and open source implementations, we
have developed tests to detect the use of naïve embedding.
Finally, we describe reversible transforms that map block cipher
output into TCP ISNs, indistinguishable from those generated by
Linux and OpenBSD. The techniques used can be extended to other
operating systems. A message can thus be hidden in such a way that
an attacker cannot demonstrate its existence without knowledge of a
secret key. 7th Information Hiding Workshop, Barcelona, Catalonia (Spain), 6–8 June 2005.
[ paper (PDF 262K) ]
Published in LNCS 3727, Springer-Verlag.
Low-Cost Traffic Analysis of Tor Steven J. Murdoch, George Danezis
Tor is the second generation Onion Router, supporting the anonymous
transport of TCP streams over the Internet. Its low latency makes
it very suitable for common tasks, such as web browsing, but
insecure against traffic analysis attacks by a global passive
adversary. We present new traffic analysis techniques that allow
adversaries with only a partial view of the network to infer which
nodes are being used to relay the anonymous streams and therefore
greatly reduce the anonymity provided by Tor. Furthermore, we show
that otherwise unrelated streams can be linked back to the same
initiator. Our attack is feasible for the adversary anticipated by
the Tor designers. Our theoretical attacks are backed up by
experiments performed on the deployed, albeit experimental, Tor
network. Our techniques should also be applicable to any low latency
anonymous network. These attacks highlight the relationship between
the field of traffic analysis and more traditional computer security
issues, such as covert channel analysis. Our research also
highlights that the inability to directly observe network links does
not prevent an attacker from performing traffic analysis: the
adversary can use the anonymising network as an oracle to infer the
traffic load on remote nodes in order to perform traffic analysis. 2005 IEEE
Symposium on Security and Privacy, Oakland, California, USA, May 8
– 11, 2005.
[ paper (PDF 364K) | code ] Nominated
for the 2006 PET workshop award for outstanding Research in Privacy Enhancing Technologies.
Unwrapping the Chrysalis Mike Bond, Daniel Cvrcek, Steven J.Murdoch
We describe our experiences reverse engineering the
Chrysalis-ITS Luna CA3 a PKCS#11 compliant cryptographic
token. Emissions analysis and security API attacks are viewed by
many to be simpler and more efficient than a direct attack on an
HSM. But how difficult is it to actually "go in the front door"?
We describe how we unpicked the CA3 internal architecture and
abused its low-level API to impersonate a CA3 token in its
cloning protocol – and extract PKCS#11 private keys in the
clear. We quantify the effort involved in developing and
applying the skills necessary for such a reverse-engineering
attack. In the process, we discover that the Luna CA3 has far
more undocumented code and functionality than is revealed to the
end-user. Technical
Report UCAM-CL-TR-592, University of Cambridge, Computer
Laboratory, June 2004.
[ paper (PDF 344K) |
source code (85K) ]
Also published in Czech as Bezpen hardware, kter nen zase tak bezpe in Data Security Management Rok 8, Cislo 5/2004, strany 44–47 and Reverse-engineering kryptografickho modulu in Crypto-World Rok 6, Cislo 9/2004, strany 8–14.
Covert Channels for Collusion in Online Computer Games Steven J. Murdoch, Piotr Zielinski
Collusion between partners in Contract Bridge is an oft-used example
in cryptography papers and an interesting topic for the development
of covert channels. In this paper, a different type of collusion is
discussed, where the parties colluding are not part of one team, but
instead are multiple independent players, acting together in order
to achieve a result that none of them are capable of achieving by
themselves. Potential advantages and defences against collusion are
discussed. Techniques designed for low-probability-of-intercept
spread spectrum radio and multilevel secure systems are also applied
in developing covert channels suitable for use in games. An example
is given where these techniques were successfully applied in
practice, in order to win an online programming competition.
Finally, suggestions for further work are explored, including
exploiting similarities between competition design and the
optimisation of voting systems. 6th Information Hiding Workshop, Toronto, Ontario, Canada, 23–25 May 2004.
[ paper (PDF 178K) |
slides (PDF 477K) ]
Published in LNCS 3200, Springer-Verlag.
Compounds: a Next-Generation Hierarchical Data Model Markus G. Kuhn, Steven J. Murdoch, Piotr Zielinski
Compounds provide a simple, flexible, hierarchical data model that
unifies the advantages of XML and file systems. We originally designed
it for Project
Dendros, our distributed, revision-controlled storage system that
aims to fully separate the control over data from its storage
location. Compounds also provide an excellent extensible and
general-purpose data format. A processing framework based on stackable
filters allowed us to add rich functionality in a highly
modular manner, including access control, compression, encryption,
serialization, querying, transformation, remote access, and revision
control. Microsoft
Research Academic Days, Dublin, Ireland, 13–16 April 2004.
[ poster
(PDF 185K) ]
Talks
Relay attacks on card payment:
vulnerabilities and defences Saar Drimer, Steven J. Murdoch
Relay attacks allow criminals to use credit or debit cards for
fraudulent transactions, completely bypassing protections in today's
electronic payment systems. This talk will show how using easily
available electronics, it is possible to carry out such attacks. Also,
we will describe techniques for improving payment systems in order to
close this vulnerability.
The UK, like many other countries, has moved from comparatively
insecure magnetic stripe cards to smartcards, for electronic payment.
These smartcards, capable of sophisticated cryptography, provide a
high assurance of tamper resistance and while implementation standards
varies, have the potential to provide good security. Although
extracting secrets out of smartcards requires resources beyond the
means of many would-be thieves, the manner in which they are used can
still be exploited for fraud.
Cardholders authorize financial transactions by presenting the card
and disclosing a PIN to a terminal without any assurance as to the
amount being charged or who is to be paid, and have no means of
discerning whether the terminal is authentic or not. Even the most
advanced smartcards cannot protect customers from being defrauded by
the simple relaying of data from one location to another. We describe
the development of such an attack, and show results from live
experiments on the UK's EMV implementation, Chip & PIN. We discuss
previously proposed defences, and show that these cannot provide the
required security assurances. A new defence is described and
implemented, which requires only modest alterations to current
hardware and software. This allows payment terminals to securely
establish a maximum distance bound between itself and the legitimate
card. As far as we are aware, this is the first complete design and
implementation of a secure distance bounding protocol. Future
smartcard generations could use this design to provide cost-effective
resistance to relay attacks, which are a genuine threat to deployed
applications. 24th Chaos
Communication Congress, Berlin, Germany, 27–30 December
2007.
[ slides (PDF 9.6M) |
video
(Matroska 105M) |
related paper (PDF 967K) ]
Hot or Not: Fingerprinting hosts through clock skew Steven J. Murdoch, Sebastian Zander
Every computer has a unique clock skew, even ones of the same model, so this acts as a fingerprint.
Even if that computer moves location and changes ISP, it can be later identified through this phenomenon.
By collecting TCP timestamps or sequence numbers, clock skew can be accurately remotely measured.
In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computer's environment, which has wide-scale implications on security and privacy.
Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the same location, or even are virtual machines on one server.
The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries.
The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system.
Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide.
The talk will also present a separate illustration of the temperature covert channel technique, such as investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary. Invited talk, EuroBSDCon 2007, Copenhagen, Denmark 14–15 September 2007.
[ slides (PDF 6.1M) | video (AVI 235M) ]
Experiences as an e-counting election observer in the UK Steven J. Murdoch
In May 2007, I acted as an election observer during the e-counting
trials in the UK, on behalf of the Open Rights
Group (ORG). This talk summarizes the ORG report
and I add a few personal observations. Workshop on
Trustworthy Elections, Ottawa, Canada, 20–21 June 2007.
[ slides (195K) ]
EMV flaws and fixes: vulnerabilities
in smart card payment systems Steven J. Murdoch
The EMV protocol suite, used for smart card based payments worldwide,
was devised in 1993, and has been revised a number of times to fix
flaws and adapt to new threats. Despite this long heritage there
remains several vulnerabilities, some in the EMV protocol itself,
others as a result of how it has been deployed and yet more when smart
card based payments are considered as part of the wider financial
landscape. This talk will describe the EMV protocol both in the
abstract and as a concrete implementation. Examples of flaws will be
given, as well as mitigation techniques. Particular emphasis will be
put on defences which respect existing implementation and business
restrictions, so making their deployment more likely than conventional
protocol fixes. COSIC
Seminar, K.U. Leuven, Belgium, 11 June 2007.
[ slides (PDF 1.4M) ]
Detecting temperature through clock skew – Hot or Not: Defeating anonymity by monitoring clock skew to remotely detect the temperature of a PC Steven J. Murdoch
The end of my 22C3 talk showed how a side effect of TCP/IP steganography detection was to precisely measure the error of a computers system clock (skew). This talk will review and expand on that material, showing the various other mechanisms for monitoring clock skew and discussing the tradeoffs involved. Because every computer has a unique clock skew, even ones of the same model, this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries. The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide. The talk will also present a separate illustration of the temperature covert channel technique, investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary. 23rd Chaos Communication Congress, Berlin, Germany, 27–30 December 2006.
[ slides (PDF 5.6M) | code | related paper (PDF 1.5M) ]
Censorship resistant technologies Steven J. Murdoch
A growing number of countries and non-state entities are deploying
mechanisms to block content and services on the Internet. Motivations
include maintaining moral values and public order, reducing political
dissent, constraining freedom of expression and practice of religion,
as well as enforcing compliance with local laws. This talk will
describe the systems which implement such blocking, both technological
and social. It will then look at censorship circumvention methods,
the effectiveness of these techniques, and future directions for
research. Horizon seminar: Risk, Threat & Detection, Cambridge, UK, 5 December 2006.
[ slides (PDF 1.9M) ]
Out of Character: Are the Chinese Creating a Second Internet? Steven J. Murdoch
In February 2006, China announced that they had added three new
Chinese script top level domains (TLDs) augment the existing
country code (e.g. .uk, .cn) and global (e.g. .com, .org) TLDs. Not
only was this the first deployment of internationalised TLDs, but
China also bypassed the conventional, but much criticised,
international agreement process. This talk will describe the
organisational structure of the domain name system (DNS), how the
Chinese additions fit into this and discuss their potential impact. Inter-Disciplinary China Studies Forum workshop: China in the UK, Cambridge, UK, 24 June 2006.
[ slides (PDF 334K) ]
Covert channels in TCP/IP: attack and defence Steven J. Murdoch, Stephen Lewis
This talk shows how idiosyncrasies in TCP/IP implementations can be
used to reveal the use of several steganography schemes, and how they
can be fixed. The analysis can even be extended to remotely identify
the physical machine being used, through extracting clock skew. 22nd Chaos
Communication Congress, Berlin, Germany, 27
– 30 December 2005.
[ slides (PDF 878K) | related paper (PDF 262K) ]
The Convergence of Anti-Counterfeiting and Computer Security Steven J. Murdoch, Ben Laurie
This talk examines the similarities between computer security and
optical document security. Also we describe our work on reverse
engineering anti-counterfeiting measures, included in much modern
graphics software, and discuss its impact on Open Source. 21st Chaos
Communication Congress, Berlin, Germany, 27
– 29 December 2004. Also presented at the Security
Group Seminar, Computer Laboratory, University of Cambridge, 15
February 2005.
[ slides (PDF 1.4M) ]
Hidden Data in Internet Published Documents Steven J. Murdoch, Maximillian Dornseif
Many files are being published on the Internet which hold unexpected
(and potentially embarrassing) data. We examine different cases of
hidden data in file formats (including Word, PDF and JPEG) and show
examples of these from a crawl of the Internet. 21st Chaos
Communication Congress, Berlin, Germany, 27 – 29 December 2004
[ slides, source code and demonstration ]
Software Detection of Currency Steven J. Murdoch
This talk was presented at the rump session of the 2004 Information
Hiding Workshop on some initial results from my experiments with the currency
detection feature in recent printers, scanners and image manipulation
software. 6th
Information Hiding Workshop, Toronto, Ontario, Canada 23–25 May 2004.
[ slides (PDF 1.4M) ]
Collusion in Online Competitions Using Covert Channels Steven J. Murdoch
How collusion in games can be achieved when no conventional
communication channel exists and what implications collusion can have
on a player's rankings. Also how these techniques were successfully
applied in a real life Connect-4 programming competition. Inference
Group meeting, Cavendish Laboratory, University of Cambridge, 2
July 2003.
[ slides (PDF 267K) ]
Security-Enhanced Linux (SE Linux) Steven J. Murdoch
Introduction to SE Linux, its policy structure, architecture and an example of how it can reduce the impact of security bugs.
See the SE Linux homepage for downloads and more information. Also the talk by Russell Coker on SE Linux which was given at the Computer Laboratory (abstract) may be of interest. Security Group meeting, Computer Laboratory, University of Cambridge, 29 November 2002.
[ slides (PDF 79K) ]
Miscellaneous
OpenID protocol diagram Steven J. Murdoch
I found that the OpenID
specifications did not give a clear overview of the
protocol message flow. So I produced a protocol diagram, which summarises
the roles of the various parties, messages sent between them and their
important components. Not all details are covered, and only the normal
protocol traces are considered so it certainly should not be considered
as an alternative to the specification, but I hope it will provide
some clarification.
[ protocol diagram (PDF 68K) ]
Contact Details
email (preferred):
Steven.Murdoch at cl.cam.ac.uk
To send me encrypted email see my PGP keys page.
post:
Steven J. Murdoch
University of Cambridge
Computer Laboratory
15 JJ Thomson Avenue
Cambridge
CB3 0FD
United Kingdom
Note for search engines: My name is commonly misspelt as Steve Murdoch, Steve J. Murdoch, Stephen Murdoch, Stephen J. Murdoch, even sjm217 and sjmurdoch. I haven't seen anyone try 9803674m or murdocsj, which were my identifiers at the University of Glasgow, but in principle they might.