Publications

• Optimised to fail: Card readers for online banking
  Saar Drimer, Steven J. Murdoch, Ross Anderson
  The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer's debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous weaknesses that are due to design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm.
  Financial Cryptography and Data Security, Rockley, Barbados, 23–26 February 2009. [ paper | slides ]
• An Improved Clock-skew Measurement Technique for Revealing Hidden Services
  Sebastian Zander, Steven J. Murdoch
  The Tor anonymisation network allows services, such as web servers, to be operated under a pseudonym. In previous work Murdoch described a novel attack to reveal such hidden services by correlating clock skew changes with times of increased load, and hence temperature. Clock skew measurement suffers from two main sources of noise: network jitter and timestamp quantisation error. Depending on the target’s clock frequency the quantisation noise can be orders of magnitude larger than the noise caused by typical network jitter. Quantisation noise limits the previous attacks to situations where a high frequency clock is available. It has been hypothesised that by synchronising measurements to the clock ticks, quantisation noise can be reduced. We show how such synchronisation can be achieved and maintained, despite network jitter. Our experiments show that synchronised sampling significantly reduces the quantisation error and the remaining noise only depends on the network jitter (but not clock frequency). Our improved skew estimates are up to two magnitudes more accurate for low-resolution timestamps and up to one magnitude more accurate for high-resolution timestamps, when compared to previous random sampling techniques. The improved accuracy not only allows previous attacks to be executed faster and with less network traffic but also opens the door to previously infeasible attacks on low-resolution clocks, including measuring skew of a HTTP server over the anonymous channel.
  17th USENIX Security Symposium, San Jose, CA, USA, 28 July–01 August 2008. [ paper | slides ]
• Tools and Technology of Internet Filtering
  Steven J. Murdoch, Ross Anderson
  In 2008 the OpenNet Initiative published the results of their survey of global Internet filtering. This chapter gives an introduction to the concepts and technologies needed to better appreciate the results presented in the rest of the book. A short Internet primer is followed with a description of the different approaches to filtering, and their various advantages and disadvantages. Finally the role of filtering within a more general censorship regime is discussed.
  The full text of the other introductory chapters are available on the book website. Also available are the results of the survey itself.
  In Access Denied: The Practice and Policy of Global Internet Filtering, Ronald Deibert, John Palfrey, Rafal Rohozinski, Jonathan Zittrain, eds., (Cambridge: MIT Press), 2008. [ chapter ]
• Metrics for Security and Performance in Low-Latency Anonymity Systems
  Steven J. Murdoch, Robert N.M. Watson
  In this paper we explore the tradeoffs between security and performance in anonymity networks such as Tor. Using probability of path compromise as a measure of security, we explore the behaviour of various path selection algorithms with a Tor path simulator. We demonstrate that assumptions about the relative expense of IP addresses and cheapness of bandwidth break down if attackers are allowed to purchase access to botnets, giving plentiful IP addresses, but each with relatively poor symmetric bandwidth. We further propose that the expected latency of data sent through a network is a useful performance metric, show how it may be calculated, and demonstrate the counter-intuitive result that Tor's current path selection scheme, designed for performance, both performs well and is good for anonymity in the presence of a botnet based adversary.
  8th Privacy Enhancing Technologies Symposium (PETS 2008), Leuven, Belgium, 23–25 July 2008. [ paper | slides ]
• On the Origins of a Thesis
  Steven J. Murdoch
  A PhD thesis typically reads as an idealised narrative: how would the author perform their research had the results and conclusions been known in advance. This rarely occurs in practice. Failed experiments, unexpected results, and new collaborations frequently change the course of research. This paper describes the course of my thesis, and how its initial topic of distributed databases changed to covert channels, then anonymity, before eventually settling on links between the two. This illustrates concrete benefits from informal interactions, low-overhead collaboration, and flexibility of research project plans.
  International Workshop on Security and Trust Management (keynote), Trondheim, Norway, 16–17 June 2008. Published in Electronic Notes in Theoretical Computer Science, Elsevier (to appear). [ paper | slides ]
• Thinking Inside the Box: System-level Failures of Tamper Proofing
  Saar Drimer, Steven J. Murdoch, Ross Anderson
  PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. We have implemented practical low-cost attacks on two certified, widely-deployed PEDs – the Ingenico i3300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. We analyze the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection. As these vulnerabilities illustrate a systematic failure in the design process, we propose a methodology for doing it better in the future. These failures also demonstrate a serious problem with the Common Criteria. So we discuss the incentive structures of the certification process, and show how they can lead to problems of the kind we identified. Finally, we recommend changes to the Common Criteria framework in light of the lessons learned.
  2008 IEEE Symposium on Security and Privacy, Oakland, CA, US, 18–21 May 2008. Awarded outstanding paper award by IEEE Security & Privacy Magazine. [ paper | slides | extended technical report – UCAM-CL-TR-711 | further information – videos, letters from vendors, FAQ ]
• Hardened Stateless Session Cookies
  Steven J. Murdoch
  Stateless session cookies allow web applications to alter their behaviour based on user preferences and access rights, without maintaining server-side state for each session. This is desirable because it reduces the impact of denial of service attacks and eases database replication issues in load-balanced environments. The security of existing session cookie proposals depends on the server protecting the secrecy of a symmetric key, which for engineering reasons is usually stored in a database, and thus at risk of accidental leakage or disclosure via application vulnerabilities. In this paper we show that by including a salted iterated hash of the user password in the database, and its pre-image in a session cookie, an attacker with read access to the server is unable to spoof an authenticated session. By extending an existing session cookie scheme, we maintain all the previous security guarantees, but also preserve security under partial compromise.
  Sixteenth International Workshop on Security Protocols, Cambridge, UK, 16–18 April 2008. [ paper | slides ]
• Shifting Borders
  Steven J. Murdoch, Ross Anderson
  In A Declaration of the Independence of Cyberspace, John Perry Barlow called for communities built around the Internet to be independent of national governments and borders: a Utopian ideal that has failed to materialise. The Internet does have borders, for similar reasons that national boundaries exist: they ease administration, permit collective defence and can be founded in culture.
  While it is true that Internet borders do not have to be the same as political boundaries, the two have naturally mirrored each other. This is hardly a surprise since the Internet was built on the infrastructure of telecommunications companies, often controlled or regulated by nation states.
  Index on Censorship, Volume 36, Issue 4, pages 156–159, November 2007. [ article | DOI link ]
• Covert channel vulnerabilities in anonymity systems
  Steven J. Murdoch
  The spread of wide-scale Internet surveillance has spurred interest in anonymity systems that protect users' privacy by restricting unauthorised access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I apply previous research on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way. This thesis demonstrates how theoretical models and generic methodologies relating to covert channels may be applied to find practical solutions to problems in real-world anonymity systems. These findings confirm the existing hypothesis that covert channel analysis, vulnerabilities and defences developed for multilevel secure systems apply equally well to anonymity systems.
  PhD thesis, Technical Report UCAM-CL-TR-706, University of Cambridge, Computer Laboratory, December 2007. Awarded prize for best PhD thesis by ERCIM security and trust management working group. [ thesis ]
• Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks
  Saar Drimer, Steven J. Murdoch
  Modern smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and are thus commonly used in payment applications. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can be exploited for fraud. Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence based on a distance bounding protocol is described and implemented, which requires only modest alterations to current hardware and software. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications. We also discuss the security-economics impact to customers of enhanced authentication mechanisms.
  16th USENIX Security Symposium, Boston, MA, USA, 06–10 August 2007. Awarded prize for best student paper at USENIX Security 2007. [ paper ]
• Securing Network Location Awareness with Authenticated DHCP
  Tuomas Aura, Michael Roe, Steven J. Murdoch
  Network location awareness (NLA) enables mobile computers to recognize home, work and public networks and wireless hotspots and to behave differently at different locations. The location information is used to change security settings such as firewall rules. Current NLA mechanisms, however, do not provide authenticated location information on all networks. This paper describes a novel mechanism, based on public-key authentication of DHCP servers, for securing NLA at home networks and wireless hotspots. The main contributions of the paper are the requirements analysis, a naming and authorization scheme for network locations, and the extremely simple protocol design. The mobile computer can remember and recognize previously visited networks securely even when there is no PKI available. This is critical because we do not expect the majority of small networks to obtain public-key certificates. The protocol also allows a network administrator to pool multiple, heterogeneous access links, such as a campus network, to one logical network identity. Another major requirement for the protocol was that it must not leak information about the mobile host's identity or affiliation. The authenticated location information can be used to minimize attack surface on the mobile host by making security-policy exceptions specific to a network location.
  3rd International Conference on Security and Privacy in Communication Networks (SecureComm), Nice, France, 17–20 September 2007. [ paper ]
• Dynamic Host Configuration Protocol
  Tuomas Aura, Michael Roe, Steven J. Murdoch
  Dynamic host configuration protocol (DHCP) is extended in order to assist with secure network location awareness. In an embodiment a DHCP client receives a signed DHCP response message from a DHCP server, the signed message comprising at least a certificate chain having a public key. In that embodiment the DHCP client validates the certificate chain and verifies the signature of the signed message. If this is successful the DHCP client accesses stored settings for use with the server. The stored settings are accessed at least using information about the public key. In some embodiments signed DHCPOFFER messages and signed DHCPACK messages are used. In another embodiment the signed DHCP message comprises a location identifier which is, for example, a domain name system (DNS) suffix of a DHCP server.
  United States Patent Application, US 2009/0070474 A1, 12 September 2007. [ paper ]
• Secure Network Location Awareness
  Tuomas Aura, Michael Roe, Steven J. Murdoch
  Secure network location awareness is provided whereby a client is able to use appropriate settings when communicating with an access node of a communications network. In an embodiment a client receives a signed message from the access node, the signed message comprising at least a certificate chain having a public key. In some embodiments the certificate chain may be only a self-signed certificate and in other embodiments the certificate chain is two or more certificates in length. The client validates the certificate chain and verifies the signature of the signed message. If this is successful the client accesses stored settings for use with the access node. The stored settings are accessed at least using information about the public key. In another embodiment the signed message also comprises a location identifier which is, for example, a domain name system (DNS) suffix of the access node.
  United States Patent Application, US 2009/0070582 A1, 12 September 2007. [ paper ]
• Sampled Traffic Analysis by Internet-Exchange-Level Adversaries
  Steven J. Murdoch, Piotr Zieliński
  Existing low-latency anonymity networks are vulnerable to traffic analysis, so location diversity of nodes is essential to defend against attacks. Previous work has shown that simply ensuring geographical diversity of nodes does not resist, and in some cases exacerbates, the risk of traffic analysis by ISPs. Ensuring high autonomous-system (AS) diversity can resist this weakness. However, ISPs commonly connect to many other ISPs in a single location, known as an Internet eXchange (IX). This paper shows that IXes are a single point where traffic analysis can be performed. We examine to what extent this is true, through a case study of Tor nodes in the UK. Also, some IXes sample packets flowing through them for performance analysis reasons, and this data could be exploited to de-anonymize traffic. We then develop and evaluate Bayesian traffic analysis techniques capable of processing this sampled data.
  7th Workshop on Privacy Enhancing Technologies, Ottawa, Canada, 20–22 June 2007. Nominated for the 2008 PET workshop award for outstanding Research in Privacy Enhancing Technologies. [ paper | slides ]
• Ignoring the Great Firewall of China
  Richard Clayton, Steven J. Murdoch, Robert N.M. Watson
  The so-called "Great Firewall of China" operates, in part, by inspecting Transmission Control Protocol (TCP) packets for keywords that are to be blocked. If the keyword is present, TCP reset packets are sent to both endpoints of the connection, which then close. However, the original packets pass through the firewall unscathed. Therefore, if the endpoints completely ignore the firewall's resets, the connection will proceed unhindered and the firewall will be ineffective. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block any more connections from the same machine. This latter behaviour of the firewall can be leveraged into a denial-of-service attack on third-party machines.
  I/S: A Journal of Law and Policy for the Information Society, Volume 3, Issue 2, pages 271–296, 2007. Extended version of the PET 2006 paper. [ paper ]
• Hot or Not: Revealing Hidden Services by their Clock Skew
  Steven J. Murdoch
  Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous channel. Traffic patterns through one channel have observable effects on the other, thus allowing a service's pseudonymous identity and IP address to be linked. One proposed solution to this vulnerability is for Tor nodes to provide fixed quality of service to each connection, regardless of other traffic, thus reducing capacity but resisting such interference attacks. However, even if each connection does not influence the others, total throughput would still affect the load on the CPU, and thus its heat output. Unfortunately for anonymity, the result of temperature on clock skew can be remotely detected through observing timestamps. This attack works because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on. Furthermore, we suggest the same technique could be exploited as a classical covert channel and can even provide geolocation.
  13th ACM Conference on Computer and Communications Security (CCS), Alexandria, Virginia, USA, 30 October–03 November 2006. Also presented at NoVA Sec, 02 November 2006. [ paper | slides | code ]
• Ignoring the Great Firewall of China
  Richard Clayton, Steven J. Murdoch, Robert N.M. Watson
  The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall's resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.
  6th Workshop on Privacy Enhancing Technologies, Cambridge, England, 28–30 June 2006. Published in LNCS 4258, Springer-Verlag. [ paper ]
• Phish and Chips (Traditional and New Recipes for Attacking EMV)
  Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Steven J. Murdoch, Ross Anderson, Ronald L. Rivest
  This paper surveys existing and new security issues affecting the EMV electronic payments protocol. We first introduce a new price/effort point for the cost of deploying eavesdropping and relay attacks – a microcontroller-based interceptor costing less than $100. We look next at EMV protocol failures in the back-end security API, where we describe two new attacks based on chosen-plaintext CBC weaknesses, and on key separation failues. We then consider future modes of attack, specifically looking at combining the phenomenon of phishing (sending unsolicited messages by email, post or phone to trick users into divulging their account details) with chip card sabotage. Our proposed attacks exploit covert channels through the payments network to allow sabotaged cards to signal back their PINS. We hope these new recipes will enliven the debate about the pros and cons of Chip and PIN at both technical and commercial levels.
  Fourteenth International Workshop on Security Protocols, Cambridge, UK, 27–29 March 2006. [ paper ]
• Chip and Spin
  Ross Anderson, Mike Bond, Steven J. Murdoch
  The new UK "Chip and PIN" card payments scheme has recently gone live. It has been spun in the media so far as "a safer way to pay" and as "the biggest change to payment since decimalisation". However, the latest fraud figures show that fraud is up, not down – and the Chip and PIN scheme is being blamed. So how secure is it really? And who will benefit most from its introduction? This note briefly considers liability issues, technical shortcomings and management failures.
  Computer Security Journal, Volume 22, Issue 2, pages 1–6, 2006. First published in May 2005. [ paper ]
• Message Splitting Against the Partial Adversary
  Andrei Serjantov, Steven J. Murdoch
  We review threat models used in the evaluation of anonymity systems' vulnerability to traffic analysis. We then suggest that, under the partial adversary model, if multiple packets have to be sent through these systems, more anonymity can be achieved if senders route the packets via different paths. This is in contrast to the normal technique of using the same path for them all. We comment on the implications of this for message-based and connection-based anonymity systems. We then proceed to examine the only remaining traffic analysis attack – one which considers the entire system as a black box. We show that it is more difficult to execute than the literature suggests, and attempt to empirically estimate the parameters of the Mixmaster and the Mixminion systems needed in order to successfully execute the attack.
  5th Workshop on Privacy Enhancing Technologies, Dubrovnik (Cavtat), Croatia, 30 May–01 June 2005. Published in LNCS 3856, Springer-Verlag. [ paper | data ]
• Embedding Covert Channels into TCP/IP
  Steven J. Murdoch, Stephen Lewis
  It is commonly believed that steganography within TCP/IP is easily achieved by embedding data in header fields seemingly filled with “random” data, such as the IP identifier, TCP initial sequence number or the least significant bit of the TCP timestamp. We show that this is not the case; these fields naturally exhibit sufficient structure and non-uniformity to be efficiently and reliably differentiated from unmodified ciphertext. Previous work on TCP/IP steganography does not take this into account and, by examining TCP/IP specifications and open source implementations, we have developed tests to detect the use of naïve embedding. Finally, we describe reversible transforms that map block cipher output into TCP ISNs, indistinguishable from those generated by Linux and OpenBSD. The techniques used can be extended to other operating systems. A message can thus be hidden in such a way that an attacker cannot demonstrate its existence without knowledge of a secret key.
  7th Information Hiding Workshop, Barcelona, Catalonia (Spain), 06–08 June 2005. Published in LNCS 3727, Springer-Verlag. [ paper ]
• Low-Cost Traffic Analysis of Tor
  Steven J. Murdoch, George Danezis
  Tor is the second generation Onion Router, supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common tasks, such as web browsing, but insecure against traffic analysis attacks by a global passive adversary. We present new traffic analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor. Furthermore, we show that otherwise unrelated streams can be linked back to the same initiator. Our attack is feasible for the adversary anticipated by the Tor designers. Our theoretical attacks are backed up by experiments performed on the deployed, albeit experimental, Tor network. Our techniques should also be applicable to any low latency anonymous network. These attacks highlight the relationship between the field of traffic analysis and more traditional computer security issues, such as covert channel analysis. Our research also highlights that the inability to directly observe network links does not prevent an attacker from performing traffic analysis: the adversary can use the anonymising network as an oracle to infer the traffic load on remote nodes in order to perform traffic analysis.
  2005 IEEE Symposium on Security and Privacy, Oakland, California, USA, 08–11 May 2005. Nominated for the 2006 PET workshop award for outstanding Research in Privacy Enhancing Technologies; awarded 2006 Computer Laboratory prize for most notable paper. [ paper | code ]
• Unwrapping the Chrysalis
  Mike Bond, Daniel Cvrcek, Steven J. Murdoch
  We describe our experiences reverse engineering the Chrysalis-ITS Luna CA3 a PKCS#11 compliant cryptographic token. Emissions analysis and security API attacks are viewed by many to be simpler and more efficient than a direct attack on an HSM. But how difficult is it to actually "go in the front door"? We describe how we unpicked the CA3 internal architecture and abused its low-level API to impersonate a CA3 token in its cloning protocol – and extract PKCS#11 private keys in the clear. We quantify the effort involved in developing and applying the skills necessary for such a reverse-engineering attack. In the process, we discover that the Luna CA3 has far more undocumented code and functionality than is revealed to the end-user.
  Technical Report UCAM-CL-TR-592, University of Cambridge, Computer Laboratory, June 2004. Also published in Czech as Bezpen hardware, kter nen zase tak bezpe in Data Security Management Rok 8, Cislo 5/2004, strany 44–47 and Reverse-engineering kryptografickho modulu in Crypto-World Rok 6, Cislo 9/2004, strany 8–14. [ paper | code ]
• Covert Channels for Collusion in Online Computer Games
  Steven J. Murdoch, Piotr Zieliński
  Collusion between partners in Contract Bridge is an oft-used example in cryptography papers and an interesting topic for the development of covert channels. In this paper, a different type of collusion is discussed, where the parties colluding are not part of one team, but instead are multiple independent players, acting together in order to achieve a result that none of them are capable of achieving by themselves. Potential advantages and defences against collusion are discussed. Techniques designed for low-probability-of-intercept spread spectrum radio and multilevel secure systems are also applied in developing covert channels suitable for use in games. An example is given where these techniques were successfully applied in practice, in order to win an online programming competition. Finally, suggestions for further work are explored, including exploiting similarities between competition design and the optimisation of voting systems.
  6th Information Hiding Workshop, Toronto, Ontario, Canada, 23–25 May 2004. Published in LNCS 3200, Springer-Verlag. [ paper | slides ]
• Compounds: a Next-Generation Hierarchical Data Model
  Markus G. Kuhn, Steven J. Murdoch, Piotr Zieliński
  Compounds provide a simple, flexible, hierarchical data model that unifies the advantages of XML and file systems. We originally designed it for Project Dendros, our distributed, revision-controlled storage system that aims to fully separate the control over data from its storage location. Compounds also provide an excellent extensible and general-purpose data format. A processing framework based on stackable filters allowed us to add rich functionality in a highly modular manner, including access control, compression, encryption, serialization, querying, transformation, remote access, and revision control.
  Microsoft Research Academic Days, Dublin, Ireland, 13–16 April 2004. [ poster ]

Last modified 2009-03-31 16:20 +0100

[ Home ]