Probably not too many academic researchers can say this: some of Steven Murdoch’s research leads have arrived in unmarked envelopes. Murdoch, who has moved to UCL from the University of Cambridge, works primarily in the areas of privacy and financial security, including a rare specialty you might call “crypto for the masses”. It’s the financial security aspect that produces the plain, brown envelopes and also what may be his most satisfying work, “Trying to help individuals when they’re having trouble with huge organisations”.
Murdoch’s work has a twist: “Usability is a security requirement,” he says. As a result, besides writing research papers and appearing as an expert witness, his past includes a successful start-up. Cronto, which developed a usable authentication device, was acquired by VASCO, a market leader in authentication and is now used by banks such as Commerzbank and Rabobank.
Developing the Cronto product was, he says, an iterative process that relied on real-world testing: “In research into privacy, if you build unusable system two things will go wrong,” he says. “One, people won’t use it, so there’s a smaller crowd to hide in.” This issue affects anonymising technologies such as Mixmaster and Mixminion. “In theory they have better security than Tor but no one is using them.” And two, he says, “People make mistakes.” A non-expert user of PGP, for example, can’t always accurately identify which parts of the message are signed and which aren’t.
The start-up experience taught Murdoch how difficult it is to get an idea from research prototype to product, not least because what works in a small case study may not when deployed at scale. “Selling privacy remains difficult,” he says, noting that Cronto had an easier time than some of its forerunners since the business model called for sales to large institutions. The biggest challenge, he says, was not consumer acceptance but making a convincing case that the predicted threats would materialise and that a small company could deliver an acceptable solution.
Murdoch grew up in Milngavie, near Glasgow. He got interested in computers quite young, beginning with borrowed access to machines like the BBC Micro and Dragon 32. At first he was, he says, playing “silly computer games”, but in secondary school he began programming. The computers at the school were, then as now, locked down heavily: “You could only do curriculum-approved tasks. I found an obscure Excel feature that helped me bypass it so I could do more interesting things.” That sparked his interest in computer security. He went on to do a degree in software engineering at the University of Glasgow. Much of what he has done since, first at Cambridge and now at UCL, is mathematics-related.
“The thing I found most interesting from the course was probably the system aspects – operating systems, networks, and safety-critical systems, which have a lot of similarities with computing security when you’re trying to prevent bad things, in one case from randomly going on, in the other as a result of maliciousness. In both cases, you’re trying to go for a system that is correct and that you have a high degree of confidence is going to behave as you want.” This was around 2000, when Bill Gates was giving Microsoft and Windows a security reboot. Murdoch was already interested in computer security; Bruce Schneier’s book Applied Cryptography led him toward working on financial security and authentication.
Perhaps his best-known and most significant work is Chip and PIN is Broken, written with Saar Drimer, Ross Anderson, and Mike Bond. Also known as EMV, for its creators, Europay, MasterCard, and Visa, Chip and PIN is the now-standard way to secure payment card transactions in many countries, soon including the US. The paper pointed out a serious flaw in the system, showing that even if someone who has stolen a card doesn’t know the PIN, they can trick the terminal into thinking the right one has been keyed in. In the wild, says Murdoch, this attack is difficult to spot: “It has a particular forensic signature that will also happen by accident, so it’s hard to catch until it’s large-scale.”
Murdoch noticed the flaw in the specification when he was writing a law journal paper explaining how Chip and PIN works after appearing as an expert witness in a 2009 case of phantom withdrawal. In this case, Alain Job v Halifax, Murdoch was grilled by the judge, who wanted to understand the technology. The law journal article was an attempt to address the lack of such information in legal journals.
“I was trying to be very precise in the language and refer back to the spec wherever possible, and then I couldn’t work out how it was going to be interpreted, and I thought if I can’t work it out and have the time to spend, then if someone working to a deadline was told to build the thing they will make a mistake. And it turned out they had.”
Overall, he says, it would help if the banks published better statistics. In one case, one arm of the bank concerned published a notice in the newspaper saying one of its ATMs had been compromised – but the arm dealing with a likely victim of skimming took the view that the victim was at fault.
“The two sides of the bank didn’t talk to each other,” says Murdoch. “The person didn’t get his money back. Better statistics would be a great benefit in cases like that.” As things are, the bank would count the incident as fraud avoided and it would never appear.
Financial security can be a contentious area to work in, although Murdoch says he hasn’t had much interference from the industry.
“A few times people have written to me and to the university saying I shouldn’t have done something,” he says. “I do have to be careful. I try to know a little bit about the law and not fall into traps because the banks could get a bit tempted to try to get researchers in trouble if they think we’re stepping outside the formal lines of the law.”
The paper Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication, written with Ross Anderson and presented at Financial Cryptography and Data Security 2010, discusses the 3-D Secure protocol as an example of the triumph of economics over good design. Neither SecureCode nor Verified by Visa is easy to use, Murdoch says. “They’re not secure, and usability was not thought about.”
The research for this paper was the work that led to Cronto, which, like 3-D Secure, improves the security of online payments. Customers use the device to scan a 2D bar code displayed by the bank. Mutual authentication means that the device only displays information from the customer’s bank and encrypted so that the bank’s information is displayed only on the customer’s device. Once satisfied that the transaction is correct, the customer authenticates the transaction by typing a six-digit code into the bank’s Web site.
“The bank knows the right person read it, and also the customer has agreed with whatever is being displayed on the screen.” The device is also available as a mobile phone app.
In the privacy area, his most often-cited work is Low-Cost Traffic Analysis of Tor, written with fellow UCL researcher George Danezis. This work showed the limitations of the well-known and widely used anonymous communication system, explaining how to trace traffic back to its entrance point to the network. Tor – which originated from the Onion Routing Project – anonymises traffic by routing it through multiple hops, usually three.
“It’s not the most powerful attack that’s been discovered,” he says, “but we showed that with almost no resources you could reduce Tor’s level of anonymity, though not to zero.” The paper as presented at the 2005 IEEE Symposium on Security and Privacy, and won the 2006 Computer Laboratory prize for most notable paper.
What ties all this work together, whether it’s trying to reduce censorship or helping victims of fraud is “trying to help people”, Murdoch says.
For future projects, in privacy he intends to look at mapping Internet censorship and resistance to it. In banking security, he’s interested in studying new tokenisation schemes such as the one used in Apple Pay, and also contactless payment schemes. In addition, he has a five-year Royal Society Fellowship studying how to better measure and quantify security.