Search For:

Displaying 1-7 out of 7 total
Thinking Inside the Box: System-Level Failures of Tamper Proofing
Found in: Security and Privacy, IEEE Symposium on
By Saar Drimer, Steven J. Murdoch, Ross Anderson
Issue Date:May 2008
pp. 281-295
PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate ...
Failures of Tamper-Proofing in PIN Entry Devices
Found in: IEEE Security and Privacy
By Saar Drimer, Steven J. Murdoch, Ross Anderson
Issue Date:November 2009
pp. 39-45
Bank customers are forced to rely on PIN entry devices in stores and bank branches to protect account details. The authors examined two market-leading devices and found them easy to compromise owing to both their design and the processes used to certify th...
Low-Cost Traffic Analysis of Tor
Found in: Security and Privacy, IEEE Symposium on
By Steven J. Murdoch, George Danezis
Issue Date:May 2005
pp. 183-195
Tor is the second generation Onion Router, supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common tasks, such as web browsing, but insecure against traffic-analysis attacks by a global passive...
How Certification Systems Fail: Lessons from the Ware Report
Found in: IEEE Security & Privacy
By Steven J. Murdoch,Mike Bond,Ross Anderson
Issue Date:November 2012
pp. 40-44
The 1970 Security Controls for Computer Systems report, which helped shape computer systems' standard evaluation criteria, can shed light on current certification systems' shortcomings.
Chip and PIN is Broken
Found in: Security and Privacy, IEEE Symposium on
By Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
Issue Date:May 2010
pp. 433-446
EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduc...
Internet Censorship and Control [Guest editors' introduction]
Found in: IEEE Internet Computing
By Steven J. Murdoch,Hal Roberts
Issue Date:May 2013
pp. 6-9
The Internet is a battleground where fights for technical, social, and political control are waged, including between governments and their citizens, between separate governments, and between competing commercial interests. This issue examines the challeng...
Hot or not: revealing hidden services by their clock skew
Found in: Proceedings of the 13th ACM conference on Computer and communications security (CCS '06)
By Steven J. Murdoch
Issue Date:October 2006
pp. 27-36
Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous channel. Traffic patter...