Optimised to Fail: Card Readers for Online Banking (2009)
Saar Drimer, Steven J. Murdoch, Ross Anderson
Abstract. The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the...
Security Economics and European Policy (2009)
Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore
Abstract In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications...
REVIEW The Economics of Information Security (2009)
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests,...
This talk follows on more from the talks by Larry Paulson and Giampaolo Bella that we had earlier. The problem I’m going to discuss is, what’s the next problem to tackle once we’ve done crypto...
This talk follows on more from the talks by Larry Paulson and Giampaolo Bella that we had earlier. The problem I’m going to discuss is, what’s the next problem to tackle once we’ve done crypto...
Balanced Self-Checking Asynchronous Logic for (2009)
Simon Moore, Ross Anderson, Robert Mullins, George Taylor, Jacques J. A, Fournier Gemplus, ...
Abstract Delay-insensitive or unordered codes may be used to construct both robust asynchronous circuits and self-checking systems. The redundant nature of the coding scheme also provides the...
This talk follows on more from the talks by Larry Paulson and Giampaolo Bella that we had earlier. The problem I’m going to discuss is, what’s the next problem to tackle once we’ve done crypto...
Patient confidentiality and central databases (2009)
2008 may be the year when GPs find themselves in the firing line over confidentiality, as ever more patients try to opt out of ‘the NHS database’ and the Government tries ever more desperately to...
Technical Perspective A Chilly Sense of Security (2009)
Many systems rely on keeping a master key secret. Sometimes this involves custom hardware and sometimes it relies on an implicit hardware property. And software writers tend to assume that hardware...
DESA1002 'Nine Quarter City' - - Unit Coordinator (2009)
Nine Quarter City The project for second semester advances the themes of assemblage and transformation from first semester, but with greater emphasis on the generation of a single architectural...
DESA1002 'Nine Quarter City' - - Unit Coordinator (2009)
Nine Quarter City The project for second semester advances the themes of assemblage and transformation from first semester, but with greater emphasis on the generation of a single architectural...
Technical Perspective A Chilly Sense of Security (2009)
Many systems rely on keeping a master key secret. Sometimes this involves custom hardware and sometimes it relies on an implicit hardware property. And software writers tend to assume that hardware...
New Strategies for Revocation in Ad-Hoc Networks (2008)
Tyler Moore, Jolyon Clulow, Ross Anderson, Shishir Nagaraja
Abstract. Responding to misbehavior in ad-hoc and sensor networks is difficult. We propose new techniques for deciding when to remove nodes in a decentralized manner. Rather than blackballing nodes...
About me • Erik Poll, Security of Systems group (SoS), (2008)
Erik Poll, Computer Media, Bruce Schneier, Ross Anderson
• Understand how the OS interacts with hardware
The Sutherland Manuscript (2008)
Several manuscripts have emerged to shed new light on how our instrument developed during the eighteenth century. Previously we had Geoghegan’s tutor from 1746 and then O’Farrell from the early...
Erik Poll, Bruce Schneier, Ross Anderson
• esp. Java software, for smartcards, MIDP mobile phones, and OS software – Identity-centric Security & Privacy • eg. electronic voting, biometric passports, RFID, protocols for privacy...
The Pastoral Repertoire, Rediscovered (2008)
Some music has recently been rediscovered for the pastoral pipe – the fascinating ‘missing link ’ between the border pipes of 1700 and the union pipes of 1800. This looked like a union pipe,...
The UK government is building a national database of medical records, a project which many doctors oppose; in a Medix poll in November, over half of all GPs said they would not upload their patients...
The Initial Costs and Maintenance Costs of Protocols (2008)
Software-engineering academics focussed for many years on the costs of de-veloping the first version of a product, and ignored the costs of subsequent maintenance. We taught our students the...
Abstract. Existing bank-card payment systems, such as EMV, have two serious vulnerabilities: the user does not have a trustworthy interface, and the protocols are vulnerable in a number of ways to...
Ross Anderson, Mike Bond, Steven J. Murdoch
The new UK “Chip and PIN ” card payments scheme has recently gone live. It has been spun in the media so far as “a safer way to pay ” and as “the biggest change to payment since...
New Strategies for Revocation in Ad-Hoc Networks (2008)
Tyler Moore, Jolyon Clulow, Shishir Nagaraja, Ross Anderson
Abstract. Responding to misbehavior in ad-hoc and sensor networks is difficult. We propose new techniques for deciding when to remove nodes in a decentralized manner. Rather than blackballing nodes...
The Main-in-the-Middle Defence (2008)
Abstract. Eliminating middlemen from security protocols helps less than one would think. EMV electronic payments, for example, can be made fairer by adding an electronic attorney – a middleman...
IEEE PROCEEDINGS 100 Cryptographic Processors—A Survey (2008)
Ross Anderson, Mike Bond, Jolyon Clulow, Sergei Skorobogatov
Abstract — Tamper-resistant cryptographic processors are becoming the standard way to enforce data-usage policies. Their history began with military cipher machines, and hardware security modules...
Fast exclusion of errant devices from vehicular networks (2008)
Moore, Tyler, Raya, Maxim, Clulow, Jolyon, Papadimitratos, Panagiotis (Panos), Anderson, Ross, Hubaux, Jean-Pierre
Vehicular networks, in which cars communicate wirelessly to exchange information on traffic conditions, offer a promising way to improve road safety. Yet ensuring the correct functioning of such a...
system-level failures of tamper proofing (2008)
Saar Drimer, Steven J. Murdoch, Ross Anderson, C Saar Drimer, Steven J. Murdoch, Ross Anderson
Thinking inside the box:
2007): Information security economics – and beyond (2008)
Abstract. The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent...
Security Economics and European Policy (2008)
Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore
In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the...
Fast Exclusion of Errant Devices from Vehicular Networks (2008)
Tyler Moore, Jolyon Clulow, Panos Papadimitratos, Ross Anderson, Jean-pierre Hubaux
Abstract—Vehicular networks, in which cars communicate wirelessly to exchange information on traffic conditions, offer a promising way to improve road safety. Yet ensuring the correct functioning...
Abstract. Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie...
Ross Anderson, Serge Vaudenay, Bart Preneel, Kaisa Nyberg
Abstract. Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question...
Problems with the GCHQ Protocol for Securing the British Government's Electronic Mail (2007)
. The UK government is adopting an architecture for secure electronic mail that was designed by CESG, a department of GCHQ, and is based on a key escrow proposal by Jefferies, Mitchell and Walker. It...
The Design of Future Pre-Payment Systems (2007)
Ross Anderson, Johann Bezuidenhout, Neville Pattinson, Don Taylor, Cambridge Sandton Felixstowe
Over the next few years, the UK government plans to split the functions of electricity distribution and marketing. We discuss how prepayment and other metering systems can be adapted to cope. We...
On the Security of Digital Tachographs (2007)
This paper reports research funded by the Department of the Environment, Transport and the Regions during 1997--98.
Roger Needham, Roger Needham, Martín Abadi, Ross Anderson, Jean Bacon, Andrew Birrell, ...
comprising in this compilation are copyright of the respective authors. All rights are reserved. This publication may not be copied, reproduced, published or distributed in whole or in part in any...
Clause 67, Medical Research and Privacy: the Options for the NHS (2007)
Ross Anderson, Rudolf Hanka, Alan Hassey
Over the least few years there has emerged a consensus on the legitimate research uses of medical records that balances patient privacy, professional autonomy, public health effectiveness, and the...
Abstract. There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smartcards. It is known that such devices can be reverse...
McDonald, Barbara, Anderson, Ross, Yeo, Stanley
The fourth edition of this established casebook seeks, through an authoritative selection of cases, to illuminate the principles of contemporary Australian tort law and to capture the underlying...
McDonald, Barbara, Anderson, Ross, Yeo, Stanley
The fourth edition of this established casebook seeks, through an authoritative selection of cases, to illuminate the principles of contemporary Australian tort law and to capture the underlying...
Children's databases - safety and privacy: a report for the information commissioner (2007)
Anderson, Ross, Brown, Ian, Clayton, Richard, Dowty, Terri, Korff, Douwe, Munro, Eileen
Children's databases - safety and privacy: a report for the information commissioner (2007)
Anderson, Ross, Brown, Ian, Clayton, Richard, Dowty, Terri, Korff, Douwe, Munro, Eileen
Ross Anderson, James Backhouse, Ewart Carson, Patrik O’brian Holt, Roland Ibbett, Ray Ison, ...
Contact email address: confidential AT nhs.it.info (replace “ AT “ by “@”) Extracted from the online dossier at
Incentives and Information Security (2007)
Ross Anderson, Tyler Moore, Shishir Nagaraja, Andy Ozment
Many interesting and important new applications of game theory have been discovered over the past 5 years in the context of research into the economics of information security. Many systems fail not...
McDonald, Barbara, Anderson, Ross, Yeo, Stanley
The fourth edition of this established casebook seeks, through an authoritative selection of cases, to illuminate the principles of contemporary Australian tort law and to capture the underlying...
McDonald, Barbara, Anderson, Ross, Yeo, Stanley
The fourth edition of this established casebook seeks, through an authoritative selection of cases, to illuminate the principles of contemporary Australian tort law and to capture the underlying...
The Topology of Covert Conflict (2006)
Shishir Nagaraja Ross, Ross Anderson
Often an attacker tries to disconnect a network by destroying nodes or edges, while the defender counters using various resilience mechanisms. Examples include a music industry body attempting to...
The economics of information security (2006)
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests,...
R.: Protecting domestic power-line communications (2006)
Richard Newman, Sherman Gavette, Larry Yonge, Ross Anderson
Abstract – In this paper we describe the protection goals and mechanisms in HomePlug AV, a next-generation power-line communications standard. This is a fascinating case-history in security...
The economics of information security: A survey and open questions (2006)
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests,...
The economics of information security: A survey and open questions (2006)
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests,...
On the Security of the EMV Secure Messaging API (2005)
Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ross Anderson, Ronald L. Rivest
We present new attacks against the EMV financial transaction security system (known in Europe as “Chip and PIN”), specifically on the back-end API support for sending secure messages to EMV...
How Much is Location Privacy Worth? (2005)
George Danezis, Stephen Lewis, Ross Anderson
We use techniques from experimental economics and psychology to determine how much compensation must be o#ered to persuade someone to allow precise information about their location to be collected....
Robbing the bank with a theorem prover (2005)
C Paul Youn, Paul Youn, Paul Youn, Ben Adida, Ben Adida, Ben Adida, ...
Number 644
Combining cryptography with biometrics effectively (2005)
Feng Hao, Ross Anderson, John Daugman
We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from...
The topology of covert conflict (2005)
C Shishir Nagaraja, Shishir Nagaraja, Shishir Nagaraja, Ross Anderson, Ross Anderson, Ross Anderson
forename.surname @ cl.cam.ac.uk Abstract. Often an attacker tries to disconnect a network by destroying nodes or edges, while the defender counters using various resilience mechanisms. Examples...
Sybil-resistant DHT routing (2005)
George Danezis, Chris Lesniewski-laas, M. Frans Kaashoek, Ross Anderson
Abstract. Distributed Hash Tables (DHTs) are very efficient distributed systems for routing, but at the same time vulnerable to disruptive nodes. Designers of such systems want them used in open...
Ross Anderson, Mike Bond, Jolyon Clulow, Sergei Skorobogatov, Sergei Skorobogatov, Ross Anderson, ...
Cryptographic processors – a survey
The Economics of Censorship Resistance (2004)
We propose the first economic model of censorship resistance.
The Dancing Bear - A New Way of Composing Ciphers (2004)
This note presents a new way of composing cryptographic primitives which makes some novel combinations possible. For example, one can do threshold decryption using standard block ciphers, or using an...
On Dealing With Adversaries Fairly (2004)
Andrei Serjantov And, Ross Anderson
Peer-to-peer systems are often vulnerable to disruption by minorities.
el desarrollo estratégico más significativo que se ha producido en el último año ha sido ¿informática de confianza¿ --en inglés Trusted Computing (o TC). En este artículo se describe a...
Balanced Self-Checking Asynchronous Logic for Smart Card Applications (2003)
Simon Moore, Ross Anderson, Robert Mullins, George Taylor
Delay-insensitive or unordered codes may be used to construct both robust asynchronous circuits and self-checking systems. The redundant nature of the coding scheme also provides the possibility of a...
Cryptography and competition policy: Issues with trusted computing (2003)
Abstract. The most significant strategic development in information technology over the past year has been ‘trusted computing’. This is popularly associated with Microsoft’s ‘Palladium ’...
and Trusted Third-Party Encryption. A Report by an Ad Hoc Group of Cryptographers (2003)
Prepared Erik Wilde, Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Whitfield Diffie, ...
[7] Bernard Aboba and Pat R. Calhoun. RADIUS (Remote Authentication Dial In
Balanced Self-Checking Asynchronous Logic for Smart Card Applications (2003)
Simon Moore, Ross Anderson, Robert Mullins, George Taylor
Delay-insensitive or unordered codes may be used to construct both robust asynchronous circuits and self-checking systems. The redundant nature of the coding scheme also provides the possibility of a...
Improving Smart Card Security using Self-timed Circuits (2002)
Simon Moore Ross, Simon Moore, Ross Anderson, Paul Cunningham, Robert Mullins, George Taylor
We demonstrate how 1-of-n encoded speed-independent circuits provide a good framework for constructing smart card functions that are resistant to side channel attacks and fault injection. A novel...
On a New Way to Read Data from Memory (2002)
David Samyde, Sergei Skorobogatov, Ross Anderson, Jean-jacques Quisquater
This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the...
Improving Smart Card Security using Self-timed Circuits (2002)
Simon Moore, Ross Anderson, Paul Cunningham, Robert Mullins, George Taylor
We demonstrate how 1-of-n encoded speed-independent circuits provide a good framework for constructing smart card functions that are resistant to side channel attacks and fault injection. A novel...
API-level attacks on embedded systems (2001)
A whole new family of attacks has recently been discovered on the application programming interfaces (APIs) used by security processors. These extend and generalise a number of attacks already known...
Why information security is hard – an economic perspective (2001)
According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better...
Key Infection: Smart Trust for Smart Dust (2001)
Ross Anderson, Haowen Chan, Adrian Perrig
Future distributed systems may include large selforganizing networks of locally communicating sensor nodes, any small number of which may be subverted by an adversary. Providing security for these...
The Memorability and Security of Passwords – Some Empirical Results (2000)
Jianxin Yan, Jianxin Yan, Alan Blackwell, Alan Blackwell, Ross Anderson, Ross Anderson, ...
The memorability and security of
Ross Anderson, Eli Biham, Lars Knudsen
Serpent should be chosen because it is the most secure of the AES finalists. Not only does it have ample safety margin, but its simple structure enables us to be sure that none of the currently known...
The Correctness of Crypto Transaction Sets (2000)
In this talk, given in April 2000, I introduced the topic of the correctness of the sets of transactions supported by cryptographic processors. There has been much work on verifying crypto protocols,...
The XenoService – A Distributed Defeat for Distributed Denial of Service (2000)
Jianxin Yan, Stephen Early, Ross Anderson
Abstract. Distributed Denial of Service (DDoS) attacks have become a serious problem since the second half of 1999. They are at heart a manifestation of what economists call the ‘tragedy of the...
The Memorability and Security of Passwords - Some Empirical Results (2000)
Jianxin Yan, Alan Blackwell, Ross Anderson, Alastair Grant
. There are many things that are `well known' about passwords, such as that uers can't remember strong passwords and that the passwords they can remember are easy to guess. However, there...
The Grenade Timer: Fortifying the Watchdog Timer Against Malicious Mobile Code (2000)
Systems accepting mobile code need protection from denial of service attacks staged by the guest program. While protected mode is the most general solution, it is not available to the very low-cost...
Ross Anderson, Eli Biham, Lars Knudsen
Serpent should be chosen because it is the most secure of the AES finalists. Not only does it have ample safety margin, but its simple structure enables us to be sure that none of the currently known...
The resurrecting duckling: Security issues for ad-hoc wireless networks (1999)
Abstract. In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such...
The resurrecting duckling: Security issues for ad-hoc wireless networks (1999)
In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an...
How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering (1999)
Abstract. Collaborative software projects such as Linux and Apache have shown that a large, complex system can be built and maintained by many developers working in a highly parallel, relatively...
The cocaine auction protocol: On the power of anonymous broadcast (1999)
Abstract. Traditionally, cryptographic protocols are described as a sequence of steps, in each of which one principal sends a message to another. It is assumed that the fundamental communication...
The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast (1999)
Traditionally, cryptographic protocols are described as a sequence of steps, in each of which one principal sends a message to another. It is assumed that the fundamental communication primitive is...
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks (1999)
In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an...
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks (1999)
In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an...
The Millennium Bug - Reasons not to Panic (1999)
This article recounts my own experiences; but when I talk to engineers who have worked with the bug elsewhere, they seem fairly typical.
The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast (1999)
Traditionally, cryptographic protocols are described as a sequence of steps, in each of which one principal sends a message to another. It is implicitly assumed that the fundamental communication...
How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering) (1999)
Collaborative software projects such as Linux and Apache have shown that a large, complex system can be built and maintained by many developers working in a highly parallel, relatively unstructured...
Ross Anderson Eli, Ross Anderson, Eli Biham, Lars Knudsen
. We proposed a new block cipher, Serpent, as a candidate for the Advanced Encryption Standard. This algorithm uses a new structure that simultaneously allows a more rapid avalanche, a more ecient...
Ross Anderson, Eli Biham, Lars Knudsen
We proposed a new block cipher, Serpent, as a candidate for the Advanced Encryption Standard. This algorithm uses a new structure that simultaneously allows a more rapid avalanche, a more efficient...
The resurrecting duckling: Security issues for ad-hoc wireless networks (1999)
In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an...
Ross Anderson, Filonet Corporation
A security policy is a high-level specification of the security properties that a given system should possess. It is a means for designers, domain experts and implementers to communicate with each...
Serpent: A New Block Cipher Proposal (1998)
Eli Biham, Ross Anderson, Lars Knudsen
Abstract. We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses the...
Serpent: A New Block Cipher Proposal (1998)
Eli Biham, Ross Anderson, Lars Knudsen
. We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses the well-understood...
Have Been Invited, Ross Anderson
ds which link together all, or many, of the health care encounters in a patient's life. Such records are in practice impossible to de-identify completely, as the combination of data is...
Serpent: A Flexible Block Cipher With Maximum Assurance (1998)
Ross Anderson, Eli Biham, Lars Knudsen
This paper presents a candidate block cipher for the Advanced Encryption Standard (AES). AES is an intriguing challenge to the designer, because of the great length of time the selected algorithm...
The Steganographic File System (1998)
Ross Anderson, Roger Needham, Adi Shamir
Users of some systems are at risk of being compelled to disclose their keys or other private data, and this risk could be mitigated if access control mechanisms supported an element of plausible...
On The Limits of Steganography (1998)
Ross Anderson, Fabien Petitcolas
In this paper, we clarify what steganography is and what it can do. We contrast it with the related disciplines of cryptography and tra#c security, present a unified terminology agreed at the first...
The Steganographic File System (1998)
Ross Anderson, Roger Needham, Adi Shamir
. Users of some systems are at risk of being compelled to disclose their keys or other private data, and this risk could be mitigated if access control mechanisms supported an element of plausible...
On The Limits of Steganography (1998)
Ross Anderson, Fabien Petitcolas
In this paper, we seek to clarify what steganography is and what it can do. We contrast it with the related disciplines of cryptography and traffic security, present a unified terminology agreed at...
A New Family of Authentication Protocols (1998)
Ross Anderson, Francesco Bergadano, Bruno Crispo, Jong-Hyeon Lee, Charalampos Manifavas, Roger Needham
We present a related family of authentication and digital signature protocols based on symmetric cryptographic primitives which perform substantially better than previous constructions. Previously,...
On the limits of steganography (1998)
Abstract. We present a number of insights into information hiding. It was widely believed that public key steganography was impossible; we show how to do it. We then look at a number of possible...
Serpent and Smart Cards (1998)
Ross Anderson, Eli Biham, Lars Knudsen
Abstract. We proposed a new block cipher, Serpent, as a candidate for the Advanced Encryption Standard. This algorithm uses a new structure that simultaneously allows a more rapid avalanche, a more...
Serpent: A Proposal for the Advanced Encryption Standard (1998)
Ross Anderson, Eli Biham, Lars Knudsen
Abstract. We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes...
Two remarks on public-key cryptology (1997)
C Ross Anderson, Ross Anderson, Ross Anderson
In some talks I gave in 1997-98, I put forward two observations on public-key cryptology, concerning forward-secure signatures and compatible weak keys. I did not publish a paper on either of them as...
The GCHQ Protocol and its Problems (1997)
Abstract. The UK government is fielding an architecture for secure electronic mail based on the NSA's Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts...
The GCHQ Protocol and its Problems (1997)
Abstract. The UK government is fielding an architecture for secure electronic mail that was designed by GCHQ. It is based on the NSA’s Message Security Protocol with a key escrow scheme based on...
Low cost attacks on tamper resistant devices (1997)
Abstract. There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smartcards. It is known that such devices can be reverse...
Two remarks on public-key cryptology (1997)
In some talks I gave in 1997-98, I put forward two observations on public-key cryptology, concerning forward-secure signatures and compatible weak keys. I did not publish a paper on either of them as...
Chameleon - A New Kind of Stream Cipher (1997)
Ross Anderson, Charalampos Manifavas
Stream cipher systems are used to protect intellectual property in pay-TV and a number of other applications. In some of these, it would be convenient if a single ciphertext could be broadcast, and...
Low Cost Attacks on Tamper Resistant Devices (1997)
. There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smartcards. It is known that such devices can be reverse engineered...
The Formal Verification of a Payment System (1997)
. We describe what we believe was the first use of formal methods to verify a bank payment system. This was an electronic purse for offline small-to-medium value payments, and has since developed...
Chameleon - A New Kind of Stream Cipher (1997)
Ross Anderson, Charalampos Manifavas
. Stream cipher systems are used to protect intellectual property in pay-TV and a number of other applications. In some of these, it would be convenient if a single ciphertext could be broadcast, and...
The GCHQ Protocol and its Problems (1997)
. The UK government is fielding an architecture for secure electronic mail based on the NSA's Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts have been...
The GCHQ Protocol and Its Problems (1997)
. The UK government is fielding an architecture for secure electronic mail based on the NSA's Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts have been...
Low Cost Attacks on Tamper Resistant Devices (1997)
. There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smartcards. It is known that such devices can be reverse engineered...
Problems with the NHS Cryptography Strategy (1997)
Clinical data networking has the potential to improve patient care in various ways. Electronic referrals could cut hospital administration times; electronic discharge letters could help GPs provide...
The GCHQ Protocol and its Problems (1997)
. The UK government is adopting an architecture for secure electronic mail that was designed by GCHQ and is based on the NSA's Message Security Protocol with a key escrow scheme adapted from a...
The Use of Information Retrieval Techniques for Intrusion Detection (1997)
Intrusion detection is a broad problem, and we need a greater range of tools than is currently available. In this article, we report a new approach. We have applied information retrieval techniques...
Low cost attacks on tamper resistant devices (1997)
Abstract. There has been considerable recent interest in the level of tamper resistance that can be provided bylow cost devices suchassmartcards. It is known that such devices can be reverse...
Thesis (M.A.)--Chapman University, 1996.
Minding your p's and q's (1996)
Anderson, Ross, Vaudenay, Serge
Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie Hellman key...
Anderson, Ross, Vaudenay, Serge, Preneel, Bart, Nyberg, Kaisa
Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question in the...
Tamper Resistance - a Cautionary Note (1996)
An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems — some...
Tamper Resistance - a Cautionary Note (1996)
An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems -- some...
Tiger: A Fast New Hash Function (1996)
Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for...
Tamper Resistance --- a Cautionary Note (1996)
An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems --- some...
Stretching the Limits of Steganography (1996)
. We present a number of insights into information hiding. It was widely believed that public key steganography was impossible; we show how to do it. We then look at a number of possible approaches...
A Security Policy Model for Clinical Information Systems (1996)
The protection of personal health information has become a live issue in a number of countries including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion...
Two Practical and Provably Secure Block Ciphers: BEAR and LION (1996)
Ciphers Bear, Ross Anderson, Eli Biham
In this paper we suggest two new provably secure block ciphers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components are...
Two Practical and Provably Secure Block Ciphers: BEAR and LION (1996)
Ciphers Bear, Ross Anderson, Eli Biham
. In this paper we suggest two new provably secure block ciphers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components...
Minding Your P's and Q's (1996)
Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie Hellman key...
Tiger: A Fast New Hash Function (1996)
. Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions...
NetCard - A practical electronic cash system (1996)
Ross Anderson, Charalampos Manifavas, Chris Sutherl
Over the last ten years or so, there have been a number of proposals for electronic cash systems, which let a customer make a payment to a merchant over a computer network by sending messages called...
Minding your p's and q's (1996)
Abstract. Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie...
Ross Anderson, Serge Vaudenay, Bart Preneel, Kaisa Nyberg
Abstract. Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question...
Searching for the Optimum Correlation Attack (1995)
Abstract. We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact...
Cryptographic Credit Control in Pre-payment Metering Systems (1995)
Ross Anderson, S. Johann Bezuidenhout, England South Africa
We describe the successful introduction of cryptology into a new application area - protecting prepayment electricity meters from token fraud. These meters are used by a number of utilities from...
Robustness Principles for Public Key Protocols (1995)
: We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which...
Programming Satan’s computer (1995)
Abstract. Cryptographic protocols are used in distributed systems to identify users and authenticate transactions. They may involve the exchange of about 2{5 messages, and one might think that a...
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government...
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government...
Searching for the Optimum Correlation Attack (1994)
. We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear filter functions used in such systems may leak information if they interact with...
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government...
On Fibonacci Keystream Generators (1994)
. A number of keystream generators have been proposed which are based on Fibonacci sequences, and at least one has been fielded. They are attractive in that they can use some of the security results...
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government...
Designers of cryptographic systems are at a disadvantage compared with most other engineers, in that information on how these systems fail is hard to get: their major users have traditionally been...
The Classification of Hash Functions (1993)
When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any...
The strategic implications of a space-based missile defense system /--by Ross Anderson Smith. (1984)
Typescript.
Neurophysiological consequences of volatile substance abuse: Authors' reply
Chadwick, Oliver, Anderson, Ross, Bland, Martin, Ramsey, John
Closing the phishing hole: fraud, risk, and nonbanks
Payment systems ; Financial services industry ; Fraud ; Electronic commerce
Roy DeCicco, Avivah Litan, Ross Anderson
Payment systems ; Financial services industry ; Electronic commerce ; Banks and banking ; Fraud
Richard Oliver, Avivah Litan, Ross Anderson
Payment systems ; Financial services industry ; Fraud ; Electronic commerce
Serpent: A Proposal for the Advanced Encryption Standard
Ross Anderson, Eli Biham, Lars Knudsen
. We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to...
Secure Books: Protecting the Distribution of Knowledge
Ross Anderson, Fabien A Petitcolas, Iain E Buchan, Rudolf Hanka
. We undertook a project to secure the distribution of medical information using Wax. This is a proprietary hypertext-based system used for information such as treatment protocols, drug formularies,...
Serpent: A Proposal for the Advanced Encryption Standard
Ross Anderson, Eli Biham, Lars Knudsen
. We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very e#cient implementation. It uses S-boxes similar to...
NetCard - A Practical Electronic Cash System
Ross Anderson, Charalampos Manifavas, Chris Sutherland
this paper was being written. The second and third authors were supported by the DTI funded NetCard project. All three authors acknowledge the help of Mike Roe and other colleagues at the security...
Liability and Computer Security: Nine Principles
. The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding...
Papers on Smartcard Engineering
Smartcards are often sold as the solution to almost all information security problems. However, placing too much faith in any technology can lead to credibility problems; recent ATM disputes in...
Crypto in Europe --- Markets, Law and Policy
. The public debate on cryptography policy assumes that the issue is between the state's desire for effective policing and the privacy of the individual. We show that this is misguided. We start...
Ross Anderson, Serge Vaudenay, Bart Preneel, Kaisa Nyberg
. Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question in the...
Cryptographic protocols are used in distributed systems to identify users and authenticate transactions. They may involve the exchange of about 2--5 messages, and one might think that a program of...
Tyler Moore, Richard Clayton, Ross Anderson
This paper will focus on online crime, which has taken off as a serious industry since about 2004. Until then, much of the online nuisance came from amateur hackers who defaced websites and wrote...