Shifting Borders reviewed the state of play in late 2007, and appeared in Index on Censorship.
2011 highlights included a major report on the Resilience of the Internet Interconnection Ecosystem which studies how an attacker might bring down the Internet; an updated survey paper on Economics and Internet Security which covers recent analytical, empirical and behavioral research; and Can We Fix.
We won an award for a paper describing a man-in-the-middle attack that allows a stolen card to tumblr asian selv cam be used with any pin.
Searching for the Optimum Correlation Attack shows that nonlinear combining functions used in nonlinear filter generators can react with shifted copies of themselves in a way that opens up a new and powerful attack on many cipher systems.The problem of designing programs which run robustly on a network containing a malicious adversary is rather like trying to program a computer which gives subtly wrong answers at the worst possible moment.Mobotix stand apart with their uncompromisingly reliable, intelligent solutions that can be expanded virtually without limits and which ensure long-term investment security.There will be many fasincating engineering challenges.I also lobbied for amendments to the EU IP Enforcement Directive and organised a workshop on copyright which led to a common position adopted by many European NGOs.See press coverage in slashdot, m and The Register.The latest (2011) appeared as a tech report Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research and later as a book chapter.The first edition was pivotal in founding the now-flourishing field of information security economics : I realised that the narrative had to do with incentives and organisation at least as often as with the technology.Brexit and technology explained how the Brexit debate largely ignored network externalities, which could make the damage worse.
Explores how protocols work, or fail, at global scale.
Another novel application of information hiding is the Steganographic File System.
Aurasium: Practical Policy Enforcement for Android Applications describes how to repackage Android apps to add user sandboxing and policy-enforcement code ( source code ).Security Economics A Personal Perspective is an invited paper I gave at acsac 2012 telling the story of how security economics got going as a subject.The European Court of Justice has already found that its data retention provisions contravene human rights but the government seems set to ignore this.On the Reliability of Electronic Payment Systems describes work I did to help develop prepayment utility metering, which made possible the electrification of millions of homes in Africa.The Formal Verification of a Payment System describes the first use of formal methods to verify an actual payment protocol, which was (and still is) used in an electronic purse product (visa's copac card).2014 highlights included papers on Chip and Skim describing pre-play frauds against EMV bank cards; Security protocols and evidence which explains how the systems needed to support proper dispute resolution just don't get built; Experimental Measurement teen chat gratis videochat of Attitudes Regarding Cybercrime, on how prosecutors and public.API Level Attacks on Embedded Systems are a powerful way to attack cryptographic processors, and indeed any systems where more trusted processes talk to less trusted ones.Lots of people don't believe quantum crypto is practical.It follows on from, making Bitcoin Legal, which describes a better way of tracing stolen bitcoin ( blog video ).I wrote a Trusted Computing FAQ that was very widely read, followed by a study of the competition policy aspects of this technology.
My book was an attempt to help the working engineer to do better.