Banking Security: Attacks and Defences
Departmental seminar
- When?
- Wednesday 16 May 2012, 14:00 to 15:00
- Where?
- 40a AB 05
- Open to:
- Public, Staff, Students
- Speaker:
- Dr Steven Murdoch, Cambridge University
Designers of banking security systems are faced with a difficult challenge of developing technology within a tightly constrained budget, yet which must be capable of defeating attacks by determined, well-equipped criminals. This talk will summarise banking security technologies for protecting Chip and PIN/EMV card payments, online shopping, and online banking. The effectiveness of the security measures will be discussed, along with vulnerabilities discovered in them both by academics and by criminals. These vulnerabilities include cryptographic flaws, failures of tamper resistance, and poor implementation decisions, and have led not only to significant financial losses, but in some cases unfair allocation of liability. Proposed improvements will also be described, not only to the technical failures but also to the legal and regulatory regimes which are the underlying reason for some of these problems not being properly addressed.
Biography
Dr Steven J. Murdoch is a researcher in the Security Group of the University of Cambridge Computer Laboratory, working on the Tor Project. His research interests include covert channels, banking security, anonymous communications, and censorship resistance. His work has been featured in TV programmes including BBC Watchdog, BBC Newsnight, and ITV Tonight, as well as in numerous newspaper articles. Following his PhD studies on anonymous communications, he worked with the OpenNet Initiative, investigating Internet censorship. Currently he is working for the Tor Project, on improving the security and usability of the Tor anonymity system. He is also working on analyzing the security of banking systems especially Chip & PIN/EMV, and is Chief Security Architect of Cronto, an online authentication technology provider.
