University of Cambridge
15 JJ Tompson Avenue
Cambridge CB3 0FD
E-mail: Jolyon dot Clulow at cl.cam.ac.uk
Office: +44 (0)1223 7-63568
Fax: +44 (0)1223 3-34678
I am currently a Ph.D. student in the Security Group of the Computer Laboratory at the University of Cambridge. My supervisor is Ross Anderson and I'm currently working closely with Mike Bond on API Security.
The recent announcements appear to have stirred up a significant amount of interest. The danger in such a situation is always a lack of rational, critical thinking and a tendency to form rushed judgements. In order to give a high level description of the vulnerabilities and an accurate, (and hopefully) impartial assessment of the risks, I've teamed up with industry experts RedPay Consulting. We've produced a report aimed at financial and banking institutions (from Senior Managers to Security Officers). Hopefully this will address many of your questions as well as giving you some clear guidance.
Historically my research interests have been related to Tamper Resistant/Responding Security Modules (TRSM), which are often referred to as crypto coprocessors, host security modules (HSM) or hardware security modules (HSM). Over the past years, I have been a member of a development team building such devices and solutions using these devices typically for the financial and banking industries.
Particular interests include:
The API attacks represent my most interesting work. In 2001, I discovered a set of six (6) families of attacks that led to the recovery of bank PINs from the existing networks. My M.Sc. dissertation below has a comprehensive treatment of the topic (in Chapter 3 (Pdf, Zipped Pdf)). It shows that it is possible for a malicious insider to cause massive and widespread financial fraud against both individual cardholders and institutions. The technical details are very interesting while the financial implications are potentially crippling and the social ramifications significant.
Currently, there is a conflict between the financial and banking institutions (who are trying to protect the system, their customers and themselves) and those trying to protect the rights of the consumers and victims of security breaches. It could be avoided with a better system if everyone would invest the time, money and motivation required. One of the most interesting aspects is that based solely on the transaction information (audit logs, etc) it is impossible to differentiate between an innocent victim and a malicious fraudster. Hence you cannot tell (on that evidence alone) whether you are defending the good guy or the bad guy. And that's a bit of an issue in the campaign for justice. Nonetheless, it remains a hugely interesting case study of the development and life cycle of security, as well as being significant for anyone who holds an account at a bank.
Clulow, J.S. "On the Security of PKCS#11", CHES 2003, LNCS 2779, 2003. (Pdf, Zipped Pdf)
Clulow, J.S. "The Design and Analysis of Cryptographic APIs for Security Devices", M.Sc. Dissertation, University of Natal, Durban, South Africa, 2003. (Pdf,Zipped Pdf). Supervisor: Prof. H. C. Swart.
The dissertation covers materials from a number of technical reports I’ve authored previously while in the employ of Prism, including:
Clulow, J.S. "PIN Recovery Attacks", Technical Report 0520 00296, October 2001. Revised October 2002.
Clulow, J.S. "Related Key Attacks against Symmetric Ciphers and Security APIs", Technical Report 0520 00297, 2001. Revised October 2002.
Clulow, J.S. "Vulnerabilities in Financial Crypto Transaction Sets", Technical Report 0520 00298, 2001. Revised October 2002.
Conferences and Seminars
Clulow, J.S. "I Know Your PIN "(Ppt, Zipped Ppt)
Current Research Proposal
The significance of security
devices that protect the numerous transactions, which take place
in today's distributed virtual environment, cannot be
underestimated. The importance of such devices will increase as
our society continues to evolve into a cashless electronic
society. There has been a transformation of the traditional
security analysis from one focused on mathematical primitives and
physical engineering solutions to a holistic approach that seeks
to protect against subtle interactions between the cryptographic,
logical and physical aspects of such devices that can collude to
compromise the security thereof. In the above setting and in a
continuation of my own previous work, I propose to further
investigate the electronic interface to security devices (i.e.
the application programming interface or API) as a source of
vulnerabilities. In particular, I would like to the extend this
work from the retail financial security arena to the developing
field of digital rights management (DRM) and 'trusted computing'
(TCPA) and join the attempt to develop formal methods for
analysis. As one of the earliest electronic security products, I
believe that retail financial security devices can provide an
instructive reference and case study for the development,
adoption and maturation of security related products.