Ross Anderson's research while affiliated with Universities UK and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (177)
Legislators and policymakers worldwide are debating options for suppressing illegal, harmful and undesirable material online. Drawing on several quantitative data sources, we show that deplatforming an active community to suppress online hate and harassment, even with a substantial concerted effort involving several tech firms, can be hard. Our cas...
Since the Hamas attack on Israel on 7th October 2023 and Israel's declaration of war, hacktivists have hit Israeli digital assets via various cyberattacks such as distributed denial-of-service and website defacement attacks. One DDoS victim appears to have been the Jerusalem Post. Defacement was used in previous conflicts, most recently following t...
There has been substantial commentary on the role of cyberattacks carried by low-level cybercrime actors in the Russia-Ukraine conflict. We analyse 358k web defacement attacks, 1.7M reflected DDoS attacks, 1764 Hack Forums posts mentioning the two countries, and 441 announcements (with 58k replies) of a volunteer hacking group for two months before...
Legislators worldwide are mulling over options for censoring undesirable and illegal material online. We report an interesting case from late 2022 when members of a radical online forum, Kiwi Farms, harassed a Canadian trans activist so seriously that a series of tech firms tried to take the forum down. The trigger was a swatting incident on 5 Augu...
We introduce ExtremeBB, a textual database of over 53.5M posts made by 38.5k users on 12 extremist bulletin board forums promoting online hate, harassment, the manosphere and other forms of extremism. It enables large-scale analyses of qualitative and quantitative historical trends going back two decades: measuring hate speech and toxicity; tracing...
Randomness supports many critical functions in the field of machine learning (ML) including optimisation, data selection, privacy, and security. ML systems outsource the task of generating or harvesting randomness to the compiler, the cloud service provider or elsewhere in the toolchain. Yet there is a long history of attackers exploiting poor rand...
While text-based machine learning models that operate on visual inputs of rendered text have become robust against a wide range of existing attacks, we show that they are still vulnerable to visual adversarial examples encoded as text. We use the Unicode functionality of combining diacritical marks to manipulate encoded text so that small visual pe...
Stable Diffusion revolutionised image creation from descriptive text. GPT-2, GPT-3(.5) and GPT-4 demonstrated astonishing performance across a variety of language tasks. ChatGPT introduced such language models to the general public. It is now clear that large language models (LLMs) are here to stay, and will bring about drastic change in the whole...
In this paper we're going to explore the ways in which security proofs can fail, and their broader lessons for security engineering. To mention just one example, Larry Paulson proved the security of SSL/TLS using his theorem prover Isabelle in 1999, yet it's sprung multiple leaks since then, from timing attacks to Heartbleed. We will go through a n...
Search engines are vulnerable to attacks against indexing and searching via text encoding manipulation. By imperceptibly perturbing text using uncommon encoded representations, adversaries can control results across search engines for specific search queries. We demonstrate that this attack is successful against two major commercial search engines...
European lawmakers have ruled that users on different platforms should be able to exchange messages with each other. Yet messaging interoperability opens up a Pandora's box of security and privacy challenges. While championed not just as an anti-trust measure but as a means of providing a better experience for the end user, interoperability runs th...
Threat modelling is foundational to secure systems engineering and should be done in consideration of the context within which systems operate. On the other hand, the continuous evolution of both the technical sophistication of threats and the system attack surface is an inescapable reality. In this work, we explore the extent to which real-world s...
In this paper we’re going to explore the ways in which security proofs can fail, and their broader lessons for security engineering. To mention just one example, Larry Paulson proved the security of SSL/TLS using his theorem prover Isabelle in 1999, yet it’s sprung multiple leaks since then, from timing attacks to Heartbleed. We will go through a n...
European lawmakers have ruled that users on different platforms should be able to exchange messages with each other. Yet messaging interoperability opens up a Pandora’s box of security and privacy challenges. While championed not just as an anti-trust measure but as a means of providing a better experience for the end user, interoperability runs th...
In a survey of six widely used end-to-end encrypted messaging applications, we consider the post-compromise recovery process from the perspective of what security audit functions, if any, are in place to detect and recover from attacks. Our investigation reveals audit functions vary in the extent to which they rely on the end user. We argue develop...
In this paper we document the transcript of the discussion of a presentation in which we explored the ways in which security proofs can fail, and their broader lessons for security engineering.
Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them. These defences work by inspecting the training data, the model, or the integrity of the training procedure. In this work, we show that back...
While vulnerability research often focuses on technical findings and post-public release industrial response, we provide an analysis of the rest of the story: the coordinated disclosure process from discovery through public release. The industry-wide 'Trojan Source' vulnerability which affected most compilers, interpreters, code editors, and code r...
Whistleblowing is hazardous in a world of pervasive surveillance, yet many leading newspapers expect sources to contact them with methods that are either insecure or barely usable. In an attempt to do better, we conducted two workshops with British news organisations and surveyed whistleblowing options and guidelines at major media outlets. We conc...
We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vu...
Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies hav...
We present a fresh perspective on cybercrime: the viewpoint of entrepreneurship. We propose a framework that sets out what infrastructure enables a particular cybercrime to get started, what barriers to entry there may be, how the crime can be scaled, what factors can inhibit scaling, why defenders can be ineffective and what eventual limits there...
Several years of research have shown that machine-learning systems are vulnerable to adversarial examples, both in theory and in practice. Until now, such attacks have primarily targeted visual models, exploiting the gap between human and machine perception. Although text-based models have also been attacked with adversarial examples, such attacks...
Inpainting is a learned interpolation technique that is based on generative modeling and used to populate masked or missing pieces in an image; it has wide applications in picture editing and retouching. Recently, inpainting started being used for watermark removal, raising concerns. In this paper we study how to manipulate it using our markpaintin...
Machine learning is vulnerable to a wide variety of different attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a novel class of training-time attacks that require no changes to the underlying model dataset or archi...
Voice assistants are now ubiquitous and listen in on our everyday lives. Ever since they became commercially available, privacy advocates worried that the data they collect can be abused: might private conversations be extracted by third parties? In this paper we show that privacy threats go beyond spoken conversations and include sensitive data ty...
The wide adaption of 3D point-cloud data in safety-critical applications such as autonomous driving makes adversarial samples a real threat. Existing adversarial attacks on point clouds achieve high success rates but modify a large number of points, which is usually difficult to do in real-life scenarios. In this paper, we explore a family of attac...
One of the most critical security protocol problems for humans is when you are betraying a trust, perhaps for some higher purpose, and the world can turn against you if you’re caught. In this short paper, we report on efforts to enable whistleblowers to leak sensitive documents to journalists more safely. Following a survey of cases where whistlebl...
I should first comment on the title. We wrote this a long time before the events of yesterday. We do not consider Julian Assange a snitch, and we sincerely hope he doesn’t get stitches. So let’s ignore the first part. Another thing we can ignore is the grace period. Please feel free to interrupt me, starting now.
In this paper, we present BatNet, a data transmission mechanism using ultrasound signals over the built-in speakers and microphones of smartphones. Using phase shift keying with an 8-point constellation and frequencies between 20--24kHz, it can transmit data at over 600bit/s up to 6m. The target application is a censorship-resistant mesh network. W...
One of the most critical security protocol problems for humans is when you are betraying a trust, perhaps for some higher purpose, and the world can turn against you if you're caught. In this short paper, we report on efforts to enable whistleblowers to leak sensitive documents to journalists more safely. Following a survey of cases where whistlebl...
The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While this enabled us to train large-scale neural networks in datacenters and deploy them on edge devices, the focus so far is on average-case performance. In this work, we introduce a novel threat vector against neural netw...
Convolutional Neural Networks (CNNs) are deployed in more and more classification systems, but adversarial samples can be maliciously crafted to trick them, and are becoming a real threat. There have been various proposals to improve CNNs' adversarial robustness but these all suffer performance penalties or other limitations. In this paper, we prov...
Rental scams are a type of advance fee fraud, in which the scammer tries to get a victim to pay a deposit to rent an apartment of which the scammer pretends to be the landlord. We specifically focused on fraudulent long-term rentals advertised in the UK on Craigslist. After a victim responds to the scammer's advertisement, the scammer attempts to p...
Recent research on reinforcement learning has shown that trained agents are vulnerable to maliciously crafted adversarial samples. In this work, we show how adversarial samples against RL agents can be generalised from White-box and Grey-box attacks to a strong Black-box case, namely where the attacker has no knowledge of the agents and their train...
We present a new signal for detecting deception: full body motion. Previous work on detecting deception from body movement has relied either on human judges or on specific gestures (such as fidgeting or gaze aversion) that are coded by humans. While this research has helped to build the foundation of the field, results are often characterized by in...
We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the f...
Convolutional Neural Networks (CNNs) are widely used to solve classification tasks in computer vision. However, they can be tricked into misclassifying specially crafted `adversarial' samples -- and samples built to trick one model often work alarmingly well against other models trained on the same task. In this paper we introduce Sitatapatra, a sy...
The first six months of 2018 have seen cryptocurrency thefts of $761 million, and the technology is also the latest and greatest tool for money laundering. This increase in crime has caused both researchers and law enforcement to look for ways to trace criminal proceeds. Although tracing algorithms have improved recently, they still yield an enormo...
The first six months of 2018 have seen cryptocurrency thefts of $761 million, and the technology is also the latest and greatest tool for money laundering. This increase in crime has caused both researchers and law enforcement to look for ways to trace criminal proceeds. Although tracing algorithms have improved recently, they still yield an enormo...
Deep Neural Networks (DNNs) have become a powerful tool for a wide range of problems. Yet recent work has shown an increasing variety of adversarial samples that can fool them. Most existing detection mechanisms impose significant costs, either by using additional classifiers to spot adversarial samples, or by requiring the DNN to be restructured....
As deep neural networks (DNNs) become widely used, pruned and quantised models are becoming ubiquitous on edge devices; such compressed DNNs are popular for lowering computational requirements. Meanwhile, recent studies show that adversarial samples can be effective at making DNNs misclassify. We, therefore, investigate the extent to which adversar...
At the first Information Hiding Workshop in 1996 we tried to clarify the models and assumptions behind information hiding. We agreed the terminology of cover text and stego text against a background of the game proposed by our keynote speaker Gus Simmons: that Alice and Bob are in jail and wish to hatch an escape plan without the fact of their comm...
We set out to investigate how customers comprehend bank terms and conditions (T&Cs). If T&Cs are incomprehensible, then it is unreasonable to expect customers to comply with them. An expert analysis of 30 bank contracts across 25 countries found that in most cases the contract terms were too vague to be understood; in some cases they differ by prod...
This article is a curated transcription of the discussion that took place at the workshop when the author presented the paper.
What would happen if the existing laws were actually enforced on the rich and powerful? Social reformers often clamour for new rules but ignore the huge changes that might happen if our existing rules were applied equally to all. And in the brave new world of ICOs and thousand percent cryptocurrency inflation, the rich and powerful are the bitcoin...
Susceptibility to persuasion—II scale items.
(DOCX)
Factor loadings and communalities based on a Principal Axis Factoring with Oblimin Rotation for 54 items from susceptibility to persuasion—II scale on main sample (n = 500).
(DOCX)
Factor loadings for susceptibility to persuasion scale using Principal Axis Factoring with Oblimin Rotation (n = 6609).
(DOCX)
Spearman rho correlations between plausibility and StP-II with its subscales.
(DOCX)
Standardised factor loadings / Correlations across items in StP-IIB factors (n = 279) in confirmatory factor analysis.
(DOCX)
Standardised factor loadings / Correlations across items in factors for StP-II (n = 279) in confirmatory factor analysis.
(DOCX)
Psychological and other persuasive mechanisms across diverse contexts are well researched, with many studies of the effectiveness of specific persuasive techniques on distinct types of human behaviour. In the present paper, our specific interest lies in the development of a generalized modular psychometric tool to measure individuals’ susceptibilit...
Psychological and other persuasive mechanisms across diverse contexts are well researched, with many studies of the effectiveness of specific persuasive techniques on distinct types of human behaviour. In the present paper, our specific interest lies in the development of a generalized modular psychometric tool to measure individuals’ susceptibilit...
Ross Anderson: Well if we have to reconcile multiple objectives, game theory suggests that there are two ways of doing this: you can use politics or you can use markets. You can cooperate or you can fight. If you want to get something you can’t produce yourself, you either produce something and trade it, or you go out with your friends with pointy...
In this paper we argue that the evolution of protocols is one of the most important yet least understood aspects of the governance of information systems. At the deepest level, security protocols determine the power structure of a system: who can do what with whom. The development, adoption, spread and evolution of protocols, and competition betwee...
There is a long history of authentication protocols designed for ease of human use, which rely on users copying a short string of digits. Historical examples include telex test keys and early nuclear firing codes; familiar modern examples include prepayment meter codes and the 3-digit card verification values used in online shopping. In this paper,...
What I’d like to do first is to highlight the background and motivation for the payment project that we’re working on at Cambridge.
The study presented in this article investigated to what extent bank customers understand the terms and conditions (T&Cs) they have signed up to. If many customers are not able to understand T&Cs and the behaviours they are expected to comply with, they risk not being compensated when their accounts are breached. An expert analysis of 30 bank contr...
Fraud victims are often refused a refund by their bank on the grounds that they failed to comply with their bank’s terms and conditions about PIN safety. We, therefore, conducted a survey of how many PINs people have, and how they manage them. We found that while only a third of PINs are ever changed, almost half of bank customers write at least on...
Fraud is a pervasive and challenging problem that costs society large amounts of money. By no means all fraud is committed by ‘professional criminals’: much is done by ordinary people who indulge in small-scale opportunistic deception. In this paper, we set out to investigate when people behave dishonestly, for example by committing fraud, in an on...
Fraud victims are often refused a refund by their bank on the grounds that they failed to comply with their bank’s terms and conditions about PIN safety. We, therefore, conducted a survey of how many PINs people have, and how they manage them. We found that while only a third of PINs are ever changed, almost half of bank customers write at least on...
Mandating insecurity by requiring government access to all data and communications.
Drawing from their survey on Internet fraud's emotional consequences, the authors conclude that the psychological effects of victimization are just as critical as the financial. Respondents reported that romance scams and advance fee fraud had the highest emotional impact.
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate security technologies on the emerging Internet were abandoned. I...
In the play Peter Pan, the fairy Tinker Bell is about to fade away and die because nobody believes in her any more, but is saved by the belief of the audience. This is a very old meme; the gods in Ancient Greece became less or more powerful depending on how many mortals sacrificed to them. On the face of it, this seems a democratic model of trust;...
OK, we’ve heard from previous talks about how TLS certificates are all or nothing. It’s particularly annoying that if I trust a certificate because I want to read a website, then in many systems that certificate can now update my operating system.
EMV, also known as “Chip and PIN”, is the leading system for smartcard-based payments worldwide; it is widely deployed in Europe and is starting to be introduced in the USA too. It replaces the familiar mag-strip cards with chip cards. A cryptographic protocol is executed between a chip card and bank servers based on a message authentication code (...
In 1861, Maxwell derived two of his equations of electromagnetism by
modelling a magnetic line of force as a `molecular vortex' in a fluid-like
medium. Later, in 1980, Berry and colleagues conducted experiments on a `phase
vortex', a wave geometry in a fluid which is analogous to a magnetic line of
force and also exhibits behaviour corresponding to...
A significant body of literature has reported research on the potential correlates of deception and bodily behavior. The vast majority of these studies consider discrete bodily movements such as specific hand or head gestures. While differences in the number of such movements could be an indication of a subject's veracity, they account for only a s...
We present a new robust signal for detecting deception: full body motion. Previous work on detecting deception from body movement has relied either on human judges or on specific gestures (such as fidgeting or gaze aversion) that are coded or rated by humans. The results are characterized by inconsistent and often contradictory findings, with small...
US credit card companies and banks are starting to distribute new credit cards with an embedded chip and magnetic strip that has been in use from the 1970s. The credit card companies and banks can learn several lessons from such efforts made in Europe. The idea behind EMV is simple enough where the card is authenticated by a chip that is more diffi...
This talk is about collaborating with the enemy. Last year at the Protocols Workshop we talked about software defined networks, and this is an exciting new technology which is being deployed in data centres. The idea is that you can take a router which costs a million dollars and you can split it up into a commodity PC running some control software...