This directory contains Ross Anderson's ftp space. There are lecture notes, collections of abstracts on computer and communications security, and some of my recent research papers. LECTURE NOTES: seclec(x).ps.gz Notes for the Computer Science Tripos part 2 course on security. COLLECTIONS OF ABSTRACTS: SRv(x)no(y).ps.Z: `Computer and Communications Security Reviews' provides abstracts of all current research in the field - or at least all that I manage to get hold of! Coverage includes some 30-40 conferences a year and over 100 journals. These files contain the back numbers of volumes 1 and 2, and volume 3 number 1. As we now have no paper copies left of volume 1, and relatively few of volume 2, the publisher has decided to make the postscript available at no charge. SRsubs.ps.Z: Subscribers not only get paper copies of the journal, but also latex source code for all copies up to the current one. This is the subscription order form. secrevtex.tar.pgp: This file contains the latex source code of all issues of `Computer and Communications Security Reviews'. It is encrypted using pgp and the passphrase is made available to subscribers. abs_(x)0s.tex.Z: `Computer and Communications Security Reviews' only goes back to 1992. To search the research literature prior to this date, fetch these files, which contain Sean Irvine's collection of abstracts sorted by decade. For example, abs_80s.tex.Z contains abstracts for the 1980's. RESEARCH PAPERS include: tamper.ps.gz: `Tamper Resistance - A Cautionary Note' (with Markus Kuhn) presents a number of ways of overcoming the tamper resistance of smartcards and other security processors. euroclipper.ps.gz: `The GCHQ protocol and its problems' points out a number of design flaws in a GCHQ secure email protocol that the British government wants us all to adopt. policy.ps.Z: `Security in Clinical Information Systems', which I developed for the British Medical Association, seeks to do for personal health information what the Bell-LaPadula model did for military systems, namely provide a security policy that can be expressed in a concise set of rules. This policy enforces patient consent to information sharing. policy.txt: An ascii version of the above. satan.ps.Z: This paper (with Roger Needham) contains a general introduction to cryptographic protocols, and was written for the 1000th volume of Springer Lecture Notes in Computer Science. robustness.ps.Z: `Robustness principles for public key protocols' (with Roger Needham) presents a number of attacks on public key protocols. It also advances a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which can be exploited. It was published at Crypto 95. wcf.ps.Z: `Why Cryptosystems Fail' discusses a number of frauds against electronic payment systems, and the lessons for system designers. It first appeared in the proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA (3-5/11/1993) pp 215-227. This is now out of print, so I have put it up here; please see the ACM copyright notice on the first page. A shortened version of this paper appeared in Communications of the ACM, 11/94. liability.ps.Z: `Liability and Computer Security - Nine Principles' describes recent court cases involving cryptographic evidence, and discusses what lessons can be learned. It appeared in `Computer Security - ESORICS 94' (Springer LNCS v 875 pp 231-245). queensland.ps.Z: `Crypto in Europe - Markets, Law and Policy' looks at crypto regulation in Europe and argues that the real law enforcement problem is in the reliability of cryptographic evidence rather than in the threat allegedly posed to law enforcement by encryption. It appeared at the Cryptography - Policy and Algorithms Conference, Queensland University of Technology, Brisbane, 1-3 July 95 (Springer LNCS v 1029 pp 75-89). meters.ps.Z: `Cryptographic Credit Control in Pre-payment Metering Systems' describes a project to build a countrywide prepayment electricity meter system, and the security engineering problems we encountered. It appeared at Oakland 95, and a version in the May 96 IEEE Transactions on Software Engineering. smartcards.ps.Z: This technical report contains two papers on designing a smartcard based electronic wallet system, which has now been fielded in a number of countries. correlation.ps.Z: `Searching for the Optimum Correlation Attack' presents a novel correlation attack on certain kinds of stream cipher. It will appear in `Fast Software Encryption', proceedings of second workshop on Fast Software Encryption (Leuven, 14-16/12/94), Springer LNCS v 1008 pp 137-143. fibonacci.ps.Z: This contains my attack on the `FISH' stream cipher, plus a proposal for an improved cipher. It also appeared at the second Fast Software Encryption (pp 346--352) muxfsr.ps.Z: `A Faster Attack on Certain Stream Ciphers' shows how to break the multiplexer generator, which is used in various pay-TV encryption systems. It appeared in `Electronics Letters' v 29 no 15 (22/7/93) pp 1322-3. hash.ps.Z: `The Classification of Hash Functions' proves Okamoto's conjecture that correlation freedom is strictly stronger than collision freedom, and discusses other freedom properties. It appeared at the fourth IMA conference on cryptography and coding (proceedings page 83-93). server.ps.Z: `An Attack on Server Assisted Authentication Protocols' shows how to break a digital signature protocol proposed for use in msartcards. It appeared in `Electronics Letters' v 29 no 15 (16/7/92) p 1473 Enjoy! Ross Anderson