Professor of Security Engineering

Computer Laboratory

University of Cambridge

UK

Distinguished Lecture

Chip and Skim

4.00pm, Tuesday 12th February 2013

Robert Recorde Room, Level 2, Faraday Building

The talk is supported by Software Alliance Wales, and followed by a reception

To register for attending the lecture, please complete this formThe event is free and open to all. 

Abstract

The big challenge facing computer scientists is to build complex, global-scale socio-technical systems such as smart grids and intelligent transportation systems. An interesting case study is the bank card payment network. With over 20,000 banks, millions of merchants and billions of cards, the global payment system attracts capable attackers while being riven by arguments between banks, merchants and others over fees, technical standards and liability. I will discuss a series of technical failures that made fraud easier than it should have been, and whose causes ranged from complex and obscure specifications through poor certification of terminal equipment and failures of protocols and APIs to poor governance. Industry attempts to fix these faults have had mixed success. This case study teaches many lessons about the interplay of engineering and economics, and gives insights into why managing systems on a global scale is hard.

Speaker's biography

Ross Anderson is Professor of Security Engineering at Cambridge University. He is one of the founders of a vigorously-growing new academic discipline, the economics of information security. Ross is also an expert on payment systems, having published extensively on fraud and regulatory failure. In the 1990s, he was a seminal contributor to the idea of peer-to-peer systems and an inventor of the AES finalist encryption algorithm "Serpent". He has well-known publications on many other technical security topics from hardware tamper-resistance through emission security to the robustness of APIs. He is a Fellow of the Royal Society, the Royal Academy of Engineering, the IET and the IMA. He also wrote the standard textbook: Security Engineering – a Guide to Building Dependable Distributed Systems.