We’ve been offered funding for a PhD student to work at the University of Cambridge Computer Laboratory on the security of mobile payments, starting in April 2012.
The objective is to explore how we can make mobile payment systems dependable despite the presence of malware. Research topics include the design of next-generation secure element hardware, trustworthy user interfaces, and mechanisms to detect and recover from compromise. Relevant skills include Android, payment protocols, human-computer interaction, hardware and software security, and cryptography.
As the sponsor wishes to start the project by April, we strongly encourage applications by 28 October 2011 (although candidates who do not need a visa to work in the UK might conceivably apply as late as early December). Enquiries should be directed to Ross Anderson.
There seems to be an attempt to revive the “Trusted Computing” agenda. The vehicle this time is UEFI which sets the standards for the PC BIOS. Proposed changes to the UEFI firmware spec would enable (in fact require) next-generation PC firmware to only boot an image signed by a keychain rooted in keys built into the PC. I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user, and it would be required for OS badging. There are some technical details here and here, and comment here.
These issues last arose in 2003, when we fought back with the Trusted Computing FAQ and economic analysis. That initiative petered out after widespread opposition. This time round the effects could be even worse, as “unauthorised” operating systems like Linux and FreeBSD just won’t run at all. (On an old-fashioned Trusted Computing platform you could at least run Linux – it just couldn’t get at the keys for Windows Media Player.)
The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed.
Funding is available for a PhD student to work at the University of Cambridge Computer Laboratory, on the topic of privacy enhancing technologies and anonymous communications, starting in April 2012.
The sponsorship is jointly provided by Microsoft Research Cambridge and under the Dorothy Hodgkin Postgraduate Awards scheme. As such, applicants must be nationals from India, China, Hong Kong, South Africa, Brazil, Russia or countries in the developing world as defined by the Development Assistance Committee of the OECD.
The application deadline is soon (28 October 2011), so please circulate this advertisement to anyone who you think might find it of interest.
Further details can be found on the University website, and enquiries should be sent to me (Steven.Murdoch@cl.cam.ac.uk).