Project dates: 1 Jul 2010 – 30 Jun 2013

The aim of this project is to develop robust and accurate measurements of internet security mechanisms, in a three-year collaboration with the University of Cambridge.

Topics:

• There is ongoing work within this project to collect DNSSEC and HTTPS certificates. We know that these are not always refreshed before they expire, but we cannot yet say how often problems arise.
• We are working on a new way to parse WHOIS results, which are notoriously complex to parse automatically – not least because some registrars deliberately change the format returned from one request to the next.
• We are looking at measurements of 'phishing' website incidence (criminal websites that steal identification credentials), and are collaborating with a large multinational webmail provider in an attempt to improve our understanding of phishing website lifetimes.
• We successfully ran the SATIN (Securing and Trusting Internet Names) workshop in April 2011 where 49 attendees heard 11 papers presented and two invited speakers. We will repeat it for a second year in March 2012.
• Our work on malware measurement led to a submission to the House of Commons Science and Technology Select Committee and an appearance before the committee to give evidence.

NPL staff involved with the project

Richard Clayton
Tony Mansfield

Collaborations

Talks about this work have been given at:

• University of Aberystwyth, Wales
• University of Alabama at Birmingham AL, USA
• Digital Crime Conference, Montreal, Canada
• Institute of Engineering & Technology (Sheffield), UK
• University of Luxembourg, Luxembourg
• MAAWG (Messaging and Anti-Spam Working Group), Washington DC, USA
• Microsoft Research, Redmond WA, USA
• National Physical Laboratory (NPL), Teddington, UK
• Security & Human Behaviour Workshop (SHB), Pittsburgh PA, USA
• SRI, Palo Alto CA, USA
• Yahoo!, Sunnyvale CA, USA

Publications

• The Postmodern Ponzi Scheme: Empirical Analysis of High-Yield Investment Programs
  T. Moore, J. Han and R. Clayton
  Sixteenth International Conference on Financial Cryptography, Feb 2012
• Resilience of the Internet Interconnection Ecosystem
  C. Hall, R. Anderson, R. Clayton, E. Ouzounis and P. Trimintzios
  Tenth Annual Workshop on Economics and Information Security (WEIS11), Fairfax VA, US (2011)
• The Impact of Public Information on Phishing Attack and Defence
  T. Moore and R. Clayton
  Communications & Strategies, 81, pages 45–68 (2011)
• Might governments clean up malware?
  Richard Clayton
  Communications & Strategies, 81, pages 87–104 (2011)
• Ethical Dilemmas in Take-down Research
  Tyler Moore and Richard Clayton
  Second Workshop on Ethics in Computer Security Research (WECSR 2011), St Lucia, Mar 2011
• On the difficulty of counting spam sources
  Richard Clayton
  Seventh Conference on Email and Anti-Spam (CEAS 2010), Redmond WA, USA

Further opportunities

A $150K measurement project will shortly be awarded to NPL by a global internet body.

MAAWG have appointed Richard Clayton as a Senior Technical Advisor. He attends the member meetings three times a year and contributes to the development of Best Practice documents on anti-spam and anti-malware initiatives.