Frank Stajano, PhD (filologo disneyano — visit my comics podcast)

University Senior Lecturer (≈ associate professor)
Computer Laboratory, University of Cambridge

Hello and welcome to my home on the web!

Want to do a challenging security-related Part II project with me?

Please read this before mailing me, and this if you want to become my student.
Contact information is at the bottom of the page.

My research interests revolve primarily around three interconnected themes:

systems security privacy in the electronic society ubiquitous computing.

I have a particular interest in the human aspects of systems security: many people like my recent work with Paul Wilson about understanding the psychology of scam victims in order to improve systems security; it was an invited talk at Usenix Security in August 2010 and an updated and abridged version of our technical report appeared in Communications of the ACM in March 2011, © ACM (cached).
I have presented this work all over the world: America (Cambridge MA, Pittsburgh PA, New York NY, Washington DC), Europe (London (twice), Athens, Cambridge (twice), Munich, Zurich, Bucarest), Oceania (Gold Coast) and Asia (Fujisawa).

My newest work is Pico: no more passwords! (blog post, Forbes coverage) which was an invited talk at Usenix Security 2011 in San Francisco and the opening keynote talk at RTCSA 2011 in Toyama. I have been giving an evolving version of this talk in Cambridge UK, Dublin Ireland, Bergen Norway, Pittsburgh USA, San Francisco USA, Toyama Japan.

In related threads, and with other coauthors, I also studied the security and privacy of forensic genomics and of social networking web sites such as Facebook.

Historically, my most significant research contributions include works on

authentication in ad-hoc networks (the Resurrecting Duckling, with Ross Anderson, over 1000 citations on Google Scholar), measuring, and protecting, location privacy in mobile computing environments (the Mix Zones, with Alastair Beresford, over 500 citations; see also later works with Alastair or Ford-Long Wong: 2004, 2005, 2007, 2008), a new class of security protocols that use multiple channels (see also later works with Ford-Long Wong: 2006, 2007, 2010).

I also enjoy coming up with quirky, eyebrow-raising uses of security protocols (sometimes with a serious aside), such as

Multichannel protocols to prevent relay attacks without using distance bounding (2010, with Ford-Long Wong and Bruce Christianson); Cyberdice, i.e. online gambling, for money, in a context where everybody else may be cheating and colluding against you (2008, with Richard Clayton; see also the transcript of the lively discussion); Romantic Cryptography, i.e. how to say "I love you" but only if the other person is going to say "me too" (2000, with William Harris); The Cocaine Auction Protocol, i.e. how to auction off some valuable goods in a context where all bidders want anonymity and there is definitely no trusted third party. (1999, with Ross Anderson.)

I worked with civil engineers on the real-world security of wireless sensor networks to monitor the structural health of subway tunnels and suspension bridges. Other topics of interest include wireless technologies (efficient MAC protocols, 4G systems, Bluetooth security), context-aware software, distributed multimedia and so on: see further down for a full publications list.

Although I now have a permanent faculty post at the University of Cambridge, I have a mixed academic and industrial background, having been employed by the R&D centres of major electronics, telecommunications and software multinationals (Google, Toshiba, AT&T, Oracle, Olivetti). Thanks to this, my research has always retained a strong practical orientation. Since my academic appointment I have continued to consult for industry in Europe and Asia on systems security, strategic research planning, creativity and innovation. I am the author of the well-regarded research monograph Security for Ubiquitous Computing (Wiley, 2002).

I am a popular public speaker and I was called upon as invited or keynote speaker over 40 times on four continents (not counting the presentations of my refereed papers). I also served as program chair at 7 international conferences or workshops; as program committee member for over 30 events; as technical reviewer of book proposals for scientific publishers such as Wiley and Addison-Wesley; and as associate editor for an IEEE journal. I have authored or co-authored over 50 refereed publications, three book chapters, two patent applications, one book and I have edited two LNCS proceedings volumes. Six of my former graduate students have now received Cambridge PhDs.

I was elected a Toshiba Fellow in 2000. I was appointed to a Lectureship at the University of Cambridge in 2000, originally at the Department of Engineering, then transferred to the Computer Laboratory in 2004. In 2006 I was awarded academic tenure until retiring age and in 2007 I was promoted to a University Senior Lectureship.

Before that, I had the privilege of doing a security PhD here at Cambridge under the supervision of Ross Anderson. I completed it in exactly three years: matriculated in January 1998, submitted in December 2000, approved with no corrections in January 2001. My PhD was nominated for the British Computer Society "distinguished dissertation" award and was later turned into the book mentioned above. The first few steps of my academic lineage are all at the Cambridge Computer Laboratory and go back to its founder Sir Maurice Wilkes, who built the first stored-program computer in the world: Frank Stajano - Ross Anderson - Roger Needham - David Wheeler - Maurice Wilkes.

I have taught a variety of core computing subjects to engineers and computer scientists, including operating systems, computer architecture, security, data structures and algorithms, as well as more specialized subjects such as hardware design, FPGA programming, assembly language programming and ubiquitous computing. I greatly enjoy lecturing and helping other people reach "lightbulb moments".

I love Japan! I lived in Japan for one year and I maintain strong ties to the Toshiba Corporate Research and Development Center in Kawasaki and Keio University.

In my spare time I am a comics scholar with a particular interest in Disney material. I have coauthored a few books, book chapters and articles on this subject. Although not as frequently as I'd like, I offer audio interviews with comics authors on my comics podcast.

I have a strong interest in kendo (Japanese swordsmanship). Since October 2002 I am the leader of Tsurugi Bashi, the kendo dojo of the University of Cambridge. I am 3rd dan and a BKA-licenced "regional coach" (meaning that I run courses to train and license other kendo instructors). I attended the gruelling one-week "Foreign Kendo Leaders" seminar in Kitamoto, Japan in July 2008. I haven't kept an exact count but by now a few hundred people have started kendo as my students. Over a dozen of them (Michael Gratzke*, Theo Rutter, Jake Barber, Adam Jackson*, Min Lin*, Daisy Chen*, Ivy Ko, Mikyung Jang*, Eng Tin Aw*, Matt Marley*, Periklis Akritidis, Eric Tung, Damien Vadillo) now hold Dan grades and those with a star also hold BKA coach licences; the first of them even started a new dojo. Since I became dojo leader in late 2002, Cambridge defeated Oxford six out of eight times at the annual Varsity match, and also won first place at the 2009 British inter-university championship.

Things I am

Trilingual (I've started on language number four, but it will be a while before I can achieve any fluency) Disney comics philologist 3-dan kendoka Silly

Things I've written

(Legend: most of these are papers and articles but these are books or book chapters and these are programs.)

2011: Jonathan Anderson and Frank Stajano. "Psychic Routing: Upper Bounds on Routing in Private DTNs" In Proceedings of HotPETs 2011. To appear. 2011: Frank Stajano. "Pico: No more passwords!" In Proceedings of Security Protocols Workshop 2011. To appear (preprint). 2011: Jonathan Anderson, Frank Stajano and Robert Watson. "How to keep bad papers out of conferences (with minimum reviewer effort)" In Proceedings of Security Protocols Workshop 2011. To appear. 2011: Omar Choudary and Frank Stajano. "Make noise and whisper: a solution to relay attacks" In Proceedings of Security Protocols Workshop 2011. To appear. 2011: Frank Stajano and Paul Wilson. "Understanding scam victims: Seven principles for systems security", Communications of the ACM 54(3):70-75, © ACM. Updated and abridged version of Tech Rep 754 (2009). 2011: Francesco Stajano. "Don Rosa's Libido Colligandi" in Paolo Castagno (ed.), Don Rosa - A little something special, Papersera, 2011. 2011: Francesco Stajano. "Don Rosa interview (2008): before the ducks" in Paolo Castagno (ed.), Don Rosa - A little something special, Papersera, 2011. 2011: Francesco Stajano. "Don Rosa interview (1997): the dream of a lifetime" in Paolo Castagno (ed.), Don Rosa - A little something special, Papersera, 2011. 2010: Jonathan Anderson, Joseph Bonneau and Frank Stajano. "Inglourious installers: security in the application marketplace". In proceedings of WEIS 2010. 2010: Francesco Stajano. "Epico ma non troppo" in Paolo Castagno (ed.), Massimo de Vita - Il cugino di Alf, Papersera, 2010. 2010: Ross Anderson and Frank Stajano. "It's the anthropology, stupid!". In proceedings of Security Protocols Workshop 2010. To appear. (This is an unrevised preprint.) 2010: Saad Aloteibi and Frank Stajano. "On the value of hybrid security testing". In proceedings of Security Protocols Workshop 2010. To appear. 2010: Jonathan Anderson and Frank Stajano. "On storing private keys in the cloud". In proceedings of Security Protocols Workshop 2010. To appear. (This is an unrevised preprint.) 2010: Bruce Christianson, Alex Shafarenko, Frank Stajano and Ford-Long Wong. "Relay-proof channels using UWB lasers". In proceedings of Security Protocols Workshop 2010. To appear. 2010: Frank Stajano, Ford-Long Wong and Bruce Christianson. "Multichannel protocols to prevent relay attacks". In proceedings of Financial Cryptography 2010, Springer LNCS 6054. © IFCA. 2009: Frank Stajano. "Privacy in the era of genomics". ACM netWorker, 13:4, Winter 2009. © ACM. 2009: Bogdan A. Roman, Ioannis Chatzigeorgiou, Ian J. Wassell, Frank Stajano. "Evaluation of Multi-Carrier Burst Contention and IEEE 802.11 with Fading During Channel Sensing". In Proceedings of 20th IEEE International Symposium on Personal Indoor Mobile Radio Communications, PIMRC'09, September 2009. 2009: Frank Stajano, Neil Hoult, Ian Wassell, Peter Bennett, Campbell Middleton and Kenichi Soga. "Smart Bridges, Smart Tunnels: Transforming Wireless Sensor Networks from Research Prototypes into Robust Engineering Infrastructure". Elsevier Ad Hoc Networks http://dx.doi.org/10.1016/j.adhoc.2010.04.002 2009: Frank Stajano and Paul Wilson, "Understanding scam victims: Seven principles for systems security". Technical report UCAM-CL-TR-754. Updated and abridged version in Communications of the ACM 54(3):70-75, March 2011. Presented at 2nd Interdisciplinary Workshop on Security and Human Behaviour (SHB 2009) and a dozen other places over four continents. 2009: Jonathan Anderson, Joseph Bonneau, Frank Stajano, "Security APIs for Online Applications", in Proc. 3rd International Workshop on Analysis of Security APIs, July 2009. 2009: Frank Stajano, "Foot-driven computing: our first glimpse of location privacy issues", in in ACM SIGSPATIAL 1(2):28-32, Special Issue on Privacy and Security of Location-Based Systems, July 2009. 2009: Francesco Stajano, Prefazione al catalogo della mostra personale di Giorgio Cavazzano tenutasi a Dolo (VE) nel maggio-giugno 2009. 2009: Francesco Stajano, "Intervista a Giorgio Pezzin", in Paolo Castagno (Ed.), Giorgio Pezzin - Tanto gli strumenti sono solo dipinti, Papersera, 2009. 2009: Francesco Stajano, "Giorgio Pezzin, il genio techno", in Paolo Castagno (Ed.), Giorgio Pezzin - Tanto gli strumenti sono solo dipinti, Papersera, 2009. 2009: Jonathan Anderson, Claudia Diaz, Joseph Bonneau, Frank Stajano, "Privacy-enabling social networking over untrusted networks", in Proceedings of WOSN 2009: The Second ACM SIGCOMM Workshop on Online Social Networks, Barcelona, Spain, 17 August 2009. 2009: Luke Church, Jonathan Anderson, Joseph Bonneau and Frank Stajano, Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster), in Proceedings of the 5th ACM Symposium on Usable Privacy and Security (SOUPS 2009), Mountain View, CA, USA, July 2009. 2009: Joseph Bonneau, Jonathan Anderson, Frank Stajano, Ross Anderson, Eight Friends are Enough: Social Graph Approximation via Public Listings, in Proceedings of SocialNets 2009: The Second ACM Workshop on Social Network Systems, Nurembeg, Germany, 31 March 2009. 2009: Jonathan Anderson and Frank Stajano, "Not That Kind of Friend: Misleading Divergences Between Online Social Networks and Real-World Social Protocols". Proceedings of Seventeenth International Workshop on Security Protocols, Cambridge, UK, 1-3 April 2009. To appear in Springer LNCS. You may download an unrevised preprint. 2009: Frank Stajano, "Security Issues in Ubiquitous Computing", book chapter in Handbook of Ambient Intelligence and Smart Environments. It received the highest score of any chapter in the book, as two out of two volume editors who reviewed it gave it a "strong accept". Thanks to the people who sent me useful comments. 2008: Dave SingelÃ©e, Ford-Long Wong, Bart Preneel and Frank Stajano. "A Theoretical Model for Location Privacy in Wireless Personal Area Networks" (or cached). KU-Leuven COSIC internal report no 1176, 2008. 2008: Frank Stajano, Lucia Bianchi, Pietro LiÃ² and Douwe Korff. "Forensic Genomics: Kin Privacy, Driftnets and Other Open Questions". in Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, USA, 27 October 2008. © ACM, 2008. You may comment on it (and read other people's comments) on our blog. 2008: Frank Stajano and Richard Clayton. Cyberdice: peer-to-peer gambling in the presence of cheaters. Proceedings of 16th Security Protocols Workshop, Cambridge, UK, 16-18 April 2008. To appear in Springer LNCS. A transcript of the discussion is also available. 2008: Francesco Stajano. "Filologia disneyana, fra crudo empirismo e dotta speculazione", in Paolo Castagno (Ed.), Abramo e Giampaolo Barosso - Fra logaritmi e fiordalisi, Papersera, 2008. 2008: Francesco Stajano. "Abramo e Giampaolo Barosso: trecento e piÃ¹ occasioni per risate intelligenti", in Paolo Castagno (Ed.), Abramo e Giampaolo Barosso - Fra logaritmi e fiordalisi, Papersera, 2008. 2008: Frank Stajano, Dan Cvrcek, Matt Lewis. "Steel, Cast Iron and Concrete: Security Engineering for Real World Wireless Sensor Networks". Proceedings of Applied Cryptography and Network Security conference (ACNS 2008), Springer LNCS 5037, pp.460-478. © Springer-Verlag Berlin Heidelberg 2008. 2008: Bogdan Roman, Frank Stajano, Ian Wassell, David Cottingham. "Multi-Carrier Burst Contention (MCBC): Scalable Medium Access Control for Wireless Networks". Proceedings of IEEE Wireless Communications & Networking Conference 2008 (WCNC'08), Las Vegas, March 2008. 2007: Francesco Stajano, "Giorgio Cavazzano: Maestro, oltre il talento", 2007. Ripubblicato su Papersera VI(1), 2008. 2007: Ford Long Wong and Frank Stajano, "Multichannel Security Protocols", in IEEE Pervasive Computing, Special Issue on Security and Privacy, 6(4):31-39, Oct-Dec 2007. 2007: Frank Stajano, Catherine Meadows, Srdjan Capkun, Tyler Moore (Eds.), Security and Privacy in Ad-hoc and Sensor Networks 4th European Workshop, ESAS 2007, Cambridge, UK, July 2-3, 2007. Proceedings. Springer Lecture Notes in Computer Science volume 4572. 2007: Francesco Stajano, "Salsicce allo spiedo! Attorno al fuoco con Nonno Rodolfo", in Paolo Castagno (Ed.), Rodolfo Cimino - Dalla tana del bestio all'angolo dei salici, Papersera, 2007. 2007: Francesco Stajano, "Rodolfo Cimino, maestro cantastorie: da antiche magie a romantiche avventure (senza scordare i tapiri)", in Paolo Castagno (Ed.), Rodolfo Cimino - Dalla tana del bestio all'angolo dei salici, Papersera, 2007. 2007: Ford Long Wong, Min Lin, Shishir Nagaraja, Ian Wassell and Frank Stajano, "Evaluation Framework of Location Privacy of Wireless Mobile Systems with Arbitrary Beam Pattern", in Proceedings of Fifth Annual Conference on Communication Networks and Services Research (CSNR 2007), Fredericton, New Brunswick, Canada, 14 - 17 May 2007, IEEE Communications Society and Association for Computing Machinery. 2007: Kasim Rehman, Frank Stajano and George Coulouris, "An Architecture for Interactive Context-Aware Applications", IEEE Pervasive Computing 6(1):73-80, January 2007. 2006: Frank Stajano, Hyoung Joong Kim, Jong-Suk Chae, Seong-Dong Kim (Eds.), Ubiquitous Convergence Technology, First International Conference, ICUCT 2006, Jeju Island, Korea, December 5-6, 2006, Revised Selected Papers. Springer Lecture Notes in Computer Science volume 4412. 2006: Joonwoong Kim, Alastair Beresford and Frank Stajano, "Towards a Security Policy for Ubiquitous Healthcare Systems (Position Paper)", in Proceedings of First International Conference on Ubiquitous Convergence Technology (ICUCT 2006), Jeju, Korea, Dec 2006, LNCS 4412, © Springer-Verlag. 2006: Francesco Stajano, "Luciano Bottaro e lo scherzo cinese", in Paolo Castagno (Ed.), Luciano Bottaro - Un "gioviale" omaggio, Papersera, 2006. 2006: Matthew Johnson and Frank Stajano, "Usability of Security Management: Defining the Permissions of Guests", in Proceedings of 14th Security Protocols Workshop, Cambridge, UK, 2006-03-27..29, LNCS, © Springer-Verlag. 2006: Ford-Long Wong and Frank Stajano, "Multi-channel Protocols for Group Key Agreement in Arbitrary Topologies", in Proceedings of 3rd IEEE Workshop on Pervasive Computing and Communications Security (PerSec 2006). 2005: Pablo Vidales, Javier Baliosian, Joan Serrat, Glenford Mapp, Frank Stajano, Andy Hopper, "Autonomic System for Mobility Support in 4G Networks", in IEEE Journal On Selected Areas In Communications, December 2005. 2005: Kasim Rehman, Frank Stajano and George Coulouris, "Visually Interactive Location-Aware Computing", in UbiComp 2005: Ubiquitous Computing: 7th International Conference, UbiComp 2005, Tokyo, Japan, September 11-14, 2005. Proceedings, LNCS 3660, 2005, © Springer-Verlag. ISBN 3-540-28760-4. 2005: Francesco Stajano, "Addio, Romano!", in DDF(R)appet, June 2005, fanzine of the Danish Donaldist society. 2005: Frank Stajano, "RFID is X-ray vision", University of Cambridge Computer Laboratory Technical Report 645. Revised write-up of keynote talk I gave at the first workshop in the International Workshop Series on RFID, Tokyo, Japan, November 2004. A condensed version, featuring some prudish censorship courtesy of the CACM editors, appears in the September 2005 issue of Communications of the ACM. 2005: Ford-Long Wong and Frank Stajano, "Location Privacy in Bluetooth", in Proceedings of 2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2005), LNCS 3813, © Springer-Verlag, pages 176-188. 2005: Ford-Long Wong and Frank Stajano, "Multi-channel protocols", in Proceedings of Security Protocols Workshop 2005, LNCS 4631, © Springer-Verlag. 2005: Ford-Long Wong, Frank Stajano and Jolyon Clulow, "Repairing the Bluetooth pairing protocol", in Proceedings of Security Protocols Workshop 2005, LNCS 4631, © Springer-Verlag. 2005: Matthew Johnson and Frank Stajano, "Implementing a multi-hat PDA", in Proceedings of Security Protocols Workshop 2005, LNCS 4631, © Springer-Verlag. 2005: Frank Stajano, "A visit to a sword polisher's workshop", in Proceedings of Seminar on Japanese Swords, Tsurugi-Bashi Kendo Kai, 2005. 2005: Pablo Vidales, Glenford Mapp, Frank Stajano, Jon Crowcroft, Carlos Jesus Bernardos, "A Practical Approach for 4G Systems: Deployment of Overlay Networks", in Proceedings of Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities / TRIDENTCOM 2005. (Best paper award) 2004: Frank Stajano, Security for Ubiquitous Computing (abstract of invited talk), in Proceedings of 7th International Conference on Information Security and Cryptology (ICISC 2004), Seoul, Korea, Dec 2004. Springer LNCS 3506. 2004: Frank Stajano, "Will your digital butlers betray you?", in Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES), October 2004, Washington, DC, USA, © ACM. 2004: Frank Stajano, "One user, many hats; and, sometimes, no hat—towards a secure yet usable PDA", in Proceedings of 12th International Security Protocols Workshop, April 2004, Cambridge, UK. LNCS 3957 pages 51-64, © Springer-Verlag. 2004: Alastair Beresford and Frank Stajano, "Mix Zones: User privacy in location-aware services", in Proceedings of First IEEE International Workshop on Pervasive Computing and Communication Security (PerSec) 2004, a workshop in PerCom 2004. © IEEE. 2003: Frank Stajano and Jon Crowcroft, "The Butt of the Iceberg: Hidden Security Problems of Ubiquitous Systems", in Basten et al., eds., Ambient Intelligence: Impact on Embedded System Design, Kluwer 2003. 2003: Frank Stajano, "The Security Challenges of Ubiquitous Computing" (Abstract of invited talk for CHES 2003) 2003: Frank Stajano, "Security in Pervasive Computing" (Abstract of invited talk for SPC 2003, Boppard, Germany, March 2003), Springer LNCS 2802. 2003: Alastair Beresford and Frank Stajano, "Location Privacy in Pervasive Computing", IEEE Pervasive Computing, 2(1):46-55, 2003. © IEEE. 2002: Frank Stajano, Security for whom? The shifting security assumptions of pervasive computing in Proceedings of International Security Symposium 2002, Tokyo, Japan, LNCS 2609, © Springer-Verlag. 2002: Kasim Rehman, Frank Stajano and George Coulouris, Interfacing with the Invisible Computer, In Proceedings of NordiCHI 2002, Aarhus, Denmark, 2002-10-19. 2002: Pablo Vidales and Frank Stajano, "The Sentient Car: Context-Aware Automotive Telematics", in Proceedings of First IEE European Workshop on Location Based Services (LBS-2002), London, UK. Also appeared as a poster and extended abstract at Ubicomp 2002. 2002: Frank Stajano and Ross Anderson, The Resurrecting Duckling: Security Issues for Ubiquitous Computing. Journal version of the Duckling article. Appeared in the pre-series inaugural issue of IEEE Security & Privacy, published as a supplement to IEEE Computer magazine 35(4), April 2002. 2002: Frank Stajano, Security for Ubiquitous Computing, Wiley, 2002. 2002: Frank Stajano and Hiroshi Isozaki, "Security Issues for Internet Appliances" in Proceedings of SAINT 2002. 2002: Tatsuo Nakajima, Hiro Ishikawa, Eiji Tokunaga and Frank Stajano, "Technology Challenges for Building Internet-Scale Ubiquitous Computing", in Proceedings of WORDS 2002. 2002: Frank Stajano and Yutaka Sata, "Personalized reminder service", Japanese patent application P2002-12052 (in Japanese), 2002. 2001: Frank Stajano and Hiroshi Isozaki, "Apparatus for managing software and method of installing software", Japanese patent application P2001-315815 (in Japanese), 2001. 2001: Security Policies (with Ross Anderson and Jong-Hyeon Lee; book chapter in Advances in Computers vol 55, Academic Press, 2001.) 2000: Romantic Cryptography (with William Harris; eventually published in Journal of Craptology, vol 7, Feb 2010) 2000: The Grenade Timer: Fortifying the Watchdog Timer Against Malicious Mobile Code (with Ross Anderson; presented at, and in the proceedings of, the 7th International Workshop on Mobile Multimedia Communications (MoMuC 2000), Waseda, Tokyo, Japan, 23-26 October 2000.) 2000: A personal homage to Carl Barks, the great comics storyteller, creator of Uncle Scrooge and Gyro Gearloose, who died on 2000-08-25 at age 99. 2000: A set of flash cards to practice the Japanese hiragana and katakana syllabaries (Frank's do-it-yourself kana cards). (If you are interested in this sort of thing then you might have liked the very elegant, and equally free, Digital Kana Flashcards created by Shane Hope; but the web page has now disappeared.) 2000: A better version of Python's getopt module. 2000: The Resurrecting Duckling -- What Next? (presented at, and in the proceedings of, the 8th International Workshop on Security protocols, Lecture Notes in Computer Science, Springer-Verlag, 2000-04-05.) 2000: Il falsario contro il crittologo: sicurezza per la lotteria informatizzata ("The Forger vs. the Cryptologist: Security Issues for the Computerised Lottery", in Italian. Invited paper presented at, and in the proceedings of, the 40th conference of the Italian Statistical Society, Florence, Italy, 2000-04-26.) 2000: Python in Education: Raising a Generation of Native Speakers (presented at, and in the proceedings of, the 8th International Python Conference, Washington DC, 24-27 January 2000. A less pretty HTML version is also available, and so is a gzipped postscript one.) 1999: Disney comics from Italy (invited essay published in installments in the Swedish magazine NAFS(k)uriren.) 1999: The Cocaine Auction Protocol: on the Power of Anonymous Broadcast (with Ross Anderson; presented at, and in the proceedings of, the 3rd International Workshop on Information Hiding, Lecture Notes in Computer Science, Springer-Verlag.) 1999: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks (with Ross Anderson; presented at, and in the proceedings of, the 7th International Workshop on Security protocols, Lecture Notes in Computer Science, Springer-Verlag. A later version appears in the proceedings of the 3rd AT&T Software Symposium.) 1998: Il grande Floyd Gottfredson - Una vita con Topolino (with Leonardo Gori; This is the definitive book on the true father of Mickey Mouse; presented at Expocartoon, Rome, Italy, November 1998; formerly known as "Il mago di Topolino - Floyd Gottfredson fra Walt Disney e Ub Iwerks") 1998: The SMS server, or why I switched from Tcl to Python (presented at, and in the proceedings of, the 7th International Python Conference, Houston, Texas, USA, 10-13 November 1998) 1998: The Thinnest Of Clients: Controlling It All Via Cellphone (with Alan Jones; in ACM Mobile Computing and Communications Review, vol 2 no 4, October 1998) 1998: Nothing better than a Python to write a Serpent (software + colour A1 poster + proceedings entry) 1998: Visual Cryptography Kit (software + colour A1 poster + proceedings entry) 1998: A few pairs of mutually self-generating programs. 1998: A detailed, illustrated trip report on IPC7, the 7th International Python Conference held in Houston, Texas, USA, 10-13 November 1998. 1998: A Gentle Introduction to Relational and Object Oriented Databases (ORL technical report TR-98-2. Actually I wrote this thing years ago, but only recently did I get round to properly publishing it as a technical report.) 1998: A design for my Cambridge University business card which several colleagues have already requested and used for themselves. If you are browsing from *.cam.ac.uk, I'll let you download my Word file so you can use it too. It has my photograph, so the recipient remembers who the hell this came from, and the fingerprints of my PGP keys (I've had PGP fingerprints on my business cards since 1994, and greasy fingerprints on them since a lot before that!). I'm pleased with the result, but Word is a big mess, especially when you have to edit the sideways text. Maybe one day I'll write a program to generate the postscript directly -- but don't hold your breath. 1998: HTML pretty-print 1997: Restituire l'anima rubata (in Notiziario GAF, issue 3, Dec 1997; reprinted, with much better illustrations, in Comic Art 161, April 1998) 1997: Don Rosa e il Rinascimento disneyano (with Leonardo Gori and Alberto Becattini; the first book in the world about the American Disney comics author Don Rosa. In Italian.) 1997: A few self-generating programs that now live in Eli Biham's collection. 1996-7: a chapter in The Art of Giorgio Cavazzano (edited by Luca Boschi; a great book about the Italian Disney comics author Giorgio Cavazzano. In Italian.) 1996: Carta, inchiostro, emozioni (in IF terza serie, n. 6, Dic 1996) 1996: Javatalk (effectively ORL's first piece of Open Source software) 1996: Success story: net risks melt-down as web hits critical mass is a September 1996 survey article about the evolution of the web, meant for intelligent non-techies. 1996?: Chess Replay applet (see it in action on the chess site of my great friend Alessandro Morales) 1995: The Doom Zoo with its Rotator applet 1995: Taming the Complexity of Distributed Multimedia Programs (with Rob Walker) 1994: The Doom Honorific Titles 1994: Frank Stajano, Writing Tcl Programs in the Medusa applications environment, Proceedings of 2nd Tcl/Tk Workshop, New Orleans, LA, USA, 1994. 1992: Manuale Modem (tells you what you can do with a modem from a user's perspective, with particular emphasis on the "community spirit" of bulletin boards. Became the standard textbook introduction to Fidonet in Italy and was broadcast by RAI (Italy's state-owned TV broadcasting company) over their telesoftware channel. In Italian.) 1991: Media Composition and Synchronization Aspects in an Interactive Multimedia Authoring Environment (with Gianluca Pancaccini; in Proceedings of the Fourth International Conference on Human-Computer Interaction, Stuttgart, Germany, 1991, published by Elsevier.) 1991?: Il Terzo Universo 1991?: Artigiani e artisti dell'immateriale

Things I teach

Courses and projects

Lent 1999: Additional Topics 1 lecture in a module of 16: "Cryptography: More Than You Might Think!". Lent 2000: Additional Topics. 1 lecture in a module of 16: "Cryptography: More Than You Might Think!". Easter 2002: ARM project. 8 hours a week for 4 weeks. The most oversubscribed third year project for engineering undergraduates. Michaelmas 2002: 3F5 Computer and Network Systems. 8 lectures in a module of 16. Lent 2003: Additional Topics. 3 lectures in a module of 16. Lent 2003: 4F5 Digital Communications. 4 lectures in a module of 16. Easter 2003: 1BP8 An Architecture for Wearable Computing. 9+2 lectures in a module of 16. Easter 2003: ARM project. 8 hours a week for 4 weeks. Once again the most oversubscribed third year project for engineering undergraduates. Summer 2003: Security for Ubiquitous Computing, a 10 lecture module in a 4 week advanced graduate course on mobile computing at the Scuola Normale Superiore di Pisa, Italy. Michaelmas 2003: 3F5 Computer and Network Systems. 8 lectures in a module of 16. Lent 2004: Additional Topics. 3 lectures in a module of 16. Lent 2004: 4F5 Digital Communications. 5 lectures in a module of 16. Lent 2004: Advanced Systems Topics. 1 lecture in a module of 16: "Security for Ubiquitous Computing". Easter 2004: 1BP8 Architectures for Ubiquitous Computing. 9+2 lectures in a module of 16. Easter 2004: ARM project. 8 hours a week for 4 weeks. Michaelmas 2004: 3F5 Computer and Network Systems. 8 lectures in a module of 16. Lent 2005: Additional Topics. 3 lectures in a module of 16. Lent 2005: 4F5 Digital Communications. 5 lectures in a module of 16. Easter 2005: 1BP8 Architectures for Ubiquitous Computing. 9+2 lectures in a module of 16. Easter 2005: ARM project. 8 hours a week for 4 weeks. Michaelmas 2005: Introduction to Algorithms. A course of 4 lectures. Michaelmas 2005: Data Structures and Algorithms. A course of 16 lectures. Lent 2006: Additional Topics. 3 lectures in a module of 16. Michaelmas 2006: Data Structures and Algorithms. A course of 16 lectures. Michaelmas 2006: Algorithms II. A course of 6 lectures. Lent 2007 Additional Topics. 3 lectures in a module of 16. Michaelmas 2007: Data Structures and Algorithms. A course of 16 lectures. Michaelmas 2007: Algorithms II. A course of 8 lectures. Lent 2008 Additional Topics. 3 lectures in a module of 16. Michaelmas 2008: Algorithms II. A course of 10 lectures. Easter 2009 Additional Topics. 3 lectures in a module of 12. Easter 2009: Algorithms I. A course of 12 lectures. Michaelmas 2010: Algorithms II. A course of 10 lectures. Easter 2011: Algorithms I. A course of 12 lectures. Michaelmas 2011: Algorithms II. A course of 12 lectures. Lent 2012 Security II (with Steven Murdoch and others). A course of 16 lectures. Lent-Easter 2012: Algorithms I. A course of 15 lectures.

I used to run the Computer and Communications Technology Reading Club, perhaps better known as the LCE Monday Meetings.

PhD students I supervise(d), in part or in full

Kasim Rehman (received a PhD for Visualisation, Interpretation and Use of Location-Aware Interfaces) Eli Katsiri (received a PhD for Middleware support for context-awareness in distributed sensor-driven systems) Pablo Vidales (received a PhD for Seamless Mobility in 4G Systems) Alastair Beresford (received a PhD for Location Privacy in Ubiquitous Computing) Zheng Li Ford Long Wong (received a PhD for Protocols and Technologies for Security in Pervasive Computing and Communications) Matthew Johnson (received a PhD for A new approach to Internet banking) Joon Woong Kim Bogdan Roman (received a PhD for Scalable Cross-Layer Wireless Medium Access Control) Jonathan Anderson Saad Aloteibi Omar Choudary

Master students I supervise(d), in part or in full

Omar Choudary (received an MPhil for The Smart Card Detective: a hand-held EMV interceptor) Ã‰ireann Leverett (received an MPhil for Quantitatively Assessing and Visualising Industrial System Attack Surfaces)

Undergraduate students I supervise(d), in part or in full

Part II Computer Security (Computer Laboratory)

Lent 1999:: Chris Reed, John Hall, Ross Younger, Ari Krakauer, Martin Thorpe, Ben Waine, Katie Bebbington, Ciaran McNulty, Matthew Slyman, Dominic Crowhurst, Matt Cobley, Alfredo Gregorio, Andrei Serjantov, Jacob Nevins, Theo Honohan, Ben Mansell, Alastair Beresford, Richard Sharp, David Scott.
Lent 2000:: Siraj Khaliq, Julian Brown, George Danezis, Mark Shinwell, Patrick Wynn, Bruno Bowden, Justin Siu, Paul Gotch.

3rd year project (Computer Laboratory)

1999-2000:: George Danezis.

4th year project (Engineering)

2002-2003:: Julian Dale, David Stern, Mark Victory.
2003-2004:: Grant Oddoye.
2004-2005:: Peng Yuan Fan, Arun Rakhra.

Things I like

Animals, except insects Books (I have about 50 metres worth of them) Building things Cats Comics, especially but not exclusively Walt Disney ones Computers Geeky gadgets Jokes Japan Kendo Languages and etymology Photography Pizza Pretty women (all-time favourite: Monica Bellucci) (There are people who find pictures of undressed women offensive. If you belong to this category, please do not follow these links.) Public speaking Reading Teaching Writing

Things I don't like

Air conditioning as a replacement for opening the windows Books and articles written in a complicated way in the mistaken belief that this will make readers think that the author is more clever than them (when I read such junk I only think that the author is an idiot who doesn't understand his own stuff well enough to be capable to explain it clearly to me) Cars, especially traffic jams and parking problems Commuting to work Insects, especially mosquitos Supermarket loyalty cards Tabs in source code Tobacco smoke

Things I am (or have been) on the program committee of

IPC9 aka 9th International Python Conference (5-8 March 2001, Long Beach, CA, USA) IPC10 aka 10th International Python Conference (4-7 February 2002, Alexandria, VA, USA) IWSAWC 2002 aka The 2nd International Workshop on Smart Appliances and Wearable Computing (2 July 2002, Vienna, Austria) Mobicom 2002 aka The Eighth ACM International Conference on Mobile Computing and Networking (23-28 September 2002, Atlanta, GA, USA) WiSe aka Workshop on Wireless Security (28 September 2002, Atlanta, GA, USA) SPC 2003 aka 1st International Conference on Security in Pervasive Computing (12-14 March 2003, Boppard, Germany) PerSec 2004 aka First IEEE International Workshop on Pervasive Computing and Communication Security, held in conjunction with PerCom 2004 (14-17 March 2004, Orlando, FL, USA) ICDCS 2004 aka 24th International Conference on Distributed Computing Systems (23-26 March 2004, Tokyo, Japan) Uk-Ubinet 2004 aka 2nd UK-UbiNet Workshop, Security, trust, privacy and theory for ubiquitous computing (5-7th May 2004, Cambridge, UK) ESAS 2004 aka 1st European Workshop on Security in Ad-Hoc and Sensor Networks (5-6 August 2004, Heidelberg, Germany) Mobiquitous 2004 aka First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (22-25 August 2004, Boston, MA, USA) UCS 2004 aka 2nd International Symposium on Ubiquitous Computing Systems (8-9 November 2004, Tokyo, Japan) PerSec 2005 aka 2nd IEEE International Workshop on Pervasive Computing and Communication Security, held in conjunction with PerCom 2005 (8-12 March 2005, Hawaii, USA) (Program co-chair) SPC 2005 aka 2nd Conference on Security in Pervasive Computing (6-8 April 2005, Boppard, Germany) LoCa 2005 aka International Workshop on Location- and Context-Awareness, in cooperation with Pervasive 2005 (12-13 May 2005, Oberpfaffenhofen near Munich, Germany) TSPUC 2005 aka First International Workshop on Trust, Security and Privacy for Ubiquitous Computing (13 June 2005, Taormina, Italy), affiliated with IEEE WOWMOM 2005 PerSec 2006 aka 3rd IEEE International Workshop on Pervasive Computing and Communication Security, held in conjunction with PerCom 2006 (13-17 March 2006, Pisa, Italy) (Program co-chair) HPCC-06 aka The Second International Conference on High Performance Computing and Communications (13-15 September 2006, Munich, Germany) (Program vice-chair) ESAS 2006 aka Third European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (20-21 September 2006, Hamburg, Germany) UCS 2006 aka 2006 International Symposium on Ubiquitous Computing Systems (11-13 October 2006, Seoul, Korea) ICUCT 2006 aka International Conference on Ubiquitous Convergence Technology (6-8 December 2006, Jeju, Korea) (Program co-chair) PerSec 2007 aka 4th IEEE International Workshop on Pervasive Computing and Communication Security, held in conjunction with PerCom 2007 (26 March 2007, New York, USA) (Program co-chair) PerCom 2007 aka 5th Annual IEEE International Conference on Pervasive Computing and Communications, (26-30 March 2007, New York, USA) ESAS 2007 aka Fourth European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (2-3 July 2007, Cambridge, UK) (General chair) SecureComm 2007 aka Third International Conference on Security and Privacy in Communication Networks (17-21 September 2007, Nice, France) WiSec 2008 aka First ACM Conference on Wireless Network Security (31 March - 2 April 2008, Alexandria, VA, USA) WiSec 2009 aka Second ACM Conference on Wireless Network Security (16 - 18 March 2009, Zurich, Switzerland) IWSSI/SPMU 2009 aka Second International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Device Use, held in conjunction with Pervasive 2009 (11 May 2009, Nara, Japan) SPW 2009 aka Seventeenth International Workshop on Security Protocols (1-3 April 2009, Cambridge, UK) WISTP 2009 aka Workshop in Information Security Theory and Practices on Smart Devices, Pervasive Systems, and Ubiquitous Networks (2-4 September 2009, Brussels, Belgium) DWSAN4CIP 2009 aka International Workshop on Dependable Wireless Sensor and Actuator Networks for Critical Infrastructure Protection (18-19 October 2009, St. Petersburg, Russia), held in conjunction with ICUMT 2009. WISEC 2010 aka Third ACM Conference on Wireless Network Security (March 2010, New York, USA) (Program co-chair) SPW 2010 aka Eighteenth International Workshop on Security Protocols (24-26 March 2010, Cambridge, UK) SEC 2010 aka International Information Security Conference 2010: Security & Privacy - Silver Linings in the Cloud (20-23 September 2010, Brisbane, Australia) WISEC 2011 aka Fourth ACM Conference on Wireless Network Security (14-17 June 2011, Hamburg, Germany)

I encourage you to submit papers to those of the events above for which the submission date is still in the future. The Calls for Papers are available from the links.

I also serve as associate editor for IEEE Transactions on Dependable and Secure Computing.

Things I keep on my web page

...and sometimes on my door; many items here are in the form of little A4 posters that you can print and attach to your own door too!

Are you ready to become a parent?(Sent to me by Dave Clarke) A comparative study of world religions (or cached) One of the most interesting words in the English language (audio clip, 2:30, 158 KB). If restaurants functioned like Microsoft How hot is it in hell The history of electricity Windows 95: Independence Day (in Italian) How Easter Eggs are made How to hunt an elephant The netpbm man pages (227 pages, 425 kB) in a legible and easily printable format. This is not funny (sorry) but it's nevertheless damn useful. I was fed up with not being able to read the man pages from windows and so I did the conversion (groff, distiller etc) once and for all. Haiku error messages Frank's do-it-yourself kana cards

Things I said (in theory I should wait to be dead before putting this up, but...)

Websurfo, ergo sum The truly cool don't have backgrounds ...and even sillier things that enterprising students have seen fit to record for posterity. In fact, they have a whole database of quotes from lecturers in this department.

Contact Information

Frank Stajano, Dr. Ing., Ph.D.
Computer Laboratory
University of Cambridge
William Gates Building
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom

Fax: +44 1223 334611

Telephone contact is generally not encouraged but, if you are a friend or if you have a good reason, with a little homework you can find my number in the departmental directory. Don't, if you're a salesperson, or I may be rude to you.

Time zone info: the UK uses the UTC+0 time zone and goes to UTC+1 during the summer (actually from the last Sunday in March to the last Sunday in October); most other EU countries, instead, are on UTC+1 and UTC+2 respectively, but the change is synchronised, so the time difference with Central Europe is now always 1 hour (this used to be different). Japan is on UTC+9 and, in its wisdom, stays there all year long.

Email

These days, I get a lot of email. A long time ago I used to reply to almost every message. I soon stopped doing that, but for many years I kept on carefully reading every message. In the late 1990s I stopped doing that too, because of spam: initially it was a big shock for me to delete stuff without having read it ("what if it was important?"), but then I got over it. Nowadays I ask the Bayesian filter in Thunderbird (not as good as the wonderful Python-powered Spambayes, but more conveniently accessible) to throw away messages on my behalf without even showing them to me. The stuff that gets through I usually read, except if it's too long or if it contains Microsoft attachments.

DON'T send me Microsoft attachments, which are notorious virus vehicles; ideally, if you want to be kind, please don't send me any attachments at all. Unless I already know you have a good reason for sending it to me, mail with attachments may be discarded unread, or actually not even downloaded from the server. I am happiest when people send me plain text or, at most, a pointer to a pdf.

Even after all this filtering, I still get way too much mail. I write over 10 replies per workday (often many more), but course I can't hope to keep up with an influx that is an order of magnitude larger. As Joachim Posegga once wrote, "response time tends to be an exponential function of message length".

If you want to write to me because you want to become my student at Cambridge, please read this helpful and instructive page. If you don't (and I will be able to tell from your message) I might just silently ignore you; or, if you're lucky, just point you again to this page.

Having said all that, my email address is fms27@cam.ac.uk. Little point in obfuscating it, as it's already on way too many spam lists.

I use and encourage the use of PGP (or its free equivalent GPG, to which I even once contributed a minor bug fix). My PGP keys are on the keyservers. I prefer to receive encrypted mail messages as inline ascii-armoured text as opposed to attachments.

HTML advice of the day: don't misuse tables for page layout purposes and, above all, avoid browser-specific crap!

"With HTML 4.0, any Web application can be vendor independent. There really is no excuse for tying yourselves or your partners to proprietary solutions."
--Tim Berners-Lee, inventor of the World Wide Web

(recheck) (recheck)

You are viewing a mobilized version of this site...
View original page here