Areas of Research
I am particularly interested in providing countermeasures for weaknesses and attacks on IOT devices. I have supervised a number of projects examining the security of smart locks, web cams, DVRs, smart watches, and other “smart” devices.
Payment System Security
Amongst my main research interests is the security of payment systems, fair exchange [CP16] and anonymity [CP13] protocols. We have also been conducting research in the field of bitcoins and fair exchange protocols [CP81] and exploring the benefits of block chain technologies for other applications. We have also been conducting research in the field of … Continue reading “Payment System Security”
Secure Application Execution
In this research thread, we are investigating ways that guarantee the secure execution of an application in embedded/cyber physical devices (e.g. smart cards, mobile phones, payment terminals, IoTs, etc.) that might be subjected to a number of intentional attacks (e.g. side channel attacks) and unintentional faults (cosmic radiation). The main aim of this research thread … Continue reading “Secure Application Execution”
Trusted Execution Environment
for embedded systems and mobile phones: in this research thread [CP113, CP114, CP130], we looked into the different attestation mechanisms [CP37, CP42, CP49, CP61, CP73] that will allow a device to provide the necessary assurance that it operates in a secure and safe mode. This includes preventing any attacks by identifying any vulnerabilities or modifications … Continue reading “Trusted Execution Environment”
Smart Card OS and Platforms
We have been conducting research in smart card technology and associated operating systems and platforms since 1995. We have developed our own smart card simulator upon which we will have full control of which faults are introduced. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly … Continue reading “Smart Card OS and Platforms”
Embedded System Security
I am particularly interested in the interactions between hardware and software for the secure operation of mobile devices platforms and OSs. We are exploring hardware and software binding along with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.
Security of RFID Tokens
Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames, which has lead into a number of publications [67, 66, 55]. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along … Continue reading “Security of RFID Tokens”
As part of our research effort in the field of automotive security, we investigated the “security” of CANBUS [CP92, CP93] and the use of mobile devices for attestating the current status of vehicle security [CP83]. We have examined existing industrial proposals (e.g. the EVITA project) and, based on our analysis, we have suggested a number … Continue reading “Automotive”
I am also particularly interested in the secure deployment and utilisation of hardware security sensors and Electronic Control Units (ECUs) in avionics and automotive environments. I was, in fact, the PI in the Secure High availability Avionics Wireless Networks (SHAWN) project (funded by EPSRC and TSB), which provided security expertise and advice in a number … Continue reading “Avionics”
Software and Hardware Binding
There is a plethora of payment protocols in the academic literature. We are particularly interested for payment protocols that provide fair exchange and anonymity [26, 28] both traditional and mobile computing environments. We are currently extending the functionality of Bitcoin, EMV and other protocols [papers under development] to provide the aforementioned characteristics.
- Internet-of-Things (IoTs)
Mobile Device Security
Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.
Security Protocol Design
Currently, there are a number of secure channel protocols that do not take into account the specific characteristics (e.g. processing overheads, communication buffers, etc.) of the underlying technology utilised by different devices. We have proposed, in the following papers a number of secure channel protocols that were designed specifically by taking into account all these … Continue reading “Security Protocol Design”
Near Field Communication Security
Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. We performed, probably, the first NFC security papers related to relay vulnerability in mobile devices [74, … Continue reading “Near Field Communication Security”
New Usage of Side-Channel Leakage
This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make sure that … Continue reading “New Usage of Side-Channel Leakage”
Transport System Security
We have investigating the security requirements of NFC handsets, along with their perceived security advantages and disadvantages, in the transport industry. This thread of work also involves examining the use of NFC handsets as ticketing devices taking into account tokenization, performance and security requirements.
Verification of Security Protocols
We have been looking into provable security through the utilization of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be able to handle the specific requirements and operational characteristics of a … Continue reading “Verification of Security Protocols”
User Centric Devices
In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated.
Software (Games) Content Protection
I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices, e.g. set-top-boxes, game consoles.
In Internet of Things (IoT) and Cyber-Physical Systems (CPS), data might be collected from a number of nodes deployed in the field. We are investigating data provenance mechanisms for personal information stored in the cloud.
Video/Computer Game Anticheating Mechanisms
We are also investigating the protection of software, computer games through hardware enhancements. The role of anticheating engines is examined with the view of providing hardware, software, networking and distributed ledger technologies.
- Mobile Device Security
Invited talk on embedded system security, at University of Athens, Monday, April 1, 2013
Smart cards, Secure Elements and NFC Security – The Status Quo, at The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012), London, UK., Monday, December 10, 2012
|Konstantinos Markantonakis, Keith Mayes
ISBN: 978-1-4614-7914-7 (Print) 978-1-4614-7915-4 (Online)
|Keith E. Mayes, Konstantinos Markantonakis (eds.): “Smart Cards, Tokens, Security and Applications” ISBN: 978-0-387-72197-2 (Print) 978-0-387-72198-9 (Online) Publisher: Springer US, 2008 DOI: 10.1007/978-0-387-72198-9|
|Title: Smart Cards, Tokens, Security and Applications Second Edition: 2017 Editors Keith Mayes Konstantinos Markantonakis Publisher: Springer International Publishing Hardcover ISBN:978-3-319-50498-8 DOI: 10.1007/978-3-319-50500-8|
|P. Samarati, M. Tunstall, J. Posegga, K. Markantonakis, D. Sauveron (Eds.). Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. Fourth IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, April 12-14, 2010. Springer Lecture Notes in Computer Science Series, Vol. 6033, 2010, 386 p. ISBN: 978-3-642-12367-2.|
|J.A. Onieva, D. Sauveron, S. Chaumette, D. Gollmann, K. Markantonakis (Eds.). Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. Second IFIP WG 11.2 International Workshop, WISTP 2008, Seville, Spain, May 13-16, 2008. Springer Lecture Notes in Computer Science Series, Vol. 5019, 2008, 151 p. ISBN: 978-3-540-79965-8.|
|D. Sauveron, K. Markantonakis, A. Bilas, A. J.-J. Quisquater (Eds.). Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. First IFIP TC6 / WG 8.8 / WG 11.2 International Workshop, WISTP 2007, Heraklion, Crete, Greece, May 9-11, 2007. Springer Lecture Notes in Computer Science Series, Vol. 4462, 2007, 255p. ISBN: 978-3-540-72353-0.|
|S. Rho , D. Sauveron, K. Markantonakis (Eds.). Special Issue on Advanced Semantic and Social Multimedia Technologies for Future Computing Environment Multimedia Tools and Applications, vol 64, N°2, 2013. Springer.|
||Smart Cards Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Technology Management, vol. 2, Supply Chain Management, Marketing and Advertising, and Global Management, pp. 248–264, Wiley, 2010. [ Ordering Information ]|
|Smart Cards: Communication Protocols and Applications Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Computer Networks, vol. 3, pp. 251–268, Wiley, 2007. [ Ordering Information ]|
|Smart Card Security Konstantinos Markantonakis, Keith Mayes, Michael Tunstall, Damien Sauveron, and Fred Piper Chapter in N. Nedjah, A. Abraham, and L. M. Mourelle, Eds., Computational Intelligence in Information Assurance and Security, vol. 57 of Studies in Computational Intelligence, pp. 201–233, Springer-Verlag, 2007. [ Springerlink ]|
Areas of ExpertiseMy involvement in Information Security consulting projects started while I as pursuing my PhD in Information Security, in Royal Holloway. Since then I manage to get involved in a number of Information Security and Smart Card related projects with a number of high profile clients. I also continue to act as a consultant on a variety of information security and smart card related topics:
- Smart card physical security analysis
- Multi-application smart card migration program planning
- Project management for financial institutions and transport operators
- Business case development for chip migration programs
- Smart card application (Java card, SIM card, Multos) security review, design, development
- Smart card security evaluations (Common Criteria) and Security Target, Protection Profile Development
- Risk analysis on smart card technology, protocols and systems
- Smart card security protocol design, review
- Security of mobile phone platforms and secure elements
- Contactless smart card/RFID security and Mifare card technology
I was part of the team, along with colleagues from the Information Security Group/Smart Card Centre, which performed (2008) a counter expertise analysis of a report into the Dutch OV-Chipkaart transport system. This was in response to some recently published attacks on Mifare Classic smart cards. For more information please refer to the following links
for more details.
This was a high profile piece of work, being reported extensively on the internet (see here ).
- Since then we were involved in more work relating to Mifare and chip migration issues/planning for the Dutch transport system.
- I was also involved in preparing an evaluation paper for different options in which security controllers can exist in Mobile devices. The document was also presented as an ETSI internal document and an early version can by found here
- I was also involved in the preparation and delivery of a smart card security training course for the Information Security department major financial institution.
- Security Analysis of Public Key Cryptography in Smart cards and Devices/Tools with Restricted Processing Resources.
- Security Analysis of a smart card system for the provision of wireless telecommunications services.