Areas of Research
Mobile Device Security
Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.
Smart Card OS and Platforms
We have been examining smart card operating systems and platforms for a number of years . We have currently developed our own Java card 3 simulator based on a PC. The aim is to port this implementation in an embedded platform upon which we will have full control of which faults are introduced. Following from … Continue reading “Smart Card OS and Platforms”
Malware for Embedded Devices
I am currently pursuing an active collaboration with the biology department of Royal Holloway University of London, in order to examine the mutation and protection techniques that real world biological viruses are utilising, in order to escape identification and ensure their survival. These techniques will be instigated further, in order to improve software obfuscation techniques. … Continue reading “Malware for Embedded Devices”
Embedded System Security
I am particularly interested in the interactions between H/W and S/W for the secure operation of mobile devices platforms and OSs. Therefore, I would like to explore how low end microprocessors and platforms can be enhanced with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.
Secure Application Execution
We are investigating how we can guarantee the secure execution of an application in devices (e.g. smart cards, mobile phones, payment terminals, etc) that might be subjected to a number of attacks (e.g. side channel attacks). The main aim of this research thread is to detect any attacks and attempt to recover the underlying device … Continue reading “Secure Application Execution”
Verification of Security Protocols
Whenever we propose a cryptographic protocol we perform a security analysis. We have been looking into provable security through the utilisation of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be … Continue reading “Verification of Security Protocols”
We are actively examining the security of EMV card specification in order to provide enhancements and extensions to the overall card/cardholder authentication and transaction authorisation mechanisms. current and future payment platforms. This research thread will investigate theoretical approaches to anonymity and fair exchange of goods. This is a particularly interesting research topic, in light of … Continue reading “EMV Security”
New Usage of Side-Channel Leakage
This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to attempt to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make … Continue reading “New Usage of Side-Channel Leakage”
Trusted Execution Environment
In this research thread, we looked into the different attestation mechanisms [83, 99] that will allow a device to provide the necessary assurance that it still operates in a secure and safe mode. Among the aims of this research thread is to attempt to prevent any attacks by identifying any vulnerabilities or modifications (at the … Continue reading “Trusted Execution Environment”
Payment System Security
There is a plethora of payment protocols in the academic literature. We are particularly interested for payment protocols that provide fair exchange and anonymity [26, 28] both traditional and mobile computing environments. We are currently extending the functionality of Bitcoin, EMV and other protocols [papers under development] to provide the aforementioned characteristics.
- Mobile Device Security
Smart Card Applications
Research carried out in relation to smart card based applications.
We have been conducting research in smart card technology since 1995. This involves general security related work around smart card software components, smart card security, protocols, operating systems, etc.
We have been advising a number of transport operators about the security of existing contactless smart card solutions used as ticketing mediums. This thread of work also involves examining the use of NFC handsets as ticketing devices.
Security of RFID Tokens
The cost and the processing capabilities of RFID tokens were directly proportional. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along with proposing efficient authentication protocols [93,102].
Grouping Proofs for RFID Tokens
Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames. This has lead into a number of publications [67, 66, 55].
Interoperability of Content Protection
I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices [35, 36, 37], e.g. set-top-boxes.
Near Field Communication Security
Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. My growing interest on NFC security has lead into my involvement in the following papers [74, … Continue reading “Near Field Communication Security”
User Centric Devices
In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated. Clarification of the ownership of … Continue reading “User Centric Devices”
Smart Card Security Evaluations
Physical security of smart card microprocessors is a hot topic over the last few years. Three book chapters [13, 14, 15] have been published around the topics of smart card security and security evaluations. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly generated attestation results. … Continue reading “Smart Card Security Evaluations”
Wireless Sensor Nodes
Wireless sensor nodes possess a number of similarities and differences with smart cards both in terms of physical and logical security. We published a scenery setting paper  and we hope to be able to extend this work and cover some additional areas of interest.
- Smart Card Applications
Invited talk on embedded system security, at University of Athens, Monday, April 1, 2013
Smart cards, Secure Elements and NFC Security – The Status Quo, at The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012), London, UK., Monday, December 10, 2012
|Konstantinos Markantonakis, Keith Mayes|
ISBN: 978-1-4614-7914-7 (Print) 978-1-4614-7915-4 (Online)
|Keith E. Mayes, Konstantinos Markantonakis. Smart Cards, Tokens, Security and Applications ISBN: 978-0-387-72197-2 (Print) 978-0-387-72198-9 (Online)|
|P. Samarati, M. Tunstall, J. Posegga, K. Markantonakis, D. Sauveron (Eds.). Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. Fourth IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, April 12-14, 2010. Springer Lecture Notes in Computer Science Series, Vol. 6033, 2010, 386 p. ISBN: 978-3-642-12367-2.|
|J.A. Onieva, D. Sauveron, S. Chaumette, D. Gollmann, K. Markantonakis (Eds.). Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. Second IFIP WG 11.2 International Workshop, WISTP 2008, Seville, Spain, May 13-16, 2008. Springer Lecture Notes in Computer Science Series, Vol. 5019, 2008, 151 p. ISBN: 978-3-540-79965-8.|
|D. Sauveron, K. Markantonakis, A. Bilas, A. J.-J. Quisquater (Eds.). Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. First IFIP TC6 / WG 8.8 / WG 11.2 International Workshop, WISTP 2007, Heraklion, Crete, Greece, May 9-11, 2007. Springer Lecture Notes in Computer Science Series, Vol. 4462, 2007, 255p. ISBN: 978-3-540-72353-0.|
|S. Rho , D. Sauveron, K. Markantonakis (Eds.). Special Issue on Advanced Semantic and Social Multimedia Technologies for Future Computing Environment Multimedia Tools and Applications, vol 64, N°2, 2013. Springer.|
|Smart Cards Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Technology Management, vol. 2, Supply Chain Management, Marketing and Advertising, and Global Management, pp. 248–264, Wiley, 2010. [ Ordering Information ]|
|Smart Cards: Communication Protocols and Applications Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Computer Networks, vol. 3, pp. 251–268, Wiley, 2007. [ Ordering Information ]|
|Smart Card Security Konstantinos Markantonakis, Keith Mayes, Michael Tunstall, Damien Sauveron, and Fred Piper Chapter in N. Nedjah, A. Abraham, and L. M. Mourelle, Eds., Computational Intelligence in Information Assurance and Security, vol. 57 of Studies in Computational Intelligence, pp. 201–233, Springer-Verlag, 2007. [ Springerlink ]|
Areas of ExpertiseMy involvement in Information Security consulting projects started while I as pursuing my PhD in Information Security, in Royal Holloway. Since then I manage to get involved in a number of Information Security and Smart Card related projects with a number of high profile clients. I also continue to act as a consultant on a variety of information security and smart card related topics:
- Smart card physical security analysis
- Multi-application smart card migration program planning
- Project management for financial institutions and transport operators
- Business case development for chip migration programs
- Smart card application (Java card, SIM card, Multos) security review, design, development
- Smart card security evaluations (Common Criteria) and Security Target, Protection Profile Development
- Risk analysis on smart card technology, protocols and systems
- Smart card security protocol design, review
- Security of mobile phone platforms and secure elements
- Contactless smart card/RFID security and Mifare card technology
I was part of the team, along with colleagues from the Information Security Group/Smart Card Centre, which performed (2008) a counter expertise analysis of a report into the Dutch OV-Chipkaart transport system. This was in response to some recently published attacks on Mifare Classic smart cards. For more information please refer to the following links
for more details.
This was a high profile piece of work, being reported extensively on the internet (see here ).
- Since then we were involved in more work relating to Mifare and chip migration issues/planning for the Dutch transport system.
- I was also involved in preparing an evaluation paper for different options in which security controllers can exist in Mobile devices. The document was also presented as an ETSI internal document and an early version can by found here
- I was also involved in the preparation and delivery of a smart card security training course for the Information Security department major financial institution.
- Security Analysis of Public Key Cryptography in Smart cards and Devices/Tools with Restricted Processing Resources.
- Security Analysis of a smart card system for the provision of wireless telecommunications services.