My name is Konstantinos Markantonakis. I am a Professor of Information Security at the Information Security Group at Royal Holloway, University of London and the Director of the Smart Card and IoT Security Centre. My main research areas include trusted execution environments, embedded devices and cyber physical system security, smart cards and RFIDs, avionics and drone security, automotive, payment and transport systems, mobile phone/NFC/secure element security, ambient sensors, Internet-of- Things (IoTs).
More

Areas of Research

    • Internet-of-Things (IoTs)

      I am particularly interested in providing countermeasures for weaknesses and attacks on IOT devices. I have supervised a number of projects examining the security of smart locks, web cams, DVRs, smart watches, and other “smart” devices.

    • Payment System Security

      Amongst my main research interests is the security of payment systems, fair exchange [CP16] and anonymity [CP13] protocols. We have also been conducting research in the field of bitcoins and fair exchange protocols [CP81] and exploring the benefits of block chain technologies for other applications. We have also been conducting research in the field of … Continue reading “Payment System Security”

    • Secure Application Execution

      In this research thread, we are investigating ways that guarantee the secure execution of an application in embedded/cyber physical devices (e.g. smart cards, mobile phones, payment terminals, IoTs, etc.) that might be subjected to a number of intentional attacks (e.g. side channel attacks) and unintentional faults (cosmic radiation). The main aim of this research thread … Continue reading “Secure Application Execution”

    • Trusted Execution Environment

      for embedded systems and mobile phones: in this research thread [CP113, CP114, CP130], we looked into the different attestation mechanisms [CP37, CP42, CP49, CP61, CP73] that will allow a device to provide the necessary assurance that it operates in a secure and safe mode. This includes preventing any attacks by identifying any vulnerabilities or modifications … Continue reading “Trusted Execution Environment”

    • Smart Card OS and Platforms

      We have been conducting research in smart card technology and associated operating systems and platforms since 1995. We have developed our own smart card simulator upon which we will have full control of which faults are introduced. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly … Continue reading “Smart Card OS and Platforms”

    • Embedded System Security

      I am particularly interested in the interactions between hardware and software for the secure operation of mobile devices platforms and OSs. We are exploring hardware and software binding along with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.

    • Security of RFID Tokens

      Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames, which has lead into a number of publications [67, 66, 55]. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along … Continue reading “Security of RFID Tokens”

    • Automotive

      As part of our research effort in the field of automotive security, we investigated the “security” of CANBUS [CP92, CP93] and the use of mobile devices for attestating the current status of vehicle security [CP83]. We have examined existing industrial proposals (e.g. the EVITA project) and, based on our analysis, we have suggested a number … Continue reading “Automotive”

    • Avionics

      I am also particularly interested in the secure deployment and utilisation of hardware security sensors and Electronic Control Units (ECUs) in avionics and automotive environments. I was, in fact, the PI in the Secure High availability Avionics Wireless Networks (SHAWN) project (funded by EPSRC and TSB), which provided security expertise and advice in a number … Continue reading “Avionics”

    • Software and Hardware Binding

      There is a plethora of payment protocols in the academic literature. We are particularly interested for payment protocols that provide fair exchange and anonymity [26, 28] both traditional and mobile computing environments. We are currently extending the functionality of Bitcoin, EMV and other protocols [papers under development] to provide the aforementioned characteristics.

    • Mobile Device Security

      Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.

    • Security Protocol Design

      Currently, there are a number of secure channel protocols that do not take into account the specific characteristics (e.g. processing overheads, communication buffers, etc.) of the underlying technology utilised by different devices. We have proposed, in the following papers a number of secure channel protocols that were designed specifically by taking into account all these … Continue reading “Security Protocol Design”

    • Near Field Communication Security

      Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. We performed, probably, the first NFC security papers related to relay vulnerability in mobile devices [74, … Continue reading “Near Field Communication Security”

    • New Usage of Side-Channel Leakage

      This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make sure that … Continue reading “New Usage of Side-Channel Leakage”

    • Transport System Security

      We have investigating the security requirements of NFC handsets, along with their perceived security advantages and disadvantages, in the transport industry. This thread of work also involves examining the use of NFC handsets as ticketing devices taking into account tokenization, performance and security requirements.

    • Verification of Security Protocols

      We have been looking into provable security through the utilization of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be able to handle the specific requirements and operational characteristics of a … Continue reading “Verification of Security Protocols”

    • User Centric Devices

      In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated.

    • Software (Games) Content Protection

      I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices, e.g. set-top-boxes, game consoles.

    • Data Provenance

      In Internet of Things (IoT) and Cyber-Physical Systems (CPS), data might be collected from a number of nodes deployed in the field. We are investigating data provenance mechanisms for personal information stored in the cloud.

    • Video/Computer Game Anticheating

      We are also investigating the protection of software, computer games through hardware enhancements. The role of anticheating engines is examined with the view of providing hardware, software, networking and distributed ledger technologies.

Recent Work

Conference contribution

2017
CC105🔗Mtita, C, Laurent, M, Sauveron, D , Akram, RN , Markantonakis, K & Chaumette, S 2017, Serverless Protocols for Inventory and Tracking with a UAV. in Digital Avionics Systems Conference (DASC), 2017 IEEE/AIAA 36th. IEEE Computer Society Press, St. Petersburg, Florida, USA, pp. 1-11, The 36th IEEE/AIAA Digital Avionics Systems Conference , St. Petersburg, United States, 17-21 September. DOI: 10.1109/DASC.2017.8102113
CC104🔗Gurulian, I , Markantonakis, K , Shepherd, C, Frank, E & Akram, R 2017, Proximity Assurances Based on Natural and Artificial Ambient Environments. in 10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers. Security and Cryptology, vol. 10543, Springer, 10th International Conference on Security for Information Technology and Communications, Bucharest, Romania, 8 July. DOI: 10.1007/978-3-319-69284-5
CC103🔗Shepherd, C , Akram, RN & Markantonakis, K 2017, EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs. in 11th IFIP International Conference on Information Security Theory and Practice (WISTP'17). Springer.
CC102🔗Gurulian, I , Shepherd, C , Markantonakis, K, Frank, E , Akram, R & Mayes, K 2017, On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks. in Trustcom/BigDataSE/ICESS, 2017 IEEE. 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Sydney, Australia, 1-4 August. DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.218
CC101🔗Gurulian, I , Markantonakis, K , Akram, R & Mayes, K 2017, Artificial Ambient Environments for Proximity Critical Applications. in ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM. DOI: 10.1145/3098954.3098964
CC100🔗Shepherd, C , Akram, R & Markantonakis, K 2017, Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. in 12th International Conference on Availability, Reliability and Security (ARES '17). ACM, pp. 1-10, 12th International Conference on Availability, Reliability and Security , Reggio Calabria, Italy, 29-31 August. DOI: 10.1145/3098954.3098971
CC99🔗Lee, R , Markantonakis, K & Akram, R 2017, Provisioning Software with Hardware-Software Binding. in FARES '17 Proceedings of the 12th International Workshop on Frontiers in Availability, Reliability and Security. ACM. DOI: 10.1145/3098954.3103158
CC98🔗Kyrillidis, L , Cobourne, S , Mayes, K & Markantonakis, K 2017, A Smart Card Web Server in the Web of Things. in SAI Intelligent Systems Conference 2016 (IntelliSys 2016). Lecture Notes in Networks and Systems , vol. 16, Springer, pp. 769-784. DOI: 10.1007/978-3-319-56991-8_55
CC97🔗Shepherd, C, Petitcolas, F , Akram, R & Markantonakis, K 2017, An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. in J Lopez, S Fischer-Hübner & C Lambrinoudakis (eds), Trust, Privacy and Security in Digital Business: 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings. Lecture Notes in Computer Science, vol. 10442, Springer-Verlag, pp. 164-179, 14th International Conference on Trust, Privacy & Security in Digital Business, Lyon, France, 28-31 August. DOI: 10.1007/978-3-319-64483-7_11
CC96🔗Jayasinghe, D , Markantonakis, K , Akram, R & Mayes, K 2017, Enhancing EMV Tokenisation with Dynamic Transaction Tokens. in G Hancke & K Markantonakis (eds), Radio Frequency Identification and IoT Security: RFIDSec 2016. Lecture Notes in Computer Science , vol. 10155, Springer, pp. 107-122. DOI: 10.1007/978-3-319-62024-4_8
CC95🔗Umar, A , Gurulian, I , Mayes, K & Markantonakis, K 2017, Tokenisation Blacklisting using Linkable Group Signatures. in Security and Privacy in Communication Networks: 12th EAI International Conference on Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. DOI: 10.1007/978-3-319-59608-2_10
CC94🔗Shepherd, C , Akram, R & Markantonakis, K 2017, Towards Trusted Execution of Multi-modal Continuous Authentication Schemes. in Proceedings of the 32nd ACM SIGAPP Symposium On Applied Computing (SAC '17). ACM, Marrakech, Morocco, pp. 1444-1451. DOI: 10.1145/3019612.3019652
CC93🔗Haken, G , Markantonakis, K , Gurulian, I , Shepherd, C & Akram, R 2017, Evaluation of Apple iDevice Sensors as a Potential Relay Attack Countermeasure for Apple Pay. in Proceedings of the 3rd ACM International Workshop on Cyber-Physical System Security: CPSS '17. ACM, New York, pp. 21-32 , 3rd ACM Cyber-Physical System Security Workshop (CPSS 2017), Abu Dhabi, United Arab Emirates, 2-2 April. DOI: 10.1145/3055186.3055201
CC92🔗Umar, A , Akram, RN , Mayes, K & Markantonakis, K 2017, Ecosystems of Trusted Execution Environment on Smartphones - A Potentially Bumpy Road. in P Urien & S Piramuthu (eds), Mobile and Secure Services (MobiSecServ), 2017 Third International Conference on. IEEE, 3rd International Conference on Mobile and Secure Services (MobiSecServ), Miami Beach, 11-12 February. DOI: 10.1109/MOBISECSERV.2017.7886559
CC91🔗Jayasinghe, D , Cobourne, S , Markantonakis, K , Akram, RN & Mayes, K 2017, Philanthropy On The Blockchain. in The 11th WISTP International Conference on Information Security Theory and Practice (WISTP'2017). Lecture Notes in Computer Science (LNCS), Springer.
CC90🔗Gurulian, I , Akram, R , Markantonakis, K & Mayes, K 2017, Preventing Relay Attacks in Mobile Transactions Using Infrared Light. in SAC '17: Proceedings of the 32nd Annual ACM Symposium on Applied Computing. ACM, pp. 1724-1731, The 32nd ACM Symposium on Applied Computing, Marrakesh, Morocco, 3-6 April. DOI: 10.1145/3019612.3019794
CC89🔗Shepherd, C , Gurulian, I, Frank, E , Markantonakis, K , Akram, R , Mayes, K & Panaousis, E 2017, The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions. in Mobile Security Technologies (MoST '17), IEEE Security & Privacy Workshops. IEEE, IEEE Mobile Security Technologies (MOST) 2017, San Jose, United States, 25-25 May.
CC88🔗Jayasinghe, D , Markantonakis, K , Gurulian, I , Akram, R & Mayes, K 2017, Extending EMV Tokenised Payments To Offline-Environments. in The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). IEEE Computer Society, pp. 1-8. DOI: 10.1109/TrustCom.2016.0095
CC87🔗Mansor, H , Markantonakis, K , Akram, R , Mayes, K & Gurulian, I 2017, Log your car: The non-invasive vehicle forensics. in Y Xiang, K Ren & D Feng (eds), he 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)., TrustCom Paper 147, IEEE Computer Society, pp. 1-9. DOI: 10.1109/TrustCom.2016.0164
CC86🔗Shepherd, C, Arfaoui, G , Gurulian, I , Lee, R , Markantonakis, K , Akram, R, Sauveron, D & Conchon, E 2017, Secure and Trusted Execution: Past, Present and Future -- A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems. in Y Xiang, K Ren & D Feng (eds), The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). ., TrustCom Paper 342, IEEE Computer Society, pp. 1-10. DOI: 10.1109/TrustCom.2016.0060
CC85🔗Akram, R, Bonnefoi, P-F, Chaumette, S , Markantonakis, K & Sauveron, D 2017, Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements. in Y Xiang, K Ren & D Feng (eds), the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)., TrustCom Paper 297, IEEE Computer Society. DOI: 10.1109/TrustCom.2016.0116
CC84🔗Hassan, M , Markantonakis, K & Akram, R 2017, Can you call the software in your device firmware? in e-Business Engineering (ICEBE), 2016 IEEE 13th International Conference on. IEEE Computer Society Press, Macau, China, pp. 1-8, The 13th IEEE International Conference on e-Business Engineering (ICEBE 2016), Macau, China, 4-6 November. DOI: 10.1109/ICEBE.2016.040
CC83🔗Mansor, H , Markantonakis, K , Akram, R , Mayes, K & Gurulian, I 2017, Log Your Car: Reliable Maintenance Services Record. in Information Security and Cryptology: 12th International Conference, Inscrypt 2016, Beijing, China, November 4-6, 2016, Revised Selected Papers. vol. 10143, Lecture Notes in Computer Science , vol. 10143, Springer, pp. 484-504, 12th International Conference on Information Security and Cryptology (Inscrypt), Beijing, China, 4-6 November. DOI: 10.1007/978-3-319-54705-3_30

Chapter

2017
CH20🔗Markantonakis, K & Akram, RN 2017, Multi-Application Smart Card Platforms and Operating Systems. in K Mayes & K Markantonakis (eds), Smart Cards, Tokens, Security and Applications. Springer International Publishing, Cham, pp. 59-92. DOI: 10.1007/978-3-319-50500-8_3
CH19🔗Sauveron, D , Akram, RN & Markantonakis, K 2017, Smart Card Reader and Mobile APIs. in K Mayes & K Markantonakis (eds), Smart Cards, Tokens, Security and Applications. Springer International Publishing, Cham, pp. 305-349. DOI: 10.1007/978-3-319-50500-8_12

Paper

2017
PA12🔗Akram, RN , Markantonakis, K , Mayes, K, Habachi, O, Sauveron, D, Steyven, A & Chaumette, S 2017, ' Security, Privacy and Safety Evaluation of Dynamic and Static Fleets of Drones' Paper presented at The 36th IEEE/AIAA Digital Avionics Systems Conference , St. Petersburg, United States, 17/09/17 - 21/09/17, pp. 1-12. DOI: 10.1109/DASC.2017.8101984
PA11🔗Gurulian, I, Hancke, G , Markantonakis, K & Akram, RN 2017, ' May The Force Be With You: Force-Based Relay Attack Detection' Paper presented at 17th Smart Card Research and Advanced Application Conference, Lugano, Switzerland, 13/11/17 - 15/11/17, .
PA10🔗Ducray, B , Cobourne, S , Mayes, K & Markantonakis, K 2017, ' Comparison of Dynamic Biometric Security Characteristics against other Biometrics' Paper presented at IEEE International Conference on Communications, Paris, France, 21/05/17 - 25/05/17, . DOI: 10.1109/ICC.2017.7996938
PA9🔗Ducray, B , Cobourne, S , Mayes, K & Markantonakis, K 2017, ' Gesture Recognition Implemented on a Personal Limited Device.' Paper presented at International Conference on Information and Communication Systems, Irbid, Jordan, 4/04/17 - 6/04/17, . DOI: 10.1109/IACS.2017.7921966
8a. Invited keynote to a major international conference

Delivered

  • 2017, Bucharest, Romania, “Ambient Sensing Based Relay Attack Detection in Smartphone Contactless Transactions”, International Conference on Security for Information Technology and Communications (SECITC) 2017.

  • 2015, Bucharest, Romania, Keynote Talk, 8th International Conference on Security for Information Technology and Communications, SECITC 2015, "Secure and Trusted Application Execution on Embedded Devices"

  • 2012, Nijmegen, The Netherlands, Keynote Talk, The 8th Workshop on RFID Security and Privacy, “Interplay of Business Objectives and Academic Research – Holders of NFC Mobile Service Destiny”

  • 2012, London, UK, Keynote Talk, The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) , Smart cards, Secure Elements and NFC Security – The Status Quo”

  • 2012, Hangzhou, China, Keynote Talk, 8th International Conference on Information Security Practice and Experience (ISPEC 2012), “Are smart cards the weakest link? Is `practical information security research’ still significant?”

  8b. An invited symposium/workshop/summer school presentation
  • Cyber Physical System Security", Intensive Programme on Information and Communications Security (IPICS), Corfu, Greece, July 2017

  • Cyber Physical System Security", Intensive Programme on Information and Communications Security (IPICS), Leuven, Belgium, July 2016

  • Cyber Physical System Security", Intensive Programme on Information and Communications Security (IPICS), Mytelene, Greece, July 2015

  • Secure Application Execution on Cyber Physical Devices”, Summer School on “Design and security of cryptographic algorithms and devices for real-world applications”, Šibenik - Croatia 01 June - 06 June 2014

  • Embedded System Security Lesson Learned", Intensive Programme on Information and Communications Security (IPICS), Mytelene, Greece, July 2014

  • Smart Cards: State-of-the-Art to Future Directions”, Invited Paper, IEEE International Symposium on Signal Processing and Information Technology, December 12-15, 2013 - Athens, Greece.

  • "Cyber Physical Systems", Intensive Programme on Information and Communications Security (IPICS), Samos, Greece, August 2013.

  • Smart card Security”, ICareNet 2013, 3rd of December 2012, Network of Excellence - Winter School, Imperial College, London.

  • "Embedded System Security", Intensive Programme on Information and Communications Security (IPICS), Vienna, Austria, August 2012

  • "Embedded System Security", Intensive Programme on Information and Communications Security (IPICS), Corfu, Greece, August 2011

  • "Hardware Token Security", Intensive Programme on Information and Communications Security (IPICS), Samos, Greece, August 2010

  • "Smart card Security", Intensive Programme on Information and Communications Security (IPICS), Vienna, Austria, August 2009

8c. An invited presentation to another academic department (UK or international)
  • Embedded Devices, Platforms and Applications”, Invited Lecture in the MSc Programme in Digital Systems Security, University of Piraeus, Greece, 18 January,   2017

  • Embedded Devices, Platforms and Applications”, Invited Lecture in the MSc Programme in Digital Systems Security, University of Piraeus, Greece, 1st December   2015

  • Embedded Devices, Platforms and Applications”, Invited Lecture in the MSc Programme in Digital Systems Security, University of Piraeus, Greece, 13th January  2015

  • Embedded Systems Security”, Invited Day Course, KTH, Stockholm, Sweden, April 2015.
  • Multi-Application Smart card Operating Systems”, Invited Lecture in the BSc Programme in Computer Science, University of Bordeux and University or Limoges, February and March 2015

  • Embedded System Security”, Khalifa University, April 2014.

  • Multi-application Smart Embedded Devices”, Invited Lecture in the MSc Programme in Digital Systems Security, University of Piraeus, Greece, 13th November 2013

  • University of Athens, MSc in Computer Science, Invited talk on “Embedded System Security”, April 2013.

  • "Smart card Security Theory and Practice”, PRActical aspeCts on SEcurity (PRACSE 09), organised by the Athens Institute of Technology (AIT), June 2009.

  • From Smart card to Smart card system security”, PRActical aspeCts on SEcurity (PRACSE’08), organised by the Athens Institute of Technology (AIT), May 2008.

  • Smart card Security”, Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH), Heraklion, Greece, February 2008.

Books

Konstantinos Markantonakis, Keith Mayes
ISBN: 978-1-4614-7914-7 (Print) 978-1-4614-7915-4 (Online)
Keith E. Mayes, Konstantinos Markantonakis (eds.): “Smart Cards, Tokens, Security and Applications” ISBN: 978-0-387-72197-2 (Print) 978-0-387-72198-9 (Online) Publisher: Springer US, 2008 DOI: 10.1007/978-0-387-72198-9
sct Title: Smart Cards, Tokens, Security and Applications Second Edition: 2017 Editors Keith Mayes Konstantinos Markantonakis Publisher: Springer International Publishing Hardcover ISBN:978-3-319-50498-8 DOI: 10.1007/978-3-319-50500-8

Book Editor

P. Samarati, M. Tunstall, J. Posegga, K. Markantonakis, D. Sauveron (Eds.). Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. Fourth IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, April 12-14, 2010. Springer Lecture Notes in Computer Science Series, Vol. 6033, 2010, 386 p. ISBN: 978-3-642-12367-2.
J.A. Onieva, D. Sauveron, S. Chaumette, D. Gollmann, K. Markantonakis (Eds.). Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. Second IFIP WG 11.2 International Workshop, WISTP 2008, Seville, Spain, May 13-16, 2008. Springer Lecture Notes in Computer Science Series, Vol. 5019, 2008, 151 p. ISBN: 978-3-540-79965-8.
D. Sauveron, K. Markantonakis, A. Bilas, A. J.-J. Quisquater (Eds.). Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. First IFIP TC6 / WG 8.8 / WG 11.2 International Workshop, WISTP 2007, Heraklion, Crete, Greece, May 9-11, 2007. Springer Lecture Notes in Computer Science Series, Vol. 4462, 2007, 255p. ISBN: 978-3-540-72353-0.
S. Rho , D. Sauveron, K. Markantonakis (Eds.). Special Issue on Advanced Semantic and Social Multimedia Technologies for Future Computing Environment Multimedia Tools and Applications, vol 64, N°2, 2013. Springer.

Book Chapters

Smart Cards Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Technology Management, vol. 2, Supply Chain Management, Marketing and Advertising, and Global Management, pp. 248–264, Wiley, 2010. [ Ordering Information ]
Smart Cards: Communication Protocols and Applications Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall Chapter in H. Bidgoli, Ed., Handbook of Computer Networks, vol. 3, pp. 251–268, Wiley, 2007. [ Ordering Information ]
Smart Card Security Konstantinos Markantonakis, Keith Mayes, Michael Tunstall, Damien Sauveron, and Fred Piper Chapter in N. Nedjah, A. Abraham, and L. M. Mourelle, Eds., Computational Intelligence in Information Assurance and Security,  vol. 57 of Studies in Computational Intelligence, pp. 201–233, Springer-Verlag, 2007. [ Springerlink ]

Areas of Expertise

My involvement in Information Security consulting projects started while I as pursuing my PhD in Information Security, in Royal Holloway. Since then I manage to get involved in a number of Information Security and Smart Card related projects with a number of high profile clients. I also continue to act as a consultant on a variety of information security and smart card related topics:
  • Smart card physical security analysis
  • Multi-application smart card migration program planning
  • Project management for financial institutions and transport operators
  • Business case development for chip migration programs
  • Smart card application (Java card, SIM card, Multos) security review, design, development
  • Smart card security evaluations (Common Criteria) and Security Target, Protection Profile Development
  • Risk analysis on smart card technology, protocols and systems
  • Smart card security protocol design, review
  • Security of mobile phone platforms and secure elements
  • Contactless smart card/RFID security and Mifare card technology

Selected Projects

  • I was part of the team, along with colleagues from the Information Security Group/Smart Card Centre, which performed (2008) a counter expertise analysis of a report into the Dutch OV-Chipkaart transport system. This was in response to some recently published attacks on Mifare Classic smart cards. For more information please refer to the following links ISG_Dutch and SCC_Dutch for more details.
    This was a high profile piece of work, being reported extensively on the internet (see here ).
  • Since then we were involved in more work relating to Mifare and chip migration issues/planning for the Dutch transport system.
  • I was also involved in preparing an evaluation paper for different options in which security controllers can exist in Mobile devices. The document was also presented as an ETSI internal document and an early version can by found here
  • I was also involved in the preparation and delivery of a smart card security training course for the Information Security department major financial institution.
  • Security Analysis of Public Key Cryptography in Smart cards and Devices/Tools with Restricted Processing Resources.
  • Security Analysis of a smart card system for the provision of wireless telecommunications services.