Areas of Research

    • Security Protocol Design
      Currently, there are a number of secure channel protocols that do not take into account the specific characteristics (e.g. processing overheads, communication buffers, etc.) of the underlying technology utilised by different devices. We have proposed, in the following papers [95, 100] a number of secure channel protocols that were designed specifically by taking into account all these factors.
    • Payment System Security
      There is a plethora of payment protocols in the academic literature. We are particularly interested for payment protocols that provide fair exchange and anonymity [26, 28] both traditional and mobile computing environments. We are currently extending the functionality of Bitcoin, EMV and other protocols [papers under development] to provide the aforementioned characteristics.
    • Secure Application Execution
      We are investigating how we can guarantee the secure execution of an application in devices (e.g. smart cards, mobile phones, payment terminals, etc) that might be subjected to a number of attacks (e.g. side channel attacks). The main aim of this research thread is to detect any attacks and attempt to recover the underlying device in a secure state. As a result, we have published the following papers [77, 87].
    • Trusted Execution Environment
      In this research thread, we looked into the different attestation mechanisms [83, 99] that will allow a device to provide the necessary assurance that it still operates in a secure and safe mode. Among the aims of this research thread is to attempt to prevent any attacks by identifying any vulnerabilities or modifications (at the software level) of the underlying platform.
    • New Usage of Side-Channel Leakage
      This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to attempt to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make sure that the secure application execution is verified [98]. A couple of papers on  secure application execution based on power consumption are also under submission.
    • EMV Security
      We are actively examining the security of EMV card specification in order to provide enhancements and extensions to the overall card/cardholder authentication and transaction authorisation mechanisms. current and future payment platforms. This research thread will investigate theoretical approaches to anonymity and fair exchange of goods. This is a particularly interesting research topic, in light of the recent requirements for secure and lightweight payment protocols. Furthermore, we aim to investigate future payment methods and channels. 
    • Mobile Device Security
      Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.
    • Smart Card OS and Platforms
      We have been examining smart card operating systems and platforms for a number of years [1]. We have currently developed our own Java card 3 simulator based on a PC. The aim is to port this implementation in an embedded platform upon which we will have full control of which faults are introduced. Following from that, we would like to explore how the implementation and our suggested countermeasures will withstand various attacks.
    • Malware for Embedded Devices
      I am currently pursuing an active collaboration with the biology department of Royal Holloway University of London, in order to examine the mutation and protection techniques that real world biological viruses are utilising, in order to escape identification and ensure their survival.  These techniques will be instigated further, in order to improve software obfuscation techniques. Furthermore, it will allow legitimate applications to remain undetected by malware or other malicious software.
    • Embedded System Security
      I am particularly interested in the interactions between H/W and S/W for the secure operation of mobile devices platforms and OSs. Therefore, I would like to explore how low end microprocessors and platforms can be enhanced with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.
    • Verification of Security Protocols
      Whenever we propose a cryptographic protocol we perform a security analysis. We have been looking into provable security through the utilisation of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be able to handle the specific requirements and operational characteristics of a number of platforms and protocols, e.g. smart metering and RFIDs. 
    • DRM and Set-top-box security
      DRM and Set-top-box security: The satellite TV industry is facing, from time to time, extremely negative publicity from a number of successful attacks on their set-top-box security. We have already identified a couple of existing problems [18] (e.g. card sharing attacks, card-less attacks) and we are proposing countermeasures [31, 33, 34].
    • Wireless Sensor Nodes
      Wireless sensor nodes possess a number of similarities and differences with smart cards both in terms of physical and logical security. We published a scenery setting paper [39] and we hope to be able to extend this work and cover some additional areas of interest.
    • Smart Card Security Evaluations
      Physical security of smart card microprocessors is a hot topic over the last few years. Three book chapters [13, 14, 15] have been published around the topics of smart card security and security evaluations. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly generated attestation results. This has resulted in a number of conference publications [7, 16], with more being on the pipeline.
    • User Centric Devices
      In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated. Clarification of the ownership of these devices is also of paramount importance. This is an ongoing research thread that has resulted in the following selected publications [73, 80] with more to follow.
    • Near Field Communication Security
      Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. My growing interest on NFC security has lead into my involvement in the following papers [74, 70, 66, 62, 61].
    • Interoperability of Content Protection
      I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices [35, 36, 37], e.g. set-top-boxes. 
    • Grouping Proofs for RFID Tokens
      Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames. This has lead into a number of publications [67, 66, 55].
    • Security of RFID Tokens
      The cost and the processing capabilities of RFID tokens were directly proportional. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along with proposing efficient authentication protocols [93,102]. 
    • Transport
      We have been advising a number of transport operators about the security of existing contactless smart card solutions used as ticketing mediums. This thread of work also involves examining the use of NFC handsets as ticketing devices.
    • Smart Cards
      We have been conducting research in smart card technology since 1995. This involves general security related work around smart card software components, smart card security, protocols, operating systems, etc.
    • Smart Card Applications
      Research carried out in relation to smart card based applications.  

Recent Work


Konstantinos Markantonakis, Keith Mayes
ISBN: 978-1-4614-7914-7 (Print) 978-1-4614-7915-4 (Online)

Keith E. Mayes, Konstantinos Markantonakis. Smart Cards, Tokens, Security and Applications ISBN: 978-0-387-72197-2 (Print) 978-0-387-72198-9 (Online)

Book Editor

P. Samarati, M. Tunstall, J. Posegga, K. Markantonakis, D. Sauveron (Eds.). Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. Fourth IFIP WG 11.2 International Workshop, WISTP 2010, Passau, Germany, April 12-14, 2010. Springer Lecture Notes in Computer Science Series, Vol. 6033, 2010, 386 p. ISBN: 978-3-642-12367-2.

J.A. Onieva, D. Sauveron, S. Chaumette, D. Gollmann, K. Markantonakis (Eds.). Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. Second IFIP WG 11.2 International Workshop, WISTP 2008, Seville, Spain, May 13-16, 2008. Springer Lecture Notes in Computer Science Series, Vol. 5019, 2008, 151 p. ISBN: 978-3-540-79965-8.
D. Sauveron, K. Markantonakis, A. Bilas, A. J.-J. Quisquater (Eds.). Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. First IFIP TC6 / WG 8.8 / WG 11.2 International Workshop, WISTP 2007, Heraklion, Crete, Greece, May 9-11, 2007. Springer Lecture Notes in Computer Science Series, Vol. 4462, 2007, 255p. ISBN: 978-3-540-72353-0.
S. Rho , D. Sauveron, K. Markantonakis (Eds.). Special Issue on Advanced Semantic and Social Multimedia Technologies for Future Computing Environment Multimedia Tools and Applications, vol 64, N°2, 2013. Springer.

Book Chapters

Smart Cards
Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall
Chapter in H. Bidgoli, Ed., Handbook of Technology Management, vol. 2, Supply Chain Management, Marketing and Advertising, and Global Management, pp. 248–264, Wiley, 2010.
[ Ordering Information ]
Smart Cards: Communication Protocols and Applications
Konstantinos Markantonakis, Keith Mayes, Damien Sauveron, and Michael Tunstall
Chapter in H. Bidgoli, Ed., Handbook of Computer Networks, vol. 3, pp. 251–268, Wiley, 2007.
[ Ordering Information ]
Smart Card Security
Konstantinos Markantonakis, Keith Mayes, Michael Tunstall, Damien Sauveron, and Fred Piper
Chapter in N. Nedjah, A. Abraham, and L. M. Mourelle, Eds., Computational Intelligence in Information Assurance and Security,  vol. 57 of Studies in Computational Intelligence, pp. 201–233, Springer-Verlag, 2007.
Springerlink ]





Areas of Expertise

My involvement in Information Security consulting projects started while I as pursuing my PhD in Information Security, in Royal Holloway. Since then I manage to get involved in a number of Information Security and Smart Card related projects with a number of high profile clients. I also continue to act as a consultant on a variety of information security and smart card related topics:

  • Smart card physical security analysis
  • Multi-application smart card migration program planning
  • Project management for financial institutions and transport operators
  • Business case development for chip migration programs
  • Smart card application (Java card, SIM card, Multos) security review, design, development
  • Smart card security evaluations (Common Criteria) and Security Target, Protection Profile Development
  • Risk analysis on smart card technology, protocols and systems
  • Smart card security protocol design, review
  • Security of mobile phone platforms and secure elements
  • Contactless smart card/RFID security and Mifare card technology

Selected Projects

  • I was part of the team, along with colleagues from the Information Security Group/Smart Card Centre, which performed (2008) a counter expertise analysis of a report into the Dutch OV-Chipkaart transport system. This was in response to some recently published attacks on Mifare Classic smart cards. For more information please refer to the following links ISG_Dutch and SCC_Dutch for more details.
    This was a high profile piece of work, being reported extensively on the internet (see here).
  • Since then we were involved in more work relating to Mifare and chip migration issues/planning for the Dutch transport system.
  • I was also involved in preparing an evaluation paper for different options in which security controllers can exist in Mobile devices. The document was also presented as an ETSI internal document and an early version can by found here
  • I was also involved in the preparation and delivery of a smart card security training course for the Information Security department major financial institution.
  • Security Analysis of Public Key Cryptography in Smart cards and Devices/Tools with Restricted Processing Resources.
  • Security Analysis of a smart card system for the provision of wireless telecommunications services.
Cyber Physical Systems, at Intensive Programme on Information and Communications Security (IPICS), Samos, Greece., Thursday, August 1, 2013
Smart card Security, at ICareNet 2013, Network of Excellence - Winter School, Imperial College, London., Monday, December 3, 2012
Embedded System Security, at Intensive Programme on Information and Communications Security (IPICS), Vienna, Austria., Wednesday, August 1, 2012
Embedded System Security, at Intensive Programme on Information and Communications Security (IPICS), Corfu, Greece., Monday, August 1, 2011
Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. Mobile and Secure Services (MOBISECSERV), 2015 First Conference on. p. 1-6 (2015).Abstract
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This produces variable readings in terms of response times from the phone. This paper investigates this variability in HCE implementation as compared to an SE implementation. We also discuss how our findings may call into question the use of HCE in time critical scenarios.
Akram, R.N., Markantonakis, K., Sauveron, D.: A novel consumer-centric card management architecture and potential security issues. Information Sciences. - (2015). WebsiteAbstract
Abstract Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. \{NFC\} has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the \{UCOM\} and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the \{UCOM\} and GP-CCM frameworks, along with ways of integrating the \{TSM\} model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.
Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Practical Attacks on Virtual Worlds. In: Lopez, J., Ray, I., and Crispo, B. Risks and Security of Internet and Systems. p. 180-195. Springer International Publishing (2015). Website
Mansor, H., Markantonakis, K., Mayes, K.: CAN Bus Risk Analysis Revisit. In: Naccache, D. and Sauveron, D. Information Security Theory and Practice. Securing the Internet of Things. p. 170–179. Springer (2014). WebsiteAbstract
In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number of risk analysis methods, we decided to use FMEA. The analysis process allowed us to derive the security requirements of a CAN bus. Experimental setup of CAN bus communication network were implemented and analysed.
Jayasinghe, D., Markantonakis, K., Mayes, K.: Optimistic Fair-Exchange with Anonymity for Bitcoin Users. To appear in the 11th IEEE International Conference on e-Business Engineering (IEEE ICEBE-14). IEEE Computer Society, Guangzhou, China (2014).Abstract
Fair-exchange and anonymity are two important attributes in e-commerce. It is much more difficult to expect fairness in e-commerce transactions using Bitcoin due to anonymity and transaction irreversibility. Genuine consumers and merchants who would like to make and receive payments using Bitcoin may be reluctant to do so due to this uncertainty. The proposed protocol guarantees strong-fairness while preserving anonymity of the consumer and the merchant, using Bitcoin as a payment method which addresses the aforementioned concern. The involvement of the trusted third party (TTP) is kept to a minimum, which makes the protocol optimistic and the exchanged product is not revealed to TTP. It achieves dispute resolution within the protocol run without any intervention of an external judge. Finally we show how the protocol can be easily adapted to use other digital cash systems designed using public ledgers such as Zerocoin/Zerocash.
Abughazalah, S., Markantonakis, K., Mayes, K.: Secure Improved Cloud-Based RFID Authentication Protocol. To be published in the 9th DPM International Workshop on Data Privacy Management. Springer, Berlin Heidelberg (2014).Abstract
Although Radio Frequency IDentifi cation (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the as- sumption that the server is secure. In this paper, we assume that the server resides in the cloud, which might be insecure. Hence, the tag's data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called cloud-based RFID authentication, which aimed to address the security and privacy concerns of RFID tag's data in the cloud. In this paper, we showed that Xie et al. protocol is vulnerable to reader impersonation attacks, location tracking and tag's data privacy invasion. Therefore, we proposed a new protocol that guarantees that the tag's data in the cloud are anonymous, and cannot be compro- mised. Furthermore, the proposed protocol achieves mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags.
Abughazalah, S., Markantonakis, K., Mayes, K.: Secure Mobile Payment on NFC-Enabled Mobile Phones Formally Analysed Using CasperFDR. Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 13th IEEE International Conference on. IEEE Computer Society (2014).Abstract
Near Field Communication (NFC) mobile phones can be used as payment devices and can emulate credit cards. Although NFC mobile services promise a fruitful future, several issues have been raised by academics and researchers. Among the main concerns for the use and deployment of NFC-enabled mobile phones is the potential loss of security and privacy. More specifically, mobile phone users involved in a payment transaction conducted over a mobile handset require that such a system does not reveal their identity or any sensitive data. Furthermore, that all entities participating in the transaction are legitimate. To this end, we proposed a protocol that meets the mobile user' requirements. The proposed protocol attempts to address the main security concerns and protects the customer privacy from any third party involved in the transaction. We formally analysed the protocol using CasperFDR and did not find any feasible attacks.
Akram, R.N., Markantonakis, K., Sauveron, D.: Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager. In: Liu, Y. The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14). IEEE CS (2014).Abstract
Near Field Communication (NFC) enables a mobile phone to emulate a contactless smart card. This has reinvigorated the multiapplication smart card initiative. Trusted Service Manager (TSM) is an entity that is trusted by all stakeholders in the proposed and trialled NFC-based smart card ecosystem. However, TSM-based models have the potential to create market segregation that might lead to limited or slow adoption. In addition, all major stakeholders (e.g. Telecom and banks) are pushing for their own TSM models and this might hinder deployment. In this paper we present a Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager (CO-TSM)-based model that combines different TSM models while providing scalability to the overall architecture. In addition, our proposal also provides flexibility to both consumers and application providers. To support our proposal, we present a core architecture based on two contrasting approaches: the Issuer Centric Smart Card Ownership Model (ICOM) and the User Centric Smart Card Ownership Model (UCOM). Based on the core architecture, we then describe our proposal for an application download framework and a secure channel protocol. Finally, the implementation experience and performance measurements for the secure channel protocol are discussed.
Trusted Platform Module for Smart Cards
Akram, R.N., Markantonakis, K., Mayes, K.: Trusted Platform Module for Smart Cards. In: Alfandi, O. 6th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE CS, Dubai, UAE (2014).Abstract
Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to, the User Centric Smart card Ownership Model (UCOM), GlobalPlatform Consumer Centric Model, and Trusted Service Manager (TSM). In addition, multiapplication smart card architecture can be a GlobalPlatform Trusted Execution Environment (TEE) and/or User Centric Tamper-Resistant Device (UCTD), which provide cross-device security and privacy preservation platforms to their users. In the multiapplication smart card environment, there might not be a prior off-card trusted relationship between a smart card and an application provider. Therefore, as a possible solution to overcome the absence of prior trusted relationships, this paper proposes the Trusted Platform Manager (TPM) concept for smart cards (embedded devices) that can act as a point of reference for establishing the necessary trust between the device and an application provider, and among applications.