I joined the Information Security Group in September 2002 as a Lecturer and I became Reader (Associate Professor) in 2007. I am currently a Professor of Information Security at the Information Security Group at Royal Holloway, University of London.
I am a computer scientist by education and an information security specialist by profession. I have received my B.Sc. (Bachelor of Science) in Computer Science at Lancaster University in 1995. My M.Sc. (Master of Science) in Information Security at Royal Holloway, University of London in 1996. My Ph.D. degree in Information Security, at Royal Holloway, University of London in 2000. For my PhD thesis ("Secure Logging Mechanisms for Smart cards") I investigated how log files could be effectively maintained within smart cards. Furthermore, I also designed and implemented, in Java cards, some secure log file download protocols. These protocols securely extract the log files from the card and send them in another entity which does not suffer from immediate storage restrictions. My PhD research was sponsored by Mondex International Ltd. and my supervisors were Prof. Chris Mitchell and Prof. Dieter Gollmann. I have also completed my MBA (Masters in Business Administration - Part Time) in International Management, School of Management at Royal Holloway in 2005.
As part of my teaching responsibilities I am co-responsible for the optional module Smart cards/Tokens Security and Applications (IY5606) on the Information Security Masters programme at Royal Holloway. I am also the MSc Projects Director (MSc Projects) for the Information Security Masters programme. Furthermore, I am also responsible for the IY2760 and CS3760 (Introduction to Information Security) second and third year undergraduate computer science courses.
My main research area includes information security protocols and architectures, security around multi-application smart card operating systems and RFID tokens, payment systems and protocols, cryptographic key management, mobile phone/NFC/secure element security, grouping proofs, electronic voting protocols, embedded devices and cyber physical system security. For more information, please refer to the Research section of my website.
I am supervising approximately 15 MSc in Information Security projects every year.
I am also supervising a number of PhD students in topics related to payment system security, RFID security, automotive and embedded systems security. I am constantly looking for strong candidates with background in computer science, information security or electronic/computer engineering (knowledge of cryptography is desirable, but not essential) to our team of PhD students. The successful candidate (http://www.findaphd.com/search/projectDetails.aspx?PJID=44472) will ideally have good practical skills (such as experience in software development), communication and team working skills. A strong interest in information security problems that aim to bridge theory and practice in embedded systems, mobile devices, smart cards and RFIDs is desirable.
In parallel to my academic duties I have also worked as an independent consultant in a number of information security related projects and in areas including, NFC security, smart card security, security protocol design/reviews, chip migration project management, etc. Prior to my academic career I was working as Senior Consultant in Steer Davies Gleave (a major transport consultancy company) responsible for advising transport operators and financial institutions on the use of smart card technology and various Information Security Issues. I have also worked for Visa International as Manager in multi-application smart card technology. Since completing my PhD I worked as a researcher in the Information Security Group in Royal Holloway. During my PhD studies I also acted as a consultant in a number of Information Security and Smart card related projects
I continue to act as a consultant on a variety of topics including smart card security, key management, information security protocols, mobile devices, NFC security, smart card and mobile device migration program planning/project management for financial institutions, transport operators and technology integrators.
Full CV available upon request: Contact Info