Areas of Expertise
My involvement in Information Security consulting projects started while I as pursuing my PhD in Information Security, in Royal Holloway. Since then I manage to get involved in a number of Information Security and Smart Card related projects with a number of high profile clients. I also continue to act as a consultant on a variety of information security and smart card related topics:
- Smart card physical security analysis
- Multi-application smart card migration program planning
- Project management for financial institutions and transport operators
- Business case development for chip migration programs
- Smart card application (Java card, SIM card, Multos) security review, design, development
- Smart card security evaluations (Common Criteria) and Security Target, Protection Profile Development
- Risk analysis on smart card technology, protocols and systems
- Smart card security protocol design, review
- Security of mobile phone platforms and secure elements
- Contactless smart card/RFID security and Mifare card technology
I was part of the team, along with colleagues from the Information Security Group/Smart Card Centre, which performed (2008) a counter expertise analysis of a report into the Dutch OV-Chipkaart transport system. This was in response to some recently published attacks on Mifare Classic smart cards. For more information please refer to the following links
for more details.
This was a high profile piece of work, being reported extensively on the internet (see
- Since then we were involved in more work relating to Mifare and chip migration issues/planning for the Dutch transport system.
I was also involved in preparing an evaluation paper for different options in which security controllers can exist in Mobile devices. The document was also presented as an ETSI internal document and an early version can by found
- I was also involved in the preparation and delivery of a smart card security training course for the Information Security department major financial institution.
- Security Analysis of Public Key Cryptography in Smart cards and Devices/Tools with Restricted Processing Resources.
- Security Analysis of a smart card system for the provision of wireless telecommunications services.