Research

It is often the case that a number of information security researchers attempt to design systems, which at a theoretical level perform well, but they suffer from a number of limitations when taking into account the underlying characteristics of their operational platforms. Therefore, one of the main objectives of my research is to bridge information security theory with practice.

My research is related to smart cards, RFIDs, mobile devices and embedded system security. Within these areas of research I am particularly interested in the secure application execution and the use of side channel analysis techniques for verifying the correctness of an application.  I am also interested for lightweight authentication protocols for RFID tokens and their application in grouping proofs. I have also worked on attestation mechanisms that will allow a device to provide the necessary assurance that it operates in a secure and safe mode. Within the broader area of information security I am also interested about cryptographic protocols that take into account the operational characteristics of devices with limited processing and storage capabilities. Among my main research interests is the security of payment systems, and fair exchange, anonymity protocols. We have also proposed a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how these applications will be installed, decommissioned, attestated, etc. I am also interested in the security evaluation of cryptographic protocols using mechanical tools and also in the challenges and risks from NFC phones and their corresponding secure elements.