Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. Mobile and Secure Services (MOBISECSERV), 2015 First Conference on. p. 1-6 (2015).Abstract
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This produces variable readings in terms of response times from the phone. This paper investigates this variability in HCE implementation as compared to an SE implementation. We also discuss how our findings may call into question the use of HCE in time critical scenarios.
Mansor, H., Markantonakis, K., Mayes, K.: CAN Bus Risk Analysis Revisit. In: Naccache, D. and Sauveron, D. Information Security Theory and Practice. Securing the Internet of Things. p. 170–179. Springer (2014). WebsiteAbstract
In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number of risk analysis methods, we decided to use FMEA. The analysis process allowed us to derive the security requirements of a CAN bus. Experimental setup of CAN bus communication network were implemented and analysed.
Markantonakis, K., Mayes, K., Sauveron, D., Askoxylakis, I.G.: Overview of Security Threats for Smart Cards in the Public Transport Industry. In: jen Chung, Y. and Younas, M. Proceedings of the 2008 IEEE International Conference on e-Business Engineering. p. 506-513. IEEE Computer Society, Washington, DC, USA (2008). WebsiteAbstract
The advantages of utilising smart card technology, more importantly contactless smart cards, in the transport industry have long been realised. In this paper we provide an overview of the generic security issues and threats encountered whenever smart cards are utilised within the transport industry. To help highlight the issues, we analyse the different types of cards, their hosted applications, along with certain requirements on the relevant card issuing authorities.
Mayes, K.E., Markantonakis, K., Hancke, G.: Transport ticketing security and fraud controls. Information Security Technical Report. 14, 87-95 (2009). WebsiteAbstract
For many years, public transportation systems have been an essential part of day-to-day life and so the principle of needing a eticket has been familiar to generations of travellers. However as technology has advanced it has become possible to make use of electronic tickets that have significant advantages both for travellers and for the transport system operators. There has been a lot of recent publicity regarding weaknesses in some electronic ticket solutions, which whilst based on some solid facts tend to suggest that transport ticket security and fraud control is primarily a smart card/RFID technology issue. However this cannot be the case as systems exist that do not use such technology, or use it along side legacy systems. This paper will consider technology problems, but will first establish the bigger picture of transport ticketing and will finally make suggestions for future evolution of such systems.