I joined the Information Security Group (ISG) at Royal Holloway, University of London in September 2002, as a Lecturer. I am currently a full Professor of Information Security at the ISG, the director of the Smart card and IoT Security Centre (SCC), and the director of the RHUL Transformative Digital Technologies, Security and Society Catalyst.
I am an information security specialist by profession, with a background in computer science. I hold a B.Sc. in Computer Science from Lancaster University (1995), an M.Sc. in Information Security from Royal Holloway (1996), and a Ph.D. in Information Security from Royal Holloway (2000). My PhD thesis (“Secure Logging Mechanisms for Smart cards“) focused on investigating how log files can be effectively maintained within smart cards. Furthermore, I designed some novel, secure log file download protocols and implemented these in Java cards; these protocols securely extract log files from a smart card and migrate them to another entity that does not suffer from immediate storage restrictions. My PhD research was sponsored by Mondex International Ltd., and supervised by Prof. Chris Mitchell and Prof. Dieter Gollmann. Moreover, I hold an MBA in International Management from the School of Business and Management at Royal Holloway (2005).
As a part of my teaching commitments at Royal Holloway, I am responsible for the Smart cards, RFID and Embedded Systems Security and Applications (IY5606) module, an advanced and optional module on the Information Security Masters programme, I also was the MSc Projects Director (MSc Projects) for this Masters programme. Furthermore, was also responsible for the Smart Cards, Token Security and Applications modules for UG Third Year (IY3606) and MSci (IY4606) computer science courses.
My main research area revolves around Trustworthy, Resilient and Autonomous Systems. My definition of autonomous systems includes payment systems, automotive processors, avionics and drone mission accomplishment systems. More specifically, my main research areas include trusted execution environments; embedded devices and cyber-physical systems security; resilient cloud execution; smart cards, avionics and drone security; automotive, payment and transport systems security; mobile phones, NFC and secure elements security; and security of ambient sensors and Internet-of-Things (IoT). For more information, please refer to the Research section of this website.
Over the past few years, I have supervised, on average, 15 MSc Information Security projects each year. Some of these projects have resulted in conference publications and won best paper awards.
I am also supervising a number of PhD students in topics related to trusted execution environments, payment system security, automotive and embedded systems security, resilient embedded sensors, cloud execution attacks and countermeasures. I am constantly seeking strong candidates, with a background in computer science, information security, electronics engineering or computer engineering (knowledge of cryptography may not be essential), to join my team of PhD students. The successful candidates (http://www.findaphd.com/search/projectDetails.aspx?PJID=44472) will ideally have proficient practical skills, such as experience of software development, as well as good communication and team working skills. A strong interest in information security problems, that aim to bridge the gap between theory and practice in embedded systems, mobile devices, cloud execution and cyber resilience, will be ideal.
In parallel to my academic responsibilities, I have also worked as an independent consultant on a number of information security projects, and in areas including NFC security, smart card security, security protocol design and reviews, chip migration project management, and so on. Prior to my career in academia, I was a Senior Consultant at Steer Davies Gleave (a major transport consultancy company), responsible for advising transport operators and financial institutions on the use of smart card technology and various Information Security Issues. I have also worked for Visa International as a manager in multi-application smart card technology.
I continue to act as a consultant on a variety of topics: smart card security; key management; information security protocols; mobile devices; NFC security; smart card and mobile device migration program planning; and project management for financial institutions, transport operators and technology integrators. I have participated in, and lead, numerous teams of Information Security Group consultants in high profile and successful consultancy projects.
I am actively exploring innovation and commercialisation opportunities. My SCC lab has successfully explored commercialisation opportunities through the CyberASAP Innovate UK Programme; through our “Seclea”, “PrineSec” and “Tensorcrypt” projects.