Through a strategic shift in priorities these research areas have also started to deliver commercialisation results. My commercialisation effort, directly related to my research interests, involves:
“TensorCrypt”, Innovate UK (Commercialisation), CyberASAP, 15/04/2021-15/02/2022
This project utilises Trusted Execution Environments (TEEs) for confidential data exchanges.
We participated in the CyberAsap 2021 programme and our project was amongst the finalist of the competition. We received funding to develop our Minimal Viable Product (MVP). We interviewed and hired a team of RHUL UG student developers (hired until Feb 2022) to help us develop the MVP. We have also submitted, with support from our RHUL Research and Innovation colleagues, a patent application related to the unique selling point of TensorCrypt.
“Seclea”, Innovate UK (Commercialisation), Cyber ASAP, 15/04/2019-15/7/2019
Explainable AI (“Seclea”). Seclea is a deep tech spin-out from the Smart card and IoT Security Centre (SCC) at Royal Holloway, University of London that has a patentable novel technology to make machine learning and deep learning algorithms explainable, auditable and transparent. The company was also supported by the Icure programme and received funding from external investors and Innovate UK.
“PrineSec”, Innovate UK (Commercialisation), Cyber ASAP, 15/04/2019-15/01/2020
Threat Detection through causality chains (“PrineSec”). A further spin-off effort with patentable technology on “creating causality chains to empower predictive threat detection” (PrineSec). Our project was submitted in the 3rd CyberASAP Innovate; it was amongst the finalists and received funding to develop Minimal Viable Product (MVP). I lead a team of developers and technical team members, developing our MVP product under funding from Innovate UK. The project was successfully completed in Feb 2020. RHUL has invested in further business analysis around the commercialisation opportunities of the technique developed at SCC. Furthermore, RHUL has also invested in building a commercial grade implementation of an MVP, in order to provide the steppingstone for commercialising the aforementioned patent. I am currently exploring collaboration opportunities to lead the PrineSec project into its next commercialisation step.
As a further esteem indicator, my MSc students’ projects have won, on multiple occasions, best MSc project awards and the RHUL David Lindsay Prizes; some of these have also resulted in conference publications, with best paper and session awards.
Android OS Vulnerability, 2021
Dr Carlton Shepherd, we discovered a vulnerability in the Android OS. It was responsibly disclosed to the affected organisation and it was formally acknowledged. The issue affects all known Android versions, across many manufacturers. The findings were also disseminated to our Horizon 2020 (EXFILES) project partners, and an academic paper on this topic is currently under review.
Automated Fuzzing Framework for IoT Devices, 2020.
I supervised an MSc project on the development of “Building an Automated Fuzzing Framework for IoT Devices”. The project results demonstrated that the framework can emulate random firmware devices, and identified seven memory corruption exploits that include two zero-day vulnerabilities.
One of my MSc supervisees discovered a previously unknown buffer overflow vulnerability in a specific DVR. The vulnerability (CVE ID: CVE-2018-10088) has since been given a CVSS score of 10.0, which is the highest any vulnerability can score.
Fair and Transparent Blockchain based Tendering Framework – A Step Towards Open Governance, 2018
This paper was reported in the Medium Platform, and it was subsequently identified by a group in the World Economic Forum that was running a project on increasing transparency in government procurement using blockchain and smart contracts. Many of the technical objectives of the project were identified and met by our paper.
I have led various teams of information security consultants working on a number of high profile consultancy projects.
Expert advisory and research work for the UK Cards Association.
Official press release 26/11/2014
“The Information Security Group (ISG) at Royal Holloway, University of London has been carrying out a sequence of expert studies on payment authentication for the UK Cards Association. The association is the trade body for the card payments industry in the UK, representing financial institutions that act as card issuers and acquirers; and is also one of the sponsoring members of the ISG Smart Card Centre.
The studies have addressed attacks and countermeasures for current chip & PIN cards and the evolution of security protocols and technologies that will impact how we will all pay for things in future. The work has been led by Konstantinos Markantonakis and the ISG expert team included Professor Keith Martin, Professor Keith Mayes, Professor Fred Piper and Dr Geraint Price.”
Expert advisory work for smart card ticketing system.
I was a member of the expert ISG team on a consultancy project related to public transport. This work was published and presented at high office level; it involved quantifying the extent of the security problems, advising on short-term remedial measures, formally reviewing plans for migration to new technologies, and advising if and when legacy paper tickets could be withdrawn.
Evaluation of Security Controllers in Mobile Devices
I have co-authored an evaluation paper addressing different options for security controllers to exist in mobile devices. The document was forwarded to the European Telecommunications Standards Institute (ETSI) as an internal document, and it was distributed amongst the main Telco operators of the world. An early version can be found here.
User Centric Smart Card Ownership Model
While the smart card industry players are addressing the issues related to the control of the smart card in a Trusted Service Management based architecture, we proposed an alternative solution, which gives the control of the smart card to its user. Our proposal, referred to as User Centric Smart Card (UCSC), and initially put forward in 2009, advocates for an open, secure, trusted and reliable environment that services the primary concern: the consumer. In addition, our work on the UCSC also led to proposing a Trusted Platform Module for Smart Cards and embedded devices.
We have submitted, through RHUL and Research and Innovation, a patent related to secure data exchanges for our Tensorcrypt Commercialisation project.
I worked with a team of SCC experts towards the creation of a worldwide patent application as a “Technique to record an event and its impact on the data during the lifetime of a data – specific to individual entities represented in the data.” The implementation helps in serving General Data Protection Regulation (GDPR) rights: Right to Access, Right to Forget, and Right to Rectification (with evidence).