Areas of research – old

Active Research

Internet-of-Things (IoTs)

I am particularly interested in providing countermeasures for weaknesses and attacks on IOT devices. I have supervised a number of projects examining the security of smart locks, web cams, DVRs, smart watches, and other “smart” devices.

Payment System Security (Centralized and Distributed)

Amongst my main research interests is the security of payment systems, fair exchange [CP16] and anonymity [CP13] protocols. We have also been conducting research in the field of bitcoins and fair exchange protocols [CP81] and exploring the benefits of block chain technologies for other applications. We have also been conducting research in the field of centralised payment systems [CP89]. This research thread is currently leading us into further research questions [CP95] related to NFC payments [CP79] and we practically examine the efficient use of mobile phone sensors for avoiding relay attacks [CP81].

Secure Application Execution

In this research thread, we are investigating ways that guarantee the secure execution of an application in embedded/cyber physical devices (e.g. smart cards, mobile phones, payment terminals, IoTs, etc.) that might be subjected to a number of intentional attacks (e.g. side channel attacks) and unintentional faults (cosmic radiation). The main aim of this research thread [CP77, CP87, CP94] is to detect any attacks, protect runtime data, provide verified instruction interpretation and control flow verification, in an attempt to recover the underlying platform in a secure state. The practicality of these proposals has been implemented and tested in an FPGA platform implementing a microprocessor.

Trusted Execution Environment

for embedded systems and mobile phones: in this research thread [CP113, CP114, CP130], we looked into the different attestation mechanisms [CP37, CP42, CP49, CP61, CP73] that will allow a device to provide the necessary assurance that it operates in a secure and safe mode. This includes preventing any attacks by identifying any vulnerabilities or modifications (at the software level) of the underlying platform. This research thread is also examining the security provisions of a number of trusted execution environments such as ARM TrustZone and Intel SGX, in order to provide security enhancements [CCP105, CPP114, CP122, CP130].

Smart Card OS and Platforms

We have been conducting research in smart card technology and associated operating systems and platforms since 1995. We have developed our own smart card simulator upon which we will have full control of which faults are introduced. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly generated attestation results [CP7, CP16, CP97].

Embedded System Security

I am particularly interested in the interactions between hardware and software for the secure operation of mobile devices platforms and OSs. We are exploring hardware and software binding along with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.

Security of RFID Tokens

Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames, which has lead into a number of publications [67, 66, 55]. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along with proposing efficient authentication protocols [93,102].

Automotive

As part of our research effort in the field of automotive security, we  investigated the “security” of CANBUS [CP92, CP93] and the use of mobile devices for attestating the current status of vehicle security [CP83]. We have examined existing industrial proposals (e.g. the EVITA project) and, based on our analysis, we have suggested a number of improved protocols, related with safety and security measures. These are implemented in commercial Electronic Control Units (ECUs) and they are also analysed using mechanical tools (CasperFDR and Scyther). [CP111]}

Avionics

I am also particularly interested in the secure deployment and utilisation of hardware security sensors and Electronic Control Units (ECUs) in avionics and automotive environments. I was, in fact, the PI in the Secure High availability Avionics Wireless Networks (SHAWN) project (funded by EPSRC and TSB), which provided security expertise and advice in a number of industrial project partners. As a result of our work, we have published a few papers, [CP130, CP137, CP138] with paper [CP99] winning the best conference paper in the security session of a major avionics conference.

Software and Hardware Binding

In this research thread [CP106, CP123], we consider a very powerful adversary model that involves an attacker being able to bypass the tamper resistance of individual nodes in cyber-physical systems. In essence, the attacker is able to read the contents of different memories and, as a result, any protection based on the tamper resistance of the chip (stored cryptographic keys) will be rendered useless. We are proposing a model of different hardware intrinsic functions [CP98] that will allow the binding of software to a specific hardware both for IP protection but also for protection against counterfeit, reused, repackaged products.