Areas of Research
- Security Protocol Design
Currently, there are a number of secure channel protocols that do not take into account the specific characteristics (e.g. processing overheads, communication buffers, etc.) of the underlying technology utilised by different devices. We have proposed, in the following papers [95, 100] a number of secure channel protocols that were designed specifically by taking into account all these factors.
- Payment System Security
There is a plethora of payment protocols in the academic literature. We are particularly interested for payment protocols that provide fair exchange and anonymity [26, 28] both traditional and mobile computing environments. We are currently extending the functionality of Bitcoin, EMV and other protocols [papers under development] to provide the aforementioned characteristics.
- Secure Application Execution
We are investigating how we can guarantee the secure execution of an application in devices (e.g. smart cards, mobile phones, payment terminals, etc) that might be subjected to a number of attacks (e.g. side channel attacks). The main aim of this research thread is to detect any attacks and attempt to recover the underlying device in a secure state. As a result, we have published the following papers [77, 87].
- Trusted Execution Environment
In this research thread, we looked into the different attestation mechanisms [83, 99] that will allow a device to provide the necessary assurance that it still operates in a secure and safe mode. Among the aims of this research thread is to attempt to prevent any attacks by identifying any vulnerabilities or modifications (at the software level) of the underlying platform.
- New Usage of Side-Channel Leakage
This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to attempt to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make sure that the secure application execution is verified . A couple of papers on secure application execution based on power consumption are also under submission.
- EMV Security
We are actively examining the security of EMV card specification in order to provide enhancements and extensions to the overall card/cardholder authentication and transaction authorisation mechanisms. current and future payment platforms. This research thread will investigate theoretical approaches to anonymity and fair exchange of goods. This is a particularly interesting research topic, in light of the recent requirements for secure and lightweight payment protocols. Furthermore, we aim to investigate future payment methods and channels.
- Mobile Device Security
Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.
- Smart Card OS and Platforms
We have been examining smart card operating systems and platforms for a number of years . We have currently developed our own Java card 3 simulator based on a PC. The aim is to port this implementation in an embedded platform upon which we will have full control of which faults are introduced. Following from that, we would like to explore how the implementation and our suggested countermeasures will withstand various attacks.
- Malware for Embedded Devices
I am currently pursuing an active collaboration with the biology department of Royal Holloway University of London, in order to examine the mutation and protection techniques that real world biological viruses are utilising, in order to escape identification and ensure their survival. These techniques will be instigated further, in order to improve software obfuscation techniques. Furthermore, it will allow legitimate applications to remain undetected by malware or other malicious software.
- Embedded System Security
I am particularly interested in the interactions between H/W and S/W for the secure operation of mobile devices platforms and OSs. Therefore, I would like to explore how low end microprocessors and platforms can be enhanced with software countermeasures and attestation micro kernels that will safeguard the overall security of the underlying platform.
- Verification of Security Protocols
Whenever we propose a cryptographic protocol we perform a security analysis. We have been looking into provable security through the utilisation of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be able to handle the specific requirements and operational characteristics of a number of platforms and protocols, e.g. smart metering and RFIDs.
- Security Protocol Design
- DRM and Set-top-box security
DRM and Set-top-box security: The satellite TV industry is facing, from time to time, extremely negative publicity from a number of successful attacks on their set-top-box security. We have already identified a couple of existing problems  (e.g. card sharing attacks, card-less attacks) and we are proposing countermeasures [31, 33, 34].
- Wireless Sensor Nodes
Wireless sensor nodes possess a number of similarities and differences with smart cards both in terms of physical and logical security. We published a scenery setting paper  and we hope to be able to extend this work and cover some additional areas of interest.
- Smart Card Security Evaluations
Physical security of smart card microprocessors is a hot topic over the last few years. Three book chapters [13, 14, 15] have been published around the topics of smart card security and security evaluations. We have initiated new protocols that will enable to dynamically verify static certificates (e.g. common criteria) against on-the-fly generated attestation results. This has resulted in a number of conference publications [7, 16], with more being on the pipeline.
- User Centric Devices
In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated. Clarification of the ownership of these devices is also of paramount importance. This is an ongoing research thread that has resulted in the following selected publications [73, 80] with more to follow.
- Near Field Communication Security
Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. My growing interest on NFC security has lead into my involvement in the following papers [74, 70, 66, 62, 61].
- Interoperability of Content Protection
I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices [35, 36, 37], e.g. set-top-boxes.
- Grouping Proofs for RFID Tokens
Grouping proofs push the boundaries of token and reader interactions towards the secure authentication of multiple tokens within acceptable time frames. This has lead into a number of publications [67, 66, 55].
- Security of RFID Tokens
The cost and the processing capabilities of RFID tokens were directly proportional. We have been examining the security of low-cost RFID authentication protocols and we were successful in identifying unknown vulnerabilities in existing systems along with proposing efficient authentication protocols [93,102].
We have been advising a number of transport operators about the security of existing contactless smart card solutions used as ticketing mediums. This thread of work also involves examining the use of NFC handsets as ticketing devices.
- Smart Cards
We have been conducting research in smart card technology since 1995. This involves general security related work around smart card software components, smart card security, protocols, operating systems, etc.
- Smart Card Applications
Research carried out in relation to smart card based applications.
- DRM and Set-top-box security