Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools.
Currently, there are a number of secure channel protocols that do not take into account the specific characteristics (e.g. processing overheads, communication buffers, etc.) of the underlying technology utilised by different devices. We have proposed, in the following papers a number of secure channel protocols that were designed specifically by taking into account all these factors.
Near Field Communication offers new communication possibilities for mobile devices but at the same time it introduces a number of open ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. We performed, probably, the first NFC security papers related to relay vulnerability in mobile devices [74, 70, 66, 62, 61] in the world.
This is the result of a completely new way of thinking into side channel leakage on embedded devices. Up to today, side channel leakage was used, in order to break into systems and algorithms. However, we propose that it can be used, in order to fingerprint a platform and in order to make sure that the secure application execution is verified .
We have investigating the security requirements of NFC handsets, along with their perceived security advantages and disadvantages, in the transport industry. This thread of work also involves examining the use of NFC handsets as ticketing devices taking into account tokenization, performance and security requirements.
We have been looking into provable security through the utilization of formal methods and automated protocol analysis tools like Casper/FDR, Avispa, etc. I would like to be able to extend the limitations of some of these tools, for example Casper/FDR, in order to be able to handle the specific requirements and operational characteristics of a number of platforms and protocols, e.g. smart metering and RFIDs.
In this research thread, we are proposing a user centric model of ownership for a number of personal devices, including smart cards, RFIDs, and mobile phones. The nature of the above operational environments create specific research questions in terms of how the applications will be downloaded, installed, decommissioned and attestated.
I am interested in the Digital Rights Management issues and interoperability between mobile phones and other devices, e.g. set-top-boxes, game consoles.
In Internet of Things (IoT) and Cyber-Physical Systems (CPS), data might be collected from a number of nodes deployed in the field. We are investigating data provenance mechanisms for personal information stored in the cloud.
We are also investigating the protection of software, computer games through hardware enhancements. The role of anticheating engines is examined with the view of providing hardware, software, networking and distributed ledger technologies.