Supervisor: Dr Konstantinos Markantonakis
Dr Konstantinos Markantonakis is looking for strong PhD candidates to work on the projects listed below. The ideal candidate would have a mix of theoretical and practical skills, achieved a distinction or merit from the ISG MSc in Information Security, taken the IY5606 module and completed a Smart Card Centre related project. Of course other equivalent candidates (from other institutions) will be considered and are encouraged to contact me. For more information on PhD Proposals by Dr Konstantinos Markantonakis please visit the following link.
NOTE: Please note that there is no funding currently available for PhD studentships. However, there might be other funding opportunities for qualified candidates (please do not contact me about eligibility but rather check the ‘Entry Requirements’ in the EPSRC Centre for Doctoral Training (CDT) in Cyber Security at Royal Holloway.
1. Processors and Microcontroller Security
A large number of embedded systems rely heavily of microprocessors with restricted processing power and storage capabilities. It is often the case that these embedded systems have specific security requirements (e.g. in terms of authentication, authorisation, execution and communication) that will have to be addressed by such microprocessors. This research thread can take a variety of directions including exploring these specific security requirements and providing efficient solutions to very fundamental problems of:
Secure application execution in embedded microprocessors.
Code adjustments for different execution environments.
Extend the application execution between ‘multicore’ execution environments.
Distribute application/storage execution between different components/processors.
Examine the security requirements for micro kernel operating systems.
2. Mobile Device and Platform Security
We are interested in a broad range of new research projects relating to mobile devices, their security and applications. The spread and use of mobile devices, including mobile phones and tablets, has proliferated over the last few years. Although these devices offer powerful execution and communication capabilities, at the same time, it is one of their greatest advantages, i.e. portability, which poses significant risks. This thread of research effort involves the identification of these critical challenges in an attempt to propose efficient solutions. In particular, we are interested in the following areas:
Mobile device malware and botnets. Modern mobile devices present close resemblance to traditional computing environments. It is evident that traditional challenges (e.g. viruses, root-kits and malware) will attempt to find their place into these ‘new’ and more-or-less always connected to the internet devices. The project should investigate ways in which mobile devices can be infected with malware and propose adequate countermeasures.
Investigate whether applications and services fulfil their pre-download claims after they are downloaded in these devices. For example, a number of applications state their requirements in terms of access to services and personal data (e.g. call lists, contacts, sms, diary) when they are about to be downloaded. This should form a ‘contract’ between the application and the underlying platform. This work should examine how this notion of ‘contracts’ can be formalised, enforced and extended to cover other cases as well.
3. Fault Attacks for Virtual Machines in Embedded Platforms
The concept of introducing fault attacks while cryptographic algorithms are executing in embedded systems and more specifically in smart cards has been studied extensively. At the same time, progressively more embedded devices like smart cards and mobile phones are relying on virtual machines for secure application execution. However, these execution platforms (e.g. Java Card, Globalplatform, Multos, and Android OS) can be subjected to a number of fault attacks in order to bypass the security mechanisms of the underlying platforms. This project aims to examine how fault attacks can be combined with logical attacks in an efficient way towards a relatively controlled abuse of the underlying platforms. The main aim of the work involves identifying practical vulnerabilities and more importantly proposing countermeasures.
A number of e-voting protocols have been proposed in the academic literature. At the same time, a number of real world implementations based on different technological propositions have been utilised in trials and actual elections. The project requires a thorough review of these proposals, identification of major attacks (existing and new ones). More importantly the work involves the identification of new and verifiably robust (for all participating entities) e-voting propositions that will take into account the specific requirements of mobile devices.
5. Societal Health, Inclusion and Security
Mobile devices have access to a variety communication channels (e.g. GSM, WiFi, Bluetooth, NFC) and, at the same time, they have enough processing power that allows them to execute relatively demanding applications. There are also a number of calls (at European, national and local government level) requiring that all citizens should be able to feel and actually be included in the society. This project aims to investigate various methods that will enable the secure and interoperable communication of different devices (e.g. mobile phones and set-top-boxes) along with a variety of sensors (e.g. RFID, WiFi, etc.). This will further on enabling ‘vulnerable’ citizens (e.g. elderly, young, special care) to have access to personalised care and other social activities (e.g. e-learning, communication and advertising).
6. Machine-to-Machine (M2M)
The technologies which allow embedded processors, smart sensors, mobile devices, actuators and computers to communicate directly with one another, take measurements and make decisions based on those measurements – often without human intervention – are described with the term ‘M2M’. It is true that there are M2M communications that are encountered in automotive, smart grid, health care, routers, smart metering, etc. For example, in the automotive industry, there are proposals which include the provision of such communications between different card components (e.g. brake pad sensors, engine, etc.) with the central car computer. There are even proposals which suggest car-to-road and car-to-car communications. There are also a few proposals which explore the issues around smart metering systems, mainly for electricity meters but also for road tax purposes. All these proposals deal with fundamental information security principles (Confidentiality-Integrity-Availability) along with overwhelming operational characteristics. The project intends to realize an extensive security investigation of the M2M systems, in order to analyze potential attack strategies and to formulate countermeasures.
7. Embedded Device Security
It is often the case that mobile devices (e.g. mobile phones) are also considered as embedded devices. It is envisaged that increasingly often these devices will be involved in a number of sensitive operations such as payment, social/professional networking, etc. Anonymity techniques for maintaining privacy protection in mobile/embedded systems is receiving a lot of attention. At the same time, enabling these devices to retain anonymity but ensuring fair-exchange of goods and products is also a whole research area by its own. A concept which is closely coupled together with the secure use of these devices (though the use of cryptographic protocols) is related to their ability to generate random numbers. These devices offer a whole new range of sources of randomness. This project aims to explore some of the above security requirements in an attempt to provide efficient and scalable solutions.
8. Security and Privacy Issues in Crowd based Cloud Computing
The concept of the crowd based cloud-computing deals with the way in which individual devices in a locality come together in a fluid, dynamic and ubiquitous way to accomplish a task or collection of tasks. It differs from the cloud computing as the service is decentralised and participated by individual devices that advertise their services – in exchange for some services from the requesting entity. Applications of such architectures are in the field of mobile phones, tablets, and sensor networks. Therefore, the project will investigate the security, privacy, anonymity, accountability and sharing requirements of such an operational scenario, in order to propose novel protocols that will address the above security requirements.
9. Security and Trust for Swarm Intelligence Architectures
Swarm intelligence deals with the collective behaviour and the limited features of decentralised and self-organised systems. In nature, the ant and bee colonies base their decision on swarm intelligence that governs their choice of route and management of the colonies. In this project, we will explore the concept of swarm intelligence and how it can be deployed in variety of operational scenarios (e.g. vehicular systems, network security, malware, with particular emphasis on embedded systems). Such a swarm structure would require security, privacy and trust architecture. The project will examine different ways in order to provide such architectures.
10. Gait Based Authentication for Mobile Devices
Modern smart phones have the ability to measure the GPS location, motion and motion direction (3D accelerometer). This research thread aims to examine how these technologies can be combined, in order to provide the principles of gait based authentication. This work will be termed as ‘Walk and Get Authenticated’.