Visiting Researcher Awarded European Emerging Forensic Scientist 2018

Doctor Heckmann Thibaut, who was a SCC’s academic visitor from 2017 to 2018, was rewarded with the “European Emerging Forensic Scientist Award 2018-2021” at the European Acadamy of Forensic Science (EAFS) conference, which took place in Lyon from August 27 to 31, 2018, and which brings together all the European forensic laboratories.

This prize rewards a process of collaboration between the RHUL, the Ecole Normale Superieure of Paris (ENS), and the Forensic Science Laboratory of the French National Gendarmerie (IRCGN). In that sense, when considering the latest generation of encrypted mobile devices (BlackBerry’s PGP,Apple’s iPhone), data extraction by forensic experts is an increasingly complex task. Forensic analyses even become a real challenge following an air crash or a terrorist attack. The collaboration between the SCC, the ENS and the IRCGN has helped to develop physical recovery of data on encrypted systems for the purpose of forensic analysis.

The EAFS committee noted that “the recovery of data and exploitation of electronic devices is a fast growing investigation field in forensic IT. Only a limited number of scientists are available in this discipline and all possible incentive needs to be going their ways. Data extraction from embedded and encrypted mobile phone devices is a highly complex task. Those data extractions are most important and fundamental in terrorist cases. In our opinion reading encrypted data is one of the most essential fields of Forensic Sciences in future”.

The techniques developed during SCC/ENS/IRCGN collaboration , put end-to-end and coupled with physical devices (X-ray 3D tomography, laser, SEM, fuming acids), have made it possible to have  successful  forensic  transplants  of  encrypted  systems  in  degraded  conditions and applied, for the first time, on a PGP-encrypted BlackBerry mobile phone (used by terrorist networks and drug traffickers).

Finally, beyond the field of research, the work of the SCC, the ENS and IRCGN had a significant impact on the work of international forensic experts, particularly in the recovery of damaged and encrypted phones.

PhD Studentship in IoT Threat Modelling

Applications are invited for a PhD studentship on threat modelling of IoT devices starting in October 2018, supervised by Daniele Sgandurra.  The focus of the PhD studentship is on threat modelling of Internet of Things (IoT) devices, and the successful candidate will join the Smart Card and IoT Security Center of the Information Security Group. Please note that only British applicants can apply for this position.

More information can be found at this link.

SCC Joins FutureTPM Project

Academics from the Smart Card Center at the Information Security Group  (ISG) at Royal Holloway, University of London, are part of an international consortium focusing on developing the next generation TPM (Trusted Platform Module) – which is embedded into computing systems to make its host computer platform trustworthy and secure.

TPMs are currently incorporated into over a billion computers worldwide but the team working on the new H2020 Project ‘FutureTPM‘ will be focusing on developing next generation security solutions to mitigate against quantum computers. These computers are anticipated to be able to  break some of the cryptographic algorithms currently used in existing TPMs.

Royal Holloway’s project activities will be led by Dr Daniele Sgandurra, who has received a grant of €375,065 from the European Commission to carry out the work alongside Professor Konstantinos Markantonakis, Professor Chris Mitchell, and Dr Elizabeth Quaglia, also from the ISG.

Dr Sgandurra said: “We are thrilled to be part of this project that will combine the expertise of high calibre industrial and academic partners from across Europe to develop quantum-resistant algorithms suitable for inclusion in future TPMs. We hope this project will positively affect people’s everyday lives, in terms of building their trust in securely using online services, such as online banking and Cloud storage.”

The FutureTPM project partners are:

  • Royal Holloway, University of London, United Kingdom
  • Huawei Technologies Düsseldorf GmbH, Germany
  • IBM Research GmbH, Switzerland
  • INESC-ID – Instituto de Engenhariade Sistemas e Computadores, Investigacao e Desenvolvimento em Lisboa, Portugal
  • Infineon Technologies AG, Germany
  • Infineon Technologies Austria AG, Austria
  • Suite5 Data Intelligence Solutions Limited, Ireland
  • TECHNIKON Forschungs- und Planungsgesellschaft mbH, Austria
  • UBITECH Limited, Cyprus
  • University of Birmingham, United Kingdom
  • Université du Luxembourg, Luxembourg
  • University of Piraeus Research Center, Greece
  • University of Surrey, United Kingdom
  • VIVA Payment Services SA, Greece

Responsible Disclosure: Firmware Vulnerabilities in iSmartAlarm CubeOne

As part of the final MSc project, one of our MSc students, Yee Ching Tok, supervised by Daniele Sangdurra, investigated the firmware of a popular smart home security device – the iSmartAlarm CubeOne. Two vulnerabilities (CVE-2017-13663 and CVE-2017-13664) were found and disclosed responsibly to the vendor. A detailed explanation of the vulnerabilities and of disclosure timeline is available here: https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/

Presentation at 7th INFOCOM SECURITY CONFERENCE in Athens

The ISG Smart Card and Internet of Things Security Centre (SCC) was invited to deliver a presentation in the

7th INFOCOM SECURITY CONFERENCE (http://www.infocomsecurity.gr/en/),

29 – 30 March 2017 – Athens, Divani Caravel, Athens, Greece.

 

K MarkantonakisProfessor Konstantinos Markantonakis presented the main findings of the recently completed “Secure High-Availability Avionics Wireless Network” (SHAWN) project funded by Innovate UK, in terms of the security and privacy challenges on the wireless networks in the Avionics environments. Along with the newly started three-year project, “Data to Improve the Customer Experience” (DICE), funded by EPSRC. The project, among others aims to examine new challenges in security and privacy that were not present in the exiting smart ticketing infrastructures.

 

 

ISG Stand

The ISG was offered a stand among the conference exhibitors. It was an excellent opportunity to disseminate the ISG’s promotional material and to meet prospective students.

 

 

 

 

“It is now the top annual event for information security in Greece. Since 2011, it has been charting a rising course, mirrored by numbers and attendance statistics, as well as the overall recognition by this industry, the scientific and technology community of IT professionals. The 2017 event attracted more than 2.200 visitors and was supported by more than 45 sponsor companies, covering a wide range of subjects on information security, through 40 main presentations and 15 parallel-running workshops, that took place.”

SCC Open Day 2017

Save the date!

openday 2015 fred2The next Smart Card Centre Open Day will be on August 30th 2017, in the Picture Gallery, Founders Building, Royal Holloway, University of London.

The Smart Card Centre Open Day is a free exhibition (50:50 mix of industry and student exhibits) for sponsors, supporters, lecturers, students and visitors as a friendly and informal networking event.

More details can be found at this page.

Best Paper Award at Digital Avionics Systems Conference (DASC)

shawn logoA paper written by Raja Naeem Akram, Konstantinos Markantonakis, Sharadha Kariyawasam, Shahid Ayub, Amar Seeam, and Robert Atkinson, “Challenges of Security and Trust in Avionics Wireless Networks” has won the best paper award in the security track at IEEE/AIAA 34th Digital Avionics Systems Conference (DASC), September 2016.

 

 

The abstract of the paper is:

“Avionics networks have a set of stringent reliability and safety requirements. In existing deployments, most of these networks are based on wired technology, which provide a high degree of reliability and safety. Furthermore, it simplifies the security management of the network as certain assumptions including an inability for an attacker to access the network can be safely made. The proposal for having an Avionics Wireless Network (AWN), as being developed by multiple aerospace working groups, promises reduction in complexity of electrical wiring harness design & fabrication, reduction in wiring weight, increased configurability, and potentially monitoring of otherwise inaccessible moving or rotating aircraft parts. While providing these benefits, the AWN must ensure that it provides at a minimum the equivalent levels of safety offered by the wired network. Substituting the wired network for a wireless network, even for a specific set of well defined and non critical tasks, brings a whole set of new challenges related to assurance, reliability, and security.  In this paper, we discuss the security and trust challenges an AWN deployment might face along with highlighting potential directions for solutions. Furthermore, as a case study we will elaborate on AWN deployment variants like Secure High-Availability Avionics Wireless Networks (SHAWN). Finally, the paper makes suggestions that set the agenda for security, reliability and trust work that could if successful provide an AWN system, meeting the required safety standards.”

Daniele Sgandurra joins the Smart Card Centre

We are delighted to welcome Daniele Sgandurra to the Smart Card Centre. DanieleHe will be lecturing on the MSc Module Computer Security (IY5512), and will also be Deputy Director for Distance Learning. Daniele will be supervising MSc projects and undertaking research on IoT security.

 

 

Sarah AbuGhazalah passes her PhD Viva

Satah AbughazalahCongratulations to Dr Sarah AbuGhazalah!

Sarah successfully defended her PhD thesis (Mutual Authentication Protocols for  RFID Schemes) and passed subject to minor corrections.