My research involves the development of new mathematical analysis techniques, and the application of these techniques to cyber security problems. Some recent highlights include:
- Inductrial Control System and Rail Systems Security: Including an attack against the cryptography used in ERTMS train control systems, a formal analysis of the security of rail comunication protocols and a proposal for key management for ERTMS
- Fintech Security: My work in this area includes my team's analyse of banking app security here and here, and work on stopping relay attacks contactless EMV cards, more information about this work can be found here.
- Cyber Security Education: Including a phishing simulation VM Phishing Attacks: Learning by Doing (ASE 18), a choose your own adventure CTF VM (ASE 17), An Offline Capture The Flag-Style Virtual Machine for Cyber Security Education (3GSE 15) and a paper on using IoT Devices to teach pen testing ASE 16.
- Estimation of Information Leakage: I am interested in how mutual information can be estimated and how information leakage can be measured in real systems. Recent papers in this area include: LeakWatch: Estimating Information Leakage from Java Programs (ESORICS 2014), A Tool for Estimating Information Leakage (CAV 2013), Probabilistic Point-to-Point Information Leakage (CSF 2013) and A Statistical Test for Information Leaks Using Continuous Mutual Information, (CSF 2011). These papers are joint work with Apratim Guha,Yusuke Kawamoto, Chris Novakovic and David Parker.
Tools and software to support these papers can be found here.
- The monitoring of peer to peer file sharing: This work was the first to analyse the direct monitoring of illegal file sharing. Our findings include:
- Massive scale monitoring of all of the most popular illegal downloads from the PirateBay has been taking place over the last 3 years.
- On average an illegal file sharer, using BitTorrent to download the most popular content, will be connected to and have there IP address logged within 3 hours of starting a download.
- Poor collection methods mean the evidence of illegal file sharing collected by monitors may not stand up in court.
- e-Passport security: The Basic Access Control (BAC) protocol, as used in e-Passports, is flawed. There is quite an elegant traceability attack against the protocol as implemented on French e-passports and a side-channel traceability attack against all other passports we looked at. Details of the attack are available in the paper: A Traceability Attack Against e-Passports. A formal analysis of the e-passport traceability is available in our paper Analysing Unlinkability and Anonymity Using the Applied Pi Calculus and an analysis of time-based side channels can be found in our paper: A Statistical Test for Information Leaks Using Continuous Mutual Information. Some media coverage of this work can be found here.
On a side note: My old website can be found here. This website uses HTML code I originally wrote in the late 90s. Pictures of Birmingham New St. station being rebuild, taken from my apartment, can be found here. I also help run the Finite Number of Monkeys hacking club.