ÌÇÐÄTV

Skip to main content Skip to navigation

Department of Computer Science

Security

Security research within the Systems and Security (SAS) theme has been primarily driven by tackling real-world security problems. Some of our research works have had a societal impact and have been deployed in practical applications. The following are a few selected examples.

Key exchange
  • (Hao, Ryan, Springer Trans. on Computer Science, 2010). This paper presents a password-authenticated key exchange protocol called J-PAKE. Ten years later, J-PAKE has been adopted as a de facto standard in the IoT industry for device commissioning and built into many millions of Google Nest, ARM, NXP, Qualcomm, Texas Instruments, Samsung IoT products (see and for a full range of products).
  • (Hao, Metere, Shahandashti, Dong, IEEE TIFS, 2018) - This paper presents two novel attacks against the SPEKE protocol and a countermeasure that provably fixes the identified flaws. SPEKE had been standardized by ISO/IEC for more than 10 years and used in many applications, and it was the first time such attacks were uncovered. This work has led to the revision of the standard with the inclusion of the proposed countermeasure (published in ISO/IEC 11770-4:2017).
E-voting
  • (Shahandashti, Hao, ESORICS'16) - This paper presents a new "self-enforcing e-voting" system called DRE-ip. A prototype of the DRE-ip system was successfully trialed in a polling station in Gateshead during the 2019 United Kingdom local elections. The e-voting trial was reported on .
  • (Hao, Ryan, Eds. CRC, 2016) - This book consolidates the state-of-the-art in the research field of verifiable e-voting in a real-world setting as of 2016.
  • (Hao, Kreeger, Randell, Clarke, Shahandashti, Lee, USENIX JETS, 2014) - This paper proposes a radically new research direction called "self-enforcing e-voting". This paper laid the foundation for a €1.5m on and a €150K
Biometrics/PUF
  • (Toreini, Shahandashti, Hao, ACM TOPS, 2017) - This paper presents a new technique to authenticate a paper document by analyzing the random interleaving of wooden articles during the production of paper. This paper is featured in , , , , , , , , , , , , , , .
  • (Hao, Anderson, Daugman, IEEE TC, 2006) - This paper proposes the first practical and secure way to integrate the iris biometric into cryptographic applications. Ten years later, in 2017, this paper was ranked No. 1 in the in the category of .
Cryptocurrency/blockchain
  • (McCorry, Shahandashti, Hao, FC'16) - The paper presents two attacks on the standard BIP70 Bitcoin Payment protocol and a countermeasure. Both attacks and the countermeasure have been acknowledged by the two largest Bitcoin processors, Bitpay and Coinbase. As of 2020, BIP70 is being de-standardized.
  • (McCorry, Shahandashti, Hao, FC'17) - This paper presents the first implementation of a decentralized Internet voting protocol with maximum voter privacy over Ethereum's blockchain. It lays the technical basis for a submission that won 3rd place in the . This work is featured in .
Sensor/IoT security
  • (Mehrnezhad, Toreini, Shahandashti, Hao, Elsevier JISA, 2016) - This paper reports a significant security flaw in the specification of W3C regarding the JavaScript's unrestricted access to the sensor data in a browser on a mobile phone. The identified flaw was acknowledged by W3C and the browser industry as seen in , , , , . The research work was also reported in , , , , , , , , , , ,  , , , , , , , , .

People

Projects

Let us know you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to functional, advertising and performance cookies. You can update your cookie preferences at any time.

Cookie policy