PhD Research Programme

The Information Security Group runs an active PhD research programme on a wide variety of security-related topics such as the design and evaluation of cryptographic algorithms and protocols, network security, smart cards, access control, security management, and the integration of security techniques into specific applications. A good overview of current research interests can be obtained by visiting home pages of academic staff, research assistants and postgraduate research students.  In normal circumstances all academic staff are happy to take on new PhD students, although from time time a member of staff may temporarily stop accepting new students if they become overloaded.

The Information Security Group has supervised almost 100 successful PhD students, many now holding influential positions in the security industry:

• Learn information about what some of our PhD alumni are doing now.
• Trying to decide on whether to apply? Some advice from a graduate.

We always welcome PhD applications from suitably qualified candidates who have a keen interest in pursuing information security research.  Royal Holloway provides general information for prospective postgraduate students.

We welcome applications from prospective PhD students wishing to propose their own research projects, or who wish to develop a detailed project in conjunction with their supervisor.  However, we also welcome applications from prospective students wishing to work on specific projects of particular interest to certain members of academic staff.  A short list of such projects is given below.  Prospective applicants are recommended to contact the listed supervisor directly, either before or in parallel with making a formal application to the college admissions office.

1. Novel exponentiation methods

Supervisor: Dr Colin D Walter, Colin.Walter [at] rhul [dot] ac [dot] uk

Exponentiation is essential in most public key cryptosystems and has been studied extensively in the past. However, a critical treatment of it in resource constrained environments has a much shorter history - perhaps little more than 15 years. With the advent of composite elliptic curve operations, such as triple and add, it is clear that standard models of execution time are out of date. They simply count the additions and doublings on the curve. This project aims to improve the algorithms to generate exponentiation schemes taking into account the different speeds of a much wider range of curve operations, and, in particular, the composite operations mentioned above and those corresponding to the Frobenius map when the field characteristic is very small. It will consider improving a number of classical recoding algorithms as well as new multibase methods and division chain methods and take space into account as well as speed. Relevant literature includes:

• C. D. Walter, "Fast Scalar Multiplication for ECC over GF(p) using Division Chains", Proc. WISA 2010, Springer LNCS, to appear.
• C. D. Walter, "Mist: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis", CT-RSA 2002, Springer LNCS 2271, pp.53-66.
• C. D. Walter, "Exponentiation using Division Chains", IEEE Transactions on Computers, 47(7) July 1998, pp.757-765.
• V. S. Dimitrov, L. Imbert & P. K. Mishra, "Efficient and Secure Elliptic Curve Point Multiplication using Double-Base Chains", ASIACRYPT 2005, Springer LNCS 3788, pp.59-78.

2. Security, Trust and Risk Management for Advanced Transport Ticket Systems

Supervisor: Dr Keith Mayes, Keith.Mayes [at] rhul [dot] ac [dot] uk

Industry Advisor: John Verity (ITSO)

Transportation systems are increasingly making use of electronic tickets and supporting IT infrastructure, to provide easy access to transport and associated services. Over the past decade the technologies used have lagged behind the state-of-the-art and there have been some corresponding departures from information security best practices that have been exploited and publicised in a damaging manner. The exploits did highlight the need to not only adhere to design best practice, but also to the use of physical implementations that can be verified to be tamper-resistant (attack resistant) and be managed appropriately. They also emphasised the value of the back-office transaction processing and support for forensic and other types of investigation. These lessons need to be built upon as we move towards a future with NFC mobile technology, multiple security elements and powerful parties competing for trust management and ownership roles. This project will investigate the critical aspects of transport ticketing security, including:

• Key, SAM, security element and smart card management;
• Back office processing for security/fraud control (e.g. fraud engines/forensics);
• Effective certification of security implementations and risk assurance processes.

Funding: The offer is for a full time student and UK/EU fees will be paid by the ISG Smart Card Centre (SCC). An internship (value £7k/pa) is offered by ITSO (the student is expected to work up to 3 months/pa at Milton Keynes).

3. Fault Attacks for Virtual Machines in Embedded Platforms

Supervisor: Dr Kostas Markantonakis (SCC) K.Markantonakis [at] rhul [dot] ac [dot] uk

The concept of introducing fault attacks while cryptographic algorithms are executing in embedded systems and more specifically in smart cards has been studied extensively. At the same time, progressively more embedded devices like smart cards and mobile phones are relying on virtual machines for secure application execution. However, these execution platforms (e.g. Java Card, Globalplatform, Multos, and Android OS) can be subjected to a number of fault attacks in order to bypass the security mechanisms of the underlying platforms. This project aims to examine how fault attacks can be combined with logical attacks in an efficient way towards a relatively controlled abuse of the underlying platforms. The main aim of the work involves identifying practical vulnerabilities and more importantly proposing countermeasures.

The offer is for a full time student and home/EU fees will be paid by the ISG Smart Card Centre (SCC).

4. Risk Adaptive Security Protocols for Smart Card Systems

Supervisor: Dr Keith Mayes, Keith.Mayes [at] rhul [dot] ac [dot] uk

Implementing a very high security algorithm/protocol on a limited platform such as a smartcard may lead to excessive processing times that render the solution unusable. However smart card systems usually have back-office monitoring measures in place to determine the current level of actual fraud/abuse. If abuse is very low then security could potentially be set at a low level for fast transaction speed, knowing that if the abuse rises the security level may be raised, albeit at the expense of speed. This research topic is aimed at identifying, designing and practically evaluating adaptive security algorithms/protocols for limited platforms (smart cards), which can be controlled to dynamically trade speed against security protection. The work could build upon a recent ISG MSc report (Andreas Grünert 2010) that considered Zero Knowledge protocols for this application.

5. Practical Evaluation. Benchmarking and Design Of Grouping Proof based RFID readers

Supervisor: Dr Keith Mayes, Keith.Mayes [at] rhul [dot] ac [dot] uk

There are many theoretical RFID protocols that consider reading individual RFID tags, whereas often in practice the problem is to read many tags simultaneously and be sure that no tag from a group has been omitted and no genuine tag has been swapped for a 'fake'. There is Grouping Proof research that addresses this, usually in a theoretical manner only, ignoring practical aspects such as tag discovery and anti-collision protocols used commonly by tag readers. Previous work within the ISG by Xuefei Leng et al. identified some encouraging approaches that could lead to practical and efficient reading of tag groups. This research could extend on the earlier work by practically designing, implementing and evaluating a range of multi-tag group reading protocols. The aim is to provide a solution that could be of real world practical use.

6. Ultra Miniature Active RFID Tagging

Supervisor: Dr Keith Mayes, Keith.Mayes [at] rhul [dot] ac [dot] uk

It is possible to make very small RFID tags, however they tend to be passive (no power source) and of very restrictive range. However there are some tagging applications that call for very small, lightweight yet long range active tags. This is a challenge as the power source increases the size and weight of the tag and excessive transmit power could drain a small battery very quickly. Furthermore a successful solution would need to handle multiple tags and establish identity, and as more protocol complexity is added the pressure on tag size and power consumption is increased. The project is first to evaluate existing miniature active tags (e.g. work by Naef-Daenzer et al.), develop a model for trading parameters e.g. complexity, range, power, battery life. The next stage would be to design, implement and practically evaluate ultra miniature active RFID tags.

7. Identity management

Supervisor: Professor Chris Mitchell, c.mitchell [at] rhul [dot] ac [dot] uk

Recent years have seen a significant number of proposals for identity management systems capable of greatly simplifying the task of user authentication to, and user authorisation at, web service providers. Examples of such systems include CardSpace, Liberty, OpenID, SAML and Shibboleth. However, for a variety of reasons such systems have not had the expected practical impact, despite their obvious security advantages. This issue has been addressed in work by two recent research students at Royal Holloway, namely Waleed Alrodhan and Haitham Al-Sinani, who have focussed on removing some of the obstacles to greater adoption of identity management systems (including such issues as interoperability and system scope). A previous PhD student, Andreas Pashalidis, also examined practical identity management issues, in his case focussing on supporting Internet single sign-on. There is scope for a wide range of further research in this area, which remains a highly important topic in both academia and in practice.

Relevant joint publications on identity management by the above-referenced students can be found here.

8. Trusted computing

Supervisors: Dr Allan Tomlinson, Allan.Tomlinson [at] rhul [dot] ac [dot] uk and Professor Chris Mitchell, c.mitchell [at] rhul [dot] ac [dot] uk

We are interested in new research projects in a broad range of areas relating to trusted computing and its applications. We have an established record of research in trusted computing, dating back to 2003, and in the summer of 2010 we hosted the European Trusted Infrastructure Summer School (ETISS 2010). We are particularly interested in the following research areas:

• trusted computing and virtualization;
• trusted computing and mobile devices - use and application of MTMs;
• new directions for trusted computing, focussing on the new application possibilities supported by TPM.next (the next generation of TPM);
• trusted computing as a universal security infrastructure, i.e. considering ways in which the ubiquitous deployment of trusted computing can help bootstrap new possibilities for personal and enterprise security.

We are also happy to take on research students looking at other aspects of trusted computing.

A summary of recent research on trusted computing at Royal Holloway can be found here.

9. MACs: theory and practice

Supervisor: Professor Chris Mitchell, c.mitchell [at] rhul [dot] ac [dot] uk

Message Authentication Codes (MACs) have been a fundamentally important cryptographic primitive in commercial applications for 30 years, and they remain of vital importance today. Despite their wide use, it is interesting to observe that practice and theory have diverged widely in recent years. For example, whilst a well-developed theory for MACs constructed from block ciphers exists (notably for so called CBC-MACs), schemes favoured by theory have by no means replaced previously used schemes such as the ANSI retail MAC. This latter scheme appears to offer a reasonable level of security (which explains its continued use) but lacks any formal security proof. This project seeks to reconcile this and other differences between theory and practice by developing the theory and also considering practical cryptanalysis.

Relevant publications on MAC security by Chris Mitchell can be found here.