Introduction:

I have been lecturing at University College London since 2006. At UCL we have a specialist M.Sc. programme in Information Security.
Currently I am teaching Computer Security 1 and  Applied Cryptography. I also run a student Smart Cards Lab. 

    [Can one crack an Oyster Card or/and clone a contactless building card; if one is only allowed to communicate with the card of the victim for a short time, for example sitting next to the victim on the train? The "Courtois Dark Side" attack on MiFare Classic, see slides and paper is more than 10 times faster than the best attack in this category by Dutch university of Nijmegen, and does not require a costly pre-computation.]. In practice the best known attack on MiFrace classic is obtained by combining this "Courtois' Dark Side attack" to recover one key with the "Nijmegen Nested Authentication Attack" to efficiently recover more keys. Here is a DETAILED explanation about how to recover cryptographic keys of all MiFare Classic cards at home with the ACR122 reader: do it yourself: hacking MiFare Classic cards. It works for example for all London Oyster cards emitted before December 2009 and about 70 % of access cards used in buildings around the world. Many companies actually use the same cryptographic keys in every card, so that once keys for one card are recovered, all the other cards can be read and written.

[ Attacks on KeeLoq and car locks]

[Experimental algebraic attacks on ciphers] [Tools for algebraic cryptanalysis] [Hard probems]

Research Interests - Cryptology:

• Computational cryptanalysis of symmetric and asymmetric ciphers.
• Algebraic Attacks: recover the secret key of a cipher by solving a very large system of multivariate equations over small finite fields.
  • Special properties that make systems efficiently solvable (e.g. sparsity).
  • Conversion and solving algebraic equations with SAT solvers.
  • Computing Gröbner bases and designing simpler and frequently much better/faster algorithms: Gröbner basis require a fixed polynomial ordering. In many real-life cryptanalysis problems this is a very bad idea and much better results are obtained with ad-hoc elimination algorithms whcioh optimize sparsity.
• Design and feasability of algebraic attacks: for example some stream ciphers will be broken if a certain multivariate polynomial equation exists (sometimes finding one such equation is sufficient to break the cipher!). Cryptanalysis of some block ciphers greatly depends on whether they can be written in a certain way.
  • Define what kind of equations are useful/interesting. Find out if such equations exist, prove they exist (or not), compute these equations.
  • Can AES be broken?
• Experimental algebraic cryptanalysis.
  • Automation of symmetric cryptanalysis. Finding special properties of ciphers.
  • Implementation of algebraic attacks. Manipulating very large systems of multivariate equations. Fast linear algebra, in particular when RAM is scarce. Specialised memory management, parallel computing, use of specialised hardware.
• Number theory and lattices.
• Side channel attacks on smart cards.
• Post-quantum cryptography and very efficient public key schemes for special needs:
  • Very short digital signatures (that can be transmitted or and verified with human interaction). Unforgeability and third-party verifiable authenticity of paper documents (bank notes, cheques, ID cards, electronic airline tickets, etc.).
  • Very fast digital signatures (much faster than RSA) for low-cost devices.

• Markets and Information Security:
  • Security in complex commercial systems. For example electronic bank cards + terminals + back-end applications + supporting infrastructure + user adoption + usability + legal and regulatory drivers + economics + fraud + crime science + moral and ethical considerations. Achieving PCI DSS compliance.
  • Smart cards and smart card protocols.
  • Proprietary cryptography as a source of inimitability and the primary defense against hackers in business ecosystems.
  • Marketing for security technologies. Adoption barriers for security products and technologies.
  • New business models and new ways of doing business.
  • Economics of security and economics of insecurity, insurance, prices, bets and derivative markets in information security.
  • Risk management. Fraud in financial markets and financial institutions. Data security and compliance in financial institutions.

  ---

  Last update 23/02/2010