Keith Mayes

Keith Mayes
Royal Holloway, University of London | RHUL · Information Security Group

About

225
Publications
46,232
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,293
Citations

Publications

Publications (225)
Preprint
Full-text available
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that...
Article
Full-text available
When authenticating a group of RFID tags, a common method is to authenticate each tag with some challenge-response exchanges. However, sequentially authenticating individual tags one by one might not be desirable, especially when considering that a reader often has to deal with multiple tags within a limited period, since it will incur long scannin...
Chapter
Attacks on computer systems and networks have never been more prolific, hence the great effort from government, industry and academia is to identify and adopt information/cyber security best-practices. Most of this effort has been directed to the logical design and operational security of systems; however, the security of implementation is also vit...
Conference Paper
Full-text available
The sharing of hardware platforms in multi-tenant environments is increasingly raising security concerns. Microarchitectural timing-based covert channels allow tunneling information out of a compromised cloud instance, thus bypassing information flow policies. In response, significant research efforts have been carried out in order to address the s...
Article
Full-text available
Abstract A cyber‐physical authentication strategy to protect power system infrastructure against false data injection (FDI) attacks is outlined. The authors demonstrate that it is feasible to use small, low‐cost, yet highly attack‐resistant security chips as measurement nodes, enhanced with an event‐triggered moving target defence (MTD), to offer e...
Article
Radio frequency identification technology (RFID) is widely used in identity authentication and payment, and it also becomes an indispensable part of daily life. Cloud-based RFID systems have broad application prospects, and can be provided as a service to individuals or organisations. For example, RFID cards can be used for cash-less payment, physi...
Conference Paper
The establishment of the Internet of Things (IoT) is gathering pace. The “things” will be counted in their billions, however interoperability problems may compromise the interconnectivity aspect. Isolated “things” are common and often make use of proprietary communication and security protocols that have not been subject to public scrutiny. By cont...
Chapter
Fleets of UAVs will be deployed in near future in reliability and safety critical applications (e.g. for smart cities). To satisfy the stringent level of criticality, each UAV in the fleet must trust the other UAVs with which it communicates to get assurance of the trustworthiness in information received and to be sure not to disclose information t...
Article
Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application’s popularity. In this paper, we propose an approach for detecting repackaged applications. Our ap...
Conference Paper
One of the significant innovations that came out of Bitcoin is the blockchain technology. This paper explores how the blockchain can be leveraged in the philanthropic sector, through charitable donation services in fiat currency or Bitcoin via a web-based donor platform. The philanthropic model is then used for a case study providing humanitarian a...
Conference Paper
In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments)....
Article
Full-text available
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple...
Conference Paper
Full-text available
Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been...
Conference Paper
Full-text available
Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token als...
Conference Paper
Full-text available
Payment cards make use of a Primary Account Number (PAN) that is normally used by merchants to uniquely identify users, and if necessary to deny users service by blacklisting. However, tokenisation is a technique whereby the PAN is replaced by a temporary equivalent, for use in mobile devices that emulate payment cards, but with reduced attack resi...
Chapter
The smart card is a very popular component of many commercial and government system solutions. The ability of the smart card to store data securely and resist a great deal of physical tampering is part of the attraction, but so too is the ability to run algorithms and protocols. Whilst, there are successful and popular systems that make use of fair...
Chapter
Over the years, mobile devices have become increasingly sophisticated in terms of their features and the use cases they operate. This rise in sophistication poses a major security threat because it increases the attack surface of mobile devices. Consequently, the challenge from a security point of view is to offer security assurances for applicatio...
Chapter
This chapter discusses the concepts behind the MULTOS smart card operating system and introduces the development environment and tools . It also briefly discusses possible future uses for MULTOS outside of smart cards.
Chapter
When we released the original version of this book, back in 2008, we stated that the concept of a smart card was not particularly new, but that the practical use of smart cards in a range of diverse applications had never been more popular. Eight years on and the statement is still valid, although we have seen some trends towards certain types of s...
Chapter
There are around 6 billion smart cards issued every year for use within mobile communications devices. The cards, known as Subscriber Identity Modules (SIM), represent some of the most technically advanced smart cards that have ever been deployed. Their original role was to safeguard the system security by providing authentication and supporting co...
Book
This book provides a broad overview of the many card systems and solutions that are in practical use today. This new edition adds content on RFIDs, embedded security, attacks and countermeasures, security evaluation, javacards, banking or payment cards, identity cards and passports, mobile systems security, and security management. A step-by-step a...
Conference Paper
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Conference Paper
Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective...
Conference Paper
For a biometrics system, one of the principal challenges is to protect the biometric reference template, as if a malicious individual is able to obtain this template, the genuine user would not be able to reuse the biometric for any application. A solution may be to use a new form of authentication based on gesture recognition. This type of authent...
Conference Paper
A maintenance services logging system is a useful tool for car owners to keep track of the car’s condition and also can increase the market value of the car. Logging systems range from manual, paper-based, to automated, cloud-based systems. The automated process provides ease of use and availability of the records. A secure protocol is required to...
Conference Paper
The advent of smartphones and the flexibility to have multiple applications serving the user's needs, has started a convergence of different services into a single device. Traditional services provided by mobile phones like voice and text communication became secondary to other domains like Online Social Network (OSN) and entertainment applications...
Chapter
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Article
Full-text available
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of...
Article
Full-text available
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attac...
Conference Paper
Digital forensics is becoming an important feature for many embedded devices. In automotive systems, digital forensics involves multiple electronic control units (ECUs) used to support the connected and intelligent vehicle’s technology. Digital evidence from these ECUs can be used in forensics investigation and analysis. Such a mechanism can potent...
Conference Paper
Tokenisation has been adopted by the payment industry as a method to prevent Personal Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The current architecture specified in EMV tokenisation requires online connectivity during transactions. However, it is not always possible to have online connectivity. We identify thre...
Article
Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is potentially vulnerable to many common attacks, which affect the election's integrity. Security can be improved by distributing vote processing over many w...
Article
Full-text available
Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless...
Article
Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application’s popularity. In this paper, we propose an approach for detecting repackaged applications. Our ap...
Conference Paper
In this paper, we focus on a particular RFID application called a grouping-proof, where an entity such as an RFID reader generates a proof that two or more tags have been scanned simultaneously. This proof is then verified by the server, which processes the tags' data in the system. However, designing a grouping-proof protocol is challenging for tw...
Article
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Chapter
Full-text available
One of the significant innovations that came out of Bitcoin is the blockchain technology. This paper explores how the blockchain can be leveraged in the philanthropic sector, through charitable donation services in fiat currency or Bitcoin via a web-based donor platform. The philanthropic model is then used for a case study providing humanitarian a...
Conference Paper
Full-text available
Over-the-air (OTA) firmware update is available in some systems such as mobile networks. Security plays a vital role to ensure that the firmware update process is successful despite possible threats against it. Therefore mobile devices may be useful to support the OTA firmware update process for other devices such as those used for automotive appli...
Conference Paper
Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider’s (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There...
Conference Paper
Full-text available
In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this p...
Conference Paper
Full-text available
Smart cards, in their traditional deployment architecture referred to as the Issuer Centric Smart Card Ownership Model (ICOM), have a restricted application lifecycle. In this model, an application is installed onto a smart card by the relevant card issuer. In most cases, the card issuer is also the centralised controlling authority for different l...
Article
Biometric systems either use physiological or behavioural characteristics to identify an individual. However, if a biometric is compromised it could be difficult or impossible to change it. This paper proposes a biometric authentication system based on gesture recognition, where gestures can be easily changed by the user. The system uses a Kinect™...
Conference Paper
Full-text available
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing pow...
Chapter
Although Radio Frequency IDentification (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the assumption that the server is secure. In this paper, we assume that the server resides in the...
Article
This paper explores the concept and applications of electronic ownership and ownership management in the context of the Internet of Things. It also proposes a prototype ownership management system which includes ownership creation and ownership transfer.
Conference Paper
Virtual Worlds (VWs) are immensely popular online environments, where users interact in real-time via digital beings (avatars). However, a number of security issues affect VWs, and they are vulnerable to a range of attacks on their infrastructure and communications channels. Their powerful architecture can also be used to mount attacks against live...
Conference Paper
Full-text available
In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number o...
Conference Paper
In this paper we discuss the operating system security measures of a commercial .NET smart card for mitigating risks of malicious smart card applications. We also investigate how these security measures relate to the card resident binary by analysing its proprietary file format to develop a new vulnerability research tool for .NET card applications...
Chapter
We are increasingly reliant on the use of IT systems in our normal day- to-day business and personal activities. It is of paramount importance that these systems are sufficiently secure to protect sensitive, valuable and private data, and associated storage, communications and transactions. Therefore, the design and use of such systems should be in...
Chapter
Security systems often include specialised modules that are used to build the foundations of attack-resistant security. One of the most common modules has been the smart card; however, there are often misconceptions about the definition of the smart card and related technologies, such as Radio Frequency Identification (RFID), as well as the require...
Conference Paper
Since the first publication, side channel leakage has been widely used for the purposes of extracting secret information, such as cryptographic keys, from embedded devices. However, in a few instances it has been utilised for extracting other information about the internal state of a computing device. In this paper, we show how to create a precise...
Conference Paper
In this paper, we point out the use of secret sharing strategies as a promising solution for managing the key distribution and recovery in the Radio Frequency Identification (RFID)- enabled supply chains. To this end, we designed a new model based on a secret sharing approach to solve the key distribution issue within the supply chains. We further...
Conference Paper
In the last few decades embedded processors have invaded the modern lifestyle. Embedded systems have hardware and software components. Assuring the integrity of the software is very important as it is the component that controls what the hardware does through its instructions. Although there exist a number of software integrity verification techniq...
Conference Paper
Virtual Worlds (VWs) are persistent, immersive digital environments where users interact in online communities via avatars. Voting on VW issues is currently done outside the VW environment, as constant monitoring of avatar activities means the privacy of in-world voting cannot be guaranteed. This paper proposes a VW voting method using remote code...
Conference Paper
Full-text available
Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to...
Conference Paper
To improve the energy-saving effect of loaders, this paper study the hybrid power technology in-depth. In this paper a parallel hybrid power loader is investigated as research object, operating condition of a 5 tons loader is analyzed. Parameter matching and control strategy based on super capacitor charge status and load conditions are proposed. R...