Raja Naeem Akram

Raja Naeem Akram
Royal Holloway, University of London | RHUL · Information Security Group

PhD, M.Sc(IS), M.Sc(CS), B.Sc

About

139
Publications
60,037
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,182
Citations
Citations since 2017
59 Research Items
891 Citations
2017201820192020202120222023050100150200
2017201820192020202120222023050100150200
2017201820192020202120222023050100150200
2017201820192020202120222023050100150200
Introduction
I am currently a PostDoc at ISG-SCC, Royal Holloway, University of London. Research projects I am associated with includes digital avionics, payment security and data security/privacy/provenance. Before this, I was a Research Fellow at the Cyber Security Lab, Department of Computer Science, University of Waikato, New Zealand. Before joining the University of Waikato, I worked as a Senior Research Fellow at Edinburgh Napier University.
Additional affiliations
November 2014 - present
Royal Holloway, University of London
Position
  • PostDoc Position
June 2013 - November 2014
The University of Waikato
Position
  • Research Associate
January 2012 - present

Publications

Publications (139)
Article
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Conference Paper
Embedded systems are small scale computing devices that are increasingly located in more of the items we use and own. The number of embedded systems in the world is increasing dramatically as the "internet of things" concept becomes more prevalent in the market. The value of the market for embedded systems is predicted to increase to being worth tr...
Preprint
Full-text available
Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and quali...
Preprint
Full-text available
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that...
Article
Full-text available
Current Peer-to-Peer (P2P) energy market models raise serious concerns regarding the confidentiality and integrity of energy consumption, trading and billing data. While Distributed Ledger Technology (DLT) systems (e.g., blockchain) have been proposed to enhance security, an attacker could damage other parts of the model, such as its infrastructure...
Conference Paper
Full-text available
Microarchitectural cross-VM covert channels are software-launched attacks which exploit multi-tenant environments' shared hardware. They enable transmitting information from a compromised system when the information flow policy does not allow to do so. These attacks represent a threat to the confidentiality and integrity of data processed and store...
Chapter
Data confidentiality is put at risk on cloud platforms where multiple tenants share the underlying hardware. As multiple workloads are executed concurrently, conflicts in memory resource occur, resulting in observable timing variations during execution. Malicious tenants can intentionally manipulate the hardware platform to devise a covert channel,...
Conference Paper
Full-text available
We demonstrate a breach in smartphone location privacy through the accelerometer and magnetometer's footprints. The merits or otherwise of explicitly permissioned location sensors are not the point of this paper. Instead, our proposition is that other non-location-sensitive sensors can track users accurately when the users are in motion, as in trav...
Conference Paper
Full-text available
Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services, and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and qual...
Chapter
Full-text available
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the cha...
Article
The Internet of Things (IoT) is expanding at a large rate, with devices found in commercial and domestic settings from industrial sensors to home appliances. However, as the IoT market grows, so does the number of attacks made against it with some reports claiming an increase of 600% in 2017. This work seeks to prevent code replacement, injection,...
Article
In addition to traditional high temperature eutectic soldering, the use of underfill epoxy to glue the electronic components to the PCB (memory, CPU, cryptographic chips) has now become the norm among mobile phone manufacturers, e.g. Apple, BlackBerry and Samsung. Currently, this technique is the best solution to protect components against various...
Preprint
Full-text available
Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and quali...
Preprint
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the cha...
Conference Paper
Full-text available
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the cha...
Preprint
Full-text available
Relay attacks are passive man in the middle attacks, aiming to extend the physical distance of devices involved in a transaction beyond their operating environment, within the restricted time-frame. In the field of smartphones, proposals have been put forward suggesting sensing the natural ambient environment as an effective Proximity and Relay Att...
Chapter
Fleets of UAVs will be deployed in near future in reliability and safety critical applications (e.g. for smart cities). To satisfy the stringent level of criticality, each UAV in the fleet must trust the other UAVs with which it communicates to get assurance of the trustworthiness in information received and to be sure not to disclose information t...
Preprint
Full-text available
Technology has positive impacts on many aspects of our social life. Designing a 24hour globally connected architecture enables ease of access to a variety of resources and services. Furthermore, technology like Internet has been a fertile ground for innovation and creativity. One of such disruptive innovation is blockchain -- a keystone of cryptocu...
Preprint
Full-text available
Bitcoin is a decentralised digital currency that relies on cryptography rather than trusted third parties such as central banks for its security\cite{bitcoin_original}. Underpinning the operation of the currency is a peer-to-peer (P2P) network that facilitates the execution of transactions by end users, as well as the transaction confirmation proce...
Preprint
Society is in constant transition to keep up with technological advancement, we are seeing traditional paradigms being increasingly challenged. The fundamentals of governance are one such paradigm. As society's values have shifted, so have expectations of government shifted from the traditional model to something commonly referred to as 'open gover...
Preprint
Full-text available
Personal data related to a user's activities, preferences and services, is considered to be a valuable commodity not only for a wide range of technology-oriented companies like Google, Amazon and Apple but also for more traditional companies like travel/transport, banking, entertainment and marketing industry. This has resulted in more targeted and...
Article
With the development of pervasive and ubiquitous computing, of IoT and personal devices, user-centric solutions will be the paradigm for most of the future applications. In this context, user-centric solutions must be proposed from deployment models to the content management. Obviously suitable Security, Privacy and Trust (SPT) solutions have to be...
Chapter
Full-text available
Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (n...
Article
Full-text available
Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during executi...
Conference Paper
One of the significant innovations that came out of Bitcoin is the blockchain technology. This paper explores how the blockchain can be leveraged in the philanthropic sector, through charitable donation services in fiat currency or Bitcoin via a web-based donor platform. The philanthropic model is then used for a case study providing humanitarian a...
Chapter
Full-text available
Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during executi...
Conference Paper
Full-text available
Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platf...
Conference Paper
Smart cities are a concept of interest to many industrial, academic and government organisations. However, smart cities present a large attack surface to adversaries if every traffic light, power relay and water pipe are connected to the internet. This paper describes the problem of distributing software in a smart city when strong protection of de...
Conference Paper
In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments)....
Article
Full-text available
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple...
Article
Full-text available
It is widely acknowledged that the proliferation of Unmanned Aerial Vehicles (UAVs) may lead to serious concerns regarding avionics safety, particularly when end-users are not adhering to air safety regulations. There are, however, domains in which UAVs may help to increase the safety of airplanes and the management of flights and airport resources...
Conference Paper
Full-text available
Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been...
Conference Paper
Full-text available
The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specifi...
Conference Paper
Full-text available
Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token als...
Conference Paper
Full-text available
Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding t...
Chapter
The aim of this chapter is to describe the main middlewares and APIs used to manage and access smart card readers and smart cards, along with the mobile phone APIs to access smart cards, SIM card and Secure Elements. It is illustrated by samples of code that the reader of this book will be able to reuse to quickly develop his/her first applications...
Chapter
The smart card is a very popular component of many commercial and government system solutions. The ability of the smart card to store data securely and resist a great deal of physical tampering is part of the attraction, but so too is the ability to run algorithms and protocols. Whilst, there are successful and popular systems that make use of fair...
Chapter
Although smart card technology has been available for many decades, it is only in the last few years that smart cards have become widely considered as one of the most common secure computing devices. They are encountered in a number of applications (e.g. secure wireless access in mobile networks, banking , identification) satisfying a diverse range...
Conference Paper
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Conference Paper
Full-text available
The emergence of powerful, sensor-rich devices has spawned the development of continuous authentication (CA) schemes on commodity hardware, where user behaviour is compared to past experience to produce an authentication decision, with the aim of addressing challenges with traditional authentication schemes. Current CA proposals, however, have larg...
Conference Paper
Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective...
Conference Paper
Traditional countermeasures to relay attacks are difficult to implement on mobile devices due to hardware limitations. Establishing proximity of a payment device and terminal is the central notion of most relay attack countermeasures, and mobile devices offer new and exciting possibilities in this area of research. One such possibility is the use o...
Conference Paper
A maintenance services logging system is a useful tool for car owners to keep track of the car’s condition and also can increase the market value of the car. Logging systems range from manual, paper-based, to automated, cloud-based systems. The automated process provides ease of use and availability of the records. A secure protocol is required to...
Conference Paper
The advent of smartphones and the flexibility to have multiple applications serving the user's needs, has started a convergence of different services into a single device. Traditional services provided by mobile phones like voice and text communication became secondary to other domains like Online Social Network (OSN) and entertainment applications...
Chapter
Full-text available
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In th...
Article
Full-text available
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of...
Article
Full-text available
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attac...
Conference Paper
Digital forensics is becoming an important feature for many embedded devices. In automotive systems, digital forensics involves multiple electronic control units (ECUs) used to support the connected and intelligent vehicle’s technology. Digital evidence from these ECUs can be used in forensics investigation and analysis. Such a mechanism can potent...
Conference Paper
Unmanned Aerial Vehicles (UAVs) fleets are becoming more apparent in both military and civilian applications. However security of these systems still remains unsatisfactory if a strong adversary model with a high attack potential (i.e. the adversary has capabilities and knowledge to capture a UAV, to perform side-channel or fault injection or other...
Conference Paper
Full-text available
Trust has various instantiations: some rely on real-world relationships between entities, while others depend on robust hardware and software technologies to establish it post-deployment. In this paper, we focus on the latter, analyse their evolution in previous years, and their scope in the near future. The evolution of such technologies has invol...
Conference Paper
Tokenisation has been adopted by the payment industry as a method to prevent Personal Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The current architecture specified in EMV tokenisation requires online connectivity during transactions. However, it is not always possible to have online connectivity. We identify thre...
Article
Mobile devices are becoming part of modern digital avionics. Mobile devices can be applied to a range of scenarios, from Electronic Flight Bags to maintenance platforms, in order to manage and configure flight information, configure avionics networks or perform maintenance tasks (including offloading flight logs). It can be argued that recent devel...