About me

I'm a Professor of Security Engineering and Head of the Systems & Security research theme at the Department of Computer Science, University of Warwick. I graduated with a PhD in the Security Group (where I still have my old badge), from the Computer Laboratory, University of Cambridge, under the joint supervision of Prof Ross Anderson and Prof John Daugman. I worked in the security industry for a total of six years before joining Newcastle University Computing Science as a lecturer in December 2010, then a reader in 2014 and a professor in 2018 before moving to my present post. With Peter Ryan, we co-edited a book "Real-World Electronic Voting: Design, Analysis and Deployment" (2016, CRC Press, in Amazon).

My research interest (and that of my research team) is primarily driven by tackling real-world security problems. With my former PhD advisers (Ross Anderson and John Daugman), I proposed the first solution to combine iris biometrics and cryptography, the two complementary security technologies. Our paper "Combining crypto with biometrics effectively" (IEEE Trans. on Computers, 2006) is ranked the top among the Google Scholar Classic Papers in the category of Computer Security & Cryptography. With colleagues, I designed a few cryptographic protocols: AV-net (so far the most efficient solution to the Dining Cryptographers problem), YAK (a PKI-based authenticated key exchange protocol that has stood against all attacks since 2010), J-PAKE (a password authenticated key exchange protocol that has been adopted as a de facto standard for IoT device enrollment, and standardized internationally in ISO/IEC 11770-4), Open Vote network (so far the most efficient decentralized e-voting protocol in terms of rounds, computation and bandwidth), DRE-i (the first E2E verifiable e-voting system without tallying authorities), DRE-ip (an alternative design to DRE-i based on a different real-time computation strategy; see YouTube demo) and SEAL (so far the most efficient decentralised e-auction protocol). So far, none of these protocols have been broken. With Siamak Shahandashti, we found and fixed security weaknesses in SPEKE, a password-authenticated key exchange protocol that has been standardized in IEEE P1363.2 and ISO/IEC 11770-4. The attacks have been acknowledged by ISO/IEC SC 27 Work Group 2 and the standard has been revised in 2017 to incorporate our proposed fix.

Some of the protocols that we designed have been applied in practice. In particular, J-PAKE (see blog) has been used in Palemoon sync, NXP Thread (YouTube demo), ARM mbed, OpenThread (YouTube demo), Nest Guard, Nest Detect, Bouncycastle, and adopted by Thread Group (white paper) as an open industry standard for the IoT commissioning process (YouTube tutorial), and standardized internationally in ISO/IEC 11770-4:2017 and in RFC 8236 (together with RFC 8235). An independent study on the security of J-PAKE was presented by Abdalla, Benhamouda and MacKenzie in IEEE S&P 2015 (YouTube presentation). A verifiable classroom voting system based on the DRE-i protocol has been developed and subsequently trialled in real classroom teaching with positive student feedback. The DRE-i protocol represents the first step in exploring a new generation of e-voting protocols that are end-to-end verifiable and also free from any tallying authority. I call this new direction "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was awarded a 1.5 million euros ERC starting grant to support my further investigation on SEEV, and in 2015, a follow-up ERC Proof of Concept grant to support commercialization of SEEV (overall, about 4% of the ERC projects have produced a PoC grant). A prototype of the SEEV system (based on DRE-ip) was successfully trialled during the 2019 local elections in Gateshead, UK with positive voter feedback (BBC, University press, CS news).

Finally, I have a general interest in designing efficient computing algorithms. I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature verification. I worked with John Daugman, the original inventor of iris recognition, and designed a fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional exhaustive search algorithm with a negligible loss of accuracy.

Publications

I'm fond of security research that is new, useful and diverse. I am a believer in Roger Needham's maxim: "Good research comes from tackling real problems". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
  • Horia Druliac, Matthew Bardsley, Chris Riches, Christian Dunn, Luke Harrison, Bimal Roy, and Feng Hao, "On the Feasibility of E2E Verifiable Online Voting - A Case Study From Durga Puja Trial," Journal of Information Security and Applications, 2024 [PDF] [ScienceDirect]
    • This paper details our experience of building an end-to-end verifiable online voting system based on DRE-ip and conducting a real-life trial among the resident of New Town, Kolkata, India as part of the 2022 Durga Puja festival celeberation. This was the first time that an E2E online voting system had been built and tested in India.
  • Luke Harrison, Samiran Bag, Feng Hao, "Camel: E2E Verifiable Instant Runoff Voting without Tallying Authorities," ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2024 [PDF]
    • This paper presents Camel, an end-to-end verifiable instant runoff voting (IRV) protocol without tallying authorities. We name the protocol "Camel" as Camels have multiple chambers in their stomach, which enables the processing of food in stages with the maximum extraction of nutrients and the minimum loss of water. This resembles how our protocol processes the encryption of votes in multiple stages.
  • Feng Hao, Samiran Bag, Liqun Chen, Paul van Oorschot, "Owl: An Augmented Password-Authenticated Key Exchange Scheme," Financial Cryptography and Data Security (FC), 2024 [PDF]
    • This paper presents Owl, a new augmented password-authenticated key exchange (PAKE) scheme. Today, SRP-6a is the only widely deployed augmented PAKE schemes in the real world (e.g., used in Apple's iCloud). We show that Owl has systematic advantages over SRP-6a in terms of security, efficiency and crypto agility. Owl also presents a competitive alternative to OPAQUE (selected by IETF as a new standard in 2020) but is free from several issues faced by OPAQUE (e.g., leakage of password update information to passive attackers and the reliance on constant-time hash-to-curve functions).
  • Shen Wang, Mahshid Delavar, Muhammad Ajmal Azad, Farshad Nabizadeh, Steve Smith, Feng Hao, "Spoofing Against Spoofing: Towards Caller ID Verification In Heterogeneous Telecommunication Systems," ACM Transactions on Privacy and Security, in press, 2023 [PDF]
    • This paper presents Caller ID Verification (CIV), a more secure and cost-effective solution than STIR/SHAKEN. STIR/SHAKEN has been mandated by FCC for all telecom providers in the USA to implement, but it has not delivered the promised benefits in preventing caller ID spoofing attacks. Ofcom recently conducted a public consultation on whether the UK should follow suit and adopt STIR/SHAKEN in the country. We urge Ofcom to seriously consider alternative solutions such as CIV before committing to STIR/SHAKEN (see our response to the Ofcom consultation here).
  • Shih-Chun You, Markus G. Kuhn, Sumanta Sarkar and Feng Hao, "Low Trace-Count Template Attacks on 32-bit Implementations of ASCON AEAD," IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES), 2023 [PDF]
    • This paper presents an effective template attack that successfully recovers the secret key of Ascon by analyzing only a small number of power traces. Ascon is the new NIST standard for lightweight cryptography applications. Our work shows that the quadruple use of the key in the initialization and finalization stages of Ascon - originally designed to support leveled implementations to prevent certain side-channel attacks - somehow makes the cipher weaker against a template attack.
  • Mohammad Sadegh Nourbakhsh, Feng Hao and Arshad Jhumka, "Transaction Fee Mechanism For Order-Sensitive Blockchain-based Applications," ESORICS Workshop on Cryptocurrencies and Blockchain Technology (CBT), 2023 [PDF]
    • This paper investigates the order-robustness of existing transaction fee mechansisms such as EIP-1559 in Decentralized Finance (De-Fi) applications.
  • Mahshid Mehr Nezhad, Elliot Laidlaw, Feng Hao, "Security Analysis of Mobile Point-of-Sale Terminals," Proceedings of the 17th International Conference on Network and System Security, 2023 [PDF] [Best student paper]
    • This paper studies the security of mobile point-of-sale (PoS) terminals and shows several vulnerabilities associated with the security design of the mPoS controlling app on mobile phones. This paper won the NSS 2023 Best Student Paper Award.
  • Samuel Herodotou, Feng Hao, "Spying on the Spy: Security Analysis of Hidden Cameras," Proceedings of the 17th International Conference on Network and System Security, 2023 [PDF] [CVE]
    • This paper shows that with the mere knowledge of a hidden camera's serial number, an attacker can capture the camera's video/audio stream, and furthermore, take complete control of the camera as a bot to attack other devices in a home network behind a firewall. It is estimated that the uncovered vulnerabilities affect millions of hidden cameras, mostly sold in America, Europe and Asia. The (insecure) peer-to-peer network that is used by the affected cameras is also being used by 50 million IoT devices as a general communication platform.
  • Samiran Bag, Indranil Ghosh Ray, Feng Hao, "A New Leakage Resilient Symmetric Searchable Encryption Scheme for Phrase Search," Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT), 2022. [PDF]
    • This paper proposes a symmetric key searchable encryption scheme for phrase search that minimises the leakage of information from search patterns and access patterns.
  • Feng Hao, and Paul van Oorschot, "SoK: Password-Authenticated Key Exchange -- Theory, Practice, Standardization and Real-World Lessons," ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2022 [PDF].
    • This paper presents a thorough and systematic review of the PAKE field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols, and a comparative analysis of protocol performance using representative schemes from each taxonomy category. It also reviews real-world applications, summarizes lessons learned, and highlights open research problems related to PAKE protocols.
  • Liang Zhang, Feiyang Qiu, Feng Hao, and Haibin Kan, "1-Round Distributed Key Generation with Efficient Reconstruction Using Decentralized CP-ABE," IEEE Transactions on Information Forensics and Security, pp. 894 - 907, Vol. 17, 2022 [PDF]
    • This paper presents a one-round distributed key generation protocol.
  • Zezhong Tu, Yongkang Xue, Pengpeng Ren, Feng Hao, Runsheng Wang, Meng Li, Jianfu Zhang, Zhigang Ji, and Ru Huang, "A Probability-based Strong Physical Unclonable Function with Strong Machine Learning Immunity," IEEE Electron Device Letters, pp. 138--141, Vol. 43, No. 1, 2022 [PDF]
    • This paper presents a physical unclonable function (PUF) design based on probabilistic trap emissions in nano-scaled transistors.
  • Luke Harrison, Samiran Bag, Hang Luo, Feng Hao, "VERICONDOR: End-to-End Verifiable Condorcet Voting without Tallying Authorities," ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2022 [PDF]
    • This paper presents an end-to-end verifiable e-voting system called VERICONDOR to support Condorcet voting. Our system is self-enforcing without needing any tallying authorities. It's also exceptionally efficient with O(n^2) computation complexity, which is close to the best one may hope for based on using a [n, n] comparison matrix to record a Condorcet ballot.
  • Samiran Bag, Muhammad Ajmal Azad, Feng Hao, "End-to-end verifiable cumulative voting without tallying authorities," International Journal of Applied Cryptography, 2022 [PDF]
    • This paper presents an end-to-end verifiable e-voting system for cumulative voting. Cumulative voting is commonly used for online participatory budgeting in European cities.
  • Mahshid Mehr Nezhad, Feng Hao, "OPay: an Orientation-based Contactless Payment Solution Against PassiveAttacks," Annual Computer Security Applications Conference (ACSAC), 2021. [PDF]
    • This paper analyses new threats emerging from the increasingly popular deployment of mobile point-of-sale terminals and proposes a countermeasure to prevent attacks without changing the existing usage model in contactless payment.
  • Feng Hao, "Prudent Practices in Security Standardization," IEEE communication standards magazine, Vol. 5, No. 3, pp. 40-47, 2021. [PDF]
    • This paper presents a retrospective review of the recent IETF PAKE selection process, discusses technical and management issues, and proposes a set of recommendations for improving practices in security standardisation in the future.
  • Patrick McCorry, Maryam Mehrnezhad, Ehsan Toreini, Siamak Shahandashti, Feng Hao, "On Secure E-Voting over Blockchain," ACM Journal on Digital Threats: Research and Practice, in press, 2021. [PDF]
    • This paper presents a comprehensive analysis of secure e-voting over blockchain in three different settings: decentralized voting, centralized remote voting and centralized polling station voting. The content of this paper forms the basis of a technical report that was submitted to the Economist Cybersecurity Challenge jointly organised by the Economist and Kaspersky Lab, and was ranked third place.
  • Paolo Modesti, Siamak F. Shahandashti, Patrick McCorry, Feng Hao, "Formal Modelling and Security Analysis of Bitcoin's Payment Protocol," Computers & Security, in press, 2021. [PDF]
    • This paper applies formal analysis to confirm that the payment protocol standard BIP70 is vulnerable against the Bitcoin refund attacks reported in FC'16, and to verify that our proposed revised protocol addresses the identified security flaws.
  • Shen Wang, Ehsan Toreini, Feng Hao, "Anti-counterfeiting for polymer banknotes based on polymer substrate fingerprinting," IEEE Transactions on Information Security and Forensics, in press, 2021. [PDF] [University Press][YouTube Demo]
    • This paper proposes a new anti-counterfeiting method for polymer banknotes based on analysing the inevitable imperfection in the opacity coating layer. This method makes the counterfeiting of polymer banknotes dramatically more difficult even if the counterfeiters have obtained the same printing equipment and ink as used by a legitimate government. This work is featured in the University Press and demonstrated on YouTube. We make the datasets openly available (Part 1/2 and Part 2/2).
  • Muhammad Ajmal Azad, Samiran Bag, Farhan Ahmad, Feng Hao, "Sharing is caring: a collaborative framework for sharing security alerts," Computer Communications, Vol. 165, pp. 75-84, 2020. [PDF]
    • This paper proposes a sharing-is-caring (SIC) framework for distributed entities to compute security alert scores while preserving the privacy of each individual security policy.
  • Somnath Panja, Samiran Bag, Feng Hao, and Bimal Roy, "A smart contract system for decentralised Borda count voting," IEEE Transactions on Engineering Management, Vol. 67, No. 4, pp. 1323-1339, 2020. [PDF]
    • This paper proposes the first self-tallying decentralised e-voting protocol for a ranked-choice voting system based on Borda count.
  • Feng Hao, Shen Wang, Samiran Bag, Rob Procter, Siamak Shahandashti, Maryam Mehrnezhad, Ehsan Toreini, Roberto Metere and Lana Liu, "End-to-End Verifiable E-Voting Trial for Polling Station Voting," IEEE Security & Privacy, Vol. 18, No. 6, pp. 6-13, 2020. [PDF], [BBC News], [Gateshead council news], [Warwick University press], [Webroots democracy], [Government Business], [Gizmodo], [ChronicalLive].
    • This paper reports a verifiable e-voting trial conducted at Gateshead as part of the UK local elections on 2 May 2019. This is the first trial of a fully electronic voting system with E2E verifiability for polling station voting in the UK - and the first in the world. The questionnaire used in the user survey can be found here. A video demonstration of the verifiable e-voting prototype can be found at YouTube.
  • Muhammad Ajmal Azad, Charith Perera, Samiran Bag, Mahmoud Barhamgi, and Feng Hao, "Privacy-preserving Crowd-sensed trust aggregation in the User-centeric Internet of People Networks," ACM Transactions on Cyber-Physical Systems, Vol. 5, No. 1, 2020.
    • This paper proposes a trust model that evaluates the aggregate trustworthiness of content creators in a crowdsourced group based on the weighted tallying of trust scores.
  • Muhammad Ajmal Azad, Samiran Bag, Feng Hao, and Andrii Shalaginov, "Decentralized Self-enforcing Trust Management System for Social Internet of Things," IEEE IoT Journal, Vol. 7, No. 4, pp. 2690-2703, 2020. [PDF]
    • This paper presents a self-enforcing reputation management system for an IoT application.
  • Samiran Bag, Feng Hao, Siamak Shahandashti, and Indranil G. Ray, "SEAL: Sealed-bid Auction without Auctioneers," IEEE Transactions on Information Security and Forensics, Vol. 15, pp. 2042-2052, 2020. [PDF]
    • This paper presents the first auctioneer-free sealed-bid auction protocol with a linear computation and communication complexity with respect to the bit length of the bid price. This work establishes to date the best computation and communication complexity for sealed-bid auctions without involving any auctioneers.
  • Muhammad Ajmal Azad, Samiran Bag, Shazia Tabassum and Feng Hao, "privy: Privacy Preserving Collaboration Across Multiple Service Providers to Combat Telecom Spams," IEEE Transactions on Emerging Topics in Computing, Vol. 8, No. 2, pp. 313-327, 2020. [PDF]
    • This paper proposes a privacy-preserving collaborative system to allow telecom providers to identify spammers more quickly and reliably.
  • Samiran Bag, Feng Hao, "E2E Verifiable Electronic Voting System for Shareholders," IEEE Conference on Dependable and Secure Computing, 2019. [PDF]
    • This paper proposes a self-enforcing e-voting system that supports weighted tallying. This is suitable for shareholder voting where each shareholder has a weight corresponding to the number of the shares that they have.
  • Muhammad Ajmal Azad, Samiran Bag, Charith Perera, Mahmoud Barhamgi, Feng Hao, "Authentic-Caller: Self-enforcing Authentication in a Next Generation Network," IEEE Transactions on Industrial Informatics, Vol. 16, No. 5, 2019. [PDF]
    • This paper proposes a self-enforcing method to perform password-based authentication in SIP without involving trusted third parties.
  • Ehsan Toreini, Siamak Shahandashti, Maryam Mehrnezhad, Feng Hao, "DOMtegrity: Ensuring Web Page Integrity against Malicious Browser Extensions," International Journal of Information Security, Vol. 18, pp. 801-814, 2019. [PDF]
    • This paper presents a solution to preserve the integrity of DOM when it is rendered in the browser in the presence of malicious web extensions installed in the browser.
  • Samiran Bag, Muhammad Ajmal Azad and Feng Hao, "E2E Verifiable Borda Count Voting System without Tallying Authorities," Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES), 2019. [PDF]
    • This paper presents a DRE-based Borda count electoral system with end-to-end verifiability without requiring any tallying authorities.
  • Mohammed Aamir Ali, Muhammad Ajmal Azad, Mario Parreno Centeno, Feng Hao, Aad van Moorsel, "Consumer-Facing Technology Fraud: Economics, Attack Methods and Potential Solutions," Future Generation Computer Systems, Vol. 100, pp. 408-427, 2019. [PDF]
    • This paper surveys fraud methods and solutions in three different yet related consumer-facing applications: credit card payment, mobile phone payment and telephone communication.
  • Xun Yi, Zahir Tari, Feng Hao, Liqun Chen, Joseph K. Liu, Xuechao Yang, Kwok-Yan Lam, Ibrahim Khalil, and Albert Y. Zomaya. "Efficient threshold password-authenticated secret sharing protocols for cloud computing," Journal of Parallel and Distributed Computing, Vol. 128, pp. 57-70, 2019. [PDF]
    • This is a journal version of the earlier paper published at ESORCIS'15.
  • Samiran Bag, Muhammad Ajmal Azad, Feng Hao, "PriVeto: A Fully Private Two Round Veto Protocol," IET Information Security, Vol. 13, No. 4, pp. 211-320, 2019. [PDF]
    • This paper presents a new 2-round MPC protocol called PriVeto to compute the boolean-OR function. Compared with AV-net, PriVeto requires all participants to commit their inputs in the first round instead of in the second round. It prevents the last participant in the second round from making any run-time change and limits every participant to learn nothing more than their own input and the final output.
  • Muhammad Ajmal Azad, Samiran Bag, Simon Parkinson, Feng Hao, "TrustVote: Privacy-Preserving Node Ranking in Vehicular Networks," IEEE Internet of Things Journal, vol. 6, No. 4, 2019. [PDF]
    • This paper presents a collaborative crowdsourcing-based vehicle reputation system in a connected vehicular network.
  • Chengqing Li, Dongdong Lin, Bingbing Feng, Jinhu Lv, and Feng Hao, "Cryptanalysis of a Chaotic Image Encryption Algorithm Based on Information Entropy," IEEE Access, Vol. 6, 2018. [PDF]
    • This paper cryptanalyzes a chaotic image encryption algorithm proposed in International Journalof Bifurcation and Chaos (2018).
  • Muhammad Ajmal Azad, Samiran Bag, Feng Hao, and Khaled Salah, "M2M-REP: Reputation System for Machines in the Internet of Things," Computers & Security, Vol. 79, pp. 1-16, 2018. [PDF]
    • This is a journal version of the earlier conference paper published in ARES'17.
  • Chengqing Li, Dongdong Lin, Jinhu Lv, Feng Hao, "Cryptanalyzing An Image Encryption Algorithm Based on Autoblocking and Electrocardiography," IEEE Multimedia, Vol. 25, No. 4, 2018. [PDF]
    • This paper shows that the image encryption algorithm proposed by Ye and Huang in IEEE Multimedia (2016) is insecure.
  • Muhammad Ajmal Azad, Samiran Bag, and Feng Hao, "PrivBox: Verifiable Decentralized Reputation System for the On-line Marketplaces," Future Generation Computer Systems, Vol. 89, pp. 44-57, 2018. [PDF]
    • This paper presents a decentralized reputation system for customers to rate retailers in an online marketplace.
  • Feng Hao, Roberto Metere, Siamak Shahandashti and Changyu Dong, "Analysing and Patching SPEKE in ISO/IEC," IEEE Transactions on Information Forensics and Security, Vol. 13, No. 11, pp. 2844-2855, 2018. [PDF]
    • This is a journal version of our SSR'14 paper. It extends the earlier conference paper by adding a formal analysis of the patched SPEKE, and details of how our proposed patch is accepted and published in the latest ISO/IEC 11770-4 (2017) standard.
  • Samiran Bag, Muhammad Ajmal Azad and Feng Hao, "A Privacy-aware Decentralized and Personalized Reputation System," Computers & Security, Vol. 77, pp. 514-530, 2018. [PDF]
    • This paper presents a method to tally votes among a subset of voters who are trusted by the assessor without disclosing which voters are trusted.
  • Feng Hao, Dylan Clarke, Brian Randell, Siamak Shahandashti, "Verifiable Classroom Voting in Practice," IEEE Security and Privacy, Vol. 16, No. 1, pp. 72-81, 2018. [PDF]
    • This paper presents the first practical verifiable classroom voting (VCV) system, which has been used regularly in real classroom teaching, as well as academic prize competitions, at Newcastle University with positive user feedback since 2013. This paper lays the groundwork for my 2015 ERC Proof of Concept grant.
  • Raffaello Perrotta, Feng Hao, "Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions," IEEE Security and Privacy, Vol. 16, No. 4, pp. 66-81, 2018. [PDF]
    • This paper presents a comprehensive analysis of threats imposed by malicious extensions in modern browsers.
  • Feng Hao, "J-PAKE: Password-Authenticated Key Exchange by Juggling," RFC 8236, September 2017. [Link] [Blog]
    • This RFC describes J-PAKE, which is a password-authenticated key exchange protocol first published at SPW'08 (Hao, Ryan). In 2008, I wrote a blog asking for public scrutiny on the security of J-PAKE. Ten years on, the J-PAKE protocol has stood against all known attacks.
  • Feng Hao, "Schnorr Non-interactive Zero-Knowledge Proof," RFC 8235, September 2017. [Link]
    • This RFC describes Schnorr NIZK, which is an important Zero Knowledge Proof (ZKP) primitive. This technique is used in J-PAKE, but it is described in a standalone RFC as it is generally useful, e.g., also used in AV-net, YAK and OV-net.
  • Muhammad Ajmal Azad, Samiran Bag, Feng Hao, "M2M-REP: Reputation of Machines in the Internet of Things," Internal Conference on Availability, Reliability and Security (ARES), 2017. [PDF]
    • This paper proposes a decentralized protocol to aggregate the reputation scores for machines in an IoT network.
  • Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee, Feng Hao, "ZombieCoin 2.0: Managing Next-Generation Botnets using Bitcoin," International Journal of Information Security, pp .1-12, 2017. [PDF]
    • This is an extended journal version of the earlier workshop paper presented at FC Bitcoin'15.
  • Patrick McCorry, Siamak Shahandashti and Feng Hao, "A Smart Contract for Boardroom Voting with Maximum Voter Privacy," the 21st International Conference on Financial Cryptography and Data Security (FC'17), 2017. [PDF] [CoinDesk]
    • This paper presents the first implementation of a decentralized Internet voting protocol with maximum voter privacy over Ethereum's blockchain. It lays the technical basis for Newcastle University's solution that won 3rd place in the 2016 Economist Cybersecurity Challenge. This work is featured in CoinDesk.
  • Maryam Mehrnezhad, Mohammed Aamir Ali, Feng Hao and Aad van Moorsel, "NFC Payment Spy: A Privacy Attack on Contactless Payments," the 3rd International Conference on Security Standardisation Research (SSR'16), 2016. [PDF]
    • This paper highlights the card-collision problem in NFC payments, the inconsistency between the current NFC terminal implementation and the EMV specification, and how that inconsistency may be exploited by an attacker to compromise user privacy during contactless payments.
  • Siamak F. Shahandashti and Feng Hao, "DRE-ip: A Verifiable E-Voting Scheme without Tallying Authorities," the 21st European Symposium on Research in Computer Security (ESORICS), 2016. [PDF] [YouTube]
    • This paper presents a new "self-enforcing e-voting" system called DRE-ip. Similar to DRE-i (Hao et al. USENIX JETS 2014), DRE-ip provides end-to-end (E2E) verifiability without tallying authorities. But, instead of using pre-computation as in DRE-i, DRE-ip opts for real-time computation and provides a stronger guarantee of ballot privacy.
  • Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti and Feng Hao, "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception," the 1st European Workshop on Usable Security (EuroUSEC), 2016. [PDF]
    • This paper presents an improved attack (over our earlier work) on stealing the user's PINs via mobile sensors. It further presents a user study to evaluate the user awareness of the data leakage problem caused by the sensors. The results indicate that users are generally not aware of the data generated by sensors and how that data might be used to undermine security and privacy.
  • Patrick McCorry, Malte Moser, Siamak F. Shahandasti, and Feng Hao, "Towards Bitcoin Payment Networks," Proceedings of the 21st Australasian Conference on Information Security and Privacy (ACISP'06), 2016. [PDF]
    • This paper reviews proposals that aim to address the scalability problem in Bitcoin by facilitating "off-chain transactions".
  • Xun Yi, Fang-Yu Rao, Zahir Tari, Feng Hao, Elisa Bertino, Ibrahim Khalil and Albert Y. Zomaya, "ID2S Password-Authenticated Key Exchange Protocols," IEEE Transactions on Computers, Vol. 65, No. 12, 2016. [PDF]
    • It's an extended journal version of an earlier conference paper presented at ESORICS'14, with Xun Yi and Elisa Bertino.
  • Feng Hao and Peter Ryan (Eds), Real-World Electronic Voting: Design, Analysis and Deployment, CRC Press, 2016. [Amazon] [CRC Press] [Blog]
  • Feng Hao, "DRE-i and Self-Enforcing E-Voting", Real-World Electronic Voting: Design, Analysis and Deployment (Feng Hao and Peter Ryan, Eds), CRC Press, 2016. [PDF]
    • It's a contributing book chapter that describes a 10-year research journey leading to the invention of "self-enforcing e-voting".
  • Patrick McCorry, Siamak F. Shahandashti, Feng Hao, "Refund Attacks on Bitcoin's Payment Protocol," Proceedings of the 20th Financial Cryptography and Data Security (FC'16), pp. 581-599, 2016. [Paper] [Blog]
    • It presents two attacks on the standard BIP70 Bitcoin Payment protocol and a countermeasure. Both attacks and the countermeasure have been acknowledged by the two largest Bitcoin processors, Bitpay and Coinbase.
  • Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao, "TouchSignatures: Identification of User Touch Actions and PINs Based on Mobile Sensors via JavaScript," Journal of Information Security and Applications, Elsevier, 2016, in press. [Paper], [Blog], [Mozilla advisory], [Apple patch in iOS 9.3], [Bugzilla tracker] [Chromium bug tracker], [W3C revision]
    • It reports a significant security flaw in the current specification of W3C regarding the JavaScript's unrestricted access to the sensor data in a browser on a mobile phone. The W3C community and major browser vendors (Mozilla, Google, Apple, Opera) have acknowledged our work and are implementing some of our suggested countermeasures. This paper is a journal version of the one presented earlier at ASIACCS'15.
  • Maryam Mehrnezhad, Feng Hao, and Siamak F. Shahandashti, "Tap-Tap and Pay (TTP): Preventing The Mafia Attack in NFC Payment," Proceedings of the 2nd International Conference on Research in Security Standardisation (SSR'15), LNCS 9497, pp. 21-39, 2015. [Paper]
    • This paper presents a new solution on preventing Mafia attacks in NFC payment by leveraging the highly correlated vibrations induced by physical tapping between two NFC-enabled devices. Our solution is arguably simpler and more cost-effective than previous solutions that are usually based on distance bounding or ambient environment measurements.
  • Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke and Feng Hao, "Authenticated Key Exchange over Bitcoin," Proceedings of the 2nd International Conference on Research in Security Standardisation (SSR'15), LNCS 9497, pp. 3-20, 2015. [Paper]
    • It proposes a new category of authenticated key exchange (AKE) protocols, which bootstrap trust entirely from the block chain (as opposed to PKI or shared passwords). This work fills in an important gap, which is currently not covered by any key exchange standards (e.g., IEEE, ISO/IEC).
  • Xun Yi, Feng Hao, Liqun Chen and Joseph Liu, "Practical Threshold Password-Authenticated Secret Sharing Protocol," Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS'15), LNCS 9326, pp. 347-365, 2015. [Springer]
    • It presents a technique to distribute a high-entropy secret using secret sharing and later retrieve the secret with a low-entropy password.
  • Feng Hao, "On the Trust of Trusted Computing in the Post-Snowden Age (abstract)," the 8th IEEE CSF Workshop on Analysis of Security APIs, 2015 (no proceedings). [Abstract] [Slides] [Blog]
    • It challenges the fundamental trust assumption underpinning "Trusted Computing" in light of Snowden revelations and proposes to redesign the TPM/HSM APIs based on a new "Trust-but-Verify" paradigm.
  • Feng Hao, Dylan Clarke, Avelino Zorzo, "Deleting Secret Data with Public Verifiability," IEEE Transactions on Dependable and Secure Computing, Vol. 13, No. 6, pp. 617-629, 2015. [Paper] [Blog]
    • It presents a cryptographic protocol to make the data deletion operations more transparent and verifiable.
  • Feng Hao, Xun Yi, Liqun Chen, Siamak Shahandashti, "The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group," Proceedings of the 1st ASIACCS Workshop on IoT Privacy, Trust, and Security (IoTPTS'15), pp. 27-34, 2015. [Paper] [Blog]
    • It presents J-PAKE+ and SPEKE+, the group variants of J-PAKE and SPEKE (both of which have been used in practical applications). Our work establishes a new record of round efficiency for Group PAKE, and is close to the best achievable that one may hope for.
  • Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao, "TouchSignatures: Identification of User Touch Actions based on Mobile Sensors via JavaScript (extended abstract)," Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS'15), pp. 673-673, 2015. [ACM link]
    • It presents the first attack on breaching privacy of a mobile user via JavaScript, which, in contrast to all previous app-based attacks, does not require installing any software (app) on the user's device, and hence is potentially more dangerous.
  • Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee and Feng Hao, "ZombieCoin: Powering Next-Generation Botnets with Bitcoin," Proceedings of the 2nd FC Workshop on Bitcoin Research, LNCS 8976, pp. 34-48, 2015. [Paper] [Forbes]
    • It outlines a design of next-generation Botnets that may leverage the BitCoin blockchain for stealthy and fast Comand & Control, and discusses preemptive countermeasures.
  • Feng Hao, Siamak Shahandashti, "The SPEKE Protocol Revisited," Proceedings of the 1st International Conference on Research in Security Standardisation (SSR'14), LNCS 8893, pp. 26-38, 2014. [Preprint] [blog]
    • It points out two security issues with the SPEKE protocol, as currently defined in the IEEE P1363.2 and ISO/IEC 11770-4 standards, and also proposes a solution to address the attacks. Both attacks have been acknowledged by the technical commiteee in ISO/IEC SC 27, work group 2, with our proposed fix being included into ISO/IEC 11770-4 standard.
  • Xun Yi, Feng Hao, Elisa Bertino, "ID-Based Two-Server Password-Authenticated Key Exchange," Proceedings of European Symposium on Research in Computer Security (ESORICS), LNCS 8713, pp. 257-276, 2014. [Springer]
    • It presents a compiler to construct two-server PAKE from any secure two-party PAKE based on identity-based encryption.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach," Journal of Information Security and Applications, Vol. 19, No. 1, pp. 88-100, 2014. [Preprint] [blog]
    • It is a journal version of the earlier short paper presented at DPM'13. It adds the response from the browser industry and acknowledgement of our work.
  • Feng Hao, Matthew Kreeger, Brian Randell, Dylan Clarke, Siamak Shahandashti, Peter Lee, "Every Vote Counts: Ensuring Integrity in Large-Scale Electronic Voting," USENIX Journal of Election Technology and Systems (JETS), Vol. 2, No. 3, 2014. [Paper] [Poster] [Slides] [blog]
    • This paper lays the foundation for my 2012 ERC starting grant on "self-enforcing e-voting". It challenges the traditional view on the role of trustworthy tallying authorities in E2E verifiable voting protocols and argues if such a role is as indispensable as many have believed over the past twenty years. Since the initial publication as an IACR report in 2010, the paper was repeatedly rejected by top conferences in the security field. In the final acceptance in 2014, the basic DRE-i protocol remains unchanged from its initial specification in 2010.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach (short paper)", Proceeding of ESORICS Workshop on Data Privacy Management (DPM'13), LNCS 8247, pp. 380-389, 2013 [Paper] [Slides]
    • It presents a comprehensive security analysis of the current state of private browsing as implemented in major browsers. The testing software is released here as open source. Some identified issues have been acknowledged by browser vendors and fixed accordingly in newer versions of browsers (see the extended journal version of the paper for details).
  • Dylan Clarke, Feng Hao, "Cryptanalysis of the Dragonfly Key Exchange Protocol," IET Information Security, Vol. 8, No. 6, pp. 283-289, 2014. [Preprint]
    • It points out that the omission of public key validation renders the Dragonfly protocol (a recent Internet draft submitted to IETF) completely insecure. Our attack has been acknowledged and fixed accordingly in the newer version of the Dragonfly specification in IETF and the final RFC publication.
  • Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
    • In this paper, we propose - and have implemented - the first verifiable classroom voting system.
  • Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
    • It is an invited contribution as a book chapter on password authenticated key exchange protocols.
  • Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012. 2012. [Draft] (also available in Newcastle University technical report No. 1311)
    • It presents a vision about the next-generation e-voting.
  • Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
    • It reviews the practical issues and challenges encountered in the UK e-voting trials.
  • Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
    • It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
    • This is the journal version of the YAK paper that was first presented at FC'10. See my response to a cryptanalysis paper that claims to find several attacks on YAK.
  • Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System by Broadcast", Proceedings of the 5th International Conference on Electronic Voting (EVOTE'12), 2012. [Paper]
    • It describes how to add fairness and resistance to disruptions in decentralized e-voting.
  • Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
    • It describes the sync problem and compares solutions by different browsers.
  • Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based Voting System," IACR report, 2010, [No. 452] (also available in Newcastle University technical report No. 1268)
    • It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
  • Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206, 2010 [preprint]
    • It is a journal version of the J-PAKE paper, which was first presented at SPW'08. Since 2015, J-PAKE has been adopted by the Thread Group (an IoT consortium including ARM, Google Nest, Samsung, NXP, Qualcomm, Silicon Labs, Yale etc) as a stanard key establishment mechanisim to bootrap the initial trust for adding a new IoT device to a Thread network. The Thread commissioning protocol based on J-PAKE can be found on the Thread Group website.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS 6052, pp. 383-390, 2010. [paper] [Slides]
    • This paper lays the foundation for my 2012 EPSRC First Grant; also see the journal version of the paper here. It presents two new attacks on the HMQV protocol (a candidate being standardized by IEEE P1363). These attacks highlight the caution one should take when interpreting the provable results from a formal model. The attacks were discussed by IEEE P1363 Working Group in 2010, and since then the standardization of HMQV in IEEE P1363 has been paused. The paper also presents a new authenticated key agreement protocol called YAK. The YAK protocol is designed based on understanding the importance of zero-knowledge proof (ZKP), and is the first scheme that integrates ZKP (Schnorr NIZK) into public-key authenticated key exchange securely and efficiently. The protocol has robustly resisted all known attacks since 2010.
  • Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE International Conference on Computer and Information Technology, pp. 1022-1025, 2010. [paper]
    • It shows a counter-example to explain that the claim about the on-line dictionary attack resistance in SRP-6 is not valid. This does not threaten the practical security of SRP-6, but serves to highlight the risk of making heuristic claims without any proof.
  • Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion," IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper] [Slides]
    • It presents a decentralized e-voting scheme called Open Vote Network. Our scheme is more efficient than the previous Kiayias-Yung (PKC'02) and Groth (FC'04) solutions in every aspect, including the number of rounds, the computational load and the bandwidth usage. A proof-of-concept implementation of the Open Vote Network over the Ethereum blockchain won third place in the 2016 Economist Cybersecurity Challenge.
  • Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion," Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009. [Paper].
    • It's a journal version of av-net paper that was first presented at SPW'06.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008. [Paper]
    • It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008. [Paper][Slides][Java code][Blog]
    • It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). J-PAKE is designed based on understanding the importance of zero-knowledge proof (ZKP), and is the first scheme that utilises ZKP, particularly Schnorr's signature, but in a way that is provably secure and practically efficient. The paper was initially rejected by a major crypto conference as no one had used ZKP in PAKE before. After J-PAKE was first presented in SPW'08, it was implemented in OpenSSL and Mozilla browser. Later, it was adopted as an industry standard for IoT authentication as part of Thread, and standardised in ISO/IEC 11770-4 (also see IETF RFC 8236). Today, J-PAKE has been deployed in real-life applications such as browser sync by Palemoon and IoT authentication by Google Nest, ARM, NXP, D-Link, Qualcomm, Texas Instruments and so on.
  • Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database," IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008. [Paper]
    • It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
  • Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153, No. 4, pp. 141-142, 2006. [Paper]
    • It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. It tells a lesson that in security design, one cannot make security assumptions arbitrarily.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion)," 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
    • It is a discussion of transcript of the av-net workshop paper.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
    • It proposes an exceptionally efficient solution to the Dining Cryptographers problem (Chaum, 1988). Our scheme is the most efficient among all available solutions proposed since 1988.
  • Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively," IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper] [report]
    • This paper proposes the first practical and secure way to integrate the iris biometric into cryptographic applications. It was my first paper during the PhD study. It was repeatedly rejected by top security conferences before we decided to submit it to IEEE TC and it was accepted with almost no revision. Ten years later, in 2017, this paper tops the Google Scholar Classic Papers in the category of Computer Security & Cryptography.
  • Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005. [Paper]
    • It presents a transcript of discussion on combining crypto with biometrics.
  • Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
    • It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
  • Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures," Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002. [Paper]
    • It proposes to apply quantisation to derive stable bits from handwritten signatures.

Other publications

  • Feng Hao, "Oral evidence to the House of Lords", 23 June 2022 [PDF]
    • This document is a transcript of my invited oral evidence, presented to the Fraud Act 2006 and Digital Fraud Committee at the House of Lords on the landscape of telecommunication frauds and countermeasures. On 12 November 2022, the House of Lords published a report entitled "Fighting Fraud: Breaking the Chain", which cites my oral evidence and previous research on this subject.
  • Feng Hao, "Answers to IETF PAKE Selection Questions on the J-PAKE Nomination", July 2019 [PDF]
    • This document lists my answers to the questions asked during the IETF PAKE selection process. In the end, CPace and OPAQUE were selected as the two winners. However, several important issues with the winning protocols have remained unaddressed. Here is a review of the IETF PAKE selection published at the IEEE Communication Standards Magazine.
  • Feng Hao, "Comments on 'Cryptanalysis of a robust key agreement based on public key authentication'", September 2019 [PDF]
    • My response to a cryptanalysis paper that claims to find several attacks on the YAK protocol
  • Robert Cragie, Feng Hao, "Elliptic Curve J-PAKE Cipher Suites for Transport Layer Security," 2016 [Internet Draft]
    • An internet draft submitted to IETF about using J-PAKE for bootstrapping secure communication in IoT applications.
  • Feng Hao, "The Challenge of Being an Engineer - Reflections from a Security Engineer," 2014 [white paper]
    • Reflections from my career experience in the past 10 years starting from 2004 when I first started my PhD study
  • Feng Hao, "Rationale for Inclusion of J-PAKE in ISO/IEC 11770-4", February 2014 [PDF]
    • This document presents rationale for the inclusion of J-PAKE in ISO/IEC 11770-4. As a result, ISO/IEC 11770-4 has been revised to include J-PAKE and the revised standard formally published in 2017.
  • Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
    • My PhD dissertation completed within three years with three papers published on high-ranking journals (IEEE/Springer Transactions) covering three different research topics. It's probably the shortest dissertation among those submitted by PhD graduates in the computer laboratory. See all technical reports.
  • Feng Hao, "Cryptosystem with private key generation from dynamic properties of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
    • My M.Eng dissertation completed in 20 months (four months shorter than the normal course) with two papers published on high-ranking journals covering two different research topics.

Links

  • Warwick University Security Reading sessions [Link]
    • An informal reading session every Friday to review latest publications in the security field.
  • Newcastle University Security Research wiki [Link]
    • An informal wiki system that I created and maintained while I was at Newcastle University to coordinate security research activities in the School of Computing Science, Newcastle University.
  • Newcastle University Security Research Blog [Security Upon Tyne]
    • A blog that I created while I was at Newcastle University to facilitate two-way communication: 1) to disseminate our research results to people outside Newcastle University; 2) to allow anyone to freely comment, scrutinize and criticize our work.