About me

I'm a Reader in Security Engineering at the School of Computing Science. I graduated with a PhD in 2007 from the Security Group (where I still have my old badge), at the Computer Laboratory, University of Cambridge, under the joint supervision of Prof Ross Anderson and Prof John Daugman. Earlier, I received my B.Eng (1st class) and M.Eng degrees from Nanyang Technological University (NTU), Singapore, in 2001 and 2002 respectively. I had several years of working experience in security industry before joining the faculty as a lecturer in 2010.

My research interests focus on exploring the interaction between cryptographic theory and security practice. I first proposed to apply quantization method to derive an encryption key from handwritten signature. I also proposed the first practical and secure way to combine iris biometrics and cryptography effectively. With colleagues, I designed a number of cryptographic protocols: AV-net (to date the most efficient solution to the Dining Cryptographers problem), YAK (the simplest and arugable one of the most robust public-key authenticated key exchange protocols), J-PAKE (a password authenticated key exchange protocol that has been deployed to several million Internet users in the real world and has recently been adopted by the ISO/IEC 11770-4 standard), Open Vote network (to date the most efficient decentralized e-voting protocol) and DRE-i (the first E2E verifiable e-voting system that is "self-enforcing"). So far, none of these protocols have been broken. Besides designing secure protocols, I have broken several of other researchers' insecure protocols, mainly in the field of authenticated key exchange -- in particular, with my colleague Siamak Shahandashti, we found and fixed security weaknesses in SPEKE, a password-authenticated key exchange protocol that has been standardized in IEEE P1363.2 and ISO/IEC 11770-4. Our proposed fix is being included into ISO/IEC 11770-4 as a result of revising SPEKE to address the identified security weaknesses.

Some of the protocols that I designed have been applied in practice. In particular, J-PAKE has been integrated into Mozilla Firefox since Dec, 2010 (see blog). A verifiable classroom voting system based on the DRE-i protocol has been developed and subsequently trialed in real classroom teaching with positive student feedback (paper here, the voting results in a MSc class and a BSc class). The DRE-i protocol represents the first step in exploring a new generation of e-voting protocols that are end-to-end verifiable and also free from any tallying authority. I call this new direction as "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was awarded a 1.5 million euros ERC starting grant to support my further investigation on SEEV (one of the 7 such awards in computer science in the UK, and 34 in total in the Europe).

Finally, I have a general interest in designing efficient computing algorithms. I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature verification. I worked with John Daugman, the original inventor of iris recognition, and designed a fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional exhaustive search algorithm with minimum loss of accuracy.

Publications

I'm fond of security research that is new, useful and diverse. I am a believer of Roger Needham's maxim: "Good research comes from tackling real problems". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
  • Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee and Feng Hao, "ZombieCoin: Powering Next-Generation Botnets with Bitcoin," accepted by the 2nd Workshop on Bitcoin Research, 2015.
    • It outlines a design of next-generation Botnets that may leverage the BitCoin blockchain for stealthy, fast and robust Comand and Control (C&C). We also present preemptive countermeasures to this potential threat that may happen in the near future.
  • Feng Hao, Xun Yi, Liqun Chen, Siamak Shahandashti, "The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group," under review, 2014.
    • It presents a new way to construct a multi-party PAKE protocol with optimal round efficiency.
  • Feng Hao, Siamak Shahandashti, "The SPEKE Protocol Revisited," accepted by the 1st International Conference on Research in Security Standardisation (SSR'14), to appear in LNCS, 2014. [Preprint] [blog]
    • It points out two security issues with the SPEKE protocol, as currently defined in the IEEE P1363.2 and ISO/IEC 11770-4 standards, and also proposes concrete changes to both standards. During the recent ISO/IEC SC 27 meeting at Mexico in October 2014, our attacks were discussed and it was agreed that the ISO/IEC 11770-4 standard should be revised to address the identified security weaknesses. The revision work is curently in process.
  • Xun Yi, Feng Hao, Elisa Bertino, "ID-Based Two-Server Password-Authenticated Key Exchange," Proceedings of European Symposium on Research in Computer Security (ESORICS), LNCS 8713, pp. 257-276, 2014. [Springer]
    • It presents a compiler to construct two-server PAKE from any secure two-party PAKE based on identity-based encryption.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach," accepted by Journal of Information Security and Applications, Elsevier, 2014. [Preprint] [blog]
    • It is a journal version of the earlier short paper presented at DPM'13.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach (short paper)", ESORICS Workshop on Data Privacy Management (DPM'13), to appear in LNCS [Paper] [Slides]
    • It presents a comprehensive security analysis of the current state of private browsing as implemented in major browsers. The testing software is released here as open source. Some identified issues have been acknowledged by browser vendors and fixed accordingly in newer versions of browsers (see the extended journal version of the paper for details).
  • Dylan Clarke, Feng Hao, "Cryptanalysis of the Dragonfly Key Exchange Protocol," IET Information Security, April, 2014. [Preprint]
    • It points out that the omission of public key validation renders the Dragonfly protocol (a recent Internet draft submitted to IETF) completely insecure. Our attack has been acknowledged and fixed accordingly in the newer version of the Dragonfly specification in IETF.
  • Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
    • In this paper, we propose - and have implemented - the first verifiable classroom voting system.
  • Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
    • It is an invited contribution as a book chapter on password authenticated key exchange protocols.
  • Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012. 2012. [Draft] (also available in Newcastle University technical report No. 1311)
    • It presents a vision about the next-generation e-voting.
  • Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
    • It reviews the practical issues and challenges encountered in the UK e-voting trials.
  • Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
    • It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
    • This is the journal version of the YAK paper that was first presented at FC'10.
  • Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System by Broadcast", Proceedings of the 5th International Conference on Electronic Voting (EVOTE'12), 2012. [Paper]
    • It describes how to add fairness and resistance to disruptions in decentralized e-voting.
  • Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
    • It describes the sync problem and compares solutions by different browsers.
  • Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based Voting System," IACR report, 2010, [No. 452] (also available in Newcastle University technical report No. 1268)
    • It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
  • Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206, 2010 [preprint]
    • It is a journal version of the J-PAKE paper, which was first presented at SPW'08.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS 6052, pp. 383-390, 2010. [paper] [Slides]
    • It presents two new attacks on the HMQV protocol, which is currently being standardized by IEEE P1363. These attacks highlight the caution one should take when interpreting the provable results from a formal model. It also presents a new authenticated key agreement protocol called YAK. The YAK protocol is by far the simplest public-key authenticated key exchange protocol.
  • Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE International Conference on Computer and Information Technology, pp. 1022-1025, 2010. [paper]
    • It explains that sometimes an attacker may exploit the non-confinement of small subgroups to attack some password-authenticated key exchange schemes.
  • Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion," IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper] [Slides]
    • It presents a decentralized e-voting scheme called Open Vote Network. Our proposal is by far the most efficient solution among the decentralized e-voting schemes in all aspects, including the number of rounds, the computational load and the bandwidth usage
  • Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion," Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009. [Paper].
    • It's a journal version of av-net paper that was first presented at SPW'06.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008. [Paper]
    • It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008. [Paper][Slides][Java code][Blog]
    • It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has clear advantages in security with comparable efficiency. As of Oct 2014, J-PAKE has been adopted by the ISO/IEC 11770-4 standard and included into OpenSSL, Bouncycastle API and so on.
  • Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database," IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008. [Paper]
    • It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
  • Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153, No. 4, pp. 141-142, 2006. [Paper]
    • It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. In security design, one cannot make security assumptions arbitrarily.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion)," 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
    • It is a discussion of transcript of the av-net workshop paper.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
    • It proposes a solution to the Dining Cryptographers problem (Chaum, 1988). Our proposal is by far the most efficient among all solutions proposed so far.
  • Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively," IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper] [report]
    • It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
  • Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005. [Paper]
    • It presents a transcript of discussion on combining crypto with biometrics.
  • Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
    • It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
  • Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures," Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002. [Paper]
    • It proposes to apply quantisation to derive stable bits from handwritten signatures.

Other publications

  • Feng Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," 2013 [Internet Draft]
    • An internet draft submitted to IETF about J-PAKE.
  • Feng Hao, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," 2013 [Internet Draft]
    • An internet draft submitted to IETF about Schnorr signature.
  • Feng Hao, Matthew Nicolas Kreeger, "Electronic voting apparatus and method," 2011 [Link]
    • A pending international patent on a secure large-scale e-voting scheme without involving trusted authorities.
  • Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
    • My PhD dissertation completed within three years with three papers published on high-ranking journals (IEEE/Springer Transactions) covering three different research topics. It's probably the shortest dissertation among those submitted by PhD graduates in the computer laboratory. See all technical reports.
  • Feng Hao, "Cryptosystem with private key generation from dynamic properties of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
    • My M.Eng dissertation completed in 20 months (four months shorter than the normal course) with two papers published on high-ranking journals covering two different research topics.

Links

  • Newcastle University Security Research wiki [Link]
    • An informal wiki system that I am currently maintaining to coordinate security research activities in the School of Computing Science.
  • Newcastle University Security Research Blog [Security Upon Tyne]
    • A blog set up to facilitate two-way communication: 1) to disseminate our research results to people outside Newcastle University; 2) to allow anyone to freely comment, scrutinize and criticize our work.