About me

I'm a Reader in Security Engineering at the School of Computing Science. I graduated with a PhD in 2007 from the Security Group (where I still have my old badge), at the Computer Laboratory, University of Cambridge, under the joint supervision of Prof Ross Anderson and Prof John Daugman. Earlier, I received my B.Eng (1st class) and M.Eng degrees from Nanyang Technological University (NTU), Singapore, in 2001 and 2002 respectively. I had several years of working experience in security industry before joining the faculty as a lecturer in 2010.

My research interests focus on exploring the interaction between cryptographic theory and security practice. I first proposed to apply quantization method to derive an encryption key from handwritten signature. I also proposed the first practical and secure way to combine iris biometrics and cryptography effectively. With colleagues, I designed a number of cryptographic protocols: AV-net (to date the most efficient solution to the Dining Cryptographers problem), YAK (so far the simplest and one of the most robust public-key authenticated key exchange protocols), J-PAKE (one of the most widely deployed password authenticated key exchange protocols used in the real world), Open Vote network (to date the most efficient decentralized e-voting protocol) and DRE-i (the first E2E verifiable e-voting system that is "self-enforcing"). So far, none of these protocols have been broken. Besides designing secure protocols, I have broken several of other researchers' insecure protocols, mainly in the field of authenticated key exchange.

Some of the protocols that I designed have been applied in practice. In particular, J-PAKE has been integrated into Mozilla Firefox since Dec, 2010 (see blog). A verifiable classroom voting system based on the DRE-i protocol has been developed and subsequently trialed in real classroom teaching with positive student feedback (paper here, the voting results in a MSc class and a BSc class). The DRE-i protocol opens up a new category of e-voting protocols, which I call "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was awarded an ERC starting grant to support my further investigation on SEEV (one of the 7 such awards in computer science in the UK, and 34 in total in the Europe).

Finally, I have a general interest in designing efficient computing algorithms. I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature verification. I worked with John Daugman, the original inventor of iris recognition, and designed a fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional exhaustive search algorithm with a negligible loss of accuracy.

Publications

I'm fond of security research that is new, useful and diverse. I am a believer of Roger Needham's maxim: "Good research comes from tackling real problems". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
  • Feng Hao, Xun Yi, Liqun Chen, Siamak Shahandashti, "Fairy-Ring Dance: Password Authenticated Key Exchange in a Group," in preparation, 2014.
    • It presents a new way to construct a multi-party PAKE protocol with optimal round efficiency.
  • Feng Hao, Siamak Shahandashti, "The SPEKE Protocol Revisited," under review, 2014.
    • It points out several security issues with the SPEKE protocol, as currently defined in the IEEE P1363.2 and ISO/IEC 11770-4 standards, and also proposes concrete changes to both standards.
  • Xun Yi, Feng Hao, Elisa Bertino, "ID-Based Two-Server Password-Authenticated Key Exchange," accepted by European Symposium on Research in Computer Security (ESORICS), 2014.
    • It presents a compiler to construct two-server PAKE from any secure two-party PAKE based on identity-based encryption.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach," accepted by Journal of Information Security and Applications, Elsevier, 2014. [Preprint]
    • It is a journal version of the earlier short paper presented at DPM'13.
  • Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach (short paper)", ESORICS Workshop on Data Privacy Management (DPM'13), to appear in LNCS [Paper] [Slides]
    • It presents a comprehensive security analysis of the current state of private browsing as implemented in major browsers. The testing software is released here as open source.
  • Dylan Clarke, Feng Hao, "Cryptanalysis of the Dragonfly Key Exchange Protocol," 2013, accepted by IET Information Security. [Preprint]
    • It points out that the omission of public key validation renders the Dragonfly protocol (a recent Internet draft submitted to IETF) completely insecure.
  • Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
    • In this paper, we propose - and have implemented - the first verifiable classroom voting system.
  • Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
    • It is an invited contribution as a book chapter on password authenticated key exchange protocols.
  • Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012. 2012. [Draft] (also available in Newcastle University technical report No. 1311)
    • It presents a vision about the next-generation e-voting.
  • Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
    • It reviews the practical issues and challenges encountered in the UK e-voting trials.
  • Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
    • It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
    • This is the journal version of the YAK paper that was first presented at FC'10.
  • Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System by Broadcast", Proceedings of the 5th International Conference on Electronic Voting (EVOTE'12), 2012. [Paper]
    • It describes how to add fairness and resistance to disruptions in decentralized e-voting.
  • Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
    • It describes the sync problem and compares solutions by different browsers.
  • Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based Voting System," IACR report, 2010, [No. 452] (also available in Newcastle University technical report No. 1268)
    • It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
  • Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206, 2010 [preprint]
    • It is a journal version of the J-PAKE paper, which was first presented at SPW'08.
  • Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS 6052, pp. 383-390, 2010. [paper] [Slides]
    • It presents two new attacks on the HMQV protocol, which is currently being standardized by IEEE P1363. These attacks highlight the caution one should take when interpreting the provable results from a formal model. It also presents a new authenticated key agreement protocol called YAK. The YAK protocol is by far the simplest public-key authenticated key exchange protocol.
  • Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE International Conference on Computer and Information Technology, pp. 1022-1025, 2010. [paper]
    • It explains that sometimes an attacker may exploit the non-confinement of small subgroups to attack some password-authenticated key exchange schemes.
  • Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion," IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper] [Slides]
    • It presents a decentralized e-voting scheme called Open Vote Network. Our proposal is by far the most efficient solution among the decentralized e-voting schemes in all aspects, including the number of rounds, the computational load and the bandwidth usage
  • Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion," Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009. [Paper].
    • It's a journal version of av-net paper that was first presented at SPW'06.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008. [Paper]
    • It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
  • Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008. [Paper][Slides][Java code][Blog]
    • It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has clear advantages in security with comparable efficiency.
  • Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database," IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008. [Paper]
    • It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
  • Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153, No. 4, pp. 141-142, 2006. [Paper]
    • It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. In security design, one cannot make security assumptions arbitrarily.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion)," 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
    • It is a discussion of transcript of the av-net workshop paper.
  • Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
    • It proposes a solution to the Dining Cryptographers problem (Chaum, 1988). Our proposal is by far the most efficient among all solutions proposed so far.
  • Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively," IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper] [report]
    • It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
  • Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005. [Paper]
    • It presents a transcript of discussion on combining crypto with biometrics.
  • Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
    • It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
  • Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures," Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002. [Paper]
    • It proposes to apply quantisation to derive stable bits from handwritten signatures.

Other publications

  • Feng Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," 2013 [Internet Draft]
    • An internet draft submitted to IETF about J-PAKE.
  • Feng Hao, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," 2013 [Internet Draft]
    • An internet draft submitted to IETF about Schnorr signature.
  • Feng Hao, Matthew Nicolas Kreeger, "Electronic voting apparatus and method," 2011 [Link]
    • A pending international patent on a secure large-scale e-voting scheme without involving trusted authorities.
  • Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
    • My PhD dissertation. Probably the shortest among those submitted by PhD graduates in the computer laboratory. See all technical reports.
  • Feng Hao, "Cryptosystem with private key generation from dynamic properties of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
    • My M.Eng dissertation.

Links

  • Newcastle University Security Research wiki [Link]
    • An informal wiki system that I am currently maintaining to coordinate security research activities in the School of Computing Science.