I'm a Reader
in Security Engineering at the School of Computing Science. I
graduated with a PhD in 2007 from the Security
Group (where I still have my old badge), at the Computer
Laboratory, University of Cambridge, under the joint
supervision of Prof Ross Anderson and
Daugman. Earlier, I received my B.Eng (1st class) and M.Eng
degrees from Nanyang Technological University (NTU), Singapore,
in 2001 and 2002 respectively. I had several years of working
experience in security industry before joining the faculty as a
lecturer in 2010.
My research interests focus on exploring the interaction
between cryptographic theory and security practice. I first
proposed to apply quantization
method to derive an encryption key from handwritten
signature. I also proposed the first practical and secure way to
combine iris biometrics and cryptography effectively. With
colleagues, I designed a number of cryptographic protocols: AV-net (to date the most
efficient solution to the Dining Cryptographers problem), YAK (the simplest and arugable one of the
most robust public-key authenticated key exchange
protocols), J-PAKE (a password authenticated key exchange
protocol that has been deployed to several million Internet users in the real world and has recently been adopted by the
ISO/IEC 11770-4 standard), Open Vote network (to date the most efficient decentralized e-voting protocol) and DRE-i
(the first E2E verifiable e-voting system that is
"self-enforcing"). So far, none of these protocols have been
broken. Besides designing secure protocols, I have broken
several of other researchers' insecure protocols, mainly in the
field of authenticated key exchange -- in particular, with my colleague
we found and fixed security weaknesses in SPEKE, a password-authenticated key exchange protocol that has been standardized in IEEE P1363.2 and ISO/IEC 11770-4. The attacks have been acknowledged by ISO/IEC SC 27 Work Group 2 and the standard is being revised to address the identified issues.
Some of the protocols that I designed have been applied in practice. In particular, J-PAKE
has been integrated into Mozilla Firefox since Dec, 2010 (see blog).
A verifiable classroom voting system based on the DRE-i protocol has been developed and subsequently
trialed in real classroom teaching with positive student feedback (paper here, the voting results
in a MSc class and a BSc class).
The DRE-i protocol represents the first step in exploring a new generation of e-voting protocols that are end-to-end verifiable and also free from any tallying
authority. I call this new direction as "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was
awarded a 1.5 million euros ERC starting grant to support my further investigation on SEEV (one of the 7 such awards in computer science in the UK, and 34 in total in the Europe), and in 2015, a follow-up ERC Proof of Concept grant to support commercialization of SEEV (one of the 45 awards in Europe in all subjects, and the only one in the UK in computer science).
Finally, I have a general interest in designing efficient computing algorithms.
I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature
verification. I worked with John Daugman, the original inventor of iris recognition, and designed a
fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional
exhaustive search algorithm with minimum loss of accuracy.
I'm fond of security research that is new, useful and diverse. I am a believer of Roger Needham's maxim: "Good research comes from tackling real problems
". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
- Patrick McCorry, Siamak F. Shahandashti, Feng Hao,
"Refund Attacks on Bitcoin's Payment Protocol," accepted by the 20th
Financial Cryptography and Data Security (FC'16), 2016. [Paper] [Blog]
presents two attacks on the standard BIP70 Bitcoin Payment protocol
and a countermeasure. Both attacks and the countermeasure have been
acknowledged by the two largest Bitcoin processors, Bitpay and
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti,
Feng Hao, "TouchSignatures: Identification of User Touch
of Information Security and Applications, Elsevier, 2016, in
press. [Paper] [Blog]
- It reports a signficiant security flaw in the current
the sensor data in a browser on a mobile phone. The W3C community and
major browser vendors (Mozilla, Google, Apple, Opera) have
acknowledged our work and are implementing some of our suggested
countermeasuers. This paper is a journal version of the one presented
earlier at ASIACCS'15.
- Maryam Mehrnezhad, Feng Hao, and Siamak
F. Shahandashti, "Tap-Tap and Pay (TTP): Preventing The Mafia Attack
in NFC Payment," Proceedings of the 2nd International Conference on
Research in Security Standardisation (SSR'15), LNCS 9497, pp. 21-39, 2015. [Paper]
- This paper presents a new solution on preventing Mafia attacks in
NFC payment by leveraging the highly correlated vibrations induced by
physical tapping between two NFC-enabled devices. Our solution is
arguably simpler and more cost-effective than previous solutions that
are usually based on distance bounding or ambient environment
- Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke and
Feng Hao, "Authenticated Key Exchange over Bitcoin," Proceedings
of the 2nd International Conference on Research in Security
Standardisation (SSR'15), LNCS 9497, pp. 3-20, 2015. [Paper]
- It proposes
a new category of authenticated key exchange (AKE) protocols, which
bootstrap trust entirely from the block chain (as opposed to PKI or
shared passwords). This work fills in an important gap, which is currently
not covered by any key exchange standards (e.g., IEEE, ISO/IEC).
- Xun Yi, Feng Hao, Liqun Chen and Joseph Liu,
"Practical Threshold Password-Authenticated Secret Sharing Protocol,"
Proceedings of the 20th European Symposium on Research in Computer
Security (ESORICS'15), LNCS 9326, pp. 347-365, 2015. [Springer]
- It presents a
technique to distribute a high-entropy secret using secret sharing and
later retrieve the secret with a low-entropy password.
- Feng Hao, "On the Trust of Trusted Computing in the
Post-Snowden Age (abstract)," accepted by the 8th IEEE CSF Workshop on
Analysis of Security APIs, 2015 (no proceedings). [Abstract] [Slides] [Blog]
- It challenges the fundamental trust assumption underpinning
"Trusted Computing" in light of Snowden revelations, and proposes to
redesign the TPM/HSM APIs based on a new "Trust-but-Verify" paradigm.
- Feng Hao, Dylan Clarke, Avelino Zorzo, "Deleting
Secret Data with Public Verifiability," accepted by IEEE
Transactions on Dependable and Secure Computing, 2015. [Paper] [Blog]
- It presents a cryptographic protocol to make the data
deletion operations more transparent and verifiable.
- Feng Hao, Xun Yi, Liqun Chen, Siamak Shahandashti,
"The Fairy-Ring Dance: Password Authenticated Key Exchange in a
Group," Proceedings of the 1st ASIACCS Workshop on IoT Privacy, Trust,
and Security (IoTPTS'15), pp. 27-34, 2015. [Paper] [Blog]
- It presents J-PAKE+ and SPEKE+, the group variants of J-PAKE
and SPEKE (both of which have been used in practical applications). Our work
establishes a new record of round efficiency for Group PAKE, and is
close to the best achievable that one may hope for.
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti,
Feng Hao, "TouchSignatures: Identification of User Touch
Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS'15), pp. 673-673, 2015. [ACM link]
- It presents the first attack on breaching privacy of a mobile user
does not require installing any software (app) on the user's device,
and hence is potentially more dangerous.
- Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee and
Feng Hao, "ZombieCoin: Powering Next-Generation Botnets with
Bitcoin," Proceedings of the 2nd FC Workshop on Bitcoin Research, LNCS 8976, pp. 34-48,
2015. [Paper] [Forbes]
- It outlines a design of next-generation Botnets that may
leverage the BitCoin blockchain for stealthy and fast Comand &
Control, and discusses preemptive countermeasures.
- Feng Hao, Siamak Shahandashti, "The SPEKE Protocol
Revisited," Proceedings of the 1st International Conference on
Research in Security Standardisation (SSR'14), LNCS 8893, pp. 26–38,
2014. [Preprint] [blog]
- It points out two security issues with the SPEKE protocol, as
currently defined in the IEEE P1363.2 and ISO/IEC 11770-4 standards,
and also proposes a solution to address the attacks. Both attacks
have been acknowledged by the technical commiteee in ISO/IEC SC 27, work group 2, with
our proposed fix being included into ISO/IEC 11770-4 standard.
- Xun Yi, Feng Hao, Elisa Bertino, "ID-Based Two-Server
Password-Authenticated Key Exchange," Proceedings of European
Symposium on Research in Computer Security (ESORICS), LNCS 8713,
pp. 257-276, 2014. [Springer]
- It presents a compiler to construct two-server PAKE from any
secure two-party PAKE based on identity-based encryption.
- Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan
Toreini, "On The Privacy of Private Browsing - A Forensic Approach,"
Journal of Information Security and Applications, Vol. 19,
No. 1, pp. 88-100, 2014. [Preprint] [blog]
- It is a journal version of the earlier short paper presented
at DPM'13. It adds the response from the browser industry and
acknowledgement of our work.
- Feng Hao, Matthew Kreeger, Brian Randell, Dylan
Clarke, Siamak Shahandashti, Peter Lee, "Every Vote Counts: Ensuring
Integrity in Large-Scale Electronic Voting," USENIX Journal of
Election Technology and Systems (JETS), Vol. 2, No. 3, 2014. [Paper]
- This paper lays the foundation for my 2012
ERC starting grant on "self-enforcing e-voting". It challenges the
traditional view on the role of trustworthy tallying authorities in
E2E verifiable voting protocols and argues if such a role is as
indispensable as many have believed over the past twenty years. Since
the initial publication as an IACR report in 2010, the
paper was repeatedly rejected by various conferences. In the final
acceptance in 2014, the basic DRE-i protocol remains unchanged from
its initial specification in 2010.
- Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan
Toreini, "On The Privacy of Private Browsing - A Forensic Approach
(short paper)", Proceeding of ESORICS Workshop on Data Privacy Management (DPM'13),
LNCS 8247, pp. 380-389, 2013 [Paper] [Slides]
presents a comprehensive security analysis of the current state of
private browsing as implemented in major browsers. The testing
software is released here
as open source. Some identified issues have been acknowledged by
browser vendors and fixed accordingly in newer versions of browsers
(see the extended journal
version of the paper for details).
- Dylan Clarke, Feng Hao, "Cryptanalysis of the
Dragonfly Key Exchange Protocol," IET Information
Security, Vol. 8, No. 6, pp. 283-289, 2014. [Preprint]
- It points out that the omission of public key
validation renders the Dragonfly protocol (a recent Internet
draft submitted to IETF) completely insecure. Our attack has
been acknowledged and fixed accordingly in the newer
version of the Dragonfly specification in IETF.
- Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
- In this paper, we propose - and have implemented - the first verifiable classroom voting system.
- Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
- It is an invited contribution as a book chapter on password authenticated key exchange protocols.
- Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012.
2012. [Draft] (also available in Newcastle University technical report No. 1311)
- It presents a vision about the next-generation e-voting.
- Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
- It reviews the practical issues and challenges encountered in the UK e-voting trials.
- Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied
Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
- It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic
Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
- This is the journal version of the YAK paper that was first presented at FC'10.
- Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System
by Broadcast", Proceedings of the 5th International Conference on Electronic Voting
(EVOTE'12), 2012. [Paper]
- It describes how to add fairness and resistance to disruptions in decentralized e-voting.
- Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols
Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
- It describes the sync problem and compares solutions by different browsers.
- Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based
Voting System," IACR report, 2010, [No. 452]
(also available in Newcastle University technical report No. 1268)
- It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
- Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on
Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206,
- It is a journal version of the J-PAKE paper, which was first presented at SPW'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of
the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS
6052, pp. 383-390, 2010. [paper]
- It presents two new attacks on the HMQV protocol (a candidate being standardized by IEEE P1363). These attacks highlight the caution one should take when interpreting the provable results from a formal model. The paper also presents a new authenticated key agreement protocol called YAK. The YAK protocol is by far the simplest public-key authenticated key exchange protocol, and arguably one of the most robust.
- Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE
International Conference on Computer and Information Technology, pp. 1022-1025, 2010.
- It shows a counter-example to explain that the claim about the on-line dictionary attack resistance in SRP-6 is not valid. This does not threaten the practical security of SRP-6, but serves to highlight the risk of making heuristic claims without any proof.
- Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion,"
IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper]
- It presents a decentralized e-voting scheme called Open Vote Network. Our scheme is more efficient than the previous Kiayias-Yung (PKC'02) and Groth (FC'04) solutions in all aspects, including the number of rounds, the computational load and the bandwidth usage
- Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion,"
Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009.
- It's a journal version of av-net paper that was first presented at SPW'06.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008.
- It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008.
- It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent
Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has clear advantages in security with comparable efficiency.
As of Oct 2014, J-PAKE has been adopted by the ISO/IEC 11770-4 standard, included into OpenSSL, Bouncycastle API, and used in commercial applications such as browser sync and Google Nest thermostats.
- Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database,"
IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008.
- It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
- Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153,
No. 4, pp. 141-142, 2006. [Paper]
- It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. In security design, one cannot make security assumptions arbitrarily.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion),"
14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
- It is a discussion of transcript of the av-net workshop paper.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th
International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
- It proposes a solution to the Dining Cryptographers problem (Chaum, 1988). Our solution is by far the most efficient among those proposed since 1988.
- Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively,"
IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper]
- It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
- Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th
International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005.
- It presents a transcript of discussion on combining crypto with biometrics.
- Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points
Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
- It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
- Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures,"
Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002.
- It proposes to apply quantisation to derive stable bits from handwritten signatures.
- Feng Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," 2013 [Internet Draft]
- An internet draft submitted to IETF about J-PAKE.
- Feng Hao, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," 2013 [Internet Draft]
- An internet draft submitted to IETF about Schnorr signature.
- Feng Hao, "The Challenge of Being an Engineer - Reflections from a Security Engineer," 2014 [white paper]
- Reflections from my career expereince in the past 10 years starting from 2004 when I first started my PhD study
- Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
- My PhD dissertation completed within three years with three papers published on high-ranking journals (IEEE/Springer Transactions) covering three different research topics.
It's probably the shortest dissertation among those submitted by PhD graduates in the computer laboratory. See all technical reports.
- Feng Hao, "Cryptosystem with private key generation from dynamic properties
of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
- My M.Eng dissertation completed in 20 months (four months shorter than the normal course) with two papers published on high-ranking journals covering two different research topics.
- Newcastle University Security Research wiki [Link]
- An informal wiki system that I am currently maintaining to coordinate security research activities in the School of Computing Science.
- Newcastle University Security Research Blog [Security Upon Tyne]
- A blog set up to facilitate two-way communication: 1) to disseminate our research results to people outside Newcastle University; 2) to allow anyone to freely comment, scrutinize and criticize our work.