I'm a Reader
in Security Engineering and co-lead (with Prof. Alexander Romanovsky) the Secure & Resilient Systems (SRS) group at the School of Computing Science, Newcastle University. I
graduated with a PhD from the Security Group
(where I still have my old badge), at
the Computer Laboratory, University of Cambridge, under the joint
supervision of Prof Ross
Anderson and Prof John
Daugman. I had six years working experience in security industry with a CISSP
before joining Newcastle University Computing Science as a lecturer in December 2010. With Peter Ryan, we co-edited a
book "Real-Wolrd Electronic Voting: Design, Analysis and Deployment"
Press, in Amazon). I currently maintain
the Security Upon Tyne blog and the Newcastle Security Research wiki.
My research interests (and that of my research team) are driven by
tackling real-world security problems. With colleagues, I designed a
few cryptographic protocols: AV-net (so far the most efficient
solution to the Dining Cryptographers problem), YAK (the simplest and arugable one of the
most robust public-key authenticated key exchange protocols), J-PAKE (a password authenticated
key exchange protocol that has been deployed to several million
Internet users in the real world and has recently been adopted by the
ISO/IEC 11770-4 standard), Open Vote
network (so far the most efficient decentralized e-voting
protocol) and DRE-i
(the first E2E verifiable e-voting system that is
"self-enforcing"). So far, none of these protocols have been
broken. Besides designing secure protocols, I cryptanalyze insecure protocols. With Siamak
Shahandashti, we found and fixed security weaknesses in SPEKE, a
password-authenticated key exchange protocol that has been
standardized in IEEE P1363.2 and ISO/IEC 11770-4. The attacks have
been acknowledged by ISO/IEC SC 27 Work Group 2 and the standard is
being revised to address the identified issues.
Some of the protocols that we designed have been applied in
practice. In particular, J-PAKE (see blog)
has been used in Palemoon
sync (based on an earlier J-PAKE implemention used by Firefox from 2010 to 2015), Google Nest products and Thread (which defines industry standard for IoT). A verifiable classroom voting
system based on the DRE-i protocol has been developed and
subsequently trialed in real classroom teaching with positive student
feedback (paper here,
the voting results in a MSc
class and a BSc
class). The DRE-i protocol represents the first step in exploring
a new generation of e-voting protocols that are end-to-end verifiable
and also free from any tallying authority. I call this new direction
as "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was awarded a
1.5 million euros ERC
starting grant to support my further investigation on SEEV (one of
the 7 such awards in computer science in the UK, and 34 in total in
the Europe), and in 2015, a follow-up ERC
Proof of Concept grant to support commercialization of SEEV (one
of the 45 awards in Europe in all subjects, and the only one in the UK
in computer science).
Finally, I have a general interest in designing efficient computing algorithms.
I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature
verification. I worked with John Daugman, the original inventor of iris recognition, and designed a
fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional
exhaustive search algorithm with a negligible loss of accuracy.
I'm fond of security research that is new, useful and diverse. I am a believer of Roger Needham's maxim: "Good research comes from tackling real problems
". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
- Siamak F. Shahandashti and Feng Hao, "DRE-ip: A Verifiable E-Voting Scheme
without Tallying Authorities," the 21st European Symposium on Research in Computer Security (ESORICS), 2016. [PDF]
- This paper presents a new "self-enforcing e-voting" system called DRE-ip. DRE-ip and DRE-i may be seen as sister techniques; both achieve end-to-end (E2E) verifiability without tallying authorities. However, DRE-ip opts for a real-time computation strategy rather than pre-computation as in DRE-i. As a result, it has the advantage of providing higher assurance on privacy.
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti and Feng Hao, "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception," the 1st European Workshop on Usable Security (EUROUSEC), 2016. [PDF]
- This paper presents an improved attack (over our earlier work) on stealing the user's PINs via mobile sensors. It further presents a user study to evaluate the user awareness of the data leakage problem caused by the sensors. The results indicate that users are generally not aware of the data generated by sensors and how that data might be used to undermine security and privacy.
- Patrick McCorry, Malte Möser, Siamak F. Shahandasti, and Feng Hao, "Towards Bitcoin Payment Networks," Proceedings of the 21st Australasian Conference on Information Security and Privacy (ACISP'06), 2016. [PDF]
- Bitcoin in the current form does not scale up. This paper reviews proposals that aim to address this problem by facilitating "off-chain transactions".
- Xun Yi, Fang-Yu Rao, Zahir Tari, Feng Hao, Elisa Bertino, Ibrahim Khalil and Albert Y. Zomaya, "ID2S Password-Authenticated Key Exchange
Protocols," Accepted by IEEE Transactions on Computers, 2016, in press.
- It's an extended journal version of an earlier conference paper presented at ESORICS'14, with Xun Yi and Elisa Bertino.
- Feng Hao, "DRE-i and Self-Enforcing E-Voting", Real-World Electronic Voting: Design, Analysis and Deployment (Feng Hao and Peter Ryan, Eds), CRC Press, 2016. [PDF]
- It's a contributing book chapter that describes a 10-year research journey leading to the invention of "self-enforcing e-voting".
- Feng Hao and Peter Ryan (Eds), Real-World Electronic Voting: Design, Analysis and Deployment, CRC Press, 2016. [Amazon] [CRC Press] [Blog]
- Patrick McCorry, Siamak F. Shahandashti, Feng Hao,
"Refund Attacks on Bitcoin's Payment Protocol," accepted by the 20th
Financial Cryptography and Data Security (FC'16), 2016. [Paper] [Blog]
presents two attacks on the standard BIP70 Bitcoin Payment protocol
and a countermeasure. Both attacks and the countermeasure have been
acknowledged by the two largest Bitcoin processors, Bitpay and
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti,
Feng Hao, "TouchSignatures: Identification of User Touch
of Information Security and Applications, Elsevier, 2016, in
press. [Paper], [Blog], [Mozilla advisory],
[Apple patch in iOS 9.3],
[Chromium bug tracker],
- It reports a signficiant security flaw in the current
the sensor data in a browser on a mobile phone. The W3C community and
major browser vendors (Mozilla, Google, Apple, Opera) have
acknowledged our work and are implementing some of our suggested
countermeasuers. This paper is a journal version of the one presented
earlier at ASIACCS'15.
- Maryam Mehrnezhad, Feng Hao, and Siamak
F. Shahandashti, "Tap-Tap and Pay (TTP): Preventing The Mafia Attack
in NFC Payment," Proceedings of the 2nd International Conference on
Research in Security Standardisation (SSR'15), LNCS 9497, pp. 21-39, 2015. [Paper]
- This paper presents a new solution on preventing Mafia attacks in
NFC payment by leveraging the highly correlated vibrations induced by
physical tapping between two NFC-enabled devices. Our solution is
arguably simpler and more cost-effective than previous solutions that
are usually based on distance bounding or ambient environment
- Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke and
Feng Hao, "Authenticated Key Exchange over Bitcoin," Proceedings
of the 2nd International Conference on Research in Security
Standardisation (SSR'15), LNCS 9497, pp. 3-20, 2015. [Paper]
- It proposes
a new category of authenticated key exchange (AKE) protocols, which
bootstrap trust entirely from the block chain (as opposed to PKI or
shared passwords). This work fills in an important gap, which is currently
not covered by any key exchange standards (e.g., IEEE, ISO/IEC).
- Xun Yi, Feng Hao, Liqun Chen and Joseph Liu,
"Practical Threshold Password-Authenticated Secret Sharing Protocol,"
Proceedings of the 20th European Symposium on Research in Computer
Security (ESORICS'15), LNCS 9326, pp. 347-365, 2015. [Springer]
- It presents a
technique to distribute a high-entropy secret using secret sharing and
later retrieve the secret with a low-entropy password.
- Feng Hao, "On the Trust of Trusted Computing in the
Post-Snowden Age (abstract)," accepted by the 8th IEEE CSF Workshop on
Analysis of Security APIs, 2015 (no proceedings). [Abstract] [Slides] [Blog]
- It challenges the fundamental trust assumption underpinning
"Trusted Computing" in light of Snowden revelations, and proposes to
redesign the TPM/HSM APIs based on a new "Trust-but-Verify" paradigm.
- Feng Hao, Dylan Clarke, Avelino Zorzo, "Deleting
Secret Data with Public Verifiability," accepted by IEEE
Transactions on Dependable and Secure Computing, 2015. [Paper] [Blog]
- It presents a cryptographic protocol to make the data
deletion operations more transparent and verifiable.
- Feng Hao, Xun Yi, Liqun Chen, Siamak Shahandashti,
"The Fairy-Ring Dance: Password Authenticated Key Exchange in a
Group," Proceedings of the 1st ASIACCS Workshop on IoT Privacy, Trust,
and Security (IoTPTS'15), pp. 27-34, 2015. [Paper] [Blog]
- It presents J-PAKE+ and SPEKE+, the group variants of J-PAKE
and SPEKE (both of which have been used in practical applications). Our work
establishes a new record of round efficiency for Group PAKE, and is
close to the best achievable that one may hope for.
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti,
Feng Hao, "TouchSignatures: Identification of User Touch
Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS'15), pp. 673-673, 2015. [ACM link]
- It presents the first attack on breaching privacy of a mobile user
does not require installing any software (app) on the user's device,
and hence is potentially more dangerous.
- Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee and
Feng Hao, "ZombieCoin: Powering Next-Generation Botnets with
Bitcoin," Proceedings of the 2nd FC Workshop on Bitcoin Research, LNCS 8976, pp. 34-48,
2015. [Paper] [Forbes]
- It outlines a design of next-generation Botnets that may
leverage the BitCoin blockchain for stealthy and fast Comand &
Control, and discusses preemptive countermeasures.
- Feng Hao, Siamak Shahandashti, "The SPEKE Protocol
Revisited," Proceedings of the 1st International Conference on
Research in Security Standardisation (SSR'14), LNCS 8893, pp. 26–38,
2014. [Preprint] [blog]
- It points out two security issues with the SPEKE protocol, as
currently defined in the IEEE P1363.2 and ISO/IEC 11770-4 standards,
and also proposes a solution to address the attacks. Both attacks
have been acknowledged by the technical commiteee in ISO/IEC SC 27, work group 2, with
our proposed fix being included into ISO/IEC 11770-4 standard.
- Xun Yi, Feng Hao, Elisa Bertino, "ID-Based Two-Server
Password-Authenticated Key Exchange," Proceedings of European
Symposium on Research in Computer Security (ESORICS), LNCS 8713,
pp. 257-276, 2014. [Springer]
- It presents a compiler to construct two-server PAKE from any
secure two-party PAKE based on identity-based encryption.
- Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan
Toreini, "On The Privacy of Private Browsing - A Forensic Approach,"
Journal of Information Security and Applications, Vol. 19,
No. 1, pp. 88-100, 2014. [Preprint] [blog]
- It is a journal version of the earlier short paper presented
at DPM'13. It adds the response from the browser industry and
acknowledgement of our work.
- Feng Hao, Matthew Kreeger, Brian Randell, Dylan
Clarke, Siamak Shahandashti, Peter Lee, "Every Vote Counts: Ensuring
Integrity in Large-Scale Electronic Voting," USENIX Journal of
Election Technology and Systems (JETS), Vol. 2, No. 3, 2014. [Paper]
- This paper lays the foundation for my 2012
ERC starting grant on "self-enforcing e-voting". It challenges the
traditional view on the role of trustworthy tallying authorities in
E2E verifiable voting protocols and argues if such a role is as
indispensable as many have believed over the past twenty years. Since
the initial publication as an IACR report in 2010, the
paper was repeatedly rejected by various conferences. In the final
acceptance in 2014, the basic DRE-i protocol remains unchanged from
its initial specification in 2010.
- Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan
Toreini, "On The Privacy of Private Browsing - A Forensic Approach
(short paper)", Proceeding of ESORICS Workshop on Data Privacy Management (DPM'13),
LNCS 8247, pp. 380-389, 2013 [Paper] [Slides]
presents a comprehensive security analysis of the current state of
private browsing as implemented in major browsers. The testing
software is released here
as open source. Some identified issues have been acknowledged by
browser vendors and fixed accordingly in newer versions of browsers
(see the extended journal
version of the paper for details).
- Dylan Clarke, Feng Hao, "Cryptanalysis of the
Dragonfly Key Exchange Protocol," IET Information
Security, Vol. 8, No. 6, pp. 283-289, 2014. [Preprint]
- It points out that the omission of public key
validation renders the Dragonfly protocol (a recent Internet
draft submitted to IETF) completely insecure. Our attack has
been acknowledged and fixed accordingly in the newer
version of the Dragonfly specification in IETF.
- Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
- In this paper, we propose - and have implemented - the first verifiable classroom voting system.
- Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
- It is an invited contribution as a book chapter on password authenticated key exchange protocols.
- Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012.
2012. [Draft] (also available in Newcastle University technical report No. 1311)
- It presents a vision about the next-generation e-voting.
- Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
- It reviews the practical issues and challenges encountered in the UK e-voting trials.
- Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied
Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
- It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic
Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
- This is the journal version of the YAK paper that was first presented at FC'10.
- Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System
by Broadcast", Proceedings of the 5th International Conference on Electronic Voting
(EVOTE'12), 2012. [Paper]
- It describes how to add fairness and resistance to disruptions in decentralized e-voting.
- Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols
Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
- It describes the sync problem and compares solutions by different browsers.
- Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based
Voting System," IACR report, 2010, [No. 452]
(also available in Newcastle University technical report No. 1268)
- It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
- Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on
Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206,
- It is a journal version of the J-PAKE paper, which was first presented at SPW'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of
the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS
6052, pp. 383-390, 2010. [paper]
- It presents two new attacks on the HMQV protocol (a candidate being standardized by IEEE P1363). These attacks highlight the caution one should take when interpreting the provable results from a formal model. The attacks were discussed by IEEE P1363 Working Group in 2010, and since then the standardization of HMQV in IEEE P1363 has been paused. The paper also presents a new authenticated key agreement protocol called YAK. The YAK protocol is by far the simplest public-key authenticated key exchange protocol, and arguably one of the most robust.
- Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE
International Conference on Computer and Information Technology, pp. 1022-1025, 2010.
- It shows a counter-example to explain that the claim about the on-line dictionary attack resistance in SRP-6 is not valid. This does not threaten the practical security of SRP-6, but serves to highlight the risk of making heuristic claims without any proof.
- Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion,"
IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper]
- It presents a decentralized e-voting scheme called Open Vote Network. Our scheme is more efficient than the previous Kiayias-Yung (PKC'02) and Groth (FC'04) solutions in all aspects, including the number of rounds, the computational load and the bandwidth usage
- Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion,"
Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009.
- It's a journal version of av-net paper that was first presented at SPW'06.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008.
- It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008.
- It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent
Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has clear advantages in security with comparable efficiency.
As of Oct 2014, J-PAKE has been adopted by the ISO/IEC 11770-4 standard, included into OpenSSL, Bouncycastle API, and used in commercial applications such as browser sync and Google Nest thermostats.
- Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database,"
IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008.
- It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
- Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153,
No. 4, pp. 141-142, 2006. [Paper]
- It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. In security design, one cannot make security assumptions arbitrarily.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion),"
14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
- It is a discussion of transcript of the av-net workshop paper.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th
International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
- It proposes a solution to the Dining Cryptographers problem (Chaum, 1988). Our solution is by far the most efficient among those proposed since 1988.
- Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively,"
IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper]
- It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
- Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th
International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005.
- It presents a transcript of discussion on combining crypto with biometrics.
- Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points
Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
- It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
- Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures,"
Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002.
- It proposes to apply quantisation to derive stable bits from handwritten signatures.
- Feng Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," 2013 [Internet Draft]
- An internet draft submitted to IETF about J-PAKE.
- Feng Hao, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," 2013 [Internet Draft]
- An internet draft submitted to IETF about Schnorr signature.
- Feng Hao, "The Challenge of Being an Engineer - Reflections from a Security Engineer," 2014 [white paper]
- Reflections from my career expereince in the past 10 years starting from 2004 when I first started my PhD study
- Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
- My PhD dissertation completed within three years with three papers published on high-ranking journals (IEEE/Springer Transactions) covering three different research topics.
It's probably the shortest dissertation among those submitted by PhD graduates in the computer laboratory. See all technical reports.
- Feng Hao, "Cryptosystem with private key generation from dynamic properties
of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
- My M.Eng dissertation completed in 20 months (four months shorter than the normal course) with two papers published on high-ranking journals covering two different research topics.
- Newcastle University Security Research wiki [Link]
- An informal wiki system that I am currently maintaining to coordinate security research activities in the School of Computing Science.
- Newcastle University Security Research Blog [Security Upon Tyne]
- A blog set up to facilitate two-way communication: 1) to disseminate our research results to people outside Newcastle University; 2) to allow anyone to freely comment, scrutinize and criticize our work.