I'm a Reader
in Security Engineering at the School of Computing Science. I
graduated with a PhD in 2007 from the Security
Group (where I still have my old badge), at the Computer
Laboratory, University of Cambridge, under the joint
supervision of Prof Ross Anderson and
Daugman. Earlier, I received my B.Eng (1st class) and M.Eng
degrees from Nanyang Technological University (NTU), Singapore,
in 2001 and 2002 respectively. I had several years of working
experience in security industry before joining the faculty as a
lecturer in 2010.
My research interests focus on exploring the interaction
between cryptographic theory and security practice. I first
proposed to apply quantization
method to derive an encryption key from handwritten
signature. I also proposed the first practical and secure way to
combine iris biometrics and cryptography effectively. With
colleagues, I designed a number of cryptographic protocols: AV-net (to date the most
efficient solution to the Dining Cryptographers problem), YAK (the simplest and arugable one of the
most robust public-key authenticated key exchange
protocols), J-PAKE (a password authenticated key exchange
protocol that has been deployed to several million Internet users in the real world and has recently been adopted by the
ISO/IEC 11770-4 standard), Open Vote network (to date the most efficient decentralized e-voting protocol) and DRE-i
(the first E2E verifiable e-voting system that is
"self-enforcing"). So far, none of these protocols have been
broken. Besides designing secure protocols, I have broken
several of other researchers' insecure protocols, mainly in the
field of authenticated key exchange -- in particular, with my colleague
we found and fixed security weaknesses in SPEKE, a password-authenticated key exchange protocol that has been standardized in IEEE P1363.2 and ISO/IEC 11770-4. The attacks have been acknowledged by ISO/IEC SC 27 Work Group 2 and the standard is being revised to address the identified issues.
Some of the protocols that I designed have been applied in practice. In particular, J-PAKE
has been integrated into Mozilla Firefox since Dec, 2010 (see blog).
A verifiable classroom voting system based on the DRE-i protocol has been developed and subsequently
trialed in real classroom teaching with positive student feedback (paper here, the voting results
in a MSc class and a BSc class).
The DRE-i protocol represents the first step in exploring a new generation of e-voting protocols that are end-to-end verifiable and also free from any tallying
authority. I call this new direction as "Self-Enforcing Electronic Voting" (SEEV). In 2012, I was
awarded a 1.5 million euros ERC starting grant to support my further investigation on SEEV (one of the 7 such awards in computer science in the UK, and 34 in total in the Europe), and in 2015, a follow-up ERC Proof of Concept grant to support commercialization of SEEV (one of the 45 awards in Europe in all subjects, and the only one in the UK in computer science).
Finally, I have a general interest in designing efficient computing algorithms.
I modified the classic Dynamic Programming algorithm to make it more suitable for handwritten signature
verification. I worked with John Daugman, the original inventor of iris recognition, and designed a
fast search algorithm for iris recognition, which achieves a substantial speed-up over the traditional
exhaustive search algorithm with minimum loss of accuracy.
I'm fond of security research that is new, useful and diverse. I am a believer of Roger Needham's maxim: "Good research comes from tackling real problems
". I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
Maryam Mehrnezhad, Feng Hao, and Siamak F. Shahandashti,
"Tap-Tap and Pay (TTP): Preventing The Mafia Attack in NFC Payment,"
accepted by the 2nd International Conference on Research in Security Standardisation (SSR'15), 2015.
- This paper presents a new solution on preventing Mafia attacks in NFC payment by leveraging the highly correlated vibrations induced by physical tapping between two NFC-enabled devices. Our solution is arguably simpler and more cost-effective than previous solutions that are usually based on distance bounding or ambient environment measurements.
- Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke
and Feng Hao, "Authenticated Key Exchange over Bitcoin,"
accepted by the 2nd International Conference on Research in Security Standardisation (SSR'15), 2015. [Paper]
- It proposes a new category of authenticated key exchange (AKE) protocols, which we call "Bitcoin based AKE". Different from all previous AKE schemes (which are typically either PKI or password-based), this new category of AKE protocols bootstraps trust entirely from the block chain. We present two concrete Bitcoin-based AKE instantiations (based on Diffie-Hellman and YAK) to allow secure end-to-end communication between bitcoin users in a post-transaction scenario.
- Xun Yi, Feng Hao, Liqun Chen and Joseph Liu, "Practical
Threshold Password-Authenticated Secret Sharing Protocol," accepted by
the 20th European Symposium on Research in Computer Security (ESORICS'15), Vienna, Austria, 2015.
- It presents a technique to distribute a high-entropy secret using secret sharing and later retrieve the secret with a low-entropy password.
- Feng Hao, "On the Trust of Trusted Computing in
the Post-Snowden Age (abstract)," Accepted by the 8th IEEE CSF
Workshop on Analysis of Security APIs, 2015. [Abstract] [Slides] [Blog]
- It challenges the fundamental trust assumption underpinning "Trusted Computing" in light of Snowden revelations, and proposes to redesign the TPM/HSM APIs based on a new "Trust-but-Verify" paradigm.
- Feng Hao, Dylan Clarke, Avelino Zorzo,
"Deleting Secret Data with Public Verifiability," accepted by
IEEE Transactions on Dependable and Secure Computing,
2015. [Paper] [Blog]
- It presents a cryptographic protocol to make the data deletion operations more transparent and verifiable.
- Feng Hao, Xun Yi, Liqun Chen, Siamak
Shahandashti, "The Fairy-Ring Dance: Password Authenticated Key
Exchange in a Group," Proceedings of the 1st ASIACCS Workshop on IoT Privacy, Trust, and Security (IoTPTS'15), pp. 27-34, 2015. [Paper] [Blog]
- It presents two Group PAKE (GPAKE) protocols for establishing a group key based on password authentication (without needing any PKI). The first protocol, called SPEKE+, achieves authenticated group key exchange with explicit key confirmation in just two roundes, which is more round-efficient than any other protocols published in the literature. The second protocol, called J-PAKE+, needs one more round than SPEKE+, but is computationally faster. Experiments show that both protocols are practically feasible when the group size varies from three to a few dozen, and are ideally suitable for boostrapping secure group communication for IoT applications.
- Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee
and Feng Hao, "ZombieCoin: Powering Next-Generation
Botnets with Bitcoin," accepted by the 2nd FC Workshop on
Bitcoin Research, 2015. [Paper] [Forbes]
- It outlines a design of next-generation Botnets that may leverage the BitCoin blockchain for stealthy and fast Comand & Control, and discusses preemptive countermeasures.
- Feng Hao, Siamak Shahandashti, "The SPEKE
Protocol Revisited," Proceedings of the 1st International
Conference on Research in Security Standardisation (SSR'14), LNCS 8893, pp. 26–38, 2014. [Preprint] [blog]
- It points out two security issues with the SPEKE
protocol, as currently defined in the IEEE P1363.2 and ISO/IEC
11770-4 standards, and also proposes concrete changes to both
standards. During the recent ISO/IEC SC 27 meeting at Mexico in October 2014, our attacks were discussed and
it was agreed that the ISO/IEC 11770-4 standard should be revised to address
the identified security weaknesses. The revision work is curently in process.
- Xun Yi, Feng Hao, Elisa Bertino, "ID-Based
Two-Server Password-Authenticated Key Exchange," Proceedings of
European Symposium on Research in Computer Security (ESORICS),
LNCS 8713, pp. 257-276, 2014. [Springer]
- It presents a compiler to construct two-server PAKE from any secure two-party PAKE based on identity-based encryption.
- Kiavash Satvat, Matthew Forshaw, Feng Hao,
Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic
Approach," Journal of Information Security and
Applications, Vol. 19, No. 1, pp. 88-100, 2014. [Preprint] [blog]
- It is a journal version of the earlier short paper presented at DPM'13.
- Feng Hao, Matthew Kreeger, Brian Randell, Dylan
Clarke, Siamak Shahandashti, Peter Lee, "Every Vote Counts:
Ensuring Integrity in Large-Scale Electronic Voting," USENIX
Journal of Election Technology and Systems (JETS), Vol. 2, No.
3, 2014. [Paper]
- This paper lays the foundation for my 2012
ERC starting grant on "self-enforcing e-voting". It
challenges the traditional view on the role of trustworthy
tallying authorities in E2E verifiable voting protocols and
argues if such a role is as indispensable as many have believed
over the past twenty years. Since the initial publication as an
IACR report in
2010, the paper was repeatedly rejected by various conferences.
In the final acceptance in 2014, the basic DRE-i protocol
remains unchanged from its initial specification in 2010.
- Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini, "On The Privacy of Private Browsing - A Forensic Approach (short paper)", ESORICS Workshop on Data Privacy Management (DPM'13), to appear in LNCS [Paper] [Slides]
- It presents a comprehensive security analysis of
the current state of private browsing as implemented in major
browsers. The testing software is released here
as open source. Some identified issues have been acknowledged
by browser vendors and fixed accordingly in newer versions of
browsers (see the extended journal version of the
paper for details).
- Dylan Clarke, Feng Hao, "Cryptanalysis of the
Dragonfly Key Exchange Protocol," IET Information
Security, Vol. 8, No. 6, pp. 283-289, 2014. [Preprint]
- It points out that the omission of public key
validation renders the Dragonfly protocol (a recent Internet
draft submitted to IETF) completely insecure. Our attack has
been acknowledged and fixed accordingly in the newer
version of the Dragonfly specification in IETF.
- Feng Hao, Dylan Clarke, Carlton Shepherd, "Verifiable Classroom Voting - Where Cryptography Meets Pedagogy," Proceedings of the 21st Security Protocols Workshop (SPW), Cambridge, UK, 2013. [Paper]
- In this paper, we propose - and have implemented - the first verifiable classroom voting system.
- Jean Lancrenon, Dalia Khader, Peter Ryan, Feng Hao, "Password-based Authenticated Key Establishment Protocols," Computer And Information Security Handbook, pp. 300-350, Elsevier, 2013.
- It is an invited contribution as a book chapter on password authenticated key exchange protocols.
- Feng Hao, Brian Randell, Dylan Clarke, "Self-Enforcing Electronic Voting," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 23-31, 2012.
2012. [Draft] (also available in Newcastle University technical report No. 1311)
- It presents a vision about the next-generation e-voting.
- Dylan Clarke, Feng Hao, Brian Randell, "Analysis of Issues and Challenges of E-voting in the UK," Proceedings of the 20th Security Protocols Workshop (SPW'12), Cambridge, UK, LNCS 7622, pp. 126-135, 2012.
- It reviews the practical issues and challenges encountered in the UK e-voting trials.
- Feng Hao, Dylan Clarke, "Security Analysis of a Multi-Factor Authenticated Key Exchange," Proceedings of the 10th International Conference on Applied
Cryptography and Network Security (ACNS'12), LNCS 7341, pp. 1-11, 2012. [Draft]
- It reports two attacks on a multi-factor authenticated key exchange, proposed by Pointcheval and Zimmer at ACNS'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication," Security and Communication Networks, Special issue on Design and Engineering of Cryptographic
Solutions for Secure Information Systems, Wiley, 2012. [Paper] [IACR archive]
- This is the journal version of the YAK paper that was first presented at FC'10.
- Dalia Khader, Ben Smyth, Peter Y. A. Ryan, and Feng Hao, "A Fair and Robust Voting System
by Broadcast", Proceedings of the 5th International Conference on Electronic Voting
(EVOTE'12), 2012. [Paper]
- It describes how to add fairness and resistance to disruptions in decentralized e-voting.
- Feng Hao, Peter Ryan, "How to sync with Alice," Proceedings of the 19th Security Protocols
Workshop (SPW'11), Cambridge, UK, LNCS 7114, pp. 170-178, 2011. [Paper]
- It describes the sync problem and compares solutions by different browsers.
- Feng Hao, Matthew Nicolas Kreeger, "Every Vote Counts: Ensuring Integrity in DRE-based
Voting System," IACR report, 2010, [No. 452]
(also available in Newcastle University technical report No. 1268)
- It proposes a DRE-i protocol to ensure integrity for a DRE-based voting system.
- Feng Hao, Peter Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Transactions on
Computational Science XI, Special Issue on Security in Computing, Part II, Vol. 6480, pp. 192-206,
- It is a journal version of the J-PAKE paper, which was first presented at SPW'08.
- Feng Hao, "On Robust Key Agreement Based on Public Key Authentication", Proceedings of
the 14th International Conference on Financial Cryptography and Data Security (FC'10), Tenerife, Spain, LNCS
6052, pp. 383-390, 2010. [paper]
- It presents two new attacks on the HMQV protocol (a candidate being standardized by IEEE P1363). These attacks highlight the caution one should take when interpreting the provable results from a formal model. Since 2010, the standardization of HMQV in IEEE P1363 has paused. The paper also presents a new authenticated key agreement protocol called YAK. The YAK protocol is by far the simplest public-key authenticated key exchange protocol, and arguably one of the most robust.
- Feng Hao, "On Small Subgroup Non-Confinement Attacks," Proceedings of the 10th IEEE
International Conference on Computer and Information Technology, pp. 1022-1025, 2010.
- It explains that sometimes an attacker may exploit the non-confinement of small subgroups to attack some password-authenticated key exchange schemes.
- Feng Hao, Peter Ryan, Piotr Zielinski, "Anonymous Voting by 2-Round Public Discussion,"
IET Information Security, Vol. 4, No. 2, pp. 62-67, 2010 [paper]
- It presents a decentralized e-voting scheme called Open Vote Network. Our proposal is by far the most efficient solution among the decentralized e-voting schemes in all aspects, including the number of rounds, the computational load and the bandwidth usage
- Feng Hao, Piotr Zielinski, "The Power of Anonymous Veto in Public Discussion,"
Springer Transactions on Computational Science IV, Vol. 5430, pp. 41-52, Springer, 2009.
- It's a journal version of av-net paper that was first presented at SPW'06.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling (Transcript of Discussion) ," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 172-179, 2008.
- It is a transcript of discussion for the presentation of J-PAKE at SPW'08.
- Feng Hao, Peter Ryan, "Password Authenticated Key Exchange by Juggling," Proceedings of
the 16th Workshop on Security Protocols (SPW'08), Cambridge, UK, LNCS 6615, pp. 159-171, 2008.
- It proposes a crypto protocol called Password Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent
Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has clear advantages in security with comparable efficiency.
As of Oct 2014, J-PAKE has been adopted by the ISO/IEC 11770-4 standard and included into OpenSSL, Bouncycastle API and so on.
- Feng Hao, John Daugman, Piotr Zielinski, "A fast search algorithm for a large fuzzy database,"
IEEE Transactions on Information Forensics and Security, Vol. 3, No. 2, pp. 203-212, 2008.
- It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
- Feng Hao, "Kish's Key Exchange Scheme Is insecure," IEE Information Security, Vol. 153,
No. 4, pp. 141-142, 2006. [Paper]
- It points out that a "totally secure" communication system, featured in Science (2005), is seriously flawed. In security design, one cannot make security assumptions arbitrarily.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol (Transcript of Discussion),"
14th International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 212-214, 2009. [Springer]
- It is a discussion of transcript of the av-net workshop paper.
- Feng Hao, Piotr Zielinski, "A 2-Round Anonymous Veto Protocol," Proceedings of the 14th
International Workshop on Security Protocols (SPW'06), Cambridge, UK, LNCS 5087, pp. 202-211, 2006. [Paper] [Slides][Springer]
- It proposes a solution to the Dining Cryptographers problem (Chaum, 1988). Our proposal is by far the most efficient among all solutions proposed so far.
- Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively,"
IEEE Transactions on Computers, Vol. 55, No. 9, pp. 1081-1088, 2006. [Paper]
- It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
- Feng Hao, "Combining Crypto with Biometrics: a New Human-Security Interface," 13th
International Workshop on Security Protocols (SPW'05), Cambridge, UK, LNCS 4631, pp. 133-138, 2005.
- It presents a transcript of discussion on combining crypto with biometrics.
- Feng Hao, Choog-Wah Chan, "Online Signature Verification Using a New Extreme Points
Warping Technique," Pattern Recognition Letters, Vol. 24, No. 16, pp. 2943-2951, 2003. [Paper]
- It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
- Feng Hao, Choog-Wah Chan, "Private Key Generation from On-line Handwritten Signatures,"
Information Management & Computer Security, Vol. 10, No. 4, 159-164, 2002.
- It proposes to apply quantisation to derive stable bits from handwritten signatures.
- Feng Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," 2013 [Internet Draft]
- An internet draft submitted to IETF about J-PAKE.
- Feng Hao, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," 2013 [Internet Draft]
- An internet draft submitted to IETF about Schnorr signature.
- Feng Hao, "The Challenge of Being an Engineer - Reflections from a Security Engineer," 2014 [white paper]
- Reflections from my career expereince in the past 10 years starting from 2004 when I first started my PhD study
- Feng Hao, "On Using Fuzzy Data in Security Mechanisms," PhD dissertation, Computer Laboratory, University of Cambridge, 2007. [Tech report]
- My PhD dissertation completed within three years with three papers published on high-ranking journals (IEEE/Springer Transactions) covering three different research topics.
It's probably the shortest dissertation among those submitted by PhD graduates in the computer laboratory. See all technical reports.
- Feng Hao, "Cryptosystem with private key generation from dynamic properties
of human hand signature," M.Eng dissertation, School of Electrical and Electronic Engineering, Nanyang Technological University, 2002. [Link] [PDF]
- My M.Eng dissertation completed in 20 months (four months shorter than the normal course) with two papers published on high-ranking journals covering two different research topics.
- Newcastle University Security Research wiki [Link]
- An informal wiki system that I am currently maintaining to coordinate security research activities in the School of Computing Science.
- Newcastle University Security Research Blog [Security Upon Tyne]
- A blog set up to facilitate two-way communication: 1) to disseminate our research results to people outside Newcastle University; 2) to allow anyone to freely comment, scrutinize and criticize our work.