Posted on 09/08/2010
Dr Keith Mayes, Director of the Smart Card Centre at Royal Holloway, University of London, has been awarded £50,000 by the PARK commercialisation fund to lead the development of an RFID/smartcard attack detector product prototype, with Dr Gerhard Hancke as the lead developer.
The completed attack detector prototype will demonstrate how radio-frequency identification (RFID) card and similar systems, which are increasingly used for transport ticketing, for cash cards and to protect and verify high-value goods, can be protected from attacks by hackers. Royal Holloway’s Research and Enterprise Department assisted with acquiring the funding and with patenting the underlying technology.
The Information Security Group (ISG) Smart Card Centre is a close co-operation between academia and industry to provide a worldwide centre of excellence for training, research and consultancy in smart cards, tokens, security and applications.
The Centre continues to attract funding from industry and to develop its leading-edge research and expertise into practical products and services, totalling over £350,000 in the last year.
Dr Mayes said, “Sometimes everyone and everything seems to pull together at the same time and that was certainly the case with the ISG Smart Card Centre (SCC) award for the RFID Attack Detector (RAD). It only came about because the SCC was carrying out industry supported work that was seen as relevant and timely and because the team was well aware of security attack problems from our advisory work with industry and government. The involvement of Research and Enterprise was also pivotal, supporting our patent application and managing the successful application to the PARK funding board. The funding is to produce a prototype demonstrator and it will be interesting to see just how far the idea might progress.”
Vodafone and smart card manufacturer Giesecke & Devrient continued as Full Member funders of the Centre’s work, with ITSO (a UK transport standardisation organisation) and Transport for London funding the Centre as Associate Members.
Vodafone has also recently funded a PhD studentship for Graham Hilli to study security issues in virtual worlds. The popularity of such systems for entertainment continues to grow, but there has also been significant investment in developing them for business uses such as retailing and virtual meetings. Security is a serious issue in such applications, but has been largely neglected in the initial development of the technology for gaming.
The Centre’s advice is much sought after to solve specific industry issues. During 2009 the SCC/ISG continued to provide expert support to the Dutch Transport Ministry with respect to the OV-Chipkaart used in transportation systems in the Netherlands. Major elements of this substantial series of consultancy assignments for the Centre were the independent assessment of claimed security vulnerabilities and the migration planning review which completed in early 2010. This work is expected to have a major impact on Dutch transportation for years to come.
The Centre also continues to provide research and teaching on smart cards, RFID and associated technologies. Dr Mayes and Dr Markantonakis of the SCC are supervising nearly 30 Information Security MSc projects in 2010, and its researchers and PhD students continue to publish their work, producing over 16 publications since the start of 2009.