IACR News Central

Candidates must hold a PhD in computer science, electrical engineering or related areas, and must have a demonstrated record of top-quality research in theoretical cryptography or related areas.

If you are interested, please send an email with a copy of your CV, a short research statement, and the name of at least two candidates for reference letters. Review of applications will begin immediately and will continue until the position is filled, the starting date is flexible.

The three open positions are:

• 1 SENIOR HW-smartcards security expert in side channel attacks (DPA-like) and eventually also in perturbation attacks (DFA/laser like).
• 1 JUNIOR & 1 SENIOR security analyst for SW-Devices as routers, firewalls, etc.

Applications are invited for one PhD studentship in the Security Group at the Computer Laboratory to work with Dr Steven Murdoch. Funding for this position is provided by Microsoft Research Cambridge and Research Councils UK through the Dorothy Hodgkin Postgraduate Awards scheme. As such, applicants must be nationals from India, China, Hong Kong, South Africa, Brazil, Russia or countries in the developing world as defined by the Development Assistance Committee of the OECD: http://www.oecd.org/dataoecd/32/40/43540882.pdf

The successful candidate will undertake research in the field of anonymous communications and privacy enhancing technologies. This broad research area provides considerable scope for the PhD candidate to find his or her own research direction.

The objective is to explore how we can make mobile payment systems dependable despite the presence of malware. Research topics include the design of next-generation secure element hardware, trustworthy user interfaces, and mechanisms to detect and recover from compromise. Relevant skills include Android, payment protocols, human-computer interaction, hardware and software security, and cryptography.

Cryptographic protocols form the backbone of our digital society. Unfortunately, the security of numerous critical components has been neglected. As a consequence, attacks have resulted in financial loss, violations of personal privacy, and threats to democracy. This thesis aids the secure design of cryptographic protocols and facilitates the evaluation of existing schemes.

Developing a secure cryptographic protocol is game-like in nature, and a good designer will consider attacks against key components. Unlike games, however, an adversary is not governed by the rules and may deviate from expected behaviours. Secure cryptographic protocols are therefore notoriously difficult to define. Accordingly, cryptographic protocols must be scrutinised by experts using procedures that can evaluate security properties.

This thesis advances verification techniques for cryptographic protocols using formal methods with an emphasis on automation. The key contributions are threefold. Firstly, a definition of election verifiability for electronic voting protocols is presented; secondly, a definition of user-controlled anonymity for Direct Anonymous Attestation is delivered; and, finally, a procedure to automatically evaluate observational equivalence is introduced.

This work enables security properties of cryptographic protocols to be studied. In particular, we evaluate security in electronic voting protocols and Direct Anonymous Attestation schemes; discovering, and fixing, a vulnerability in the RSA-based Direct Anonymous Attestation protocol. Ultimately, this thesis will help avoid the current situation whereby numerous cryptographic protocols are deployed and found to be insecure.