Dr Martin Emms
Current research interests
- Vulnerabilities in the current EMV payments architecture caused by the weak partitioning between Chip & PIN, contactless and mobile payment technologies.
- Investigating the security of EMV Next Generation.
- Distributed ledger as a disruptive enabling technology in payment systems e.g. peer-to-peer micro loans, mortgages and international money transfer. This would include a focus on the security issues created by the new technologies.
- Multi-modal user authentication combining IoT, wearable technologies, biometric identification techniques and smart data analysis of user activity / habits.
This research is supported by my extensive industry knowledge gained in my previous role, as a Solutions Architect, in retail banking / financial sectors in the UK, USA and Australia.in this role I was responsible for both design and implementation of large projects.
My PhD research investigates the question “Contactless payments; has security been sacrificed for usability?” specifically do the features which make contactless and mobile payments more convenient and user friendly negatively impact the security of the EMV payment system. This research combines abstract formal modelling, software emulation and practical demonstrations. This links the research theory, which identifies vulnerabilities in the payment system, to demonstrating the practical impact in a way that is relevant to both the payment industry and the public. Publications from this research include Financial Cryptography and Data Security 2013 and Computer and Communications Security 2014. In this research I have collaborated, prior to publication, with the UK Cards Association, the FCA, Visa, MasterCard and a number of major UK banks to ensure responsible disclosure of my research results.
I am principle investigator on the Access Control Live Lab. In this project I have designed and built an environment for the investigation of multimodal user authentication. The Access Control Lab combines IoT, wearable technologies and biometric identification techniques to create a physical space where multiple users are continuously identified without having to constantly enter PINs or passwords.
Research into the use of pervasive technologies in the protection of individuals such as survivors of domestic violence. For example; (1) smart-phone technologies which allow survivors of domestic violence to access support services without leaving any evidence in their phone or browsing history (2) technologies which allow survivors to send a discrete emergency call for help when they are under duress (3) user authentication which can identify an invalid user trying to access the device using the correct password. These projects were inspired and informed by collaboration with Northumbria Police, Metropolitan Police, Criminal Justice Board, National Crime Agency (NCA) and other government security agencies.
My research focuses on real-world impact of cyber security, as such I have been invited to present my work on TV news, BBC radio, in various UK newspapers and in computer security magazines.
Recently I have played a central role providing the content for one of the three weeks in Newcastle University's Cyber Security MOOC,
My teaching activities include mentoring MSc and BSc student's dissertation projects, giving guest lectures and teaching in computing practical sessions.
Blog - http://www.martinemms.com/Linkedin - https://uk.linkedin.com/in/martin-emms-13a4b718
Phone - +44 7973 189609
Martin's PhD research into potential vulnerabilities in the EMV payments system brought about by the introduction of Near Field Communications (NFC) payment technologies (i.e. NFC payment cards, mobile phone payments applications, NFC payment tags and NFC payment / top-up wrist bands). Supervised by Professor Aad van Moorsel with the School of Computing Science at Newcastle University.
We are meticulously examining the EMV protocol to find any anomalies that reduce the security of the new payment formats and devising solutions which will remove or mitigate the problem. Our practical experiments on the NFC payments are based on the Android mobile phone and PC platforms, some of these experiments have been developed into practical demonstrations that have been shown at the Newcastle Science Fest and University admission days.
- Emms M, Arief B, Freitas L, Hannon J, van Moorsel A. Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN. In: 21st ACM Conference on Computer and Communications Security (CCS). 2014, Scottsdale, Arizona, USA: ACM.
- Emms M, Arief B, Little N, van Moorsel A. Risks of Offline Verify PIN on Contactless Cards. In: Ahmad-Reza Sadeghi, ed. Financial Cryptography and Data Security. Berlin: Springer Berlin Heidelberg, 2013, pp.313-321.
- Emms M, Freitas L, van Moorsel A. Rigorous Design and Implementation of an Emulator for EMV Contactless Payments. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1426.
- Emms M, Arief B, Hannon J, van Moorsel A. POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2013. School of Computing Science Technical Report Series 1401.
- Emms M, van Moorsel A. Practical Attack on Contactless Payment Cards. In: HCI 2011: Health Wealth and Happiness. 2011, Northumbria University, Newcastle upon Tyne.
- Emms M, Arief B, van Moorsel A. Electronic Footprints in the Sand: Technologies for Assisting Domestic Violence Survivors. In: Bart Preneel and Demosthenes Ikonomou, ed. Privacy Technologies and Policy. Berlin: Springer Berlin Heidelberg, 2014, pp.203-214.
- Arief B, Coopamootoo KPL, Emms M, van Moorsel A. Sensible Privacy: How We Can Protect Domestic Violence Survivors Without Facilitating Misuse. In: Workshop on Privacy in the Electronic Society (WPES'14). 2014, Scottsdale, Arizona, USA.
- Emms M, Arief B, Freitas L, Hannon J, van Moorsel A. Harvesting high value foreign currency transactions from EMV contactless cards without the PIN. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1421.
- Emms M, Arief B, Little N, van Moorsel A. Risks of Offline Verify PIN on Contactless Cards. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2013. School of Computing Science Technical Report Series 1369.
- Ali MA, Arief B, Emms M, van Moorsel A. Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?. IEEE Security & Privacy 2017. In Press.