Background

2004-2007 PhD at Computer Laboratory, University of Cambridge, UK

2001-2002 M.Eng at School of EEE, NTU, Singaproe

1997-2001 B.Eng (1st class) School of EEE, NTU, Singapore

Area of expertise: security engineering, applied cryptography, system security

Google Scholar: Click here.

More can be found at http://homepages.cs.ncl.ac.uk/feng.hao/

Research

His research interests include applied cryptography, biometrics and the interface between cryptography and biometrics.

Applied cryptography

• AV-net (anonymous vet)
• J-PAKE (password-based key exchange
• YAK (PKI-based key exchange)
• Open Vote Network (decentralized e-voting)
• DRE-i (centralized e-voting)
  

Biometrics

• Fast search algorithm for a large iris-code database
  
• Handwritten signature verification

 Biometric cryptosystems

• Combining crypto with biometrics effectively through error correction code
• Generating stable bits from handwritten signature through quantization

 More can be found at http://homepages.cs.ncl.ac.uk/feng.hao/

Publications

• Bag S, Azad M, Hao F. A Privacy-aware Decentralized and Personalized Reputation System. Computers & Security 2018, 77, 514-530.
• Hao Feng, Metere Roberto, Shahandashti Siamak, Dong Changyu. Analysing and Patching SPEKE in ISO/IEC. IEEE Transactions on Information Forensics and Security 2018, 13(11), 2844-2855.
• Perrotta R, Hao F. Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions. IEEE Security and Privacy 2018. In Press.
• Azad M, Bag S, Hao F, Saleh K. M2M-REP: Reputation System for Machines in the Internet of Things. Computers & Security 2018, 79, 1-16.
• Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. Stealing PINs via mobile sensors: actual risk versus user perception. International Journal of Information Security 2018, 17(3), 291-313.
• Hao F, Clarke D, Randell B, Shahandashti SF. Verifiable Classroom Voting in Practice. IEEE Security and Privacy 2018, 16(1), 72-81.
• McCorry P, Shahandashti SF, Hao F. A smart contract for boardroom voting with maximum voter privacy. In: FC: International Conference on Financial Cryptography and Data Security 21st International Conference, FC 2017. 2017, Sliema, Malta: Springer Verlag.
• Ajmal M, Bag S, Tabassum S, Hao F. privy: Privacy Preserving Collaboration Across Multiple Service Providers to Combat Telecoms Spam. IEEE Transactions on Emerging Topics in Computing 2017, Epub ahead of print.
• McCorry P, Shahandashti SF, Hao F. Refund Attacks on Bitcoin’s Payment Protocol. In: 20th International Conference on Financial Cryptography and Data Security (FC 2016). 2017, Barbados: Springer Verlag.
• Toreini E, Shahandashti SF, Hao F. Texture to the rescue: Practical paper fingerprinting based on texture patterns. ACM Transactions on Privacy and Security 2017, 20(3), 9.
• Ali ST, McCorry P, Lee PH-J, Hao F. ZombieCoin 2.0: managing next-generation botnets using Bitcoin. International Journal of Information Security 2018, 17(4), 411-422.
• Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript. Journal of Information Security and Applications 2016, 26, 23-38.
• Shahandashti SF, Hao F. DRE-ip: A Verifiable E-Voting Scheme without Tallying Authorities. In: ESORICS 2016. 2016, Springer.
• Hao F, Yi X, Bertino E. Editorial of special issue on security and privacy in cloud computing. Journal of Information Security and Applications 2016, 27-28, 1-2.
• Yi X, Rao FY, Tari Z, Hao F, Bertino E, Khalil I, Zomaya AY. ID2S Password-Authenticated Key Exchange Protocols. IEEE Transactions on Computers 2016, 65(12), 3687-3701.
• Mehrnezhad M, Ali MA, Hao F, van Moorsel A. NFC Payment Spy: A Privacy Attack on Contactless Payments. In: Security Standardisation Research, SSR 2016. 2016, Gaithersburg, MD, USA: Springer International Publishing.
• McCorry P, Shahandashti SF, Hao F. Refund Attacks on Bitcoin's Payment Protocol. In: 20th Financial Cryptography and Data Security (FC'16). 2016. Submitted.
• McCorry P, Moser M, Shahandasti SF, Hao F. Towards Bitcoin Payment Networks. In: Australasian Conference on Information Security and Privacy (ACISP 2016). 2016, Melbourne, Australia: Springer International Publishing.
• Toreini E, Randell B, Hao F. An Acoustic Side Channel Attack on Enigma. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2015. School of Computing Science Technical Report Series 1455.
• Mccorry P, Shahandashti SF, Clarke D, Hao F. Authenticated Key Exchange over Bitcoin. In: Security Standardisation Research : Second International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015. Cham: Springer International Publishing, 2015, pp.3-20.
• McCorry P, Shahandashti SF, Clarke D, Hao F. Authenticated Key Exchange over Bitcoin. In: 2nd International Conference on Research in Security Standardisation. 2015, Tokyo, Japan: Springer International Publishing.
• Hao F, Clarke D, Zorzo AF. Deleting Secret Data with Public Verifiability. IEEE Transactions on Dependable and Secure Computing 2016, 13(6), 617-629.
• Clarke D, Toreini E, Hao F. Determining User Passwords From Partial Information. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2015. School of Computing Science Technical Report Series 1461.
• Hao F. On the Trust of Trusted Computing in the Post-Snowden Age. In: 8th IEEE CSF Workshop on Analysis of Security APIs 2015. 2015, Verona, Italy.
• Yi X, Hao F, Chen L, Liu J. Practical Threshold Password-Authenticated Secret Sharing Protocol. In: 20th European Symposium on Research in Computer Security (ESORICS '15). 2015, Vienna, Austria: Spinger.
• Yi X, Hao F, Chen LQ, Liu JK. Practical Threshold Password-Authenticated Secret Sharing Protocol. In: Computer Security (ESORICS 2015). 2015, Vienna, Austria: Springer.
• Mehrnezhad M, Hao F, Shahandashti SF. Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment. In: 2nd International Conference on Research in Security Standardisation (SSR'15). 2015, Tokyo, Japan: Springer.
• Mehrnezhad M, Hao F, Shahandashti SF. Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment. In: Security Standardisation Reseach (SSR 2015). 2015, Tokyo, Japan: Springer International Publishing.
• Hao F, Xun Y, Liqun C, Shahandashti SF. The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group. In: 1st ACM Workshop on IoT Privacy, Trust and Security, ASIACCS IoTPTS’15. 2015, Singapore: ACM.
• Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. TouchSignatures: Identification of User Touch Actions based on Mobile Sensors via JavaScript. In: 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS'15). 2015, Singapore: ACM.
• Ali ST, McCorry P, Lee HJP, Hao F. ZombieCoin: Powering Next-Generation Botnets with Bitcoin. In: 2nd Workshop on Bitcoin Research, 19th International Conference - Financial Cryptography and Data Security 2015. 2015, Puerto Rico: International Financial Cryptography Association / Springer.
• Ali ST, McCorry P, Lee PHJ, Hao F. ZombieCoin: Powering Next-Generation Botnets with Bitcoin. In: FC 2015 International Workshops, BITCOIN, WAHC, and Wearable. 2015, San Juan, Puerto Rico: Springer.
• Clarke D, Hao F. Cryptanalysis of the Dragonfly key exchange protocol. IET Information Security 2014, 8(6), 283-289.
• Hao F, Kreeger MN, Randell B, Clarke D, Shahandashti SF, Lee PHJ. Every Vote Counts: Ensuring Integrity in Large-Scale Electronic Voting. USENIX Journal of Election Technology and Systems (JETS) 2014, 2(3), 1-25.
• Yi Xun, Hao F, Bertino E. ID-Based Two-Server Password-Authenticated Key Exchange. In: European Symposium on Research in Computer Security (ESORICS 2014). 2014, Wroclaw, Poland: Springer.
• Hao F. On robust key agreement based on public key authentication. Security and Communication Networks 2014, 7(1), 77-87.
• Satvat K, Forshaw M, Hao F, Toreini E. On the privacy of private browsing - A forensic approach. In: 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security (DPM 2013). 2014, Egham, UK: Springer.
• Satvat K, Forshaw M, Hao F, Toreini E. On the Privacy of Private Browsing - A Forensic Approach. Journal of Information Security and Applications 2014, 19(1), 88-100.
• Satvat K, Forshaw M, Hao F, Toreini E. On The Privacy Of Private Browsing - A Forensic Approach (short paper). In: European Symposium on Research in Computer Security (ESORICS) 2013, 8th DPM International Workshop on Data Privacy Management. 2014, Egham, UK.
• Mehrnezhad M, Hao F, Shahandashti SF. Tap-Tap and Pay (TTP): Preventing Man-In-The-Middle Attacks in NFC Payment Using Mobile Sensors. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1428.
• Hao F, Shahandashti SF. The SPEKE protocol revisited. In: Security Standardisation Research : First International Conference, SSR 2014. 2014, London, UK: Springer Verlag.
• Hao F, Shahandashti SF. The SPEKE Protocol Revisited. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1434.
• Hao F, Shahandashti SF. The SPEKE Protocol Revisited. In: First International Conference on Security Standardisation Research, SSR 2014. 2014, London: Springer.
• Clarke D, Hao F. Cryptanalysis of the Dragonfly Key Exchange Protocol. Newcaslte upon Tyne: Newcastle University, 2013. School of Computing Science Technical Report Series 1370.
• Satvat K, Forshaw M, Hao F, Toreini E. On the Privacy of Private Browsing - A Forensic Approach. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2013. School of Computing Science Technical Report Series 1397.
• Hao F. Verifiable classroom voting: Where cryptography meets pedagogy. In: Cambridge International Workshop on Security Protocols. 2013, Cambridge, UK: Springer Verlag.
• Hao F, Clarke D, Shepherd C. Verifiable classroom voting: Where cryptography meets pedagogy. In: Cambridge International Workshop on Security Protocols. 2013, Cambridge, UK: Springer Verlag.
• Hao F, Clarke D, Shepherd C. Verifiable Classroom Voting: Where Cryptography Meets Pedagogy. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2013. School of Computing Science Technical Report Series 1385.
• Hao F, Clarke D. How to Delete a Secret. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2012. School of Computing Science Technical Report Series 1364.
• Hao F, Clarke D. Security Analysis of a Multi-Factor Authenticated Key Exchange Protocol. Newcastle upon Tyne: Newcastle University, 2012. School of Computing Science Technical Report Series 1312.
• Hao F, Randell B, Clarke D. Self-Enforcing Electronic Voting. In: Security Protocols Workshop XX : 20th International Workshop. 2012, Cambridge: Springer Verlag.
• Hao F, Randell B, Clarke D. Self-Enforcing Electronic Voting. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2012. School of Computing Science Technical Report Series 1311.
• Hao F, Kreeger MN. Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2011. School of Computing Science Technical Report Series 1268.
• Hao F, Ryan PYA. How to Sync with Alice. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2011. School of Computing Science Technical Report Series 1260.
• Hao F, Ryan PYA. How to Sync with Alice. In: Security Protocols XIX : 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers. 2011, Heidelberg, Berlin, Germany: Springer-Verlag.
• Hao F. How to Sync with Alice (Transcript of Discussion). In: Security Protocols XIX : 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers. 2011, Heidelberg, Berlin, Germany: Springer-Verlag.
• Hao F. On Robust Key Agreement Based on Public Key Authentication. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2011. School of Computing Science Technical Report Series 1266.
• Hao F, Ryan PYA, Zieliński P. Anonymous voting by two-round public discussion. IET Information Security 2010, 4(2), 62-67.
• Hao F, Ryan PYA. J-PAKE: Authenticated Key Exchange Without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D, ed. Transactions on Computational Science XI: Special Issue on Security in Computing, Part II. Berlin; New York: Springer, 2010, pp.192-206.
• Hao F. On robust key agreement based on public key authentication (short paper). In: 14th International Conference on Financial Cryptography and Data Security. 2010, Tenerife, Spain: Springer.
• Hao F. On Small Subgroup Non-confinement Attack. In: 10th IEEE International Conference on Computer and Information Technology. 2010, Bradford, UK: IEEE.
• Hao F, Zielinski P. A 2-Round Anonymous Veto Protocol. In: Security Protocols: 14th International Workshop. 2009, Cambridge, UK: Springer.
• Hao F. A 2-Round Anonymous Veto Protocol (Transcript of Discussion). In: Security Protocols: 14th International Workshop. 2009, Cambridge, UK: Springer.
• Hao F, Zielinski P. The Power of Anonymous Veto in Public Discussion. In: Moreno, E.D., Gavrilova, M., Tan, C.J.K, ed. Transactions on Computational Science. Berlin; New York: Springer, 2009, pp.41-52.
• Hao F, Daugman J, Zielinski P. A Fast Search Algorithm for a Large Fuzzy Database. IEEE Transactions on Information Forensics and Security 2008, 3(2), 203-212.
• Hao F, Ryan PYA. Password Authenticated Key Exchange by Juggling. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2008. School of Computing Science Technical Report Series 1073.
• Hao F, Ryan P. Password Authenticated Key Exchange by Juggling. Proceedings of the 16th Workshop on Security Protocols. Cambridge SPW'08 2008, 6615, 159-171.
• Hao F, Anderson R, Daugman J. Combining Crypto with Biometrics Effectively. IEEE Transactions on Computers 2006, 55(9), 1081-1088.
• Hao F. Kish's key exchange scheme is insecure. Information Security 2006, 153(4), 141-142.
• Hao F, Chan CW. Online signature verification using a new extreme points warping technique. Pattern Recognition Letters 2003, 24(16), 2943-2951.
• Hao F, Chan CW. Private Key Generation from On-line Handwritten Signatures. Information Management & Computer Security 2002, 10(4), 159-164.