I'm a Principal Product Security Engineer at nCipher Security (since January 2019).
Previously, I was a PhD student (Security Group, Computer Laboratory), supervised by Professor Ross Anderson. My thesis was published in November 2018: Baqer, K. (2018). Resilient payment systems (Doctoral thesis). https://doi.org/10.17863/CAM.32372
My research interests include payment systems security (cryptocurrencies, mobile payment systems, EMV (Chip-and-PIN) payment protocol), and anonymous communication (including censorship-circumvention tools).
This paper discusses the way in which protocols at different levels in the stack evolve on different timescales, and how we can use ideas from institutional economics to understand this.
DigiTally is an overlay payment scheme for use on mobile phones, whose goals are to extend mobile phone payments to areas with poor connectivity and reduce transaction fees. DigiTally enables two people to do a payment transaction by simply copying short strings of numbers between their phones. This doesn't need either smartphones or a network connection. Either phone can upload the transaction later, once it gets a network connection.
- DigiTally: Piloting Offline Payments for Phones (13th Symposium on Usable Privacy and Security, SOUPS 2017) [PDF] [Slides] [Blog]
- SMAPs: Short Message Authentication Protocols (International Workshop on Security Protocols 2016, SPW24) [PDF]
- SMAPs: Short Message Authentication Protocols (Transcript of discussion) [PDF]
We present an empirical study of the July 2015 spam campaign (a "stress test") that resulted in a DoS attack on Bitcoin. The goal of our investigation being to understand the methods spammers used and impact on Bitcoin users. We use a clustering method to group transactions and show varying patterns, and we analyse the security economics of the spam campaign.
We explore how we can crowdsource trust. Just as a religion's power comes from its faithful rather than from the government, so also a trust service's power should derive from the users who trust it, rather than from the state or from a CA that's too big to fail.
C8F0 A0B5 D9C3 4D00 82A7 1ACB C33D 4801 C264 9BEC