About Me

Winner of "The Economist Cyber Security Competition 2017" , I am a cyber security expert and an enthusiastic researcher. My main field of research is tamper-evident (integrity protection) protocol design, web security and authentication protocols. I am always ready to face new challenges, especially if it involves new technologies and ideas.

Expertise

Security Engineering

Secure Protocol Design

Cryptography

Physical Unclonable Functions

Biometric Authentication

E2E Integrity

Identity Protection
Web Security

Browser Security

Integrity Assurance

Protection against Browser Vunralibities

WebCrypto
Blockchain

E-Voting over Block Chain

Smart Contracts over Block Chain
Machine Learning

Artificial Neural Networks

Evolutionary Algorithms

Contact Details

Ehsan Toreini
Secure and Resilient Systems (SRS),
Urban Sciences Building,
Newcastle University,
Newcastle upon Tyne, NE4 5TG

ehsan.toreini@ncl.ac.uk

Highlights

Highlights

2018

- My final dissertation on "New Advances in Tamper Evident Technologies" can be accessed here.

- Our proposed DRE based Electronic Voting protocol got accepted into phase 3 of "Innovate UK Cyber Security Academic Startups Programme".

- Shortlisted for Stage 2 in the "EPSRC Connected Nation Pioneers Competition".

- Our proposed DRE based Electronic Voting protocol got accepted into phase 2 of "Innovate UK Cyber Security Academic Startups Programme".

- DOMtegrity submitted to IEEE Transactions on Dependable Security Journal.

- We released the source code of DOMtegrity, our proposed protocol to detect tampering in the web page source code by malicious extensions.

2017

- Fingerprinting Papers to protect documents against forgery featured in The Economist as "secure paper" and in Wallstreet Journal as "cheap and tough to crack" solution for counterfeiting.

- Our research in accepted in ACM TOPS. Robust,efficient algorithm to identify a #paper by its #fingerprint: http://goo.gl/mpfyrf

2016

- Raked 3rd in "The Economist Cyber security Challenge"

- Appeared in various media outlets including BBC, the Guardian, ... for our JavaScript-based attacks on user PINs through mobile sensors

2015

- Acknowledged by Mozilla, Apple and Chrome for discovering some critical bugs in mainstream browsers for JavaScript Mobile Sensor Permissions. Firefox and Safari fixed the vulnerability in their latest releases in iOS 9.3 and Firefox 46.

- Cited by W3C starndard draft for deviceorientation API, our work was the motivation to add a "security and privacy" section to the standard document.

Education

Newcastle University

PhD, Computing Science October 2013 - October 2017

Thesis Title
New Advances in Tamper Evident Technologies

Conducted a series of research on novel solutions in revealing tampering attacks. I have studies tampering in two problem domains:

  • Physical Tamper Evidence
    Proposed a new fast, easy, and reliable method to detect unique texture patterns of a Paper Sheet, also known as Paper Fingerprints, to ensure its authenticity.
  • Cyber Tamper Evidence
    Proposed an authentication protocol in JavaScript and Node.js to ensure integrity and authenticity of a parsed web page source code to the server against any possible forgery especially by Malicious Browser Extensions. I developed the system in vanilla JavaScript, Node.js and Python.]

Led two separate teams to deliver the above projects. Both resulted into decent academic papers within planned schedules.

Azad University, Mashhad Branch

Master's Degree, Software Engineering 2007 - 2010

Thesis Title
A New Approach in Data Clustering using PSO Algorithm
GPA -- 17.30 (out of 20), 3.63 (out of 4.0)

Ferdowsi University of Mashhad

Bachelor's Degree, Software Engineering 2002 – 2007

Thesis Title
Mobile Robot Navigation with Genetic Algorithm
GPA -- 15.11 (out of 20), 3.04 (out of 4.0)

Work

Research Associate

Newcastle University February 2018 - Now

  • My research is now focused on two topics:
    • Real-world deployment od our patented verifiable eletronic voting protocol (DRE-ip)
    • Design secure anti-coutnerfeiting platform through cryptographic authentication of PUF charactristics of non-electrical products

System Analyst

Newcastle University June 2017 - January 2018

  • Security analysis and peneteration testing of SEEVS online voting web site. Our team patched the whole web site against SQL injection attacks and performed thorough analysis of other cyber attacks.
  • Redeign of the voting kernel to a fault-tolerant components.

Project Technician

Newcastle University 2013 - 2016

  • designed, implemented and maintained responsive front-end module of "Verifiable Classroom Voting System" using bootstrap and JavaScript.
  • Maintained a PowerPoint plug-in for E-Voting Project which involved basic browsing functionality with Microsoft C# and Office Development Tools.

Summer Research Scholarship

School of Computing Science, Newcastle University 2015

  • Designed and implemented a PowerPoint plug-in in C# to tightly integrate the PowerPoint slides with the back-end e-voting web server for rendering and interacting with "Verifiable Classroom Voting System" in Newcastle University.

Summer Vocation Studentship

School of Computing Science, Newcastle University 2014

  • Project Title: "Security Analysis of Browser Extensions" for £2,000
  • Ivestigated the security impact of browser extensions on web applications.
  • Analyzed and implemented an array of attacks to mainstream financial websites by browser Extensions in both Firefox (XUL) and Chrome (WebExtensions).

Analysis of Privacy Leakage in Browsers in Private Mode

School of Computing Science, Newcastle University 2014

  • comprehensive analysis of private browsing across four most popular web browsers: IE, Firefox, Chrome and Safari.
  • We report that all browsers under study suffer from a variety of vulnerabilities, many of which have not been reported or known before.

Visiting Researcher

School of Computing Science, Newcastle University Jan 2013 - 2014

  • Designed an acoustic attack on historic Enigma by the noises produced while typing.
  • Utilized voice recognition techniques to generate an identifier for each keypress, then used machine learning algorithms to identify the pressed key. The results were impressively accurate.

Software Analyst

Mashhad Municipality, Iran 2015

  • ERP and BPMS Selection Analyst
  • ASMX Web Service development with C#
  • Database Administration, Designing and Implementing Stored Procedures in MS SQL Server 2008, Designing the Security Layers

Co-Founder and Developer

Amir Kabir Inc., Iran 2010 - 2012

  • Co-Founded a startup company
  • Member of a development team to implement and support software for a local chain supermarket in VB.Net and MS SQL Server 2008. I managed to experience PDA development to record the product flow as part of the software package while performing common supermarket supply chain processes. The system implemented successfully for more than a year.

Lecturer in various universities

Iran 2007 - 2012

  • Mainly Taught: Web Programming, Technical English and Operating Systems Fundamentals

Founder and Executive chief of “Scientific Translation Committee”,

Ferdowsi University of Mashhad, Iran 2006

Publications

2018

Ehsan Toreini, Siamak F. Shahandashti, Maryam Mehrnezhad, Feng Hao. "DOMtegrity: Ensuring Web Page Integrity against Malicious Browser Extensions" . Submitted to: IEEE Transactions on Dependable and Secure Computing.
more info

2017

Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. "Texture to the Rescue: Practical Paper Fingerprinting based on Texture Patterns" . ACM Transactions on Privacy and Security (TOPS), ACM, 2017.
ePrint | more info inc. abstract, media coverage, and BibTeX

2016

Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception" . Data Privacy Management and Autonomous Spontaneous Security, 380-389.
ePrint | Source Code

Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. "Touchsignatures: identification of user touch actions and pins based on mobile sensor data via javascript" . Journal of Information Security and Applications 26, 23-38.
Publication | Source Code

Maryam Mehrnezhad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. "PiSHi: click the images and I tell if you are a human" . International Journal of Information Security, 1-17.
Publication

Patrick McCorry, Ehsan Toreini, Maryam Mehrnezhad. "Removing Trusted Tallying Authorities" . Newcastle University.
Technical Report

2015

Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao. "Touchsignatures: identification of user touch actions based on mobile sensors via javascript" . Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security.
Poster | Source Code

Dylan Clarke, Ehsan Toreini, Feng Hao. "Determining User Passwords From Partial Information" . Newcastle University.
Technical Report

Ehsan Toreini, Brian Randell, Feng Hao. "An acoustic side channel attack on enigma" . Newcastle University.
Technical Report

2014

Saman Poursiah Navi, Ehsan Toreini, Maryam Mehrnejad, Seyyed Kazem Shekofteh. "Analysis Of The Usage Of Chaotic Theory In Data Clustering Using Particle Swarm Optimization" . Indian Journal of Scientific Research 4 (3), 335-353.
Publication

Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini. "On the privacy of private browsing–a forensic approach" . Data Privacy Management and Autonomous Spontaneous Security, 380-389.
ePrint

2012

Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. "SEIMCHA: a new semantic image CAPTCHA using geometric transformations" . The ISC International Journal of Information Security 4 (1), 63-76.
ePrint

2011

Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini "Multiple seimcha: multiple semantic image captcha" . International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint

Ehsan Toreini, Maryam Mehrnejad. "A novel method in fuzzy data clustering based on chaotic PSO" . International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint

Maryam Mehrnejad, Ehsan Toreini, Abbas Ghaemi Bafghi. "Security analyzing and designing GUI with the resources model" . International Conference for Internet Technology and Secured Transactions (ICITST), 2011.
ePrint

Ehsan Toreini, Maryam Mehrnejad. "Clustering Data with Particle Swarm Optimization using a new fitness" . Data Mining and Optimization (DMO), 2011 3rd Conference on, 266-270.
ePrint

Peyman Neamatollahi, Hoda Taheri, Ehsan Toreini, Mahmoud Naghibzadeh, Mohhamad Hossein Yaghmaee. "A novel fuzzy metric to evaluate clusters for prolonging lifetime in wireless sensor networks" . Artificial Intelligence and Signal Processing (AISP), 2011 International.
ePrint

Maryam Mehrnejad, Abbas Ghaemi Bafghi, Ahad Harati, Ehsan Toreini. "A new image based CAPTCHA based on geometric transformations" . 8thInternational ISC Conference on Information Security and Cryptology, FUM.
ePrint

Accomplishments

  • Ranked 3rd in The Kaspersky Lab Cyber Security Case Study Competition Hosted By The Economist Which MBA?

  • Acknowledged by Apple, Mozilla and Chrome: Our researches lead to discovering some critical bugs in mainstream browsers for JavaScript Mobile Sensor Permissions. Firefox and Safari fixed the vulnerability in their latest releases in iOS 9.3 and Firefox 46.

  • Ranked Top 1% in:

    • Out of 400,000: National University Entrance Exam, Iran, 2002
    • Out of 2000: Azad University Entrance Exam, Iran, 2002
    • Out of 10,000: National University MSc Entrance Exam, Iran, 2007
    • Out of 500: Azad University MSc Entrance Exam, Iran, 2007

  • Several Media Appearances for different projects including the Economist, the Guardian, BBC, etc.