Cryptographic Analysis of Real-World Messaging Systems

Millions of people each day exchange messages via messaging protocols, and have been integrated into many aspects of our society, including government and military usage. While the uptake of secure messaging has been explosive, the analysis of these messaging protocols has been slow: many protocols such as Telegram or Matrix have been used to secure communication channels between individuals without academic attention, leading to the discovery of real-world attacks. This project will focus on understudied real-world messaging protocols and peripheral technologies that have yet to be formally analysed.

About the Supervisor

Dr. Benjamin Dowling is interested in the analysis of real-world cryptography, extending security frameworks to bridge the gap between theoretical cryptography and its usage in the real-world. His notable publications influenced the design of secure communication protocols such as SSL/TLS, the first analysis of secure messaging protocols such as Signal, and achieving post-quantum security in practical cryptographic protocols.

Project Description

This project represents a multi-faceted approach into the analysis of real-world secure messaging protocols. You will learn different tools and techniques that will aid in proving security properties of security messaging protocols, including automated tools such as Tamarin and ProVerif, and theoretical frameworks such as computational modelling for authenticated channel establishment protocols. In addition, you will investigate broader (and understudied) aspects of secure messaging protocols, such as authentication ceremonies similar to those proposed by Signal and PGP. Finally, you will propose improvements to real-world cryptographic protocols, and demonstrating that they achieve new and stronger notions of security than those used today.

About the Department

99 percent of our research is rated in the highest two categories in the REF 2021, meaning it is classed as world-leading or internationally excellent. We are rated as 8th nationally for the quality of our research environment, showing that the Department of Computer Science is a vibrant and progressive place to undertake research.

The Security of Advanced Systems group within the Department of Computer Science here at the University of Sheffield has significant experience in the analysis of real-world cryptographic protocols. This expertise is complemented by deep engagement in artificial intelligence and machine learning, focusing on the automated synthesis of cryptographic algorithm building blocks and secure protocols. The Department of Computer Science also undertakes research into developing complex systems that are demonstrably dependable and secure. We address the underlying problems by developing systematic, automated techniques that are grounded in sound theory.

Entry Requirements

The candidate should have an M.Sc. degree in Computer Science or applied mathematics with excellent grades, with a strong mathematical background. Some background in cryptography or information security would be a benefit. The candidate should have good programming skills (experience in C-based languages and Python are beneficial) and fluent written and verbal communication skills in English.

If English is not the applicants first language, they must have an IELTS score of 6.5 overall, with no less than 6.0 in each component.

How to Apply

To apply for a PhD studentship, applications must be made directly to the University of Sheffield using the Postgraduate Online Application Form. Make sure you name  Dr Benjamin Dowling as your proposed supervisor.

Information on what documents are required and a link to the application form can be found here - https://www.sheffield.ac.uk/postgraduate/phd/apply/applying 

The form has comprehensive instructions for you to follow, and pop-up help is available.

Your research proposal should:

-be no longer than 4 A4 pages, include references

-outline your reasons for applying for this studentship

-explain how you would approach the research, including details of your skills and experience in the topic area