
Dr Ehsan Toreini
Academic and research departments
Computer Science Research Centre, Surrey Centre for Cyber Security.ResearchResearch interests
My field of research is focused on physical security (electric hardware and non-electric components), trustworthy machine learning and web security. My research is strongly engineering-focused in nature, be it through designing real-world attacks or cost-effective and efficient mitigations. I have over 35 peer-reviewed publications in cyber security (including top journals and venues such as Usenix Security Symposium, PoPETS, ACM Transactions on Privacy and Security, IEEE Transactions on Information Forensics and Security) and I own two US patents on authentication of physical objects using internal structure (#US10680825,#US10841098). In particular, I am proud of my work(s) on instinct-based anti-counterfeiting technologies in different documents (paper sheets and polymer-based banknotes), smartphone sensor attacks and defences and trustworthy machine learning. Finally, leading international media outlets such as The Economist, Wall Street Journal, BBC, Guardian, E&T and ACM Communications have featured my research. I won national and international grants and prizes for my research including “the Economist and Kaspersky cybersecurity award” on using Blockchain for e-voting.
I also have a significant industrial impact during my research career, including my impact on (1) Mozilla Firefox deployed a fix on Firefox 46 (CVE-2016-2813), (2) Apple included a fix in iOS 9.3 (CVE-2016-1780), (3) W3C (the main international web standards organisation) has released a revised version of the motion and orientation specification with a security section citing our research (4) Safari patched the vulnerabilities discovered based on our research (bug report #14685058). I am also an invited expert on Device and Sensor Group in W3C.
Please see my Google Scholar and homepage for more detail.
Research interests
My field of research is focused on physical security (electric hardware and non-electric components), trustworthy machine learning and web security. My research is strongly engineering-focused in nature, be it through designing real-world attacks or cost-effective and efficient mitigations. I have over 35 peer-reviewed publications in cyber security (including top journals and venues such as Usenix Security Symposium, PoPETS, ACM Transactions on Privacy and Security, IEEE Transactions on Information Forensics and Security) and I own two US patents on authentication of physical objects using internal structure (#US10680825,#US10841098). In particular, I am proud of my work(s) on instinct-based anti-counterfeiting technologies in different documents (paper sheets and polymer-based banknotes), smartphone sensor attacks and defences and trustworthy machine learning. Finally, leading international media outlets such as The Economist, Wall Street Journal, BBC, Guardian, E&T and ACM Communications have featured my research. I won national and international grants and prizes for my research including “the Economist and Kaspersky cybersecurity award” on using Blockchain for e-voting.
I also have a significant industrial impact during my research career, including my impact on (1) Mozilla Firefox deployed a fix on Firefox 46 (CVE-2016-2813), (2) Apple included a fix in iOS 9.3 (CVE-2016-1780), (3) W3C (the main international web standards organisation) has released a revised version of the motion and orientation specification with a security section citing our research (4) Safari patched the vulnerabilities discovered based on our research (bug report #14685058). I am also an invited expert on Device and Sensor Group in W3C.
Please see my Google Scholar and homepage for more detail.
Publications
The disclosure of domestic abuse or help needed is challenging for victims due to factors such as intimidation and fear of being caught. Domestic abuse is especially pernicious as the abuser can be a powerful adversary who may have complete control over all technological means of communication within the premises. We have developed a novel sensor-based method to unobtrusively create a shared secret between the victim and the supportive friend without exchanging data over the network. The generated secret shows entropy similar to some methods used in OpenSSL.
This article investigates the accessibility of cookie notices on websites for users with visual impairments (VI) via a set of system studies on top UK websites (n=46) and a user study (n=100). We use a set of methods and tools—including accessibility testing tools, text-only browsers, and screen readers—to perform our system studies. Our results demonstrate that the majority of cookie notices on these websites have some form of accessibility issue, including contrast issues, not having headings, and not being read aloud immediately when the page is loaded. We discuss how such practices impact the user experience and privacy and provide a set of recommendations for multiple stakeholders for more accessible websites and better privacy practices for users with VIs. To complement our technical contribution, we conduct a user study, finding that people with VIs generally have a negative view of cookie notices and believe our recommendations could help their online experience.