Owen Lo

Owen Lo

Dr Owen Lo

Research Fellow

Biography

Dr Owen Lo is a Research Fellow at Edinburgh Napier University. Owen graduated obtained a 1st Honours (Class Medal Award) degree in Computer Networks and Distributed Systems at Edinburgh Napier University before continuing to complete a PhD at the same institute on the topic of e-Health. Some awards Owen has received include: Young Software Engineer of the Year Award (Lumison Prize)(2010), Team Prize Raytheon Cyber Challenge Award (2011) and Student of the Year ENU Award (2012).

During his PhD, Owen contributed to the Data Capture and Auto Identification Reference (DACAR) Project – a project funded in part by EPSRC and TSB – which aimed to create a secure cloud-based information sharing platform for patient data in healthcare environments. His work on the DACAR project includes the development of a Patient Simulator and an electronic version of the Early Warning Score system used to perform risk assessment on patients. The Patient Simulator was designed to simulate the vital physiological signs of a human patient (heart rate, blood pressure, respirator rate, oxygen levels and breath rate) while the electronic EWS allowed for automated risk assessment based on the parameters observed in a patient. The Patient Simulator and electronic EWS system proved instrumental in demonstrating and evaluating the capabilities of the DACAR e-Health platform in the context of secure input, processing and output of clinical data.

Following on from the DACAR project, Owen also worked on the development of a consumer transaction simulator which was designed to evaluate a secret sharing engine used by the company Payfont. The secret sharing engine used by Payfont had capability of applying numerous sharing algorithms including Shamir’s Secret Sharing (SS), Perfect Secret Sharing (PSS), Information Dispersal Algorithm (IDA) and Computational Secret Sharing (CSS). The simulator developed for this work allowed one to create different scenarios to determine which algorithm was most functional relative to the performance of data to be fragmented.

During his time as a researcher at Edinburgh Napier University, Owen has also contributed to the successful spin-out of two companies: Symphonic Software and Cyan Forensics. For Symphonic Software, Owen helped develop an information sharing engine used for the secure and trusted sharing of information between different sectors including finance, healthcare, social care and law enforcement. His work on Symphonic Software also involved research on the OAuth 2.0 protocol used by digital identity providers (e.g. Facebook, Google, LinkedIn and so on). His work on Cyan Forensics included the development of a fully-featured contraband detection software used to rapidly determine if an individual is suspected of storing illegal data on a computer. The contraband detection software was designed specifically to be used by digital forensics experts within the law enforcement sector.

More recently, Owen has successfully worked on collaboration projects with business and industry partners including Morgan Stanley and Keysight Technologies. His collaboration with Morgan Stanley focused on insider threats and investigated machine learning techniques to assess how one may determine if an employee was a threat to the organisation. In his most recent work, his collaboration with Keysight Technologies has involved research on the topic of side channel analysis and vulnerabilities related to IoT devices. His work on side channel analysis involved applying a technique known as power analysis to block based cryptographic algorithms including Advanced Encryption Standard (AES) and PRESENT. His results has shown that both algorithms are susceptible to information leakage (i.e. the private key may be revealed) under certain conditions which results in the compromised security of both algorithms. Lastly, Owen’s research into IoT security has demonstrated numerous vulnerabilities with consumer ready devices including network service vulnerabilities and Bluetooth Low Energy vulnerabilities.

Esteem

Fellowships and Awards

  • Edinburgh Napier University Student of the Year Award
  • Young Software Engineer of the Year Award (3rd Place)
  • Institute Researchers win prize at Raytheon Security Challenge event

 

Invited Speaker

  • CENSIS 5th Technology Summit
  • SICSA Cybernexus Workshop on Cybersecurity and the Internet of Things
  • The Cyber Academy Big Data Conference
  • Blockpass Identity Lab Conference on Digital Identity, Blockchain and Advanced Cryptography
  • CEED-Scotland Forensics of IT and Data Analytics Workshop
  • The Cyber Academy Conference of Ransomware, Cryptography and Pseudo-Identity
  • The Cyber Academy Big Data Conference
  • The Cyber Academy International Conference on Cryptography and High Performance Computing

 

Media Activity

  • Research on IoT security vulnerabilities featured in The Scotsman article (https://www.scotsman.com/business/companies/tech/edinburgh-napier-and-glasgow-s-censis-partner-in-cybersecurity-drive-1-4765948)
  • Research on side channel analysis featured in Edinburgh Napier University Impact 2017 magazine (https://www.napier.ac.uk/~/media/images/impact-case-studies-september-2017/impact-magazine-2017.pdf)
  • Edinburgh Napier University writes news article on side channel analysis research (https://www.napier.ac.uk/about-us/news/can-your-device-be-hacked-by-tapping-its-power-supply)

 

Reviewing

  • Invited reviewer for Journal of Cyber Security Technology
  • Inivited reviewer for IEEE Technology and Society Magazine

 

Date


35 results

Privacy-Preserving Passive DNS

Journal Article
Papadopoulos, P., Pitropakis, N., Buchanan, W. J., Lo, O., & Katsikas, S. (2020)
Privacy-Preserving Passive DNS. Computers, 9(3), https://doi.org/10.3390/computers9030064
The Domain Name System (DNS) was created to resolve the IP addresses of web servers to easily remembered names. When it was initially created, security was not a major concern...

Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

Journal Article
Lowe, I., Buchanan, W. J., Macfarlane, R., & Lo, O. (2019)
Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction. Journal of Networking Technology, 10(4), 124-155. https://doi.org/10.6025/jnt/2019/10/4/124-155
Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car enterta...

Identifying Vulnerabilities Using Internet-wide Scanning Data

Conference Proceeding
O'Hare, J., Macfarlane, R., & Lo, O. (2019)
Identifying Vulnerabilities Using Internet-wide Scanning Data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), (1-10). https://doi.org/10.1109/ICGS3.2019.8688018
Internet-wide scanning projects such as Shodan and Censys, scan the Internet and collect active reconnaissance results for online devices. Access to this information is provid...

System and method for management of confidential data

Patent
Buchanan, B., Lo, O., Macfarlane, R., Penrose, P., & Ramsay, B. (in press)
System and method for management of confidential data. GB2561176A
This application is for a method of data management to identify confidential digital content on a database by first receiving a management request 302 from a system 304 to car...

Method for identification of digital content

Patent
Buchanan, B., Lo, O., Penrose, P., Ramsay, B., & Macfarlane, R. (2018)
Method for identification of digital content. World Intellectual Property Organization
Many areas oi investigation require searching through data that may be oi interest. One example oi data that may be involved in an investigation is copyrighted material that m...

Correlation Power Analysis on the PRESENT Block Cipher on an Embedded Device

Conference Proceeding
Lo, O., Buchanan, W. J., & Carson, D. (2017)
Correlation Power Analysis on the PRESENT Block Cipher on an Embedded Device. In ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security
Traditional cryptographic techniques have proven to work well on most modern computing devices but they are unsuitable for devices (e.g. IoT devices) where memory, power consu...

Applications of Blockchain Within Healthcare.

Journal Article
Bell, L., Buchanan, W. J., Cameron, J., & Lo, O. (2018)
Applications of Blockchain Within Healthcare. Blockchain in Healthcare Today,
There are several areas of healthcare and well-being that could be enhanced using blockchain technologies. These include device tracking, clinical trials, pharmaceutical traci...

Distance Measurement Methods for Improved Insider Threat Detection

Journal Article
Lo, O., Buchanan, W. J., Griffiths, P., & Macfarlane, R. (2018)
Distance Measurement Methods for Improved Insider Threat Detection. Security and Communication Networks, 2018, 1-18. https://doi.org/10.1155/2018/5906368
Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can p...

Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA)

Journal Article
Lo, O., Buchanan, W. J., & Carson, D. (2016)
Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology, 1(2), 88-107. https://doi.org/10.1080/23742917.2016.1231523
This article demonstrates two fundamental techniques of power analysis, differential power analysis (DPA) and correlation power analysis (CPA), against a modern piece of hardw...

Secret shares to protect health records in Cloud-based infrastructures

Conference Proceeding
Buchanan, W. J., Ukwandu, E., van Deursen, N., Fan, L., Russell, G., Lo, O., & Thuemmler, C. (2016)
Secret shares to protect health records in Cloud-based infrastructures. In 2015 17th International Conference on E-health Networking, Application & Services (HealthCom)https://doi.org/10.1109/HealthCom.2015.7454589
Increasingly health records are stored in cloud-based systems, and often protected by a private key. Unfortunately the loss of this key can cause large-scale data loss. This p...

Current Post Grad projects

Previous Post Grad projects