Owen Lo

Owen Lo

Dr Owen Lo

Senior Research Fellow

Biography

Dr Owen Lo is a Research Fellow in the Blockpass ID Lab at Edinburgh Napier University. Additionally, he also holds the role of Tech Lead at MemCrypt Ltd. Owen graduated with a 1st Honours (Class Medal Award) degree in Computer Networks and Distributed Systems at Edinburgh Napier University before continuing to complete a PhD at the same university on the topic of e-Health. Some awards Owen has received include: Young Software Engineer of the Year Award (Lumison Prize)(2010), Team Prize Raytheon Cyber Challenge Award (2011) and Student of the Year ENU Award (2012).

During his PhD, Owen contributed to the Data Capture and Auto Identification Reference (DACAR) Project – a project funded in part by EPSRC and TSB – and which aimed to create a secure cloud-based information sharing platform for patient data in healthcare environments. His work on the DACAR project includes the development of a Patient Simulator and an electronic version of the Early Warning Score system used to perform risk assessment on patients.

In his role as a Research Fellow, Owen has collaborated with organisations including Morgan Stanley and Keysight Technologies on industry focused research projects. His collaboration with Morgan Stanley focused on insider threats and investigated machine learning techniques to assess how one may determine if an employee was conducting malicious activity. Owen’s collaboration with Keysight Technologies involved research on the topic of side channel analysis and vulnerabilities related to IoT devices. His work on side channel analysis involved applying a technique called power analysis to block-based cryptographic encryption algorithms including Advanced Encryption Standard (AES) and PRESENT. His results showed that both algorithms are susceptible to information leakage (i.e. the secret key may be revealed) under certain conditions which results in the compromised security of both algorithms. Lastly, Owen’s research into IoT security has demonstrated numerous vulnerabilities with consumer ready devices including network service vulnerabilities and Bluetooth Low Energy vulnerabilities.

During his time at ENU, Owen has contributed to the success of three university spin-out companies: Symphonic Software, Cyancomb and MemCrypt Ltd. Symphonic Software involved the development of an information sharing engine used for the secure and trusted sharing of information between different sectors including finance, healthcare, social care, and law enforcement. For Cyancomb, he worked on research and development of a fully-featured contraband detection software used to enable rapid detection of illegal content on computing devices. Owen's work on MemCrypt, the most recent spin-out from ENU, is focused on ransomware detection and data recovery. In his role as Tech Lead at MemCrypt, Owen is currently leading the development of MemCrypt's core innovation: the ability to detect and capture cryptographic keys which allows for the rapid recovery of data affected by ransomware.

Esteem

Fellowships and Awards

  • Edinburgh Napier University Student of the Year Award
  • Young Software Engineer of the Year Award (3rd Place)
  • Institute Researchers win prize at Raytheon Security Challenge event

 

Invited Speaker

  • Blockpass Identity Lab Conference on Digital Identity, Blockchain and Advanced Cryptography
  • SICSA Cybernexus Workshop on Cybersecurity and the Internet of Things
  • CENSIS 5th Technology Summit
  • The Cyber Academy Big Data Conference
  • The Cyber Academy Conference of Ransomware, Cryptography and Pseudo-Identity
  • CEED-Scotland Forensics of IT and Data Analytics Workshop
  • The Cyber Academy Big Data Conference
  • The Cyber Academy International Conference on Cryptography and High Performance Computing

 

Media Activity

  • CyberASAP Alumni Case Study for MemCrypt Project (https://ktn-uk.org/news/cyberasap-alumni-insights-open-and-transparent-communication-between-team-members-and-university-is-key-to-a-successful-spin-out/)
  • DIGIT news article on MemCrypt Spinout (https://www.digit.fyi/edinburgh-napier-university-spinout-memcrypt-to-fight-ransomware/)
  • Edinburgh Napier University Press release on MemCrypt Ltd spin-out (https://www.napier.ac.uk/about-us/news/memcrypt-launch)
  • Research on IoT security vulnerabilities featured in The Scotsman article (https://www.scotsman.com/business/companies/tech/edinburgh-napier-and-glasgow-s-censis-partner-in-cybersecurity-drive-1-4765948)
  • Research on side channel analysis featured in Edinburgh Napier University Impact 2017 magazine (https://www.napier.ac.uk/~/media/images/impact-case-studies-september-2017/impact-magazine-2017.pdf)
  • Edinburgh Napier University writes news article on side channel analysis research (https://www.napier.ac.uk/about-us/news/can-your-device-be-hacked-by-tapping-its-power-supply)

 

Reviewing

  • Invited reviewer for International Journal of Information Security
  • Invited reviewer for International Conference on Security of Information and Networks (SIN)
  • Invited reviewer for Mobile Information Systems
  • Invited reviewer for Journal of Cyber Security Technology
  • Invited reviewer for IEEE Technology and Society Magazine

 

Date


41 results

GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture

Journal Article
Lo, O., Buchanan, W., Sayeed, S., Papadopoulos, P., Pitropakis, N., & Chrysoulas, C. (2022)
GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture. Sensors, 22(6), https://doi.org/10.3390/s22062291
E-governance is a process that aims to enhance a government’s ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evo...

PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching

Conference Proceeding
Abramson, W., Buchanan, W. J., Sayeed, S., Pitropakis, N., & Lo, O. (2022)
PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching. In 14th International Conference on Security of Information and Networkshttps://doi.org/10.1109/SIN54109.2021.9699138
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up wi...

GLASS: Towards Secure and Decentralized eGovernance Services using IPFS

Conference Proceeding
Chrysoulas, C., Thomson, A., Pitropakis, N., Papadopoulos, P., Lo, O., Buchanan, W. J., …Tsolis, D. (2022)
GLASS: Towards Secure and Decentralized eGovernance Services using IPFS. In Computer Security. ESORICS 2021 International Workshopshttps://doi.org/10.1007/978-3-030-95484-0_3
The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation, broa...

A Privacy-Preserving Platform for Recording COVID-19 Vaccine Passports

Conference Proceeding
Barati, M., Buchanan, W. J., Lo, O., & Rana, O. (2022)
A Privacy-Preserving Platform for Recording COVID-19 Vaccine Passports. In UCC '21: Proceedings of the 14th IEEE/ACM International Conference on Utility and Cloud Computing Companion. https://doi.org/10.1145/3492323.3495626
Digital vaccination passports are being proposed by various governments internationally. Trust, scalability and security are all key challenges in implementing an online vacci...

Electromagnetic Side-Channel Attack Resilience against PRESENT Lightweight Block Cipher

Conference Proceeding
Gunathilake, N. A., Al-Dubai, A., Buchanan, W. J., & Lo, O. (in press)
Electromagnetic Side-Channel Attack Resilience against PRESENT Lightweight Block Cipher. In Proceedings of CSP 2022
Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offe...

Electromagnetic Analysis of an Ultra-Lightweight Cipher: PRESENT

Conference Proceeding
Gunathilake, N. A., Al-Dubai, A., Buchanan, W. J., & Lo, O. (2021)
Electromagnetic Analysis of an Ultra-Lightweight Cipher: PRESENT. In 10th International Conference on Cryptography and Information Security (CRYPIS 2021) (185-205
Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, continuous observations of physical leakages are essential to minimise vulnerabilities associ...

Privacy-Preserving Passive DNS

Journal Article
Papadopoulos, P., Pitropakis, N., Buchanan, W. J., Lo, O., & Katsikas, S. (2020)
Privacy-Preserving Passive DNS. Computers, 9(3), https://doi.org/10.3390/computers9030064
The Domain Name System (DNS) was created to resolve the IP addresses of web servers to easily remembered names. When it was initially created, security was not a major concern...

Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

Journal Article
Lowe, I., Buchanan, W. J., Macfarlane, R., & Lo, O. (2019)
Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction. Journal of Networking Technology, 10(4), 124-155. https://doi.org/10.6025/jnt/2019/10/4/124-155
Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car enterta...

Identifying Vulnerabilities Using Internet-wide Scanning Data

Conference Proceeding
O'Hare, J., Macfarlane, R., & Lo, O. (2019)
Identifying Vulnerabilities Using Internet-wide Scanning Data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), (1-10). https://doi.org/10.1109/ICGS3.2019.8688018
Internet-wide scanning projects such as Shodan and Censys, scan the Internet and collect active reconnaissance results for online devices. Access to this information is provid...

System and method for management of confidential data

Patent
Buchanan, B., Lo, O., Macfarlane, R., Penrose, P., & Ramsay, B. (in press)
System and method for management of confidential data. GB2561176A
This application is for a method of data management to identify confidential digital content on a database by first receiving a management request 302 from a system 304 to car...

Current Post Grad projects

Previous Post Grad projects