Gerhard Hancke

Associate Professor · Computer Science · City University of Hong Kong

I am currently an Associate Professor in the Department of Computer Science at City University of Hong Kong. I obtained B.Eng and M.Eng degrees from the University of Pretoria (South Africa) in 2002 and 2003 respectively, and a PhD in Computer Science with the Security Group at the University of Cambridge's Computer Laboratory in 2009. I also received a LLB degree from the University of South Africa in 2014. Before joining CityU I worked for the Information Security Group at Royal Holloway, University of London as a researcher/engineer at the ISG Smart Card Centre (2007-2011) and as a Teaching Fellow (2011-2013). My current research focuses on the resilience and security of communication and services within the Internet of Things, especially in industrial applications. For more information about me you could refer to my CityU Scholars or my Google Scholar pages.

I am often looking for PhD students and Research Assistants. Candidates should preferably have a background in Computer Science or Electronic/Electrical Engineering with strong practical/applied skills. The Computer Science Department is ranked top 100 in 2021 by both QS and Times Higher. You can learn more about our PhD program here and about potential funding here

Professional Activities

Membership and Activities
  • Senior Member of the IEEE
  • IEEE Industrial Electronics Society (IES) AdCom Member(2017-2018)
  • Chair of the IES Technical Committee on Cloud and Wireless Systems for Industrial Applications (2017-2018).
  • IEEE IES representative to IEEE IoT Initiatives Board (2020/21) and IEEE RFID Council (2021)

  • Associate Editor of IEEE Open Journal of the Industrial Electronics Society (2019 to present)
  • Associate Editor of Springer Human-centric Computing and Information Sciences (2018 to present)
  • Associate Editor of IET Smart Cities, (2019 to present)
  • Associate Editor of IEEE Transactions on Industrial Informatics (2014 to present)
  • Editorial Board (Area Editor) of Elsevier Ad-Hoc Networks (2013 to present)

Selected Conferences
Organisation (Program/Track Chair)
  • IEEE International Conference on Industrial Technology (ICIT): Track Chair(2018), Special Session Organizer(2016,2017,2019)
  • IEEE International Symposium on Industrial Electronics (ISIE): Track Chair(2016,2019), Special Session Organizer(2016,2017)
  • IEEE Industrial Informatics Conference (INDIN): Track Chair(2014,2015,2017-2021), Special Session Organizer(2014-2016)
  • IEEE International Conference on Factory Communication System (WCFS): Program Chair(2019)
  • Workshop on RFID Security (RFIDSec): General Chair/Program Chair(2016)
  • Workshop on Information Security Theory and Practices (WISTP): Steering Committee (2018), Program Chair(2012,2017).

Program Comittee
  • ACM Conference on Wireless Network Security (WiSec):
  • ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)
  • ACM Asia Conference on Computer and Communications Security (ASIACCS)
  • European Symposium on Research in Computer Security (ESORICS)
  • International Conference on Privacy, Security and Trust (PST)
  • ACM Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec)

Awards & Certifications

  • Chartered Engineer (CEng) registered with UK Engineering Council(2013)
  • Security Technology Alliance 'Certified Smart Card Industry Professional' (CSCIP)(2010)
  • City University of Hong Kong, College of Engineering Outstanding Teaching Award (2020)
  • B1 Rated Researcher, South African National Research Foundation (2020)
  • J. David Irwin Early Career Award 2019 from the IEEE Industrial Electronics Society for “research and educational contributions and impact on secure and reliable technology for the Industrial Internet-of-Things."
  • Best Paper Award 2019 (IEEE Industrial Electronics Magazine).
  • Best Paper Award at the IEEE International Conference on Industrial Informatics (INDIN 2019).
  • Best Paper Award at the IEEE International Conference on Industrial Technology (ICIT 2013).


Publications and pre-prints I have historically kept on my website and have since been linked to by others. If you are looking for a list of publications refer to my Google Scholar and CityU Scholars Profile links at the top of the page.

Introduction to Industrial Control Networks
B. Galloway and G.P. Hancke. IEEE Communications Surveys and Tutorials, June 2012.
An overview of industrial control/SCADA networks. Preprint

Practical Eavesdropping and Skimming Attacks on High-Frequency RFID Tokens
G.P. Hancke. Journal of Computer Security. Vol 19, Issue 2, pp. 259-288, March 2011.
Some practical results and discussion of related industrial and academic work on eavesdropping and skimming attacks.

Design of a Secure Distance-Bounding Channel for RFID
G.P. Hancke. Elsevier Journal of Network and Computer Applications. Accepted to be published 2010.
Proof-of-concept implementation of a communication channel suitable for distance-bounding in HF RFID environments.

Security Challenges for User-Oriented RFID Applications within the 'Internet of Things'
G.P. Hancke, K.Markantonakis and K.E. Mayes. Journal of Internet Technology. Accepted to be published 2010.
Discussion of the role played by RFID in enabling user-oriented applications and the related security issues. Preprint

Confidence in Smart Token Proximity: Relay Attacks Revisited
G.P. Hancke, K.E. Mayes and K.Markantonakis. Elsevier Computers & Security, Vol. 28, Issue 7, pp 615-627. October 2009.
An overview of relay attacks in the smart token environment that discusses attack implementations, implications and possible countermeasures. Preprint

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones
L. Francis, G.P. Hancke, K.E. Mayes, K. Markantonakis. RFIDSec Asia, November 2012.

Practical NFC Peer-to-Peer Relay Attack using Mobile Phones
L. Francis, G.P. Hancke, K.E. Mayes and K. Markantonakis
Proceedings of RFIDSec 2010, June 2010.
Relay attack on mobile phone handsets using P2P NFC communication. Preprint

Eavesdropping Attacks on High-Frequency RFID Tokens
G.P. Hancke. Presented the 4th Workshop on RFID Security (RFIDSec), July 2008.
An overview/explanatory paper describing practical eavesdropping experiments by myself and other researchers on ISO 14443 and ISO 15693 contactless tokens.

Attacks on time-of-flight distance-bounding channels
G.P. Hancke and M.G. Kuhn. Presented at the ACM Conference on Wireless Network Security (WISEC'08), pp 194-202, March 2008.
Practical demonstration of late-commit and clocking attacks at the physical communication layer, which allows an attacker to circumvent distance-bounding measures.
Talk given at ACM Wisec 2008 on 2 April 2008 can be found here here.

Noisy Carrier Modulation for HF RFID
G.P. Hancke. Proceedings of First International EURASIP Workshop on RFID Technology, pp 63-66, September 2007.
This paper describes how to make the backward communication of HF RFID tokens resistant to eavesdropping. The reader transmits a ''noisy'' carrier onto which the token modulates its reply. It also shows that an attacker can easily distinguish between a token's response and a bit-blocking sequence transmitted by another device. Download
Talk given at RFID 2007 on 25 September 2007 can be found here here.

So Near and yet So Far: Distance-Bounding Attacks in Wireless Networks
J. Clulow, G.P. Hancke, M.G. Kuhn and T. Moore, European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), Springer-Verlag LNCS 4357, pp 83-97, July 2006.
A brief review of some secure location protocols, possible attacks on these and the subsequent requirements for implementing distance bounding protocols securely. Download

Practical Attacks on Proximity Identification Systems (Short Paper)
G.P. Hancke, Proceedings of IEEE Symposium on Security and Privacy, pp 328-333, May 2006.
This short paper describes some initial findings on practical attacks that we implemented against "proximity" (ISO 14443 A) type RFID tokens. Focusing mainly on the RF communication interface we discuss the results and implementation of eavesdropping, unauthorized scanning and relay attacks. Described attacks are simple and mostly "proof-of-concept", more work is being done to improve attack methods and extend attacks to other RFID standards. Download
Talk given at IEEE S&P on 24 May 2006 can be found here here.

An RFID distance bounding protocol
G.P. Hancke and Markus G. Kuhn. Proceedings of IEEE/CreateNet SecureComm, pp 67-73, September 2005.
Radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Cryptographic distance bounding protocols provide a possible countermeasure but schemes require fast time-base and signal acquisition hardware at both ends. We propose a new distance-bounding protocol that is more suited for use in systems with passive low-cost tokens. Download
Talk given at Securecomm on 6 September 2005 can be found here here.

A Practical Relay Attack on ISO 14443 Proximity Cards
G.P. Hancke, February 2005.
Authentication protocols in payment or access control systems based on contactless smartcards (or other NFC device) can be circumvented by simply relaying messages between the reader and smartcard. A proxy device is placed within range of the reader and communicates with another device held close to a valid card.The attack is based on the "grand master chess problem" and it is known that identification of physical entities are vulnerable to such real-time attacks. It should therefore be noted that this paper does not introduce a new attack, neither does it claim to be a high-tech, optimal realization. The paper describes a very simple working system, using off-the-shelf modules and standard components available from most electronic stores (Maplin etc). Download