With the emergence of the internet of things and ultra-high speed mobile and wireless connectivity on the horizon, future communication systems need to incorporate novel protection mechanisms to ensure security, reliability, and adequate fault tolerance.
We collaborate closely with Surrey's 5G Innovation Centre to build secure communication systems in sectors such as connected vehicles and digital healthcare.
Improving security in the internet of things era
The internet of things has widespread implications in terms of privacy, ethics, trust, reliability, acceptability and security.
Our University is collaborating with eight other leading UK universities to explore these critical issues in the £9.8m PETRAS IoT Research Hub, funded by EPSRC and partner contributions.
In one of the hub’s projects, Lightweight Security and Privacy for Geographic Personal Data and Location Based Services (GEOSEC), conducted in partnership with Ordnance Survey we are looking at the security and privacy weaknesses within location based information delivery services and designing a new lightweight solution with low networking overheads.
Another Petras-Hub project, Blockchain Technology for IoT in Intelligent Transportation Systems (B-IoT), focuses on intelligent transport systems security key and privacy management using permissioned blockchain technology.
SAFRON (Safe Operational Radio Network for mixed-priority communications to trains using a shared architecture)
The SAFRON project aims to create a prototype to demonstrate how wireless networks (WIFI, LTE and 5G) can be used to train the trackside communications for mixed applications including those which are safety related and mission critical.
We are collaborating with Surrey’s 5G Innovation Centre to oversee the security analysis and design of the communication between the train systems and the rail route control centre, using secure tunnelling techniques.
SECONDO: a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era
SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy. This is a timely research problem, as the rapid growth of cyber-attacks is expected to continue its upwards trajectory. Such growth presents a prominent threat to normal business operations and the EU society itself. On the other hand, an interesting, well-known, finding is that an organisation's computer systems may be less secure than a competitor's, despite having spent more money in securing them.
- Budget: 1,600,800 EUR
- Funding body: H2020
- Centre lead: Dr Manos Panaousis
- Co-investigators: Dr Kaitai Liang
- Timeframe: January 2019 - January 2023.
Budget setting, cyber security investment choices and cyber insurance, in the face of uncertainties, are highly challenging tasks with massive business implications. SECONDO aims to make impact on the operation of EU businesses who often: (i) have a limited cyber security budget; and (ii) ignore the importance of cyber insurance.
Cyber insurance can play a critical role to the mitigation of cyber risk. This can be done by imposing a cost on firms' cyber risk through a premium that they have to pay and the potential for paying a smaller premium should they reduce their current cyber security risk. SECONDO has a cross- disciplinary nature, combining mathematical and engineering insights to empower innovative software.
Apart from the novel research results, the project will offer a software platform to narrow the gap between theoretical understanding and practice. To achieve this, the four industrial project partners will i) lead the part of the project where industrial needs will be entered as input to the requirements collection phase, and, ii) provide their innovative software for risk assessment. The three academic partners will work together to i) design and thoroughly describe the proposed methodologies, but also ii) contribute to their software development.
SPEAR (Secure and PrivatE smArt gRid)
Bringing together a consortium of six European universities, two European research centres and eight industry partners, the SPEAR project is focused on the protection of smart grid infrastructures from cyber attacks.
Major electricity companies including Public Power Corporation (Greece’s main electricity provider) and Schneider Electric France SAS, are providing their infrastructure for the assessment of the tools being developed by us and the SPEAR consortium.
Real-time monitoring and big data analytics will be used to pick up any unusual activity, with the overall aim of improving the resilience of smart grid and increasing trust in electricity providers. We will also be developing the SPEAR blockchain to maintain intrusion detection logs facilitating timely attack prevention.
- Budget: €2,965,600
- Funding: EU H2020 – Secure Societies Challenge
- Centre lead: Dr Manos Panaousis
- Co-investigators: Professor Steve Schneider, Dr Kaitai Liang
- Timeframe: 2018-2021.
Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on Critical INfrastructures (CIN), new technologies are needed to increase our detection and response capabilities.
Detecting and responding to such attacks by a highly motivated, skilled and well-funded attacker has however been proven highly challenging. One of the most vulnerable and high-impact CIN is the Smart Grid. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy CIN.
However, securing smart grids against cyber-attacks is of vital importance for national security and public safety, since the collapse of an energy production utility may cause human lives, millions of euros, denial of a very important and common good such as energy and days or even months of recovering. To this end, the SPEAR proposal aims at:
- Detecting and responding to cyber-attacks using new technologies and capabilities
- Detecting threat and anomalies timely
- Developing all-in-one security detection solutions
- Leveraging advanced forensics subject to privacy-preserving
- Confronting Advanced Persistent Threat (APT) and targeted attacks in smart grids
- Increasing the resilience of the smart grid innovation
- Alleviating the lack of trust in smart grid operators
- Empowering EU-wide consensus.
Within SPEAR, four proof-of-concept use cases are planned in order to validate and assess the implemented security and privacy tools.
SwiftAid - Automating Gift Aid on card donations
Gift Aid is a UK tax benefit that increases the value of donations to charity by 25 per cent at no extra cost to donors. Over the past decade, there has been a shift towards card payments over cash, which has had detrimental effects on the money charities have been able to collect with donation buckets. The industry is responding by adopting contactless terminals, but currently, there is no seamless way of attaching Gift Aid to these donations.
- Budget: £108,744
- Funding body: Innovate UK
- Centre lead: Professor Steve Schneider
- Co-investigators: Dr David Williams, Dr François Dupressoir
- Timeframe: 2018-2019.
Our key objectives are:
- Create a demonstrator running on a live payment system that submits live Gift Aid claims to HMRC on behalf of a charity and complies with all HMRC requirements.
- Create a formal model of the system.
- Investigate future distributed nature of the underlying blockchain.
Areas of focus include:
- Digital receipting linked to payments
- Live payment system integration
With Swiftaid, a donor will sign up, register their card and authorise Swiftaid to generate the Gift Aid declaration on their behalf. All gifts then made by that card, Gift Aid will be automatically attached. The donor would remain in control, allowing them to manage and view all donations while staying anonymous to the charity. We are well aware that there will need to be a great value to both the charity and the donor in order for them to sign up for Swiftaid. The main benefits include:
- Swiftaid handles the compliance with HMRC regarding record keeping and auditing, removing the burden from the charity.
- Removes tax processing burden of both charity and donor making Gift Aid accessible to the smallest charities.
- No personal data passed to charity so can keep GDPR compliance to the minimum.
- Full donation reporting for donors, simplifying the process for higher rate taxpayers and tax rebates.
Blockchain is an obvious choice for such an application as it provides an immutable ledger, ensuring the six years of auditable records are available to HMRC, along with smart contracts, to guarantee the whole end-to- end process stays in lock step. By fully automating the Gift Aid process using blockchain it allows claiming Gift Aid on even the smallest donations to remain economical and results in increasing the money charities receive without costing the donors more.