Blockchain and distributed ledger technology
Blockchain enables us to keep tamper-proof data without relying on a centralised authority. Together with Surrey’s Centre for Vision, Speech and Signal Processing, we are leading the way in distributed ledger technology (DLT) research for the public good, with a broad portfolio of projects to enable greater trust online.
We play an integral part in Surrey Blockchain, an interdisciplinary research hub across the University of Surrey, backed by £3m UKRI/EPSRC investment, which focuses on fusing blockchain with artificial intelligence technologies. This research is bringing innovative solutions in areas such as digital records, healthcare and online trust and identity.
CUREX (seCUre and pRivate hEalth data eXchange)
The Health sector’s increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals. At the same time, a breach of integrity of health data can have dramatic consequences for the patients affected.
CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application.
CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis on improving cyber hygiene through training and raising awareness activities for a healthcare institutions personnel.
Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange.
We envisage that CUREX will impact the European market developing one of the first blockchain platforms for risk assessment management under the GDPR.
TAPESTRY (Trust, Authentication and Privacy over a DeCentralised Social Registry)
TAPESTRY aims to investigate, develop and demonstrate new ways to enable people, businesses and services to connect safely online, exploiting the complex ‘tapestry’ of multi-modal signals woven by their everyday digital connections. Using a de-centralised registry, users will be able to share portions of their digital activity to prove they are trustworthy without giving away excessive information that violates their privacy.
Our research in TAPESTRY focuses on the design of cryptographic protocols for securing collection, storage and authorised sharing and integrity verification of machine-learned data that is used as trust evidence for online interactions.
The aim of TAPESTRY is to investigate, develop and demonstrate transformational new technologies to enable people, businesses and digital services to connect safely online, exploiting the complex "tapestry" of multi-modal signals woven by their everyday digital interactions; their digital personhood. In this way we will de-risk the digital economy, delivering completely new ways of determining or engendering trust online, and enabling users and businesses to make better decisions about who they trust online.
Online fraud and scams cost the UK economy £670m each year; crimes often perpetrated through false identities. It is difficult to make good decisions about who to trust when the digital identities of people and services are presented through pseudonyms or addresses. How can we trust that the identity we are interacting with today wasn't created out of thin air yesterday to pull a scam? Or whether the service we are registering our personal data with is trustworthy? In an era of users curating multiple digital identities that evolve over their physical lifespan, and the coming ability to migrate identities between providers (most of whom reside outside the EU), there is an urgent need for decentralised technologies to enable proofs of trust between people and services wishing to interact safely within the digital economy.
TAPESTRY will co-create and evaluate prototype services with end-users to determine how online behaviour and attitudes to trust could evolve in the presence of a trusted decentralised technology to prove the veracity of online identities. TAPESTRY proposes to collect, on an opt-in basis, digital trails of users' interactions (photos shared, comments left, posts 'liked', internet of things devices interacted with) as encrypted trust evidence within a decentralised database (blockchain). Users grant third parties access to trust evidence for a given time period and at a given granularity, in order to prove trustworthiness of their identity via their digital personhood. For example, a crowdfunder might invite new backers to submit two years' history of regular social media interactions to guard against fraudulent pledging from transient identities. Community forums are becoming increasingly important for emotional support and well-being. A similar check could safeguard against trolling, or an identity posting advice could collect positive ratings within their blockchain, enabling vetting of their reputation. Deviations from behavioural norms could also be detectable within TAPESTRY to alert users to their digital identity being hacked.
From a technological standpoint, the project will develop the decentralised infrastructure necessary to make sense of the vast number of digital interactions using multimodal signals aggregated via machine learning from social media and internet of things interactions. Additionally, new cryptographic strategies will be needed to secure the privacy of trust evidence and to disseminate access on a granular basis. From a HCI and co-design perspective, the development of trust services and the shift to use of the digital personhood and interaction history as trust evidence will break new ground, fundamentally altering the way users think about identity and interaction online.
To undertake this adventurous and ambitious project we have formed a strategic multi-disciplinary partnership uniting world-leading groups in multi-modal signal processing and machine learning (CVSSP), a BIS/GCHQ recognised centre of excellence for cyber security (SCCS), the UK's first and only 5G test-bed for next-gen mobile and internet of things (ICS/5GIC), and reflecting the importance of co-designing and evaluating technology in tight integration with end-users, two leading UK groups for socio-digital interaction (DJCAD) and interaction design (UNN).
End-user partners participating in the co-design and evaluation of TAPESTRY span the technology, legal, social reform, health and well-being and commercial sectors.
VOLT (Voting On Ledger Technologies)
The fact that many elections are still run using paper ballots demonstrates that, despite the convenience and efficiency of electronic elections, there are unresolved security challenges around voting systems that could be vulnerable to malicious attack.
This VOLT project explores the use of DLTs to enhance trust in electronic voting by providing transparency and an agreed tamper- proof record of the election. We are developing and piloting end-to-end verifiability into online voting, and also applying smart contracts to the management of voting rights for shareholders in the corporate environment – particularly for crowdfunded businesses.
- Budget: £615,000
- Funding body: EPSRC
- Centre lead: Professor Steve Schneider
- Partners: Kings College London, Electoral Reform Services, Crowdcube, Monax Industries
- Timeframe: 2017-2020.
Blockchains for internet of things (B-IoT)
The B-IoT project, was part of the PETRAS IoT Research Hub, and focused on enabling simple, reliable communications between Intelligent Transportation Systems (ITS) such as automated vehicles, between each other and with their surrounding infrastructure. The project demonstrated the potential of distributed ledgers such as blockchain as a method of security the integrity of these communication systems.
Our specific role was the design and verification of decentralised and blockchain-enabled key and certificate management, and the design of a Pseudonym scheme and Pseudonym swap scheme with demonstrable benefits over existing methods, validated both by simulations and in a testbed involving ITS units called Cohda.
Some of the project outcomes were published in IEEE journals such as:
- Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems. Published in the IEEE Internet of Things Journal.
- Pseudonym Management Through Blockchain: Cost-Efficient Privacy Preservation on Intelligent Transportation Systems. Published in IEEE Open Access.
- Paper title: A blockchain based certificate revocation scheme for vehicular communication systems. Published in the Elsevier Next Generation Computer Systems Journal.
- Budget: £75,000
- Funding body: EPSRC and partner contributions
- Centre lead: Dr Haitham Cruickshank
- Partners: Ordnance Survey, Wallet Services, Pinsent Masons, Telefonica, CISCO, XAIN, University of Warwick and University of Edinburgh.
Boosting charitable donations
Surrey is currently collaborating with companies Streeva and Creditcall on Swiftaid – an Innovate UK-funded project which is using DLT to enable Gift Aid to be automatically added on to any card donation made on banking apps. This could significantly increase the amount of money charities are able to collect.
Our key objectives are:
- Create a demonstrator running on a live payment system that submits live Gift Aid claims to HMRC on behalf of a charity and complies with all HMRC requirements.
- Create a formal model of the system.
- Investigate future distributed nature of the underlying blockchain.
Areas of focus include:
- Digital receipting linked to payments
- Live payment system integration
With Swiftaid, a donor will sign up, register their card and authorise Swiftaid to generate the Gift Aid declaration on their behalf. All gifts then made by that card, Gift Aid will be automatically attached. The donor would remain in control, allowing them to manage and view all donations while staying anonymous to the charity. We are well aware that there will need to be a great value to both the charity and the donor in order for them to sign up for Swiftaid. The main benefits include:
- Swiftaid handles the compliance with HMRC regarding record keeping and auditing, removing the burden from the charity.
- Removes tax processing burden of both charity and donor making Gift Aid accessible to the smallest charities.
- No personal data passed to charity so can keep GDPR compliance to the minimum.
- Full donation reporting for donors, simplifying the process for higher rate taxpayers and tax rebates.
Blockchain is an obvious choice for such an application as it provides an immutable ledger, ensuring the six years of auditable records are available to HMRC, along with smart contracts, to guarantee the whole end-to- end process stays in lock step. By fully automating the Gift Aid process using blockchain it allows claiming Gift Aid on even the smallest donations to remain economical and results in increasing the money charities receive without costing the donors more.