Privacy and authentication
A key area of the Centre’s work in privacy and authentication is in privacy-preserving computing which uses cryptography to enable people to make use of untrusted computational resources without disclosing private information.
This might mean, for example, being able to gain recommendations for hotels without ‘telling’ a web service what you are actually interested in. SCCS is also researching different aspects around user authentication including traditional passwords and new systems such as multi-factor authentication – a procedure of combining two of more different types of user authentication methods based on ‘what you know’ (such as a password), ‘what you have’ (such as an e-ID card) and ‘who you are’ (such as a fingerprint).
Case study: Improving customer experience for rail passengers
Cyber security is increasingly relevant in the rail industry where the introduction of real-time customer service using mobile technology will require passengers to reveal personal information about themselves and their journeys
The DICE (Data for Improved Customer Experience) project, launched in September 2016 and led by Dr Helen Treharne, looks at the protection of personal data while using it to provide real-time customer service for passengers throughout a journey. The objective is to develop a privacy and provenance evaluation framework, underpinned by statistical analysis and mobile technology, to manage the trade-off between sharing private personal data and the benefits obtained by doing so.
The DICE project involves four universities – the University of Surrey, Loughborough University, University of Southampton and Royal Holloway, University of London – in collaboration with the Association of Train Operating Companies (ATOC) and the Rail Safety and Standards Board (RSSB), Pervasive Intelligence Ltd and the Digital Catapult. The project is one of three awarded to Surrey – together worth nearly £3m – by the Engineering and Physical Sciences Research Council (EPSRC) after a competition for submissions in the field of Trust, Identity, Privacy and Security (TIPS). Each project tackles a different challenge presented by cyber security.
DICE builds on a successful feasibility study that focused on improving the customer journey experience while ensuring personal data privacy for travellers who are mobility- and visually-impaired. The study involved passenger interviews to identify the requirements of disabled passengers when making journeys and a mobile application which utilised Wi-Fi localisation and the DARWIN data feeds to provide personalised information to passengers during their journeys.
"For the rail industry cyber security is an increasing priority and RSSB is working with industry and academia on the issues. We are keen to support this project as the proposed work will build a strong foundation in the area of assessment and prevention of threats to railway customers and services arising from the exchange and use of data."Luisa Moisio, Head of R&D at RSSB