Trusted computing and systems
We can use hardware to make systems more secure; however adding extra hardware is costly and can make the system inflexible. Since security is an evolving problem – where attackers compete to find flaws and vulnerabilities in defensive mechanisms – inflexibility can be a real issue. We are working to design security mechanisms that provide some flexibility and can still be cheaply implemented in hardware.
TimeTrust (Robust Timing via Hardware Roots of Trust and Non-standard Hardware)
In our TimeTrust project, we are using and building on the cryptographic functionalities of hardware roots of trust, such as Trusted Platform Modules, to create more secure real-life protocols, including contactless payments and timing/distance-dependent authentication.
For instance, in contactless payments, fraud can take the form of payments made when the payee and payment terminal are not in proximity. This project examines these issues and proposes solutions based on hardware roots of trust, accompanied by formal treatments of security and practical assessments. The TimeTrust solutions are designed to be easy to re-deploy in existing infrastructures, and developed in collaboration with major players in the electronic-payment market.
In the same area, a GCHQ-funded PhD studentship is currently being undertaken to investigate the cryptographic design and provable security of contactless Europay, Mastercard and Visa (EMV) payment systems.
The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users.
The need for more agility in software development and maintenance has also fostered the transition to microservices architectures, and the wide adoption of this paradigm has led service developers to protect their applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise. It may not be able to cope with threats coming from the virtualisation layer itself (e.g., hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.
To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. This approach brings new opportunities for situational awareness in the growing domain of virtualised services: unified access and encryption management, correlation of events and information among different services/applications, support for legal interception and forensics investigation.
ASTRID will develop a common approach easily portable to different virtualisation scenarios. In this respect, the technology developed by the Project will be validated in two relevant domains, i.e., plain cloud applications and Network Function Virtualisation, which typically exploits rather different chaining and orchestration models.
The goal of FutureTPM is to design a Quantum-Resistant (QR) Trusted Platform Module (TPM) by designing and developing QR algorithms suitable for inclusion in a TPM. The algorithm design will be accompanied with implementation and performance evaluation, as well as formal security analysis in the full range of TPM environments: i.e. hardware, software and virtualisation environments. Use cases in online banking, activity tracking and device management will provide environments and applications to validate the FutureTPM framework.
Security, privacy and trust in a computing system are usually achieved using tamper-resistant devices to provide core cryptographic and security functions. The TPM is one such device and provides the system with a root-of-trust and a cryptographic engine. However, to sustain this enhanced system security it is crucial that the crypto functions in the TPM are not merely secure for today but will also remain secure in the long-term against quantum attacks.
FutureTPM will address this challenge by providing robust and provably-secure QR algorithms for a new generation of TPMs. Research on quantum computers has drawn enormous attention from governments and industry; if, as predicted, a large-scale quantum computer becomes a reality within the next 15 years, existing public-key algorithms will be open to attack. Any significant change to a TPM takes time and requires theoretical and practical research before adoption. Therefore, to ensure a smooth transition to QR cryptography we should start now. A key strategic objective of FutureTPM is to contribute to standardization efforts at EU level within TCG, ISO/IEC and ETSI. The consortium consists of high calibre industrial and academic partners from across Europe, combining QR crypto researchers with TPM developers. Because the TPM shares many functions in common with other widely-used devices, such as HSMs and TEEs, the FutureTPM solution is expected to benefit them as well.
One of the major highlights of our Group's past successes in applying cyber security research into the real world is the EPSRC-funded Trustworthy Voting Systems project.
This led to real-world deployment of an e-voting system in Australia's Victorian State election in 2014. Here is a short film on this work coordinated by Prof Steve Schneider, the principal investigator of the project.
Visitors from China please view the same video on YouKu.