Critical Infrastructure Security and testing
Critical infrastructures (CI) allowing society to function include sectors such as transportation, energy, telecommunications, health care, and financial services. Not only are most of these sectors heavily reliant on computer and information systems to function, but also form mutually (inter-)dependent networks. Disruptions to these infrastructure networks can lead to severe economic consequences and may also lead to loss of life and endanger national security.
By studying how infrastructures depend on one another and interact at different levels of abstraction, insights on vulnerabilities can be obtained that in turn can inform resilience measures including the design of mechanisms relying on information systems security. Many critical infrastructures ultimately rely on cyber-physical systems (CPS), and the security and resilience of these CPS forms a second major area of studies, which also translate to other domains such as industrial control systems or the Internet of Things. This requires the study of physical systems such as power stations and networks or transportation systems including ports or traffic management systems for vehicular traffic characterised by frequent hard real-time requirements and the need to maintain functionality even in degraded or compromised state that are not commonly in focus in information security.
A major focus of ISG research on CI has been and remains on energy systems ranging from smart meters and distributed generation via the security of transmission and distribution networks against insider threats and external attacks and dynamic energy markets required to realise smart power networks and smart cities. Research facets range from the study of protocols and standards such as ISO/IEC 60870, 61850, and 64283 to understand vulnerabilities in control and monitoring systems to models of large-scale systems and how these can be manipulated or compromised by insiders or external attackers, potentially also in a stealthy manner.
Other infrastructure sectors such as transportation and health care are increasingly relying on tightly coupled information systems, whether for managing and tracking freight containers in maritime and port systems or road transport required to interact with intelligent infrastructure and other vehicles or even energy networks for electric vehicles; understanding attack vectors and ways in which information security protocols and mechanisms may help in mitigating threats is crucial if these new interconnections are not going to result in an unacceptably brittle national and even transnational critical infrastructure.
To this end the ISG engages not only with the national and international academic community, but also with infrastructure operators and concerned government entities, engaging in both research and consultancy activities.
- James Wright and Stephen Wolthusen. De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol. In Gregorio D’Agostino and Antonio Scala, editors, Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017), Lecture Notes in Computer Science, pages 1–12, Lucca, Italy, October 2017. Springer-Verlag. (accepted for publication).
- Cristina Alcaraz, Javier Lopez, and Stephen Wolthusen. OCPP Protocol: Security Threats and Challenges. IEEE Transactions on Smart Grid, 8(5):2452–2459, September 2017.
- Ammara Gul and Stephen Wolthusen. Measurement Re-Ordering Attacks on Power Sys- tem State Estimation. In Proceedings of the 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT Europe 2017), pages 1–7, Torino, Italy, September 2017. IEEE Press. (in press).
- Anne V. D. M. Kayem, Christoph Meinel, and Stephen Wolthusen. A Smart Micro-Grid Architecture for Resource Constrained Environments. In Proceedings of the 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA 2017), pages 1–8, Taipei, Taiwan, March 2017. IEEE Press
- Cristina Alcaraz, Javier Lopez, and Stephen Wolthusen. Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems. Journal of Network and Computer Applications, 59:301–314, January 2016
- James Wright and Stephen Wolthusen. Limitations of IEC62351-3’s Public Key Management. In Proceedings of the 2016 IEEE 24th International Conference on Network Protocols (ICNP 2016), pages 1–6, Singapore, November 2016. IEEE Press.
- Bernhard Schneidhofer and Stephen Wolthusen. Multigraph Critical Infrastructure Model. In Mason Rice and Sujeet Shenoi, editors, Critical Infrastructure Protection X: Proceedings of the 2016 International Conference on Critical Infrastructure Protection (ICCIP 2016), volume 485 of IFIP Advances in Information and Communication Technology, pages 149–167, Arlington, VA, USA, March 2016. Springer-Verlag.
- Anesu M. C. Marufu, Anne V. D. M. Kayem, and Stephen Wolthusen. Circumventing Cheating on Power Auctioning in Resource Constrained Micro-Grids. In Proceedings of the 2016 IEEE 14th International Conference on Smart City (SmartCity 2016), pages 1380–1387, Sydney, Australia, December 2016. IEEE Press.
- Bernhard Schneidhofer and Stephen Wolthusen. Multigraph Critical Infrastructure Model. In Mason Rice and Sujeet Shenoi, editors, Critical Infrastructure Protection X: Proceedings of the 2016 International Conference on Critical Infrastructure Protection (ICCIP 2016), volume 485 of IFIP Advances in Information and Communication Technology, pages 149–167, Arlington, VA, USA, March 2016. Springer-Verlag
- Anesu M. C. Marufu, Anne V. D. M. Kayem, and Stephen Wolthusen. Circumventing Cheating on Power Auctioning in Resource Constrained Micro-Grids. In Proceedings of the 2016 IEEE 14th International Conference on Smart City (SmartCity 2016), pages 1380–1387, Sydney, Australia, December 2016. IEEE Press.
- Pacome L. Ambassa, Anne V. D. M. Kayem, Christoph Meinel, and Stephen Wolthusen. Physical Attestation and Authentication to Detect Cheating in Resource Constrained Smart Micro-Grids. In Nora Cuppens-Boulahia, Costas Lambrinoudakis, Frédéric Cuppens, and Sokratis Katsikas, editors, Proceedings of the Second International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2016), volume 10166 of Lecture Notes in Computer Science, pages 52–68, Heraklion, Crete, September 2016. Springer- Verlag.
- Bader Alwasel and Stephen D. Wolthusen. Recovering Structural Controllability on Erdös-Rényi Graphs in the Presence of Compromised Nodes. In Erich Rome, Marianthi Theocharidou, and Stephen Wolthusen, editors, Proceedings of the 10th International Conference on Critical Information Infrastructures Security (CRITIS 2015), volume 9572 of Lecture Notes in Computer Science, pages 105–119, Berlin, Germany, September 2015. Springer-Verlag.
- Goitom K. Weldehawaryat and Stephen D. Wolthusen. Modelling Interdependencies over Incomplete Join Structures of Power Law Networks. In Proceedings of the 2015 11th Inter- national Conference on the Design of Reliable Communication Networks (DRCN 2015), pages 173–178, Kansas City, MO, USA, March 2015. IEEE Press
- Alessio Baiocco, Chiara Foglietta, and Stephen D. Wolthusen. Delay and Jitter Attacks on Hierarchical State Estimation. In Proceedings of the 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm 2015), pages 485–490, Miami, FL, USA, November 2015. IEEE Press.
- Salaheddin Darwish, Ilia Nouretdinov, and Stephen D. Wolthusen. Towards Composable Threat Assessment for Medical IoT (MIoT). In Proceedings of the Fourth International Workshop on Privacy and Security in HealthCare 2017 (PSCare17), volume 113, pages 627-632, Lund, Sweden, September 2017.
- The group collaborates with the Department of Electronic Engineering, particularly the Power Systems Group.
- As IoT systems are also likely to form part of future critical infrastructures, a direct link to work in the Smart Card and IoT Security Centre exists, and work by the SCC has had an immediate effect on CI such as payment and transport systems.
Human Factors, Sociological & Psychological Security
We are living in a network society. Digital technologies and the services that they provide have become an integral part of our daily lives and continue to shape how we interact with each other and access information. This raises a number of critical security questions for governments, industry and society as a whole; questions that require wider engagement with the underlying sociological and psychological aspects of human behaviour. From an everyday security perspective, relational social practices that enable people to build and maintain trust in their daily interactions are as significant as technological security mechanisms designed to protect assets. The complexities of real-world information security, therefore, present a series of challenges that centre on factors driven by the ways humans interact with (and through) digital technologies and systems. This includes factors such as usability, trust, privacy, culture, identity, social embeddedness and ethics, to mention a few.
The use of information technology has significantly reduced the distance between individuals, between companies and their employees, and between the state and its citizens, and it has enabled new modes of social interaction and mobilisation. And whilst cyber risks and threats are widely acknowledged and discussed in this context, the sociological and psychological drivers are rarely understood. This has a significant impact on cyber security policy design and implementation, which often fails to account for the attitudes, motivations and levels of trust that individuals ascribe to their security practices. In many ways, the dynamic relationship between people and technology is outpacing the security responses to it.
Members of the ISG are engaged in a number of research projects that aim to better understand the human aspects of cyber security in different contexts. These include, but are not limited to research into everyday security and digital service design (with a focus on marginalised communities), social media habits amongst military personnel, and risky security practices within organisations. Such projects enable an exploration into the relationship between digital practices and security through specific institutional cultures, examining the meanings that people ascribe to their security behaviours. To this end, ISG members connected to this research theme are engaged with industrial, government and civil society partners to impact upon cyber security policy and education; highlighting the significance of this work in economic, cultural, social, political, and behavioural contexts.
- Lizzie Coles-Kemp
- Rikke Bjerg Jensen
- Geraint Price
- Claude Heath
- Konstantinos Mersinas
- David Denney
- Marco Cinnirella
- Peter Adey
- Nicholas Robinson
- Katya Bozukova
- Nicola Wendt
- Pip Thornton
- Rory Hopcraft
- Alexander Hardy
- Siobhan Neave
- Everyday Safety-Security for Everyday Services (ESSfES)
- Digital Insecurities: A Study of Organisational Cyber Cultures
- Beyond Dissemination: Impacting on Cyber Security Policy and Practice
- Cyber Security Cartographies: CySeCa
- Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
- Risky Cyber Behaviour in Organisations
- The Current and Future use of Social Media Technologies by Military Personnel and their Families
- Adey, P., D. Denney, R. B. Jensen and A. Pinkerton. 2016. ‘Blurred Lines: intimacy, mobility and the social military’, Critical Military Studies, 2(1-2): pp. 7-24.
- Burdon, M., J. Siganto and L. Coles-Kemp. 2016. ‘The regulatory challenges of Australian information security practice’, Computer Law and Security Review, 32(4): pp. 623-633
- Coles-Kemp, L. and R. R. Hansen. 2017. ‘Human aspects of information security, privacy and trust’, 5th International Conference, HAS 2017, held as part of HCI International 2017, Vancouver, BC, Canada, July 9-14, 2017, Proceedings, Springer, 2017. Lecture Notes in Computer Science vol. 10929, pp. 464-480.
- Coles-Kemp, L. and A. Kotova. 2014. ‘Sticking and Making: Technology as glue for families separated by prison’, UK Academy for Information Systems Conference Proceedings 2014, pp. 1-28.
- Coles-Kemp, L., A. Zugenmaier, and M. Lewis. 2014. ‘Watching You Watching Me: The art of playing the panopticon’, in K. O’Hara (ed.) Digital Enlightenment Yearbook 2014. IOS Press, 2014, pp. 147-162.
- Hall, P., C. Heath and L. Coles-Kemp. 2015. ‘Critical visualization: A case for rethinking how we visualize risk and security’, Journal of Cybersecurity, 1(1): pp. 1-16.
- Hall, P., C. Heath, L. Coles-Kemp and A. Tanner. 2015. ‘Examining the contribution of critical visualisation to information security’, Proceedings of NSPW 2015. ACM, 2015.
- Heath, C., L. Coles-Kemp, and P. Hall. 2014. ‘Logical Lego? Co-constructed perspectives on service design’, Proceedings of NordDesign 2014, Melbourne, Australia, August 27-29, 2014. Alto Design Factory, pp. 416-426.
- Jensen, R. B. 2015. ‘Communicating Afghanistan: Strategic Narratives and Information Management’, in Beatrice de Graaf, George Dimitriu and Jens Ringsmose (eds.), Strategic Narratives, Public Opinion and War: Winning Domestic Support for the Afghan War. London: Routledge, pp. 300-317.
- Jensen, R. B. 2014. ‘Managing Perceptions: Strategic Communication and the Story of Success in Libya’ in Kjell Engelbrekt, Marcus Mohlin and Charlotte Wagnsson. (eds.), Lessons from Libya: NATO’s 2011 Military Campaign in Context. London: Routledge, pp. 171-194.
- Jensen, R. B. and D. Denney. 2017. Beyond Dissemination: Impacting upon cyber security policy and practice. Project Report, GCHQ.
- Jensen, R. B., D. Denney and M. Cinnirella. 2017. Risky Cyber Behaviour in Organisations. Project Report, GlaxoSmithKline.
- Jensen, R. B., P. Adey, J. Bryden, D. Denney, and A. Pinkerton. 2016. The use of Social Media Technologies by Military Personnel and their Families. Project Report, Ministry of Defence.
- Light, A. and L. Coles-Kemp. 2013. ‘Granddaughter beware! An intergenerational case study of managing trust issues in the use of Facebook’, International Conference on Trust and Trustworthy Computing, Berlin/ Heidelberg, Germany, 2017, Springer, pp. 196-204.
- Mersinas, K., B. Hartig, K. Martin, A. Steltzer. 2016. ’Are information security professionals expected value maximisers? An experimental and survey-based test’, Journal of Cybersecurity, 2 (2): pp. 57-70
Internet of Things (IoT) Security
The Internet of Things (IoT) refers to the interconnection of everyday physical devices embedded with electronics, software, sensors, directly to the Internet and among themselves, with the ultimate goal of providing users with additional “smart” features. Examples of IoT devices span from smart-home devices, to smart-devices controlling larger environments, such as smart-cities, and critical infrastructure. Finally, it also includes security systems, ventilation and air conditioning systems (HVAC), autonomous vehicles and implantable medical devices. Gartner forecasts that 20.8 billion connected IoT devices will be in use worldwide in 2020. The IoT promises economic growth as well as convenience for users: it is estimated to have a potential economic impact of $2.7-$6.2 trillion by 2025 and to create more than 4 million developer jobs by 2020. While this is all excellent news for consumers, businesses and governments, the security (and safety) implications of the IoT are equally significant. This is because the IoT is blurring the line between physical and online lives: IoT enables cyber-attacks to have immediate and direct physical consequences. This is mostly due to the increasing number of vulnerabilities found in IoT devices on a daily basis. This trend is likely to continue as, firstly, IoT vendors seem to be more interested in delivering a new "smart" feature baked into an existing device, maybe by packing together components from different manufactures, rather than actually thinking at possible security and safety consequences this new feature may introduce. Secondly, security has also an additional cost (e.g., training developers, providing updates and patches) that maybe is not marginal for some IoT devices. Thirdly, vulnerabilities on IoT devices are often very difficult to update, due to hardcoded firmware, or to small interfaces or to unawareness of users. Finally, some IoT devices are meant to stay for long with us so their unsecure life may span more than 10 years.
Over the last years, a wide spectrum of research activities on IoT has been undertaken by the ISG, such as works on smart cards and RFID tags, as well as using sound threat modelling techniques to model and test the security of IoT devices in depth to understand and reduce their attack surface. The ISG hosts the Smart Card and IoT Security Centre (SCC), which was founded in October 2002 by Royal Holloway University of London, Vodafone and Giesecke & Devrient. The SCC receives support from, among others, the UK Cards Association, Transport for London and ITSO. The SCC is composed of 15 members who perform research activities on devices with relatively limited processing and memory resources and with direct network connectivity. Finally, also note that RHUL is a member of the IoT Security Foundation, and one of its visiting professors is the Chairman.
- Raja Naeem Akram
- Jorge Blasco Alis
- Robert Lee
- Konstantinos Markantonakis
- Keith Mayes
- Chris Mitchell
- Kenny Paterson
- Elizabeth Quaglia
- Carlton Shepherd
- Daniele Sgandurra
- DICE (Data Improved Customer Experience)
- UK Cards Association
- Visa International
- Transport for London
- The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions. Shepherd, C., Gurulian, I., Frank, E., Markantonakis, K., Akram, R., Mayes, K. & Panaousis, E. 25 May 2017.
- Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. Shepherd, C., Akram, R. & Markantonakis, K. 23 May 2017 12th International Conference on Availability, Reliability and Security (ARES '17). ACM.
- An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. Shepherd, C., Petitcolas, F., Akram, R. & Markantonakis, K. 17 May 2017 14th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2017). Springer-Verlag.
- Log your car: The non-invasive vehicle forensics. Mansor, H., Markantonakis, K., Akram, R., Mayes, K. & Gurulian, I. 9 Feb 2017 he 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). Xiang, Y., Ren, K. & Feng, D. (eds.). IEEE Computer Society, p. 1-9 TrustCom Paper 147.
- Secure and Trusted Execution: Past, Present and Future -- A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems. Shepherd, C., Arfaoui, G., Gurulian, I., Lee, R., Markantonakis, K., Akram, R., Sauveron, D. & Conchon, E. 9 Feb 2017 The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). . Xiang, Y., Ren, K. & Feng, D. (eds.). IEEE Computer Society, p. 1-10 TrustCom Paper 342.
- Evolution of attacks, threat models, and solutions for virtualized systems. Sgandurra, D. & Lupu, E. 8 Feb 2016 In : ACM Computing Surveys. 48, 3, 46.
- Formalizing threat models for virtualized systems. Sgandurra, D., Karafili, E. & Lupu, E. 2016 Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings. Springer-Verlag, Vol. 9766, p. 251-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 9766).
- VSMURF: A Novel Sliding Window Cleaning Algorithm for RFID Networks. Xu, H., Shen, W., Li, P., Sgandurra, D. & Wang, R. 27 Jul 2017 In : Journal of Sensors. 2017, p. 1-12.
Network, Access and Cloud Security
In any multi-user computing environment, it is rare that all users should have unrestricted access to all resources maintained by the environment, whether those resources be memory, processor time, files, programs or printers. Similarly, in any internetworked environment, it is rare that all network traffic should be allowed to traverse all networks: some traffic should be prevented from entering some networks (to minimise spoofing attacks, for example), while other traffic should be prevented from leaving particular networks (to minimise the risk of data exfiltration, say). In short, access control is an essential security consideration in any multi-user computing or networked environment.
Access control is usually implemented by specifying some kind of policy and configuring hardware or software to enforce that policy. The specific nature of policies and the means of enforcing such policies vary considerably. An access control policy for a shared computer, for example may specify which users may read and write particular files. In this case, the operating system will trap all attempts by a user-controlled program to open a file and confirm the user is authorised by the policy to do so. A network access control policy is often specified as a set of firewall rules, each rule specifying whether network traffic satisfying particular criteria (such as source and destination addresses belonging to a particular range) should be allowed or dropped. In this case, a device at an entry point to the network, such as a router, will inspect the network traffic (typically headers in TCP segments or IP and UDP datagrams), determine which rules apply and take appropriate action.
Computing and networking technologies have become ever more tightly interlinked. In particular, we are now seeing the widespread use of cloud computing, where individuals and organisations outsource some of their computing facilities to third-party providers. Files, for example, may be retrieved via the internet from a storage provider; or applications may run remotely with results returned via the internet from a cloud software-as-a-service provider.
The advent of widespread cloud computing poses significant security challenges, not least because the enforcement of an authorisation policy may become the responsibility of the cloud service provider, rather than the owner of the data or application. Increasingly, advanced cryptographic techniques, such as attribute-based encryption and privacy-preserving computation, are playing a role in access control for cloud services, not least because the cloud service provider may not be trusted with plaintext data.
Nevertheless, there remain many challenges for access control in systems deployed and maintained within an organisation. Business requirements and statutory controls are imposing increasingly complex constraints on the way in which data may be shared and modified. The study of languages for specifying policies and efficient mechanisms for enforcing those policies is an active area of research, and one in which researchers at Royal Holloway have a particular interest.
Researchers in the ISG have a wide range of expertise in access control, both for traditional computing milieux, networks and internetworks, and cloud computing.
- James Alderman, Christian Janson, Carlos Cid and Jason Crampton: Hybrid publicly verifiable computation, Proceedings of CT-RSA 2016
- James Alderman, Christian Janson, Carlos Cid, Jason Crampton: Access control in publicly verifiable outsourced computation, Proceedings of ASIACCS 2015
- David A. Cohen, Jason Crampton, Andrei Gagarin, Gregory Gutin, Mark Jones: Iterative plan construction for the workflow satisfiability problem, Journal of Artificial Intelligence Research
- Jason Crampton and Conrad Williams: On completeness in languages for attribute-based access control, Proceedings of SACMAT 2016
- Jason Crampton and James Sellwood: Path conditions and principal matching: A new approach to access control, Proceedings of SACMAT 2014
- Jason Crampton, Naomi Farley, Gregory Gutin, Mark Jones and Bertram Poettering: Cryptographic enforcement of information flow policies without public information. Proceedings of ACNS 2015
- Jason Crampton, Alexandre Pinto: Attribute-based encryption for access control using elementary operations, Proceedings of CSF 2014
- Jason Crampton, Charles Morisset: PTaCL: A language for attribute-based access control in open systems, Proceedings of POST 2012
- Zhiqian Xu, Keith M. Martin: Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage, Proceedings of TrustCom 2012
- Eduarda S. V. Freire, Kenneth G. Paterson, Bertram Poettering: Simple, efficient and strongly KI-secure hierarchical key assignment schemes, Proceedings of CT-RSA 2013
In 1994, Peter Shor presented an eﬃcient quantum algorithm for solving the computational problems (factoring and discrete logarithms in abelian groups) underpinning current public-key cryptography, invalidating their security in a world where large-scale quantum computers exist. To date, nobody has announced a suﬃciently big quantum computer to run Shor’s algorithm for any non-trivial problem and it remains unclear if it is at all possible. Nevertheless, recent progress in the area of quantum computing has researchers, standards bodies and governments concerned (see external links below). Some estimates cited by NIST put a suﬃciently large quantum computer for running Shor’s algorithm on cryptographic problems as early as 2030, whereas transitions of cryptographic algorithms have taken about 20 years in the past.
To address this issue, researchers are studying quantum-safe alternatives to the current generation of public-key cryptography. Furthermore, standards bodies have initiated processes to select algorithms for quantum-safe cryptography (also known as “post-quantum cryptography“). In particular, the US standards body NIST is currently calling for proposals and will run a selection process over the next 5-7 years for standardisation. ETSI has also created a QSC working group and Google recently conducted its ﬁrst quantum-safe cryptography at-scale test. Whatever we may think of the timeline or even plausibility of the arrival of general quantum computers, quantum-safe cryptography is coming.
As alluded to above, several candidates for quantum-safe cryptography exist. However, there are still many challenges to overcome, before we can deploy these candidates with conﬁdence. For example, these candidates have received much less scrutiny than e.g. RSA. It might be possible to ﬁnd eﬃcient quantum or even classical algorithms for solving some of the problems underlying these candidatess. While this may seem unlikely, it is imperative to investigate this possibility in earnest to gain conﬁdence.
Furthermore, if our schemes are secure in principle, we still need to choose parameters to ensure security well into the future. Just as we use the best available cryptanalysis to pick the required bit-size for RSA to remain secure for 50 or 100 years (in a pre-quantum world), we will have to rely on the best available cryptanalysis to pick parameters for quantum-safe schemes.
It is worth noting that quantum-safe cryptography is something rather diﬀerent to quantum key distribution (QKD), which uses quantum mechanics to establish secure keying material between two parties. The former is concerned with drop-in replacements for current-generation cryptography usable without specialised hardware, yet secure against quantum adversaries. In contrast, QKD only covers limited distances so that trusted relays are needed for larger distances, invalidating end-to-end security.
- Martin Albrecht
- Carlos Cid
- Sean Murphy
- Kenny Paterson
- Simon Blackburn, Mathematics
- Ruediger Schack, Quantum Dynamics Group, Mathematics
- Sean Murphy and Rachel Player. “Noise Distributions in Homomorphic Ring-LWE”. In: IACR Cryptology ePrint Archive 2017 (2017), p. 698. url: http://eprint.iacr.org/2017/698
- Martin R. Albrecht and Amit Deo. Large Modulus Ring-LWE Module-LWE. Cryptology ePrint Archive, Report 2017/612. 2017. url: http://eprint.iacr.org/2017/612
- Martin R. Albrecht, Emmanuela Orsini, Kenneth G. Paterson, Guy Peer, and Nigel P. Smart. “Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts”. In: To appear ESORICS 2017. Vol. XXXX. Lecture Notes in Computer Science. 2017, pp. XXXX–XXXX
- Carlos Aguilar-Melchor, Martin R. Albrecht, and Thomas Ricosset. “Sampling From Arbitrary Centered Discrete Gaussians For Lattice-Based Cryptography”. In: 15th International Conference on Applied Cryptography and Network Security (ACNS2017). Ed. by Dieter Gollmann and Atsuko Miyaji. Lecture Notes in Computer Science. to appear. 2017
- Martin R. Albrecht. “On Dual Lattice Attacks Against Small-Secret LWE and Parameter Choices in HElib and SEAL”. In: EUROCRYPT 2017, Part II. Ed. by Jean-Sébastien Coron and Jesper Buus Nielsen. Vol. 10211. Lecture Notes in Computer Science. 2017, pp. 103–129. doi: 10.1007/978-3-319-56614-6˙4. url: https://doi.org/10.1007/978-3-319-56614-6_4
- Simon R. Blackburn and Matthew J. B. Robshaw. “On the Security of the Algebraic Eraser Tag Authentication Protocol”. In: ACNS 16. Ed. by Mark Manulis, Ahmad-Reza Sadeghi, and Steve Schneider. Vol. 9696. LNCS. Springer, Heidelberg, June 2016, pp. 3–17. doi: 10.1007/978-3-319-39555-5˙1
- Adi Ben-Zvi, Simon R. Blackburn, and Boaz Tsaban. “A Practical Cryptanalysis of the Algebraic Eraser”. In: CRYPTO 2016, Part I. Ed. by Matthew Robshaw and Jonathan Katz. Vol. 9814. LNCS. Springer, Heidelberg, Aug. 2016, pp. 179–189. doi: 10.1007/978-3-662-53018-4˙7
- Steven D. Galbraith, Shishay W. Gebregiyorgis, and Sean Murphy. “Algorithms for the approximate common divisor problem”. In: LMS Journal of Computation and Mathematics 19.A (2016), 58–72. issn: 1461-1570. doi: 10.1112/s1461157016000218
- Martin R. Albrecht, Shi Bai, and Léo Ducas. “A Subﬁeld Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes”. In: CRYPTO 2016, Part I. Ed. by Matthew Robshaw and Jonathan Katz. Vol. 9814. LNCS. Springer, Heidelberg, Aug. 2016, pp. 153–178. doi: 10.1007/978-3-662-53018-4˙6
- Shahram Mossayebi and Rüdiger Schack. Concrete Security Against Adversaries with Quantum Superposition Access to Encryption and Decryption Oracles. 2016. arXiv: 1609.03780v1 [quant-ph]
- Martin R. Albrecht, Carlos Cid, Jean-Charles Faugère, Robert Fitzpatrick, and Ludovic Perret. “On the complexity of the BKW algorithm on LWE”. In: Designs, Codes, and Cryptography 74.2 (Feb. 2015), pp. 325–354. issn: 0925-1022 (print), 1573-7586 (electronic). doi: http://dx.doi.org/10.1007/s10623-013-9864-x. url: http://link.springer.com/article/10.1007/s10623-013-9864-x
- Martin R Albrecht, Rachel Player, and Sam Scott. “On the concrete hardness of Learning with Errors”. In: Journal of Mathematical Cryptology 9.3 (2015), pp. 169–203
- Martin R. Albrecht, Jean-Charles Faugère, Robert Fitzpatrick, and Ludovic Perret. “Lazy Modulus Switching for the BKW Algorithm on LWE”. In: PKC 2014. Ed. by Hugo Krawczyk. Vol. 8383. LNCS. Springer, Heidelberg, Mar. 2014, pp. 429–445. doi: 10.1007/978-3-642-54631-0˙25
- Martin R. Albrecht, Carlos Cid, Jean-Charles Faugère, and Ludovic Perret. Algebraic Algorithms for LWE. Cryptology ePrint Archive, Report 2014/1018. http://eprint.iacr.org/2014/1018. 2014
- Martin R. Albrecht, Robert Fitzpatrick, and Florian Göpfert. “On the Eﬃcacy of Solving LWE by Reduction to Unique-SVP”. In: ICISC 13. Ed. by Hyang-Sook Lee and Dong-Guk Han. Vol. 8565. LNCS. Springer, Heidelberg, Nov. 2014, pp. 293–310. doi: 10.1007/978-3-319-12160-4˙18
- Martin R Albrecht, Carlos Cid, Jean-Charles Faugere, and Ludovic Perret. “On the relation between the MXL family of algorithms and Gröbner basis algorithms”. In: Journal of Symbolic Computation 47.8 (2012), pp. 926–941
This open source library is the de facto standard for fast lattice reduction, which is a key technique to asses the security of lattice-based cryptography, one of the main quantum-safe cryptography candidates https://github.com/fplll/fplll
This Python library allows easy experimentation with lattice-reduction algorithms https://github.com/fplll/fpylll
Python-based tool for assessing the security of lattice-based cryptography https://bitbucket.org/malb/lwe-estimator
SageMath aims to create a free viable alternative to Mathematica, Maple, Magma and Matlab. It is often used by researchers in this area to protoype their algorithms http://sagemath.org
Security and Privacy for Big Data
The security and privacy of data is at the core of Information Security. The recent trend of continuous growth of generated and available data has led to the coining of the term big data to indicate the increased volume of data as well as the increased complexity in handling such data.
Over the last years, the ISG has worked on a wide variety of research topics related to the area of data security and privacy, from the development of advanced notions of data privacy and the design of privacy preserving protocols, to studies that help re-think security and privacy in the light of the digital revolution, as well as applying machine learning tools to malware analysis and exploring the latest technologies, such as secure cloud computing and blockchain.
- Jorge Blasco Alis
- Lorenzo Cavallaro
- Konstantinos Markantonakis
- Keith Mayes
- Kenny Paterson
- Elizabeth Quaglia
- Daniele Sgandurra
Research and publications divided by sub-theme (i.e. area of data security and privacy to which the work is relevant)
Advanced notions of privacy
- Farshim, P., Libert, B., Paterson, K. G. & Quaglia, E. A. Robust Encryption, Revisited.
- Giacon, F., Kiltz, E., Poettering, B. Hybrid Encryption in a Multi-User Setting, Revisited.
- Bellare, M., Paterson, K. G. & Rogaway, P. Security of Symmetric Encryption against Mass Surveillance.
Privacy preserving protocols
- Quaglia, E. A., Smyth, B., Paschos, G. & Leguay J. CryptoCache: Network Caching with Confidentiality.
- Libert, B., Paterson, K. & Quaglia, E.A. Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model.
- Quaglia, E.A., Rose, L. & Valentin, S. Increasing the Security of Wireless Communication Through Relaying and Interference Generation.
- Capar, C., Paterson, K., Goeckel, D., Quaglia, E.A., Towsley, D. & Zafer, M. Signal-flow-based analysis of wireless security protocols.
Rethinking security and privacy
Quaglia, E.A. & Heath, C. New Directions in Secure Branchless Banking
- Jordaney, R., Sharad, K., Dash, S., Wang, Z., Papini, D., Nouretdinov, I. & Cavallaro, L. Transcend: Detecting Concept Drift in Malware Classification Models.
- Hurier, M., Suarez de Tangil Rotaeche, G., Dash, S., Bissyandé, T., Le Traon, Y., Klein, J. & Cavallaro, L. Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware
- Suarez de Tangil Rotaeche, G., Dash, S., Ahmadi, M., Kinder, J., Giacinto, G. & Cavallaro, L. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware
- Li, L., Bissyande, T. F., Klein, J., Le Traon, Y., Lo, D. & Cavallaro, L.Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting.
- Deo, A., Dash, S., Suarez de Tangil Rotaeche, G., Vovk, V. & Cavallaro, L. Prescience: Probabilistic Guidance on the Retraining Conundrum for Malware Detection.
- Dash, S., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J. & Cavallaro, L. DroidScribe: Classifying Android Malware Based on Runtime Behavior.
- Cherubin, G., Nouretdinov, I., Gammerman, A., Jordaney, R., Wang, Z., Papini, D. & Cavallaro, L. Conformal Clustering and its Application to Botnet Traffic.
- Schiavoni, S., Maggi, F., Cavallaro, L. & Zanero, S. Phoenix: DGA-Based Botnet Tracking and Intelligence.
Cloud Security & Distributed Ledgers Technologies
- Jayasinghe, D., Cobourne, S., Markantonakis, K., Akram, R. N. & Mayes, K. Philanthropy on the Blockchain.
Security Management and Standards Research
Over the last two decades a very wide range of standards have been developed covering many aspects of cyber security. These documents have been published by national and international formal standardisation bodies, as well as by industry consortia. Many of these standards have become very widely used – to take just one example, the ISO/IEC 27000 series of standards has become the internationally adopted basis for managing corporate information security.
Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. There are many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardisation. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardisation can be seen to be as scientific and unbiased as possible.
Over the last 25 years, a wide spectrum of research on security standardisation, including, but not restricted to, work on cryptographic techniques, security management, network security, privacy and identity management, smart cards and RFID tags, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing) has been undertaken by members of the ISG.
The ISG has also been a prominent participant in a range of standards bodies, including the following:
- Chris Mitchell (CM) has chaired BSI IST/33/2, dealing with cryptographic standardisation, since the early 1990s. IST/33/2 is the UK shadow committee for ISO/IEC JTC 1 SC 27/WG 2, the international committee dealing with cryptographic standardisation, in which CM has participated for over 25 years.
- Kenny Paterson (KP) is co-chair of the Crypto Forum Research Group (CFRG) of the Internet Research Task Force (IRTF), whose basic mission there is to be a source of expertise on cryptography for the IETF community. KP has been co-chair since 2014.
- Martin Albrecht
- Konstantino Markantonakis
- Keith Mayes
- Chris Mitchell
- Kenny Paterson
- Thyla van der Merwe
- Michael Walker
Research and publications divided by sub-theme (i.e. area of standardisation to which the work is relevant).
Mobile security standards
- K. Mayes, S. Babbage, and A. Maximov, ‘Performance Evaluation of the new TUAK Mobile Authentication Algorithm’, in Proc. ICONS/EMBEDDED, pp. 38-44, 2016.
- K. Mayes, S. Babbage, and A. Maximov, ‘Multi-Platform Performance Evaluation of the TUAK Mobile Authentication Algorithm’, International Journal On Advances in Security, 2016 nos. 3&4, articleid: 55009.
- TR 35.935 Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 5: Performance evaluation
- Keith Mayes, "Performance Evaluation of the TUAK algorithm in support of the ETSI Sage standardisation group". ISG Smart Card Centre, Royal Holloway University of London; (available at http://www.3gpp.org/ftp/Specs/archive/35_series/35.936/SAGE_report/Perfevaluation.zip)
- Keith Mayes, "Performance Evaluation of the TUAK algorithm in support of the GSMA and ETSI SAGE standardisation group"; ISG Smart Card Centre, Royal Holloway University of London; Crisp Telecom Limited; (available at http://www.3gpp.org/ftp/Specs/archive/35_series/35.936/SAGE_report/Perfevaluationext.zip)
- M. S. A. Khan and C. J. Mitchell, 'Improving air interface user privacy in mobile telephony', in: L. Chen and S. Matsuo (eds.), Security Standardisation Research, Second International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings, Springer-Verlag LNCS 9497, Berlin (2015), pp.165-184.
- M. S. A. Khan and C. J. Mitchell, 'Retrofitting mutual authentication to GSM using RAND hijacking', in: G. Barthe, E. Markatos and P. Samarati (eds.), Security and Trust Management - 12th International Workshop, STM 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings, Springer-Verlag LNCS 9871, Berlin (2016), pp.17-31.
- M. S. A. Khan and C. J. Mitchell, 'Trashing IMSI catchers in mobile networks', to appear in: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017, ACM (2017).
- M. N. Kayuni, M. S. A. Khan, W. Li, C. J. Mitchell and P. Yau, 'Generating unlinkable IPv6 addresses', in: L. Chen and S. Matsuo (eds.), Security Standardisation Research, Second International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings, Springer-Verlag LNCS 9497, Berlin (2015), pp.185-199.
- K.G. Paterson and T. van der Merwe. ‘Reactive and proactive standardisation of TLS, in: L. Chen, D. McGrew and C.J. Mitchell (eds.), Security Standardisation Research (SSR), Lecture Notes in Computer Science, Vol. 10074, pp. 160-186, Springer 2016.
- M.R. Albrecht, J.P. Degabriele, T.B. Hansen and K.G. Paterson. ‘A surfeit of SSH cipher suites’, in: E.R. Weippl, S. Katzenbeisser, C. Kruegel, A.C. Myers and S. Halevi (eds.), Proceedings of the 2016 ACM Conference on Computer and Communications Security (CCS 2016), pp. 1480-1491, ACM Press, 2016.
- C. Cremers, M. Horvat, S. Scott and T. Van Der Merwe. ‘Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication’. IEEE Symposium on Security and Privacy 2016. 2016. p.470-485.
- M.R. Albrecht and K.G. Paterson. ‘Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS’. In M. Fischlin and J.-S. Coron (eds.), EUROCRYPT 2016 (1), Lecture Notes in Computer Science, Vol. 9665, pp. 622-633, Springer, 2016.
- C. Garman, K.G. Paterson and T. van der Merwe. ‘Attacks only get better: Password recovery attacks against RC4 in TLS’. In USENIX Security Symposium 2015.[USENIX version (inc. video)].
- K.G. Paterson, B. Poettering and J.C.N. Schuldt. ‘Big Bias Hunting in Amazonia: Large-scale Computation and Exploitation of RC4 Biases’ (Invited Paper) In T. Iwata and P. Sarkar (eds.), ASIACRYPT 2014, Lecture Notes in Computer Science Vol. 8873, pp. 398-419, Springer, 2014.
- N.J. AlFardan, D.J. Bernstein, K.G. Paterson, B. Poettering and J.C.N. Schuldt. ‘On the Security of RC4 in TLS’. In USENIX Security Symposium 2013.[USENIX version (inc. video); website: http://www.isg.rhul.ac.uk/tls/].
- N.J. AlFardan and K.G. Paterson. ‘Lucky Thirteen: Breaking the TLS and DTLS Record Protocols’. In IEEE Symposium on Security and Privacy, pp. 526-540, IEEE Computer Society, 2013.[Website: http://www.isg.rhul.ac.uk/tls/Lucky13.html]
- H. Krawczyk, K.G. Paterson and H. Wee. ‘On the Security of the TLS Protocol: A Systematic Analysis’. In R. Canetti, J.A. Garay (eds.), CRYPTO 2013 (1), Lecture Notes in Computer Science Vol. 8042, pp. 429-448, Springer, 2013.
- K.G. Paterson, T.E. Shrimpton and T. Ristenpart, ‘Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol’. In D.H. Lee and X. Wang (eds.), ASIACRYPT 2011, Lecture Notes in Computer Science Vol. 7073, pp. 372-389, Springer, 2011.
- J.P. Degabriele and K.G. Paterson, ‘On the (In)security of IPsec in MAC-then-Encrypt Configurations’. In E. Al-Shaer, A.D. Keromytis and V. Shmatikov (eds.), Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 493-504, ACM, 2010.
- M.R. Albrecht, K.G. Paterson and G.J. Watson, ‘Plaintext Recovery Attacks Against SSH’, IEEE Symposium on Security and Privacy, IEEE Computer Society 2009, pp. 16-26.
OAuth and OpenID Connect
- W. Li and C. J. Mitchell, 'Security issues in OAuth 2.0 SSO implementations', in: S. S. M. Chow, J. Camenisch, L. C. K. Hui and S.-M. Yiu (eds.), Information Security - 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings, Springer-Verlag LNCS 8783, Berlin (2014), pp.529-541.
- W. Li and C. J. Mitchell, 'Analysing the security of Google's implementation of OpenID Connect', in: J. Caballero, U. Zurutuza and R. J. Rodriguez (eds.), Detection of Intrusions and Malware, and Vulnerability Assessment, 13th International Conference, DIMVA 2016, San Sebastian, Spain, July 7-8, 2016, Proceedings, Springer-Verlag LNCS 9721, Berlin (2016), pp.357-376.
ISO/IEC cryptography and security standards
- C. J. Mitchell, 'On the security of 2-key triple DES', IEEE Transactions on Information Theory, 62 (2016) 6260-6267.
- C. J. Mitchell, 'Challenges in standardising cryptography', International Journal of Information Security Science, 5 no 2 (2016) 29-38.
- J.P. Degabriele, V. Fehr, M. Fischlin, T. Gagliardoni, F. Günther, G.A. Marson, A. Mittelbach and K.G. Paterson. ‘Unpicking PLAID - A Cryptographic Analysis of an ISO-standards-track Authentication Protocol’, in: L. Chen and C.J. Mitchell (eds.), Security Standardisation Research (SSR), Lecture Notes in Computer Science, Vol. 8893, pp. 1-25, Springer, 2014.
- J.P. Degabriele, V. Fehr, M. Fischlin, T. Gagliardoni, F. Günther, G.A. Marson A. Mittelbach and K.G. Paterson. ‘Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol’. International Journal of Information Security, 15(6), pp. 637-657, 2016. (journal version of the above)
- K.G. Paterson, B. Poettering and J.C.N. Schuldt. ‘Plaintext recovery attacks against WPA/TKIP’. In C. Cid and C. Rechberger (eds.), FSE 2014, Lecture Notes in Computer Science, Vol. 8540, pp. 325-349, Springer 2014.
- J.P. Degabriele, A. Lehmann, K.G. Paterson, N.P. Smart and M. Strefler, ‘On the Joint Security of Encryption and Signature in EMV’. In O. Dunkelmann (ed.), CT-RSA 2012, Lecture Notes in Computer Science Vol. 7178, pp. 116-135, Springer, 2012.
- C. J. Mitchell (editor), Trusted Computing (IEE, London, 2005), 313 pages.
- S. Balfe, E. Gallery, C. J. Mitchell and K. G. Paterson, 'Challenges for trusted computing', IEEE Security and Privacy, 6 no. 6 (November/December 2008) 60-66.
- E. M. Gallery and C. J. Mitchell, 'Trusted computing: Security and applications', Cryptologia, 33 (2009) 217-245.
Security Futures theme brings together and highlight some of the more tentative, emergent and experimental aspects of RHUL’s work in technology and security. The focus of work in this theme is to bring security researchers into conversation with those researchers who are exploring future worlds, societies, communities and economies. These collaborations are leading to new understandings of security that are leading to innovations in public policy, technology design and security education.
Our work can currently be grouped into four futures themes:
- The workplace and futures of work,
- The state and futures of security and protection,
- Future societies
- Future economies
Examples of our work include:
Future visions and outer space: Researchers in Geography and ISG are involved in work that seeks to understand ‘after Earth’ securities through engagements with analogue spaces and artificial environments on Earth to support future visions about Outer Space. This work breaks away from existing STEM research to account for the under-explored, yet profound, social, cultural, and political implications of these enclosures. It encourages critical thought about Earth futures centred on human (in)securities, sustainability and social justice rather than the inequalities that are implicit in unfolding Anthropogenic and ‘after Earth’ imaginaries. (RHUL researcher: Rikke Bjerg Jensen (ISG), Rachel Squire and Peter Adey (Geography))
Alternative security futures: State and private narratives of security, how people use stories to feel secure, keeping and sharing secrets, stories as models. (RHUL researcher: Adam Ganz (Media Arts), Claude Heath and Elizabeth Quaglia (ISG))
Refugee security and resettlement in a new land: Using techniques from micro economics to imaginatively reconstruct complex systems for the allocation of social goods (e.g. housing, refugee resettlement and welfare) in order to build empowering systems that work to serve the safety and security of all. (RHUL researcher: Will Jones (PIR))
Building on our pasts to protect our futures: The contributions of world heritage to a sustainable future and the reduction of future disaster risks. As part of this work, the links between the digital and a community’s heritage are explored to understand the ways in which such links might contribute to resilience and security. (RHUL researcher: Zena Kamash (Classics) and Lizzie Coles-Kemp (ISG))
The future state infrastructures of protection:
Future security technologies: Research to develop foundational building blocks to protect against future adversaries such as quantum computer and that also provide advanced security features such as anonymity. (RHUL researcher: Martin Albrecht (ISG))
Possible security futures in a codified society: Study of the intersections between individual security and security of digital technologies. This is a five-year study programme (running until August 2021) that brings security theories from the social sciences into conversation with digital design to develop alternatives to traditional digital security strategies (RHUL researcher: Lizzie Coles-Kemp (ISG))
Security technologies for emerging markets: We look at the use of technology in developing countries, and study the gap between secure technology design and practical technology adoption, highlighting the need for technology to be designed for and placed into a cultural and societal context and to create alternative technological designs and processes to achieve this. (RHUL researcher: Elizabeth Quaglia (ISG))
Projects related to the theme:
Squire, Rachael. 2017. "‘Do you dive?’ : Methodological considerations for engaging with ‘volume’." Geography Compass. 11(7). http://dx.doi.org/10.1111/gec3.12319
Squire, Rachael. 2017. "Sub-marine territory: living and working on the seafloor during the Sealab II experiment." In Kim Peters, Philip Steinberg, Elaine Stratford (eds.), "Territory Beyond Terra." London: Rowman & Littlefield.
Squire, Rachael. 2016. "Immersive terrain: the US Navy, Sealab and Cold War undersea geopolitics." Area 48(3): 332–338.
Coles-Kemp, L. and Hansen, R.R., 2017, July. Walking the line: The everyday security ties that bind. In International Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 464-480). Springer, Cham.