The Information Security Group is a research-active department. We host seminars across the breadth of information, and cyber, security, inviting both ISG staff and external researchers.
Seminars in 2024-2025 will run from 11am-12pm in the Bedford Building (CDT Room; 00-3).
Autumn Term
Wednesday 2 October: Watermarks in the Sand: Impossibility of Strong Watermarking for Generative Models by
Danilo Francati (Royal Holloway, University of London)
Watermarking generative models consists of planting a statistical signal (watermark) in a model's output so that it can be later verified that the output was generated by the given model. A strong watermarking scheme satisfies the property that a computationally bounded attacker cannot erase the watermark without causing significant quality degradation. In this paper, we study the (im)possibility of strong watermarking schemes. We prove that, under well-specified and natural assumptions, strong watermarking is impossible to achieve. This holds even in the private detection algorithm setting, where the watermark insertion and detection algorithms share a secret key, unknown to the attacker. To prove this result, we introduce a generic efficient watermark attack; the attacker is not required to know the private key of the scheme or even which scheme is used. Our attack is based on two assumptions: (1) The attacker has access to a "quality oracle" that can evaluate whether a candidate output is a high-quality response to a prompt, and (2) The attacker has access to a "perturbation oracle" which can modify an output with a nontrivial probability of maintaining quality, and which induces an efficiently mixing random walk on high-quality outputs. We argue that both assumptions can be satisfied in practice by an attacker with weaker computational capabilities than the watermarked model itself, to which the attacker has only black-box access. Furthermore, our assumptions will likely only be easier to satisfy over time as models grow in capabilities and modalities. We demonstrate the feasibility of our attack by instantiating it to attack three existing watermarking schemes for large language models: Kirchenbauer et al. (2023), Kuditipudi et al. (2023), and Zhao et al. (2023). The same attack successfully removes the watermarks planted by all three schemes, with only minor quality degradation.
Danilo Francati is a Lecturer in the Department of Information Security at Royal Holloway, University of London. Before joining Royal Holloway, he was a Postdoctoral Researcher at George Mason University (2024) and Aarhus University (2021–2024). He earned his Ph.D. in September 2021 from Stevens Institute of Technology, where he conducted his research under the guidance of Giuseppe Ateniese. His research focuses on theoretical and applied cryptography, particularly advanced public-key primitives, blockchain, space-based primitives, and privacy-preserving machine learning. His work on Proof of Space has received support from Protocol Labs. Danilo regularly publishes in leading security conferences, including CRYPTO, EUROCRYPT, CCS, and IEEE S&P.
Wednesday 16 October: Towards a community-based approach to cyber security for SMEs
Steven Furnell (University of Nottingham)
Smaller organisations can face many of the same cyber security challenges as their larger counterparts, but often lack the knowledge and resources to support themselves in addressing the problems. Drawing from findings from the ongoing CyCOS project, the presentation examines the diverse range of sources that smaller organisations may encounter when seeking cyber security guidance, as well as the inconsistent and potentially confusing coverage they may see as a result. It also presents views collected directly from SMEs and those providing them with cyber security support, illustrating that while some action may be taken, it is often limited in scope, and rarely proactive in nature. The findings support the desirability of a new community-based approach to support, bringing small businesses and advisors together in a more accessible context, with the hope of encouraging and assisting their engagement with cyber security issues.
Prof. Steven Furnell is Professor of Cyber Security in the School of Computer Science at the University of Nottingham. His research interests include security management and culture, usability of security and privacy, and technologies for user authentication and intrusion detection. He has authored over 390 papers in refereed international journals and conference proceedings, as well as various books, book chapters, and industry reports. Steve is the UK representative to Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a board member of the Chartered Institute of Information Security, and a member of the Steering Group for the Cyber Security Body of Knowledge (CyBOK) and the Careers and Learning Working Group within the UK Cyber Security Council. Steve is also the Principal Investigator on the CyCOS project, looking at enhancing cyber security support for small organisations.
Wednesday 30 October: Quantum CCA-Secure PKE, Revisited
Varun Maram (SandboxAQ)
Security against chosen-ciphertext attacks (CCA) concerns privacy of messages even if the adversary has access to the decryption oracle. While the classical notion of CCA security seems to be strong enough to capture many attack scenarios, it falls short of preserving the privacy of messages in the presence of quantum decryption queries, i.e., when an adversary can query a superposition of ciphertexts.
Boneh and Zhandry (CRYPTO 2013) defined the notion of quantum CCA (qCCA) security to guarantee privacy of messages in the presence of quantum decryption queries. However, their construction is based on an exotic cryptographic primitive (namely, identity-based encryption with security against quantum queries), for which only one instantiation is known. In this work, we comprehensively study qCCA security for public-key encryption (PKE) based on both generic cryptographic primitives and concrete mathematical assumptions, yielding the following results:
- We show that key-dependent message secure encryption (along with PKE) is sufficient to realize qCCA-secure PKE. This yields the first construction of qCCA-secure PKE from the LPN assumption.
- We prove that hash proof systems imply qCCA-secure PKE, which results in the first instantiation of PKE with qCCA security from (isogeny-based) group actions.
- We extend the notion of adaptive TDFs (ATDFs) to the quantum setting by introducing quantum ATDFs, and we prove that quantum ATDFs are sufficient to realize qCCA-secure PKE. We also show how to instantiate quantum ATDFs from the LWE assumption.
- We show that a single-bit qCCA-secure PKE is sufficient to realize a multi-bit qCCA-secure PKE by extending the completeness of bit encryption for CCA security to the quantum setting.
This is joint work with Navid Alamati (VISA Research).
Varun Maram is a postdoc in the Cybersecurity Group at SandboxAQ. His current research interests lie in quantum-resistant cryptography, with an emphasis on provable post-quantum security of real-world cryptographic systems. He obtained his PhD at ETH Zurich in 2023 where he was part of the Applied Cryptography Group. Varun's research has been recognized with best paper awards at PKC 2023 and PKC 2024 (the latter was awarded to the above work). He is also a co-submitter of "Classic McEliece", a key-establishment scheme which is currently in contention in the fourth round of NIST’s post-quantum cryptography standardization project.
Wednesday 11 December: From the Humanitarian Camp to the High Seas: Challenging the production of the exceptional through the everyday
Hannah Owens (University of Hertfordshire)
Scholars in International Political Sociology (IPS) engaging with issues relating to mobility grapple with how various dynamics “escape” nation states and their borders. These approaches challenge understandings of the international that are often locked in conceptions of space and the political that are based around territory and states. Yet, the spatial and material implications of concepts such as the “space of exception”, or spaces that materially challenge the logics of territory (cyberspace, the high seas, refugee camps) have been left undertheorised. These spaces however are not “negative space” outside territory but rather sites with their own material and political specificity. Through a focus on mobility as a global challenge, this paper explores this friction, to consider how the exceptional and international become diffused in ordinary living and everyday practices. We offer two distinct examples through which to analyse these dynamics; the ability of humanitarian practice to consign spaces to the realm of exception and the ways in which commercial logics of maritime transport have carved out the space of the sea as beyond legal oversight and protection. These show the crucial frictions behind the production of the exceptional through the everyday, as both a conceptual and methodological tool.
Dr Hannah Owens is an interdisciplinary scholar working across International Relations, Security Studies, Migration Studies and Geopolitics. After completing a PhD at QMUL in 2023, Hannah worked as a Lecturer in PIRP, RHUL, before starting at the University of Hertfordshire as a Lecturer in Politics and IR. Inspired by decolonial, race and gender theory, Hannah’s research explores how migration, ruralisation and social justice shape everyday politics and security in the Middle East. Through a qualitative multi-methods approach, including ethnography, interviews, policy and discourse analysis, and visual and mobile methods, they research the role of state and non-state actors, aid organisations and civil society networks, drawing out the identity politics and protection practices of non-camp refugees and rural host communities.