Welcome to the EPSRC Centre for Doctoral Training (CDT) in Cyber Security for the Everyday at Royal Holloway.
We are open to receive applications to commence study with the CDT in September 2021. Please review the information below for full details on entrance requirements, eligibility and how to apply.
The Centre was first established in 2013, and has as its main objective to develop cohorts of multidisciplinary researchers with a broad understanding of cyber security and a strong appreciation of the interplay between technical and social issues.
Research in the CDT will address challenges concerning:
- the technologies deployed in digital systems that people use, sometimes inadvertently, every day.
- the everyday societal experience and practice of security.
The CDT is centred around Royal Holloway's Information Security Group and partners with departments throughout the institution. CDT researchers follow a four-year PhD programme. The first year consists of comprehensive multidisciplinary cyber security training. The remaining three years focus on research in an advanced topic in the field of cyber security.
In each annual cohort, we award approximately ten fully-funded PhD studentships (four years of enhanced stipend and fees). We welcome applications from candidates with undergraduate and/or masters qualifications in a wide range of technical and social disciplines of relevance to cyber security.
Follow us on our social media platforms to keep up to date with CDT news and activities
Please explore the tabs below to learn more about the entry requirements, funding and eligibility, and how to apply to Royal Holloway's CDT in Cyber Security for the Everyday
Course Of Study
CDT researchers follow a four-year PhD programme, consisting of a Taught Element, a Research Element and an Internship.
This is delivered over the first year and aims to equip students with a baseline cyber security “body of knowledge”, spanning both technical and social aspects, including a core understanding of cyber security in practice. The taught element is delivered through a combination of modules, projects and research skills development training.
- Cyber Security Fundamentals. The four core cyber security modules from Royal Holloway’s GCHQ-accredited MSc Information Security programme.
- Principles of Securing Cyber Societies. An introduction to reasoning about cyber security from a social science perspective.
- Human Aspects of Information Security and Privacy. Concerning the relationship between people and cyber security.
- Cyber Security “In the Wild”. A programme of visits to the premises of, and visits from, external CDT partner organisations.
- Security Practice Laboratory. Two-weeks of intensive “hands-on” training exercises in a cyber security laboratory.
- Mini project. A short six-week mini project, resulting in a “white paper” report and presentation.
- Summer project. A three-month research project resulting in a substantive research report and presentation.
- Research skills. A comprehensive research skills development programme running throughout the year.
Three years of research in an area of specialism relating to cyber security, under the supervision of a dedicated supervisory team. Throughout their study, CDT researchers are expected to attend and present work at research seminars, workshops or other events off-campus, including internationally.
Potential CDT research themes include:
- Embedded technology security. Providing security and privacy for a sensor-rich hyper-connected cyberspace, including consumer electronics, industrial automation, automotive (avionics and vehicles) and medical devices.
- Secure and trusted systems. Detecting security vulnerabilities and shielding against external threats for a variety of systems ranging from personal devices to desktop workstations and cloud infrastructure.
- Cryptography and its applications. Developing and analysing the strong cryptographic infrastructure necessary for future real world applications, including outsourced data storage systems, post-quantum settings, blockchain applications.
- Trust, rights and understanding. Exploring what mechanisms we can employ to better understand and practise cyber security in social, cultural and political contexts.
- Methodological innovation in researching cyber security. Developing new approaches to exploring cyber security in order to rethink cyber security policy and system design through, for example, community engagement and ethnographically-informed research.
- Difference and inequalities in cyber security. Exploring how digital systems influence social differences and inequalities and asking what more progressive, inclusive and just forms of cyber security might look like.
Every CDT researcher is expected to undertake the equivalent of a three-month internship with an external CDT partner during their study period. There is flexibility in when and how this is instantiated. Over twenty organizations have already pledged to support internships. Previous internship destinations include The Cabinet Office, Amazon Web Services, Microsoft Research Redmond, Shine TV (Hunted), Mozilla Foundation, IBM Zurich, and NATO SHAPE.
Applicants should have, or be expecting to obtain, a high-quality (ideally first class) undergraduate or masters (ideally distinction) degree in a relevant discipline. Suitable backgrounds are (but not limited to) computer science, criminology, economics, electronics engineering, geography, geopolitics, information security, law, mathematics, philosophy, politics, psychology, software engineering and war studies. We will also consider applicants with a professional background, so long as they are able to provide evidence of demonstrable academic skills as well as practical experience.
Following UKRI’s announcement that UKRI studentships will be opened up to international candidates from the 2021/22 academic year, we can announce that we are now able to recruit international students to commence PhD study with the CDT in September 2021. International students* will receive the full award, to include stipend and fees.
*EU and EEA students who are recruited to start from AY 2021/22 onwards, will become international students.
To be classed as a home student, candidates must meet the following criteria:
• Be a UK National (meeting residency requirements), or
• Have settled status, or
• Have pre-settled status (meeting residency requirements), or
• Have indefinite leave to remain or enter
If a candidate does not meet the criteria above, they would be classed as an International student
Please ensure you are familiar with the eligibility criteria set by UKRI and their terms and conditions.
Please also refer to EPSRC Student Eligibility for further details.
How to Apply
**** RECRUITMENT TO COMMENCE STUDIES WITH THE CDT IN SEPTEMBER 2021 IS NOW OPEN ****
Application to the CDT involves a three-step process.
Step 1: Informal enquiry
Candidates should make an initial informal enquiry by email to discuss suitability for the CDT programme. Please include:
- a CV highlighting academic background and experience;
- a brief motivation for pursuing a PhD in Cyber Security at Royal Holloway.
Before sending an enquiry, please make sure you are aware of the entrance requirements, including those related to CDT funding.
Step 2: Formal application
After an initial assessment, applicants may be invited to submit a formal application.
When filling in your application online, please select "PhD Information Security" (under "Information Security Group"). You should include the following four pieces of information in your application (these can be covered in section labelled Supporting Statement):
- A clear statement that you are applying to the CDT in Cyber Security for the Everyday.
- A detailed explanation why you wish to pursue a PhD in cyber security.
- Why you think you would be a good fit for the CDT, and why the CDT training model is suitable for you.
- An indication of the research areas that most interest you, and why (you do not have to formally define a full research project, although you are welcome to do so).
In the online application, you will be asked to nominate one referee. For CDT admissions, we will need a second reference letter. When sending your application please also name a second referee. You should contact this second referee directly, and ask them to send their reference letter directly to CyberSecurityCDT@royalholloway.ac.uk (the first referee will receive an automated request from the admissions system, and their reference letter will be included in your application).
Step 3: Interview
We will start a formal assessment as soon as we receive your application and will contact you as soon as a decision is made. In most cases, if we are impressed with your application then we will invite you to visit Royal Holloway for an interview.
Sample Research Topics
Our research topics take advantage of the CDT's interdisciplinary nature to tackle major challenges in many different areas of cyber security. Below are some sample areas of research. These are not the only topics we supervise, but they do demonstrate the range of research areas we cover.
Note that applicants need not have a specific project to apply for the CDT, as a research project can be determined towards the end of the first year of the programme.
Social and Societal Foundations of Cryptography: The Case of Large-Scale Protests
Cryptography is a field that actively interrogates its foundations. These foundations are, unsurprisingly and sensibly, understood to be of the complexity-theoretic and mathematical variety. However, cryptographic security notions -- and everything that depends on them -- do not exist in a vacuum, they have reasons to be. While the immediate objects of cryptography are not social relations, it presumes and models them. This fact is readily acknowledged in the introductions of cryptographic papers which illustrate the utility of the work by reference to some social situation where several parties have conflicting ends but a need or desire to interact. Yet, this part of the definitional work has not received the same rigour from the cryptographic community as complexity-theoretic and mathematical questions.
This project aims to take first steps towards remedying this situation by grounding cryptographic security notions in findings emerging from ethnographic fieldwork in adversarial situations. In particular, it considers protesters in large-scale protests and aims to understand their security needs, practices and the technologies they rely upon. The project then also analyses these technologies, i.e. attempts to break their security, and proposes new solutions based on the findings from fieldwork. By bringing cryptographic security notions to *the field*, the project provokes a series of security questions about, for example, confidentiality and anonymity in online and offline networks, trust relations and how to establish them, onboarding and authentication practices.
We seek applicants with either a background in mathematics and/or computer science or related disciplines or a background in ethnography or experience using related qualitative social science methods.
What does “secure” mean in Information Security?
Mesh Messaging in Large-scale Protests: Breaking Bridgefy
ully homomorphic encryption enables the evaluation of arbitrary functions on encrypted data, without requiring access to the secret key. This cryptographic primitive can enable a variety of practical applications in secure outsourced computation, for example, in the setting of privacy-preserving machine learning. On the theoretical side, homomorphic encryption can be a useful tool to construct advanced primitives and protocols including indistinguishability obfuscation, electronic voting, and Private Information Retrieval.
Research in fully homomorphic encryption has moved swiftly since the first scheme was presented by Gentry in 2009, with modern schemes being many orders of magnitude faster than early schemes. In 2017, a community effort involving researchers from government, industry and academia was launched towards standardising homomorphic encryption. Researchers from the Information Security Group at Royal Holloway have been actively involved in this effort and have strong connections with other research groups in this area.
Moreover, researchers from the Information Security Group have been involved in all aspects of developing homomorphic encryption, including cryptanalysis, noise growth analysis, encoding, implementation, and investigating specific practical applications. We are seeking interested students to further push forward the state of the art in this area of growing importance.
Applicants should have a background in mathematics, computer science, or a related discipline. Prospective applicants are welcome to discuss with Dr Rachel Player
Lattice-based and Post-quantum Cryptography
The threat of large-scale, general-purpose quantum computers to existing public-key cryptographic solutions has lead to global efforts to standardise post-quantum cryptography as a replacement. In particular, the NIST Post-Quantum Cryptography is now in its third and final round. One of the front-runners for problems to base post-quantum cryptography on are hard problems on lattices. Five out of seven finalists of the NIST processes are based on lattices.
Thus, it is a natural question to ask how long it actually takes to solve these problems on lattices. The better we understand this problem the more confidence we can have in the cryptographic solutions soon to be deployed globally.
The security of lattice-based cryptography is a pressing research question for a second reason. Many innovations in the field of cryptography in recent years rely on lattices as their foundation. For example, all the ways in which we know how to compute arbitrary functions on encrypted data – homomorphic encryption – are based on lattices.
The Information Security Group at Royal Holloway has a strong track record in this area and we are seeking students to join our efforts to address this pressing research question. The directions this PhD can go into are manifold: (asymptotic) algorithm design and analysis, implementations, experimental validation, quantum computing, side-channel analysis, active attacks against protocols using lattice-based primitives, studying special cases relevant in practice, …
We seek applicants with a background in mathematics and/or computer science or related disciplines.
Prospective applicants are welcome to discuss with Prof Martin Albrecht
Test, Trace and Track: the cyber-securities of the UK's Covid-19 personal tracing apps.
Since the global spread of the COVID19 virus, a number of countries across the world have implemented their own form of a testing, track and trace services. Some of these different national contexts have developed what have become known as COVID tracing apps. Whilst these systems have worked very differently - Israel used the powers of its intelligence and security agency Shin Bet and emergency law in what the Israel Democracy Institute has characterised as a ‘Central Mandatory mass surveillance system’ - there are other systems in the Republic of Ireland, Australia, Singapore, Germany, Switzerland, South Korea and elsewhere. Two broad approaches have coalesced around the systems underlying the function of the app. The decentralised approach (as advocated by large tech firms Google and Apple together), which stores data locally on phones, and the centralised approach, which reports data to a centralised server potentially under government control. The differences between these approaches have led to heated debates about privacy and where to place trust in large-scale digital systems handling sensitive data.
The UK government, already late to lock-down in contrast to neighbouring European countries, has so far failed to deliver a national track and trace app, its development seemingly pushed into the long-grass. This is in favour of a massive recruitment drive to recruit thousands of track and trace personnel to call and guide members of the population who have come into contact with people who have tested positive for the virus.
Although some university research groups have developed their own apps which are available to download and use, the UK’s initial proposal for a national app – which was piloted on the Isle of White and developed by the NHS’s digital unit NHSX - was beleaguered by technical issues. It’s design was also controversial, with a group of information security and cyber security specialists signing an open letter expressing numerous concerns, not least about the possibility of the app for mass social surveillance given the extensive information the app could hold over social contacts (the ‘social graph’). Others have expressed concern that the app will not be widely used by the poorest and most vulnerable, perhaps without access to a smart phone, who cannot afford data plans, who share a mistrust for government and state authority, or the systems which they are already marginalised by.
The project will investigate the historic and continued development of a UK tracing app and examine key issues including:
- The cryptographic debates and the control over personal information
- Trust in government systems during the COVID crisis
- The role of publics and communities weighing their obligations to so called ‘public duty’ and personal self-care.
- The construction and representation of scientific and (cyber)security knowledges through the app and its development.
- The mediatisation of health surveillance through personal apps and smart phones.
- Digital marginality and social inequalities.
We seek applicants with an interest in cyber-security but come from a social science or humanities discipline, with at least an undergraduate degree in a field cognate to Human Geography; Politics and IR; Sociology; Criminology; Science and Technology Studies; Social Studies of Health or Medicine, or the Medical or Digital Humanities. Ideally, applicants will have experience in the collection, handling and ethical treatment of qualitative data, and experience of research methodologies such as ethnography and participant observation, semi-structured interviews, policy and documentary analysis.
Prospective applicants are welcome to discuss with Prof Peter Adey and Prof Keith Martin
Management and Governence
Prof Keith Martin is the CDT Director and is responsible for the day-to-day management of the CDT. Responsibilities include coordinating recruitment, overseeing delivery of training, arrangement and management of supervision and liaison with external partners. The CDT Director also acts as the ultimate point of contact for CDT student welfare issues.
Claire Hudson is the CDT Manager, supporting day-to-day running of the CDT and acting as a first point of contact for CDT students, with particular responsibilities for managing admissions, financial reporting, communications and event management.
The Management Committee is chaired by the CDT Director, and supports all aspects of the CDT operation. The Management Committee is:
The Advisory Panel provides independent advice on the strategic direction, coverage and progress of the CDT. The Advisory Panel includes experts from industry, academia and public sector. The Advisory Panel is:
Professor Emma Barrett University of Manchester
Timothy Bauge Research Group Leader: Thales UK
Bedria Bedri Independent Advisor
Robert Carolina Executive Director: ICSI
Professor Liqun Chen University of Surrey
Conn Crawford Partnership Development Manager: 5G North East
Budgie Dhanda 3BDA
Professor Paul Dorey CSO Confidential. IISP
Sarah Foster DCMS
Dr Richard Horne PwC
Professor Johannes Kinder Bundeswehr University, Munich
Emma Leith Director Cyber Programme & Strategy: Santander
Peter Lockhart Roke Manor Research
Professor Igor Muttik CEO: Cyber Curio
Professor Kenny Paterson ETH Zurich
Professor Bart Preneel KU Leuven
Dr Simon Shiu HP Labs
Dr Thyla van der Merwe Cryptography Engineering Manager: Mozilla
Current CDT Researchers
||James completed a BA in Politics and an MSc in Defence, Development and Diplomacy at Durham University; with a focus on Lethal Autonomous Weapons Systems and their impacts upon modern warfare. After leaving university, James worked in education, supporting children with Special Educational Needs. His research interests centre around how cyber impacts International Relations, utilising systems modelling and interdisciplinary insights.|
||Stephanie has a BA in Economics from Coventry University and an MSc in Global Economic Governance and Policy from SOAS, University of London. She has played a significant role in the development and manufacturing of high-profile initiatives in Slovakia, Morocco, the United Kingdom and several West and East African nations through her diverse policy and consultative experience with the UK Home Office, BBC Africa, Essex County Council, UN Women and the European Commission, promoting freedom of information, digital literacy and gender equality. Her research interests are focused on the human factors of cybersecurity within emerging economies|
||Dan studied computer science at the University of Cambridge. After
finishing in 2015, he spent several years working as a software
developer. He recently completed a masters in the Mathematics of
Cybersecurity at Bristol University. Dan is excited to join
the CDT, and pursue research in cryptography with an eye for
|Sofia Liemann Escobar||Sofia graduated from King’s College London in 2018 with First Class Honours in War Studies. She then obtained a Master’s in International Security at Sciences Po in Paris. She is currently interested in the intersection of strategy, geopolitics, and cyber security.|
||Kyra joined the CDT after completing an undergraduate degree in Computer Science from the University of Cambridge. Her interests focus on applying machine learning and big data methods to cyber security problems, as well as finding vulnerabilities in IoT and mobile sensor systems|
||Elle achieved a First Class BA(Hons) in Criminology, Psychology and Social Justice from the University of Sussex (University Centre Croydon). Recipient of the 2018 University of Sussex Vice-Chancellor’s prize for Exceptional Performance and the 2018 UCC Principal Award for Outstanding Scholarship. She then moved on to attain a MA with Distinction in War and Society at Swansea University. Work included exploring the adoption of militarised processes and military inspired digital technology within Policing and the Criminal Justice System. Research interests focus on the intersection of social harm, risk, profiling, power and knowledge in relation to digital technologies. Particularly, how algorithms, Big Data and surveillance interlink with domestic policing and the Criminal Justice System and their wider social consequences. Elle's interests are grounded in critical criminology, zemiology and cybersecurity.|
||Giuseppe holds a MSc in Electronic Engineering from the University of Pisa, Italy. Prior to joining the CDT, he spent more than fifteen years in the automotive industry developing Hardware-In-the-Loop systems for engine control units. Giuseppe is currently studying to complete his MSc in Information Security at Royal Holloway. He is mostly interested in penetration testing, malware analysis and development of innovative tools for cybersecurity|
||Emma completed her undergraduate degree in Mathematics at King's College London before completing Part III Maths at the University of Cambridge where she focused on combinatorics and number theory. Her research interests are centered around cryptography but she is also interested in the wider picture of cyber security in society.|
||Neil completed an undergraduate degree in Philosophy, Politics and Economics at Balliol College, Oxford. After leaving university he worked for defence and security company Jane's in a variety of roles, latterly as the deputy editor of the monthly magazine, Jane's Intelligence Review. He is interested in the intersection of cyber security and intelligence.|
Nicola recently completed the Information Security MSc at Royal Holloway, working on autonomous vehicle security for her dissertation. Prior to this she spent over 11 years working within the Transaction Services team at PwC London. She also has a degree in physics from Cambridge University.