Security and Resilient Systems Research Highlights

A major new project exploring how to regain the public's trust in digital technology.

Project Leaders: Professor Aad van Moorsel (PI), Dr Kovila Coopamotoo (Co-I), Dr Karen Elliott (Business School Co-I)

Other Staff: Ehsan Toreini, Mhairi Aitken (Business School), Magdalene Ng, Jon Warwick

Sponsor: EPSRC

Partner: Atom Bank

The FinTrust project is researching the issue of trust in FinTech (one of the major growth industries in the United Kingdom).

Project aims:

• develop a trust model for Fintech services, particularly for algorithm-based automated services
• develop deep evidence-based understanding and quantitative assessment of the psychological and user interaction elements of human (consumer) trust
• develop an approach for systematic augmentation of algorithm-based automated services to enhance trust and deal with technology breakdowns
• design and implement a Fintrust Trust Engineering Toolkit which translates our understanding and techniques into reusable methods and software tools

The research results will be made available as a Trust Engineering Tool Kit. This will allow service providers, regulators and consumer organisations to:

• assess levels of trust
• quantify the extent to which trust matters to consumers and trust attitude differentiates consumers
• assess bias in automated advice
• establish whether algorithms may lead to financial exclusion or financial distress and protect services from erroneous algorithmic results

Creating solutions for managing access to data relating to shared spaces found within smart buildings.

Project Leaders: Dr Charles Morisset (PI on MaCSS and CoI on PETRAS), Dr John Mace, Dr Luke Smith (Engineering)

Partners: Creative Space Management

We are involved in the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, leading the Catalyser project: Markets for Connected Shared Spaces (MaCSS).

Project aims:

• work closely with stakeholders to understand the social, technical and legal aspects of data privacy, security and management in the area of the internet of things (IoT) and smart infrastructure
• design and implement a user-facing smart building data management platform, which will adapt data anonymisation and visualisation techniques for smart buildings

Investigating the security and privacy issues raised by Active Buildings.

Project Lead: Professor Sara Walker (Engineering)

Other Staff: Dr Charles Morisset, Professor Aad van Moorsel, and Dr Ricardo Czekster (Research Associate)

We are part of the newly created Active Building Centre (ABC). We aim to revolutionise the way the UK designs, constructs and operates buildings.

Active Buildings incorporate and integrate energy generation, storage, and release technologies. They enable energy resilient communities that are powered by the sun and share energy with transport and other buildings.

These dynamic and flexible features make them more vulnerable to cyber-attacks, especially in a hyper-connected environment.

Project aims:

• investigate the security and privacy issues raised by Active Buildings from multiple perspectives (builder, user, power network, etc)
• interact with the different partners in the Centre to create attack trees, and to design cyber-incident response plans

Investigating the security and privacy issues raised by the usage of V2G chargers.

Project Lead: Dr Myriam Neaimeh (Engineering)

Other Staff: Dr Charles Morisset and Roberto Metere (Research Assistant)

Newcastle University is a partner on the £9.8m e4Future project. This project is led by Nissan, working in collaboration with:

• National Grid
• UK Power Networks
• Northern Powergrid
• E.ON
• Imperial College London

The research at Newcastle is led by the National Centre for Energy Systems Integration (CESI).

We are investigating the security and privacy issues raised by the usage of V2G chargers, from multiple perspectives (user, aggregator, power network, etc). We plan to create attack trees, and to design cyber-incident response plans.

Looking at ways to reshape the cybersecurity landscape with secure computation.

Project Lead: Dr Changyu Dong

Other Staff: Changhui Hu

In the past few years, we have seen a dramatic increase in the scale and financial damage caused by cyber-attacks. A survey commissioned by the government's Department for Business, Innovations and Skills (BIS) found that 93% of large businesses and 87% of smaller businesses suffered security breaches during 2013.

Secure computation has the potential to completely reshape the cybersecurity landscape, but this will happen only if we can make it practical.

Recently, we have found ample evidence in our own and also others' research that data structures can be a key efficiency and scalability booster of secure computation.

Project aims:

• design concrete data structures that enable practical secure computation over large data with sound security guarantees
• lay down the theoretical foundation of this data structural approach. Establish design principles to guide the future development of new data structures
• provide tool support for developers or other researchers who want to use our data structures as building blocks in their secure computation schemes

How can we convince others that a system is secure without giving the game away by disclosing its blueprint?

Project Lead: Dr Thomas Gross

Other Staff: Dr Ioannis Sfyrakis, Dr Syh Yuan Tan

CASCAde investigates how computer systems can be certified in such a way that their security properties can be proven to a verifier without disclosing sensitive information about the system or giving the game away by leaking its blueprint. CASCAde draws on a new cryptographic technique in digital signatures that allows to sign complex graph data structures such that their properties are accessible to zero-knowledge proofs of knowledge.

This approach has a wide range of applications including security assurance of virtualized infrastructures but also supporting relational anonymous credentials on social graphs.

How can we convince others that a system is secure without giving the game away by disclosing its blueprint?

Project Lead: Dr Maryam Mehrnezhad

CyFer examines the cybersecurity, privacy, bias and trust in female-oriented technologies (FemTech) focusing on fertility tracking apps and IoT devices.

Fertility apps have millions of users and IoT devices are starting to boom ($50 billion by 2025). These technologies gain user-entered data and take body measurements via sensors. By collecting a vast amount of data and processing them through advanced algorithms e.g. AI, these technologies assist in managing reproductive and sexual health, and give scientists more insight about people’s bodies.

However, there is a lack of clarity in the law (e.g. GDPR) and the industry practice in relation to this extremely sensitive data on different levels i.e. user consent, third-party sharing, and algorithmic bias which may lead to malicious purposes. There is evidence that the main audience of these products (women) have been historically discriminated by algorithms (e.g. AI).

The CyFer project looks to build on the research team’s previous work that demonstrated how the majority of fertility apps (some associated with IoT devices) start tracking the user right after the app is open and before any user consent, and how new sensors (e.g. on IoT devices) can put users at serious risk, yet the user perception is far less than the actual risks.

The CyFer project looks to achieve its aims by (1) evaluating security and privacy of fertility technologies, (2) investigating user perception and practice and (3) studying socio-technical bias and trust in data, algorithms and AI systems.