Current research projects include
Cloud Cyber Security and Forensics
The increase in cloud services and operations by organisations and businesses has led to an increase in different security threats and vulnerabilities.
In the last couple years, the security community have witnessed a significant increase in cybercrime and security challenges on cloud computing in general and on cloud data, cloud mobile users and infrastructure in particular.
Cloud security refers to development of technologies, security controls and policies to protect cloud data and services such as platform (PaaS), software (SaaS), infrastructure (IaaS). Therefore, security for cloud computing is becoming of great interest to cloud service providers as well as to potential cloud customers. Similarly, the need for digital forensics analysis and acquisition for cloud computing has become more important.
Recent developments in protocols for secure cloud computing, cloud forensics and security standards are key factors in the growth of cloud security management.
Control Systems Security
Most industries and their critical infrastructure rely heavily on control systems and data networks.
The increase in the electronic services and operations for industries has led to an increase in threats and malicious activities.
Recently, the security community have witnessed a significant increase in security threats on critical industrial infrastructure and systems such as nuclear power utilities, oil and gas industry, nuclear power generation systems and petrochemical plants etc.
During the last couple of years, emerging security risks and violations have been identified and have had a negative impact on critical industrial systems and services.
Cyber security threats include such issues as energy and power generation failures, control systems malfunction, and hazardous material accidents.
Critical Infrastructure Protection
There has been an increase in the number of security threats and malware activities targeting critical infrastructure.
The failure to address such risks within all aspects of infrastructure systems and networks may have serious implications for industrial organisations and businesses.
The European Programme for Critical Infrastructure Protection (EPCIP) is concerned with the protection of critical infrastructure in EU. The EPCIP developed a procedure for identifying the European critical infrastructure which is implemented by the European Commission’s directive. This directive focuses on the transport and energy sectors.
In the last couple years, the security community have witnessed a significant increase in security violations and risks to various critical infrastructure systems including Telecom networks, Power generation systems, Financial and Healthcare services networks, etc.
The recent advances in the field of infrastructure systems security is a key factor in the growth of critical infrastructure services and operations in the 21st Century.
We are investigating the use of a Random High-Rate Binary (RHRB) stream for the purpose of key distribution, in which a broadcaster sends random content at a high rate.
Members of a key group share a weak secret and use it to make a selection of bits from the RHRB stream at low rate. This permits a strong key to be collected from a very large broadcast, making it infeasible for an interceptor to store the stream for cryptanalysis.
The members of the key group have no need to capture the whole stream, but store only the tiny part of it that is the key.
Effectively this allows a pseudo-random sequence generated from a weak key to be leveraged up into a strong genuinely random key.
Contact: Professor Bruce Christianson
Technological innovations and the Internet have contributed to the rise of cyber attacks. As a result, the need to recover and understand how a system can be the target or the tool of the attack leads to the forensic examination of digital evidence.
Digital forensics is a multidisciplinary area that brings together academia, law enforcement and industry to explore and improve practices and procedures.
Game Theoretic Protocol for Wireless Networks
Wireless networks are dynamic environments, designed to be cooperative with all nodes complying with a given set of rules. For the IEEE 802.11 MAC protocol, however, such rules are not enforced and hence there are no guarantees that nodes will follow such rules. As in dynamic environments, the behaviour of a node may therefore change, with respect to time. Several game theoretic models have been proposed to such misbehaviour problems.
We model the MAC protocol as a non-cooperative supergame (dynamic game) with adaptive strategy. In a dynamic wireless environment, in order to optimise performance and ensure fair channel utilisation, all nodes must have the ability to independently select or adjust their strategies in response to the behaviour or strategies employed by other nodes on the network.
The model enables nodes to evaluate the state of the game in order to select appropriate strategy for better utility in a misbehaviour scenario.
Contact: Dr Joe Spring
The Internet of Things (IoT) is concerned with connecting uniquely identified 'things' such as electronic objects and devices through the Internet and various media. Those objects and devices will be designed to be open, and require more complex control algorithms and open network protocols. This is to provide services to different applications, interconnected distributed systems and infrastructure such as transport, energy, healthcare and smart cities supporting smart homes that are remotely controlled using smartphones.
IoT is gaining momentum as billions of devices and wirelessly connected systems will soon be adopting various IoT technologies, exchanging sensitive information and connected via IPv6. However, as a distributed environment for an open market and a rich source of 'big data' with unlimited systems interactions, IoT would allow attackers to identify many vulnerable targets. Therefore, the security of IoT has come into question which means that IoT will require robust and secure systems. Moreover, different risks and cyber-attacks are likely to increase and the potential for unauthorised access to services and malicious activities is immense.
Recent advances in the fields of IoT such as embedded systems security, and industrial malware analysis, detection and prevention are a key factor in the growth of IoT services and operations.
Mobile ad hoc Networks
The decentralised administrative nature of mobile ad hoc networks (MANETs) presents security vulnerabilities that can lead to various forms of attacks.
To enhance security in MANETs, trust and reputation management systems (TRM) have been developed to serve as measures in mitigating threats arising from unusual behaviours of nodes and to enforce cooperation among the nodes.
Most existing TRM systems in MANETs proposed models that focus mainly on penalising and isolating uncooperative nodes to enforce collaboration among nodes.
Due to the constrained nature of the nodes in MANETs, the cooperative nodes’ energy may be exhausted. This may lead to adverse effects on trust and reputation as well as individual network performance of the cooperative nodes.
This project develops and evaluates a novel Candour-based trust and reputation management system which measures and models reputation and trust of nodes in the network.
The research investigated how the Candour-based TRM model employs a Dirichlet probability distribution in modelling the individual reputation of nodes. The trust of each node is computed based on the node’s actual network performance and the accuracy of the second-hand reputations it gives about other nodes.
Contact: Professor Bruce Christianson
Data mining and pattern recognition techniques are increasingly used for threat assessment.
Recent applications include discovering causal relationships in patterns of terrorist activity, latent semantic analysis for discovering associations between threat actors, and for detecting malware using machine learning techniques.
Wireless Sensor Networks
One emerging application for Wireless Sensor Networks (WSNs) involves their use in healthcare where they are generally termed Wireless Medical Sensor Networks (WMSNs).
In current healthcare applications, there are many problems concerning security policy violations such as unauthorised denial of use, unauthorised information modification and unauthorised information release of medical data in the real world environment.
Current WSN access control models use the traditional Role-Based Access Control (RBAC) or cryptographic methods for data access control, but the systems still need to predefine attributes, roles and policies before deployment. However, it is difficult to determine in advance all the possible needs for access in real world applications because there may be unanticipated situations at any time.
This research explores possible approaches to address these issues and to develop a new access control model to fill the gaps in work done by the WSN research community.
To address the conflict between data availability and data privacy, this research proposes the Trust-based Adaptive Access Control (TBA2C) model that integrates the concept of trust into the previous model.
Contact: Professor Bruce Christianson
Members of the Centre have taken part in the following conferences recently:
- International Workshop on Digital Forensics
- International Conference on Cyber Warfare and Security 2018, Track on Cyber surveillance in the modern information environment
- International Workshop on Cybercrimes and Emerging Web Environments
- Digital Footprints, Portcullis House, Houses of Parliament
- Open Source Intelligence and Digital Forensics, Forensic Science in Defence and Security Conference, RMCS Shrivenham
- GCC Forensic Science Conference
- ICCWS - 17th International Conference on Cyber Warfare and Security