In the Security and Privacy Seminar Series, we have the following upcoming talks:
Please contact if you would like to give a talk.
The National Cyber Security Centre (NCSC), part of GCHQ, is the UK’s authority on cyber security. It combines world-class academic research with industrial innovation to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience.
Its recognition of Birmingham as an ACE-CSR signifies the consistently high-quality research being conducted in the Security and Privacy group at the University.
The group has expanded greatly in recent years, reflecting the University's continued commitment to supporting world-leading research into cyber security issues affecting industry, government and society.
Professor Mark Ryan, Head of the Security and Privacy group at the University of Birmingham, said:
‘Everything we do in the future will involve digital technology, whether it's driving a car or turning on a light switch. This will create new opportunities and new risks. Therefore it's really important to research the fundamentals and implementations of cyber security.
‘Our renewed recognition as an ACE-CSR is a welcome acknowledgement of the importance of our contribution to cyber security research.’
Over the next five years, the Security and Privacy Group will continue to build on its current reputation with exciting new projects and collaborations in areas such as automotive security, the Internet of Things, Industrial Control Systems and post-quantum cryptography.
The announcement was made today by the Minister for the Cabinet Office, the Rt Hon. Ben Gummer MP, who said:
'Britain has to stay one step ahead of the often invisible cyber wars taking place on our networks, in our homes, and across our infrastructure. We can only do that with truly ground-breaking research. It is critical that the entire UK maintains its strength in this area, from London to Lancaster and from Belfast to Edinburgh.'
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, added:
'It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.
'At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.
'These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.'
At a launch event held in the School of Computer Science on 3 November 2016, Professor Mark Ryan was inaugurated as the HP Research Chair in Cyber Security. The position marks a five-year strategic partnership between HP and the University of Birmingham, to conduct world leading research that will tackle the future architectures and protocols for the increasing range of connected devices that forms the Internet of Things (IoT).
Professor Ryan said of the research: 'The internet of things is going to bring a new wave of innovation, affecting how the physical world and the digital world interact. Figuring out how to support privacy and security for users in this setting is a huge task. This research chair is a great opportunity to work with a company that can complement the skills of academics and help bring theoretical ideas into practical realities.'
'Increasing pervasiveness of technology means cyber security will become even more important and challenging. It is a top priority to invest now in research and partnerships to address this issue,' said Simon Shiu, Director of HP’s Security Lab. 'Academia, business and government each have different contexts, experiences and skillsets. It is critical for us to work together to successfully address our shared future cyber security challenges. This new Chair is a critical step forward.'
The launch event was attended by senior members of the College of Engineering and Physical Sciences, academics from the School of Computer Science - including the Security and Privacy group - as well as staff from HP and government representatives from the new National Cyber Security Centre. The research chair represents a key partnership in ensuring that academia and industry work together for a cyber secure future for all of society.
Michael Denzel and Mark Ryan
In July 2016, Security and Privacy PhD student Michael Denzel travelled to Toulouse to present his paper 'Smart-Guard: Defending User Input from Malware' - written in conjunction with Professor Mark Ryan (University of Birmingham) and Alessandro Bruni (University of Copenhagen) - at the 13th IEEE International Conference on Advanced and Trusted Computing. The paper received the Best Paper Award for the conference.
Professor Mark Ryan of the Security and Privacy Group received the 2016 Award for Excellence in Doctoral Research Supervision in the College of Engineering and Physical Sciences, University of Birmingham.
As a research-intensive university, Birmingham is committed to carrying out research that is world-leading in terms of its originality and distinctiveness, significance and rigour. The University recognises that the role of the academic supervisor is crucial for successful completion of high-class doctoral research and acknowledges this in the annual Awards for Excellence in Doctoral Research Supervision.
This annual award is presented to an academic nominated by current and past research students for outstanding supervision of high-quality doctoral research at the University. Professor Ryan was nominated by current PhD Student Jiangshan Yu, along with former students Ben Smyth and Alessio Lomuscio. Pro-Vice Chancellor Tim Softley presented the award at a ceremony on 24th June 2016.
Professor Ryan said: “To me, it’s a recognition of the huge commitment I have to helping PhD students, and the many hours I have worked late into the evening helping them refine their research ideas and assisting to articulate them on paper.”
Congratulations to Mark for this recognition of his continued dedication to our doctoral students!
The Security and Privacy group was pleased to host the inaugural Computer Science Distinguished Seminar, inviting Adrian Perrig from ETH Zurich to speak about future internet architectures that include security by design. Adrian also spent time discussing technical and social aspects his research with members of the group, as well as offering his insight on projects being undertaken at Birmingham.
The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.
Although we cannot conclusively determine what the impact of a 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal operations. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.
Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.
To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage.
Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering, and Engineering and Public Policy at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J.D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from EPFL. He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.
Our research deals with issues that are relevant for all parts of society and the work within our group often appears in the press relating to topical concerns over security and privacy. Filter by research area.
Check back soon for more press coverage, select another research area, or follow us on Twitter to stay up to date with cutting edge research in cyber security and privacy.
20 June 2016
Flavio Garcia comments on a paper calling for the US government to overhaul its disclosure policies. Drawing on issues of research ethics, privacy and the improvement of cyber security systems, Dr Garcia argues that transparency and accountability are needed to ensure vulnerabilities are not misused by criminals or governments.
8 March 2016
Ian Batten represents the University of Birmingham at this event focused on defending businesses against cyber crime by identifying common vulnerabilities and explaining what businesses can do to protect themselves.
19 January 2016
In an article on GCHQ's summer school scheme, including quotes from the Security and Privacy group's Mark Ryan, highlights the current cyber security skills gap and one scheme that aims to overcome this.
1 January 2016
As part of the government's £1.9 billion scheme to combat cyber attacks in the context of terrorist threats, this article focuses on a scheme by Leeds Beckett University and the University of Birmingham that will develop new tools for cyber security education.
23 December 2015
In the wake of the government-identified skills gap in cyber security in the UK, the article highlights the large influx of funding from the HEA as well as focusing on a specific example of work being undertaken by new Birmingham's Security and Privacy group in conjunction wiht Leeds Beckett that aims to promote cyber security to students.
30 November 2015
Tracking the progress of the proposed bill concerning law enforcement powers to invade the privacy of online communications, Professor Mark Ryan features on the expert panel giving evidence to inform politicl and public debate of this contentious issue.
18 August 2015
Following up on the previous banning of research publication concerning vulnerabilities in car electronic security systems, this article on the eventual release of the data details the resolution of the legal struggles and the security implications for car owners and manufacturers.
18 August 2015
Emphasising the real-world rise in hi-tech car theft, this article defends Security and Privacy Birmingham researchers' rights to publish and focuses on the car manufacturers' attempts to block the work that exposed a comparatively simple hack of a major car locking system.
18 August 2015
Responding to a previous article detailing the injunction against Birmingham researchers publishing their work, this article lists the makes and models of cars at risk, emphasising the genuine risks revealed by the real-world impact of the academic research.
14 August 2015
Emphasising the 'trivial' nature of the attack, this article explains the research conducted by Flavio Garcia of the Security and Privacy Group that exposed weaknesses in major car manufacturers' electronic locking systems, which had previously led to the research being banned from publication.
26 June 2015
Contributing to the debate of online piracy and privacy in the music industry, Tom Chothia of the Security and Privacy group outlines the complete lack of privacy underpinning the internet, as well as mentioning some ways users can go about choosing to add secure functions to their own computers.
22 May 2015
Hailing the breakthrough as a "100% hacker-proof technique", this article goes on to emphasise the complexity of the system, stating that it "isn't remotely easy to use". Drawing on this discussion of the practicalities of such a system, the article focuses on the specific challenges presented by implementing an online voting system in the US.
17 May 2015
Focusing on the potential application of online voting in the US, this article discusses political implications before suggesting the need to expand the research in terms of further funding and testing as well as introducing businesses to work on developing hardware.
14 May 2015
Written by University of Birmingham researchers working on the project, this discussion by academics in a popular media setting introduces the key issues surrounding the research and its application, emphasising the importance and risks of verifiable results for online voting.
5 May 2015
Hailing the breakthrough as a scientific achievement and meeting the demands of a digital UK, this article looks towards the longer term practicalities and the need to balance security with usability
4 May 2015
This article frames the discussion of online voting in the context of replacing conventional paper voting methods, discussing the use of online voting to remove the possibility of rigging in paper systems versus the possible rigging of online voting through malware inserted directly into computers by foreign manufacturers. It also highlights the use of online voting to achieve a private ballot for blind voters as well as encouraging turnout among younger voters.
4 May 2015
This article suggests that secure online voting is 20-30 years away, and cites Jeremy Epstein of SRI International who suggests the need to separate the technical issues from political factors.
30 April 2015
Bringing a Scottish perspective to the issue of online voting in UK elections, this article focuses on the hardware involved in the Du-Vote system, emphasising the use of a separate, credit card-sized device.
27 April 2015
This article situates the research in its feasability for UK elections, in the context of current modes of online registration as well as considering financial and political factors. Discussing the impact of online voting on turnout, it cites the Estonian system, for which in 2005 4.9% of voters definitely would not have voted without internet voting.
22 January 2014
University of Birmingham researchers explore issues of accountability, privacy and crime with bitcoin, in the context of the University of Cumbria offering students to pay their tuition fees in the unregulated digital currency.
16 December 2013
At the founding of the Commission on Digital, researchers from the Security and Privacy Group consider the impact of technologies in "Parliament 2.0" and future visions of participation in digital political systems.
31 July 2013
Focusing on the blocking of publication by a UK high-court, this article adds an international perspective to the potential impact of attacks-based security research on manufacturers and consumers, while acknowledging that Security and Privacy Birmingham researchers had already given the manufacturers reasonable disclosure of their findings.
30 July 2013
Following on from a previous article detailing legal action seeking to ban Birmingham researchers from releasing their work on car security, this piece outlines the agreement reached to delay publishing material on ignition key cryptography that could expose Porsches and other cars to hacking and hijacking.
27 July 2013
Cyberculture author and privacy commentator Cory Doctorow highlights the imposition of restrictions on research by UK courts at the behest of car manufacturers, emphsaising that the companies were seeking to hide their incompetence and cover up the risks to which they had exposed their customers.
27 July 2013
Focusing on the impact for high-end luxury car manufacturers, this article defends the intentions of Birmingham researchers while acknowledging the potential criminal misuse of the research that led to a controversial high court injunction against publishing.
11 October 2012
Focusing on a paper written by the Security and Privacy group in collaboration with Technische Universitat Berlin and Deutsche Telekom Laboratories, this article explains the background of 3G and highlights the methods and findings of the research with a view to improving future mobile standards.
4 September 2012
Emphasising the speed and scale of monitoring of BitTorrent downloads, this article briefly explains how peer-to-peer protocols work and describes the research undertaken by Security and Privacy Birmingham's Tom Chothia that uncovered the "massive monitoring" of popular downloads.
4 September 2012
This article highlights the surprising findings of Tom Chothia in a study on monitoring of file sharing, focusing on the speed and scale of monitoring as well as the kinds of organisations undertaking the monitoring, with implications for copyright enforcement and mass legal action.
4 September 2012
Discussing a study by Birmingham researchers that uncovered large-scale monitoring of BitTorrent file sharing, the article highlights the length of time monitoring has occured whilst noting that tracking is focused on the most popular torrents, before questioning the purpose and potential use of the monitoring.
26 May 2010
This article explores the potential of earlier collaborations between the University of Birmingham and the University of Surrey, with a combined physical and cryptographic approach to increasing the security, privacy and verifiability of vote counting through digitisation and automation.