In the Security and Privacy Seminar Series, we have the following upcoming talks:
Please contact if you would like to give a talk.
Northrop Grumman is a global aerospace and defense technology company. It was named as the fifth-largest defense contractor in the world in 2015. Northrop Grumman is interested in building a strategic relationship with Schools across the University. As part of this, and their commitment to promoting cyber security education in the UK, they have generously provided funding to support students on our MSc Cyber Security, resulting in a series of prizes for students that demonstrate excellent academic performance.
The prizes were presented by Dr Ian Batten (MSc Programme Director) at a reception event for the School of Computer Science Master's graduations on 7 December 2017.
The following prizes were awarded:
Most Innovative Project: Dominic Fraise (MSc Computer Science)
Dominic implemented ideas in a research paper to develop a particular kind of blockchain that makes decryptions accountable. This included learning new concepts and implementing algorithms which were only vaguely described in the literature. His supervisor, Prof. Mark Ryan, described it as “a huge achievement for a "conversion" student.”
Most Technically Brilliant Project: Kerry Murdock (MSc Cyber Security)
Kit’s project involved conducting a very detailed analysis of the Amazon Echo. Her work was of a publishable quality, and involved learning and applying a lot of new techniques. Her supervisor, Dr David Oswald, said “I for sure would call it “technically brilliant”.”
Best Project Demonstration: Yifan Wu (MSc Advanced Computer Science)
Yifan developed a blockchain eVoting project, handling advanced cryptographic concepts which he demonstrated very well. His supervisor, Dr David Galindo, said that his demonstration was very engaging and even included a video component to show how the system worked.
Highest Project Mark: Alexander Stevens (MSc Cyber Security)
Alex's project involved taking what his supervisor, Dr Ian Batten, described as an "incredibly vague idea" and extrapolting it into a fantastic piece of work. He extended and implemented these ideas across an impressive range of settings, rightly earning a very high mark.
Highest Overall MSc Mark: Alexander Stevens (MSc Cyber Security
Alex also performed consistently well across all his modules, including both coursework and exams. His final grade for his MSc reflects Alex's high level of effort, understanding and achievement.
Researchers from the University of Birmingham travelled to Queen's University Belfast for the launch of a new £5m multi-university Research Institute to improve hardware security and reduce vulnerability to cyber threats.
Funded by EPSRC and the National Cyber Security Centre (NCSC), the Research Institute in Secure Hardware and Embedded Systems (RISE) is the fourth cyber security institutes in the UK and will be a global hub for research and innovation in hardware security over the next five years.
RISE will tackle the global problem of cyber threats through four initial component projects, which will be led by UK research partners from Queen's University Belfast, the University of Cambridge, University of Bristol and University of Birmingham. These universities are all recognised by NCSC and EPSRC as Academic Centres of Excellence in Cyber Security Research.
An advisory board will also be created to allow member companies and stakeholders to engage with the research and to inform future funding calls around the Institute's research challenges.
The new Research Institute will increase our understanding of hardware security technology, leading to pioneering new approaches and fostering collaboration between leading researchers, the National Cyber Security Centre and industry partners to make the UK a more resilient nation.
I'm delighted to see the formation of our latest Research Institute, RISE, concentrating on the potential of new hardware security technologies. The inclusion of hardware-based security capabilities in commodity devices could be a game changer in our fight to reduce the harm of cyberattacks and so I'm really pleased to see a strong set of initial research projects.
Professor Maire O'Neill, a leading cryptography expert at Queen's University, has been selected as Director of RISE and will work towards increasing the nation's academic capability in all fields of hardware security.
The Internet of Things has led to increased demand for hardware security research and innovation with growing security needs in embedded and networking devices, as well as in cloud services. An increase in the use of smart devices means that there are now many new attack methods and surfaces for criminals and hackers to exploit. Recent attacks against personal computers, mobile devices, smart meters, home automation devices and network-connected cars have posed serious security and privacy issues.
Counterfeit devices are also an issue, which could lead to cloned hardware and further attack surfaces for hackers.
There is huge demand for hardware security research and innovation. RISE is in an excellent position to become the go-to place for high quality hardware security research. A key aim is to bring together the hardware security community in the UK and build a strong network of national and international research partnerships. We will also work closely with leading UK-based industry partners and stakeholders, transforming research findings into products, services and business opportunities, which will benefit the UK economy.
The Research Institute project at Birmingham will focus on user-controlled hardware security anchors. The main contribution of this research will involve leveraging current and future hardware components to establish a secure interface between the user and the systems they are using. This will improve security, privacy and trust in a range of devices, and our researchers will work closely with industry partners to directly contribute to improving tomorrow’s commercial off-the-shelf products.
Birmingham's main industrial partner in the project will be HP Inc., building on their established relationship with cyber security at Birmingham. Professor Mark Ryan, lead investigator at Birmingham on the RISE project, also holds the HP Research Chair in Cyber Security. Industry involvement in the project and the Research Institute will be essential in generating impact to ensure the next generation of hardware devices are secure.
"Putting security at the hardware level of systems is attractive because it is less vulnerable to being altered or circumvented. Our contribution to the institute will consist of evaluating hardware-based security mechanisms, and building on them to create secure authentication mechanisms."
With the increasingly hostile threat environment it is important to build cyber resilience from the hardware up. HP applies this approach to its own products, developing some of the most secure printers and PCs in the world. HP’s involvement in the project to make authentication more secure through hardware is part of our ongoing investment in the HP Research Chair at Birmingham University, and reflects our commitment to help drive cyber-security research forward.
Dr David Galindo and Professor Mark Ryan, with Dr George Theodorakopoulos (Cardiff University) and Areeq Chowdhury (WebRoots Democracy) published a joint submission to the Welsh Government's consultation on democratic reform. The publication relates directly to the question of remote online voting, an area in which the University of Birmingham holds significant expertise. The report makes the case for pilots of online voting in Welsh elections, setting out three recommendations:
Professor Mark Ryan and Dr David Galindo said:
Technologies to fully realise this notion of voter verifiability are still under development. They have been used for professional association elections and university elections, and now they are beginning to be used for large-scale political elections in Estonia and in New South Wales, Australia. We believe that Welsh Assembly elections would be an appropriate place to trial them in the UK.
Areeq Chowdhury said:
First time voters in the 2021 Welsh Assembly elections will be the first generation of voters born in the 2000s. They will not recall a world before smartphones and social media. As time goes on, a digital democracy will become an expectation instead of an aspiration. It is time we looked at how best we can bring this about and online voting will play an important part of that.
Dr George Theodorakopoulos said:
Wales’ digital transformation cannot be complete if online voting is unavailable as an option to the electorate. Empowering Welsh citizens cannot be limited to comparing energy prices online. Wales is right now in a unique position to be a Western European pioneer in digital democracy, and the government is the only body that can rightfully enable this change.
The National Cyber Security Centre (NCSC), part of GCHQ, is the UK’s authority on cyber security. It combines world-class academic research with industrial innovation to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience.
Its recognition of Birmingham as an ACE-CSR signifies the consistently high-quality research being conducted in the Security and Privacy group at the University.
The group has expanded greatly in recent years, reflecting the University's continued commitment to supporting world-leading research into cyber security issues affecting industry, government and society.
Professor Mark Ryan, Head of the Security and Privacy group at the University of Birmingham, said:
‘Everything we do in the future will involve digital technology, whether it's driving a car or turning on a light switch. This will create new opportunities and new risks. Therefore it's really important to research the fundamentals and implementations of cyber security.
‘Our renewed recognition as an ACE-CSR is a welcome acknowledgement of the importance of our contribution to cyber security research.’
Over the next five years, the Security and Privacy Group will continue to build on its current reputation with exciting new projects and collaborations in areas such as automotive security, the Internet of Things, Industrial Control Systems and post-quantum cryptography.
The announcement was made today by the Minister for the Cabinet Office, the Rt Hon. Ben Gummer MP, who said:
'Britain has to stay one step ahead of the often invisible cyber wars taking place on our networks, in our homes, and across our infrastructure. We can only do that with truly ground-breaking research. It is critical that the entire UK maintains its strength in this area, from London to Lancaster and from Belfast to Edinburgh.'
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, added:
'It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.
'At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.
'These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.'
At a launch event held in the School of Computer Science on 3 November 2016, Professor Mark Ryan was inaugurated as the HP Research Chair in Cyber Security. The position marks a five-year strategic partnership between HP and the University of Birmingham, to conduct world leading research that will tackle the future architectures and protocols for the increasing range of connected devices that forms the Internet of Things (IoT).
Professor Ryan said of the research: 'The internet of things is going to bring a new wave of innovation, affecting how the physical world and the digital world interact. Figuring out how to support privacy and security for users in this setting is a huge task. This research chair is a great opportunity to work with a company that can complement the skills of academics and help bring theoretical ideas into practical realities.'
'Increasing pervasiveness of technology means cyber security will become even more important and challenging. It is a top priority to invest now in research and partnerships to address this issue,' said Simon Shiu, Director of HP’s Security Lab. 'Academia, business and government each have different contexts, experiences and skillsets. It is critical for us to work together to successfully address our shared future cyber security challenges. This new Chair is a critical step forward.'
The launch event was attended by senior members of the College of Engineering and Physical Sciences, academics from the School of Computer Science - including the Security and Privacy group - as well as staff from HP and government representatives from the new National Cyber Security Centre. The research chair represents a key partnership in ensuring that academia and industry work together for a cyber secure future for all of society.
Michael Denzel and Mark Ryan
In July 2016, Security and Privacy PhD student Michael Denzel travelled to Toulouse to present his paper 'Smart-Guard: Defending User Input from Malware' - written in conjunction with Professor Mark Ryan (University of Birmingham) and Alessandro Bruni (University of Copenhagen) - at the 13th IEEE International Conference on Advanced and Trusted Computing. The paper received the Best Paper Award for the conference.
Professor Mark Ryan of the Security and Privacy Group received the 2016 Award for Excellence in Doctoral Research Supervision in the College of Engineering and Physical Sciences, University of Birmingham.
As a research-intensive university, Birmingham is committed to carrying out research that is world-leading in terms of its originality and distinctiveness, significance and rigour. The University recognises that the role of the academic supervisor is crucial for successful completion of high-class doctoral research and acknowledges this in the annual Awards for Excellence in Doctoral Research Supervision.
This annual award is presented to an academic nominated by current and past research students for outstanding supervision of high-quality doctoral research at the University. Professor Ryan was nominated by current PhD Student Jiangshan Yu, along with former students Ben Smyth and Alessio Lomuscio. Pro-Vice Chancellor Tim Softley presented the award at a ceremony on 24th June 2016.
Professor Ryan said: “To me, it’s a recognition of the huge commitment I have to helping PhD students, and the many hours I have worked late into the evening helping them refine their research ideas and assisting to articulate them on paper.”
Congratulations to Mark for this recognition of his continued dedication to our doctoral students!
The Security and Privacy group was pleased to host the inaugural Computer Science Distinguished Seminar, inviting Adrian Perrig from ETH Zurich to speak about future internet architectures that include security by design. Adrian also spent time discussing technical and social aspects his research with members of the group, as well as offering his insight on projects being undertaken at Birmingham.
The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.
Although we cannot conclusively determine what the impact of a 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal operations. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.
Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.
To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage.
Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering, and Engineering and Public Policy at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J.D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from EPFL. He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.
Our research deals with issues that are relevant for all parts of society and the work within our group often appears in the press relating to topical concerns over security and privacy. Filter by research area.
Check back soon for more press coverage, select another research area, or follow us on Twitter to stay up to date with cutting edge research in cyber security and privacy.
10 January 2018
Flavio Garcia talks about issues in automotive security. [segment begins at ~52mins]
4 January 2018
Ian Batten responds to the Meltdown vulnerability that affects Intel chips used on most modern computers, explaining who will be at risk in practice.
3 January 2018
This article, including a quote by Ian Batten, discusses the scale of the Meltdown vulnerability that affects major chip vendors such as Intel. First in a seris on the security flaw, the piece focuses on Intel's response to the revelation of the attack including software patches to fix the issue.
28 September 2017
Covering research conducted with colleagues in Luxembourg and Oxford, this article highlights Mark Ryan's work developing the DECIM protocol to protect end-to-end encryption in messaging services from man-in-the-middle attacks.
27 September 2017
Describing Mark Ryan's work developing solutions to current weaknesses in end-to-end encryption protocols for messaging apps by detecting endpoint compromise, this article emphasises the formal security analysis that verifies the DECIM protocol.
1 May 2017
Emphasising the transatlantic impact of our work, this news item covers vulnerabilities in banking apps found by our researchers, involving certificates, TLS and man-in-the-middle attacks.
20 June 2016
Flavio Garcia comments on a paper calling for the US government to overhaul its disclosure policies. Drawing on issues of research ethics, privacy and the improvement of cyber security systems, Dr Garcia argues that transparency and accountability are needed to ensure vulnerabilities are not misused by criminals or governments.
8 March 2016
Ian Batten represents the University of Birmingham at this event focused on defending businesses against cyber crime by identifying common vulnerabilities and explaining what businesses can do to protect themselves.
19 January 2016
In an article on GCHQ's summer school scheme, including quotes from the Security and Privacy group's Mark Ryan, highlights the current cyber security skills gap and one scheme that aims to overcome this.
1 January 2016
As part of the government's £1.9 billion scheme to combat cyber attacks in the context of terrorist threats, this article focuses on a scheme by Leeds Beckett University and the University of Birmingham that will develop new tools for cyber security education.
23 December 2015
In the wake of the government-identified skills gap in cyber security in the UK, the article highlights the large influx of funding from the HEA as well as focusing on a specific example of work being undertaken by new Birmingham's Security and Privacy group in conjunction wiht Leeds Beckett that aims to promote cyber security to students.
30 November 2015
Tracking the progress of the proposed bill concerning law enforcement powers to invade the privacy of online communications, Professor Mark Ryan features on the expert panel giving evidence to inform politicl and public debate of this contentious issue.
18 August 2015
Following up on the previous banning of research publication concerning vulnerabilities in car electronic security systems, this article on the eventual release of the data details the resolution of the legal struggles and the security implications for car owners and manufacturers.
18 August 2015
Emphasising the real-world rise in hi-tech car theft, this article defends Security and Privacy Birmingham researchers' rights to publish and focuses on the car manufacturers' attempts to block the work that exposed a comparatively simple hack of a major car locking system.
18 August 2015
Responding to a previous article detailing the injunction against Birmingham researchers publishing their work, this article lists the makes and models of cars at risk, emphasising the genuine risks revealed by the real-world impact of the academic research.
14 August 2015
Emphasising the 'trivial' nature of the attack, this article explains the research conducted by Flavio Garcia of the Security and Privacy Group that exposed weaknesses in major car manufacturers' electronic locking systems, which had previously led to the research being banned from publication.
26 June 2015
Contributing to the debate of online piracy and privacy in the music industry, Tom Chothia of the Security and Privacy group outlines the complete lack of privacy underpinning the internet, as well as mentioning some ways users can go about choosing to add secure functions to their own computers.
22 May 2015
Hailing the breakthrough as a "100% hacker-proof technique", this article goes on to emphasise the complexity of the system, stating that it "isn't remotely easy to use". Drawing on this discussion of the practicalities of such a system, the article focuses on the specific challenges presented by implementing an online voting system in the US.
17 May 2015
Focusing on the potential application of online voting in the US, this article discusses political implications before suggesting the need to expand the research in terms of further funding and testing as well as introducing businesses to work on developing hardware.
14 May 2015
Written by University of Birmingham researchers working on the project, this discussion by academics in a popular media setting introduces the key issues surrounding the research and its application, emphasising the importance and risks of verifiable results for online voting.
5 May 2015
Hailing the breakthrough as a scientific achievement and meeting the demands of a digital UK, this article looks towards the longer term practicalities and the need to balance security with usability
4 May 2015
This article frames the discussion of online voting in the context of replacing conventional paper voting methods, discussing the use of online voting to remove the possibility of rigging in paper systems versus the possible rigging of online voting through malware inserted directly into computers by foreign manufacturers. It also highlights the use of online voting to achieve a private ballot for blind voters as well as encouraging turnout among younger voters.
4 May 2015
This article suggests that secure online voting is 20-30 years away, and cites Jeremy Epstein of SRI International who suggests the need to separate the technical issues from political factors.
30 April 2015
Bringing a Scottish perspective to the issue of online voting in UK elections, this article focuses on the hardware involved in the Du-Vote system, emphasising the use of a separate, credit card-sized device.
27 April 2015
This article situates the research in its feasability for UK elections, in the context of current modes of online registration as well as considering financial and political factors. Discussing the impact of online voting on turnout, it cites the Estonian system, for which in 2005 4.9% of voters definitely would not have voted without internet voting.
22 January 2014
University of Birmingham researchers explore issues of accountability, privacy and crime with bitcoin, in the context of the University of Cumbria offering students to pay their tuition fees in the unregulated digital currency.
16 December 2013
At the founding of the Commission on Digital, researchers from the Security and Privacy Group consider the impact of technologies in "Parliament 2.0" and future visions of participation in digital political systems.
31 July 2013
Focusing on the blocking of publication by a UK high-court, this article adds an international perspective to the potential impact of attacks-based security research on manufacturers and consumers, while acknowledging that Security and Privacy Birmingham researchers had already given the manufacturers reasonable disclosure of their findings.
30 July 2013
Following on from a previous article detailing legal action seeking to ban Birmingham researchers from releasing their work on car security, this piece outlines the agreement reached to delay publishing material on ignition key cryptography that could expose Porsches and other cars to hacking and hijacking.
27 July 2013
Cyberculture author and privacy commentator Cory Doctorow highlights the imposition of restrictions on research by UK courts at the behest of car manufacturers, emphsaising that the companies were seeking to hide their incompetence and cover up the risks to which they had exposed their customers.
27 July 2013
Focusing on the impact for high-end luxury car manufacturers, this article defends the intentions of Birmingham researchers while acknowledging the potential criminal misuse of the research that led to a controversial high court injunction against publishing.
11 October 2012
Focusing on a paper written by the Security and Privacy group in collaboration with Technische Universitat Berlin and Deutsche Telekom Laboratories, this article explains the background of 3G and highlights the methods and findings of the research with a view to improving future mobile standards.
4 September 2012
Emphasising the speed and scale of monitoring of BitTorrent downloads, this article briefly explains how peer-to-peer protocols work and describes the research undertaken by Security and Privacy Birmingham's Tom Chothia that uncovered the "massive monitoring" of popular downloads.
4 September 2012
This article highlights the surprising findings of Tom Chothia in a study on monitoring of file sharing, focusing on the speed and scale of monitoring as well as the kinds of organisations undertaking the monitoring, with implications for copyright enforcement and mass legal action.
4 September 2012
Discussing a study by Birmingham researchers that uncovered large-scale monitoring of BitTorrent file sharing, the article highlights the length of time monitoring has occured whilst noting that tracking is focused on the most popular torrents, before questioning the purpose and potential use of the monitoring.
26 May 2010
This article explores the potential of earlier collaborations between the University of Birmingham and the University of Surrey, with a combined physical and cryptographic approach to increasing the security, privacy and verifiability of vote counting through digitisation and automation.