News

Check back here regularly for details of events held by our group and coverage of our work in the press.

Seminar Series

In the Security and Privacy Seminar Series, we have the following upcoming talks:

Please contact if you would like to give a talk.

For more information, visit the Computer Security Seminar web page including previous talks.

shadow

Events

Past Events

Academic Centre of Excellence in Cyber Security Research

The University of Birmingham has been recognised as an NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research (ACE-CSR) for another five years.

The National Cyber Security Centre (NCSC), part of GCHQ, is the UK’s authority on cyber security. It combines world-class academic research with industrial innovation to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience.

Its recognition of Birmingham as an ACE-CSR signifies the consistently high-quality research being conducted in the Security and Privacy group at the University.

The group has expanded greatly in recent years, reflecting the University's continued commitment to supporting world-leading research into cyber security issues affecting industry, government and society.

ACE-CSR

Professor Mark Ryan, Head of the Security and Privacy group at the University of Birmingham, said:

‘Everything we do in the future will involve digital technology, whether it's driving a car or turning on a light switch. This will create new opportunities and new risks. Therefore it's really important to research the fundamentals and implementations of cyber security.

‘Our renewed recognition as an ACE-CSR is a welcome acknowledgement of the importance of our contribution to cyber security research.’

Over the next five years, the Security and Privacy Group will continue to build on its current reputation with exciting new projects and collaborations in areas such as automotive security, the Internet of Things, Industrial Control Systems and post-quantum cryptography.

The announcement was made today by the Minister for the Cabinet Office, the Rt Hon. Ben Gummer MP, who said:

'Britain has to stay one step ahead of the often invisible cyber wars taking place on our networks, in our homes, and across our infrastructure. We can only do that with truly ground-breaking research. It is critical that the entire UK maintains its strength in this area, from London to Lancaster and from Belfast to Edinburgh.'

Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, added:

'It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.

'At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.

'These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.'

HP Research Chair in Cyber Security - Launch Event

Mark Ryan

At a launch event held in the School of Computer Science on 3 November 2016, Professor Mark Ryan was inaugurated as the HP Research Chair in Cyber Security. The position marks a five-year strategic partnership between HP and the University of Birmingham, to conduct world leading research that will tackle the future architectures and protocols for the increasing range of connected devices that forms the Internet of Things (IoT).

Mark Ryan HP Research Chair in Cyber Security

Professor Ryan said of the research: 'The internet of things is going to bring a new wave of innovation, affecting how the physical world and the digital world interact. Figuring out how to support privacy and security for users in this setting is a huge task. This research chair is a great opportunity to work with a company that can complement the skills of academics and help bring theoretical ideas into practical realities.'

'Increasing pervasiveness of technology means cyber security will become even more important and challenging. It is a top priority to invest now in research and partnerships to address this issue,' said Simon Shiu, Director of HP’s Security Lab. 'Academia, business and government each have different contexts, experiences and skillsets. It is critical for us to work together to successfully address our shared future cyber security challenges. This new Chair is a critical step forward.'

Research Chair launch

The launch event was attended by senior members of the College of Engineering and Physical Sciences, academics from the School of Computer Science - including the Security and Privacy group - as well as staff from HP and government representatives from the new National Cyber Security Centre. The research chair represents a key partnership in ensuring that academia and industry work together for a cyber secure future for all of society.

Public Debate: Is Social Media Making Us Anti-social?

Mark Ryan

UoB Debating Society

Take a look at your phone.

Who’s message are you waiting for? Has that one person checked your Snapchat story? Why is there a blue tick by that Whatsapp message but no reply? How many likes did your last Instagram get?

What could all this mean?
From the birth of Facebook, a networking site initially designed for college students and now has users of all ages all over the world, to the immediate and almost compulsive necessity to Snapchat what you’re doing and who you’re with, social media has constantly evolved and adapted to our needs, changing what it means to be interactive and “digitally active”.

Social media can be an impressive tool in expanding our world, and the opportunities that lie in it. Whether you’re looking for a job using a LinkedIn account, or relying on handy DIY ways to make your room look amazing with Pinterest, social media has slowly weaved its way to become an integral and fundamental part of our lives. It can take us across the world to explore new cultures and societies, give us first hand perspectives of those living in conflict, and keep us informed with understanding how decisions where we are can impact an entire way of life on the other side of the world. Social media can connect families dispersed around the world, with face-to-face video chat and instant photo messaging, finally uniting humans across borders, and even those outside the planet. (Major Tim Peake and the ISS)

But what if all these connections and social networks are simply a case of smoke and mirrors? How many of your Facebook friends do you actually know and talk to? How many of your Instagram followers are real people? It could be argued that social media creates an artificial interpretation of what real life is, and uses it to absorb us into our phones, stifled by advertisements in a world of marketing, and the pressures of inadequacy caused by false reality. Studies have found it to limit emotion, empathy, and understanding of how humans naturally communicate with one another, and leaves us vulnerable to greater cybercrime, and a lack in privacy.

With the continuous expansion of social media, the balance between real life experiences and those oriented by a screen is teetering dangerously. What if social media has corrupted a natural human way of life and is slowly morphing us into automation, fuelling our greed for more content, more information, more attention and more media at our very own fingertips?

Whether the future of digital reality remains significantly valuable to us, or users become increasingly disillusioned with it remains a question to be answered.

The approaching public debate will discuss these issues and more.

The first public debate of the University of Birmingham Debating Society's 2016/2017 season will be on the theme of social media, and will feature experts from the College of Engineering and Physical Science, including the Security and Privacy group.

Professor Mark Ryan will be speaking in opposition to the motion 'social media has made us anti-social', bringing in considerations of privacy to warn of potential exploitation by corporate and state interests while supporting the revolutionary new modes of community and social interaction enabled by social media.

For more information, see the event page and the UoB Debating Society.

Best Paper Award

ATC 2016

Michael Denzel and Mark Ryan

In July 2016, Security and Privacy PhD student Michael Denzel travelled to Toulouse to present his paper 'Smart-Guard: Defending User Input from Malware' - written in conjunction with Professor Mark Ryan (University of Birmingham) and Alessandro Bruni (University of Copenhagen) - at the 13th IEEE International Conference on Advanced and Trusted Computing. The paper received the Best Paper Award for the conference.

ATC 16 Best Paper Award

Outstanding Supervision

EPS Award for Excellence in Doctoral Research Supervision

Professor Mark Ryan of the Security and Privacy Group received the 2016 Award for Excellence in Doctoral Research Supervision in the College of Engineering and Physical Sciences, University of Birmingham.

As a research-intensive university, Birmingham is committed to carrying out research that is world-leading in terms of its originality and distinctiveness, significance and rigour. The University recognises that the role of the academic supervisor is crucial for successful completion of high-class doctoral research and acknowledges this in the annual Awards for Excellence in Doctoral Research Supervision.

This annual award is presented to an academic nominated by current and past research students for outstanding supervision of high-quality doctoral research at the University. Professor Ryan was nominated by current PhD Student Jiangshan Yu, along with former students Ben Smyth and Alessio Lomuscio. Pro-Vice Chancellor Tim Softley presented the award at a ceremony on 24th June 2016.

Professor Ryan said: “To me, it’s a recognition of the huge commitment I have to helping PhD students, and the many hours I have worked late into the evening helping them refine their research ideas and assisting to articulate them on paper.”

Congratulations to Mark for this recognition of his continued dedication to our doctoral students!

Mark Ryan EPS Doctoral Supervision Award

Computer Science Distinguished Seminar Series

Adrian Perrig, ETH Zurich

Towards Deployment of a Next-Generation Secure Internet Architecture

The Security and Privacy group was pleased to host the inaugural Computer Science Distinguished Seminar, inviting Adrian Perrig from ETH Zurich to speak about future internet architectures that include security by design. Adrian also spent time discussing technical and social aspects his research with members of the group, as well as offering his insight on projects being undertaken at Birmingham.

Abstract

The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.

Although we cannot conclusively determine what the impact of a 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal operations. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.

Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.

To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage.

Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering, and Engineering and Public Policy at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J.D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from EPFL. He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.

Adrian Perrig

Press

Our research deals with issues that are relevant for all parts of society and the work within our group often appears in the press relating to topical concerns over security and privacy. Filter by research area.

Applied Cryptography

Formal Protocol Verification

Wireless Technology

Embedded Devices and IoT Security

Automotive Security

E-Voting

Cloud Security

Security and Privacy for Society

Cyber Security Education

Check back soon for more press coverage, select another research area, or follow us on Twitter to stay up to date with cutting edge research in cyber security and privacy.

ICT&health

Hackable implanted medical devices can kill patients

5 December 2016

This article discusses the attack found by our researchers involving the interception and reverse-engineering of signals to medical implant devices from up to five meters away using standard equipment.

BBC

'Fatal' flaws found in medical implant software

1 December 2016

Reports on flaws in 10 different types of medical devices with potentially fatal consequences, discovered by Flavio Garcia and Tom Chothia with collaborators at University of Leuven, Belgium.

The Register

Fatal flaws in ten pacemakers make for Denial of Life attacks

1 December 2016

This article reports on research undertaken by Flavio Garcia and Tom Chothia with colleagues at KU Leuven that exposes wireless attack on implantable medical devices and pacemakers.

SC Magazine

Birmingham cyber-sec chair demonstrates business-academic collaboration

10 November 2016

This article covers the launch of Professor Mark Ryan's Research Chair in Cyber Security, sponsored by leading device manufacturer HP, which will develop new research in the cyber-physical systems of the IoT.

Computer Weekly

HP sponsors cyber security research chair at Birmingham University

9 November 2016

This article situates the five-year HP-funded Research Chair in Cyber Security for Professor Mark Ryan in the context of the UK government's cyber security agenda. The research will address key challenges in cyber security.

LA Times

Millions of cars' keyless entry systems can be hacked, security experts find

12 August 2016

As they flew to Texas to present their research at the USENIX Security 2016 conference, Flavio Garcia and David Oswald's research into vulnerabilities in car keyless entry systems travelled ahead of them to be featured in the LA Times.

BBC

'Millions' of Volkswagen cars can be unlocked via hack

12 August 2016

This article describes the work of Flavio Garcia and David Oswald in exposing the risks to millions of car owners posed by vulnerabilities in keyless entry. The article was in the top 5 most read on the BBC news site.

Wired

A New Wireless Hack Can Unlock 100 Million Volkswagens

10 August 2016

Two researchers from the Security and Privacy Group - Flavio Garcia and David Oswald - release the news of vulnerabilites in car keyless entry systems that enable wireless attacks. This can be achieved with cheap hardware in only 60 seconds and could potentially affect millions of car owners.

SC Magazine

US gov vulnerability disclosure requires oversight, says new report

20 June 2016

Flavio Garcia comments on a paper calling for the US government to overhaul its disclosure policies. Drawing on issues of research ethics, privacy and the improvement of cyber security systems, Dr Garcia argues that transparency and accountability are needed to ensure vulnerabilities are not misused by criminals or governments.

Insider

Midlands Cyber Crime Breakfast 2016

8 March 2016

Ian Batten represents the University of Birmingham at this event focused on defending businesses against cyber crime by identifying common vulnerabilities and explaining what businesses can do to protect themselves.

BBC

GCHQ summer school will pay students £250 per week

19 January 2016

In an article on GCHQ's summer school scheme, including quotes from the Security and Privacy group's Mark Ryan, highlights the current cyber security skills gap and one scheme that aims to overcome this.

StudentTIMES

Leeds Beckett University and Birmingham University On The Frontline Against Cyber Attacks

1 January 2016

As part of the government's £1.9 billion scheme to combat cyber attacks in the context of terrorist threats, this article focuses on a scheme by Leeds Beckett University and the University of Birmingham that will develop new tools for cyber security education.

Computer Weekly

The Higher Education Academy gives universities £500,000 to develop cyber security specialists

23 December 2015

In the wake of the government-identified skills gap in cyber security in the UK, the article highlights the large influx of funding from the HEA as well as focusing on a specific example of work being undertaken by new Birmingham's Security and Privacy group in conjunction wiht Leeds Beckett that aims to promote cyber security to students.

Parliament UK

Draft Investigatory Powers Bill Joint Committee - timeline

30 November 2015

Tracking the progress of the proposed bill concerning law enforcement powers to invade the privacy of online communications, Professor Mark Ryan features on the expert panel giving evidence to inform politicl and public debate of this contentious issue.

The Guardian

Security flaw affecting more than 100 car models exposed by scientists

18 August 2015

Following up on the previous banning of research publication concerning vulnerabilities in car electronic security systems, this article on the eventual release of the data details the resolution of the legal struggles and the security implications for car owners and manufacturers.

The Independent

Car-hacking scandal: How a security loophole left thousands of vehicles vulnerable to thieves

18 August 2015

Emphasising the real-world rise in hi-tech car theft, this article defends Security and Privacy Birmingham researchers' rights to publish and focuses on the car manufacturers' attempts to block the work that exposed a comparatively simple hack of a major car locking system.

The Telegraph

Thousands of cars vulnerable to keyless theft, according to researchers

18 August 2015

Responding to a previous article detailing the injunction against Birmingham researchers publishing their work, this article lists the makes and models of cars at risk, emphasising the genuine risks revealed by the real-world impact of the academic research.

BBC

Car immobiliser easy to crack, say researchers

14 August 2015

Emphasising the 'trivial' nature of the attack, this article explains the research conducted by Flavio Garcia of the Security and Privacy Group that exposed weaknesses in major car manufacturers' electronic locking systems, which had previously led to the research being banned from publication.

Debating Europe

What would save the music industry from digital piracy?

26 June 2015

Contributing to the debate of online piracy and privacy in the music industry, Tom Chothia of the Security and Privacy group outlines the complete lack of privacy underpinning the internet, as well as mentioning some ways users can go about choosing to add secure functions to their own computers.

ReadWrite

Maybe Online Voting Isn’t A Pipe Dream After All

22 May 2015

Hailing the breakthrough as a "100% hacker-proof technique", this article goes on to emphasise the complexity of the system, stating that it "isn't remotely easy to use". Drawing on this discussion of the practicalities of such a system, the article focuses on the specific challenges presented by implementing an online voting system in the US.

The Daily Dot

The key to making online voting safe

17 May 2015

Focusing on the potential application of online voting in the US, this article discusses political implications before suggesting the need to expand the research in terms of further funding and testing as well as introducing businesses to work on developing hardware.

The Conversation

Online voting is convenient, but if the results aren’t verifiable it’s not worth the risk

14 May 2015

Written by University of Birmingham researchers working on the project, this discussion by academics in a popular media setting introduces the key issues surrounding the research and its application, emphasising the importance and risks of verifiable results for online voting.

WeLiveSecurity

Online democracy by 2020? University reveals e-voting security breakthrough

5 May 2015

Hailing the breakthrough as a scientific achievement and meeting the demands of a digital UK, this article looks towards the longer term practicalities and the need to balance security with usability

The Telegraph

Voting by computer could be standard within a decade

4 May 2015

This article frames the discussion of online voting in the context of replacing conventional paper voting methods, discussing the use of online voting to remove the possibility of rigging in paper systems versus the possible rigging of online voting through malware inserted directly into computers by foreign manufacturers. It also highlights the use of online voting to achieve a private ballot for blind voters as well as encouraging turnout among younger voters.

SC Magazine

Credit card style e-voting system could beat electoral fraud

4 May 2015

This article suggests that secure online voting is 20-30 years away, and cites Jeremy Epstein of SRI International who suggests the need to separate the technical issues from political factors.

Herald Scotland

E-voting devices could be ready for use in general elections by 2020

30 April 2015

Bringing a Scottish perspective to the issue of online voting in UK elections, this article focuses on the hardware involved in the Du-Vote system, emphasising the use of a separate, credit card-sized device.

BBC

Election 2015: How feasible would it be to introduce online voting?

27 April 2015

This article situates the research in its feasability for UK elections, in the context of current modes of online registration as well as considering financial and political factors. Discussing the impact of online voting on turnout, it cites the Estonian system, for which in 2005 4.9% of voters definitely would not have voted without internet voting.

The Conversation

How to protect yourself when GCHQ goes for your webcam

3 March 2014

As more and more devices are being connected the the Internet of Things, our homes are becoming increasingly under threat from hackers and government agencies. With the news of GCHQ intercepting and storing webcam images, Dr Tom Chothia of the Security and Privacy Group explains the security implications of connected devices and offers advice on how to protect your privacy.

The Conversation

University’s bitcoin gimmick masks accountability problem with online currency

22 January 2014

University of Birmingham researchers explore issues of accountability, privacy and crime with bitcoin, in the context of the University of Cumbria offering students to pay their tuition fees in the unregulated digital currency.

The Conversation

Digital democracy lets you write your own laws

16 December 2013

At the founding of the Commission on Digital, researchers from the Security and Privacy Group consider the impact of technologies in "Parliament 2.0" and future visions of participation in digital political systems.

The Conversation

Explainer: how do you destroy a hard drive?

23 August 2013

With the news of a dispute between The Guardian newspaper and GCHQ over a laptop used to store files provided by NSA whistleblower Edward Snowden, Dr Tom Chothia of the University of Birmingham explains the problems of storing and deleting information that resulted in the newspaper destroying its hard drive.

International Business Times

Car Hacking Study Blocked By England’s High Court, Would Reveal Ways To Unlock Porsches, Lamborghinis And Bentleys

31 July 2013

Focusing on the blocking of publication by a UK high-court, this article adds an international perspective to the potential impact of attacks-based security research on manufacturers and consumers, while acknowledging that Security and Privacy Birmingham researchers had already given the manufacturers reasonable disclosure of their findings.

The Guardian

Car hacking scientists agree to delay paper that could unlock Porsches

30 July 2013

Following on from a previous article detailing legal action seeking to ban Birmingham researchers from releasing their work on car security, this piece outlines the agreement reached to delay publishing material on ignition key cryptography that could expose Porsches and other cars to hacking and hijacking.

Boingboing

At VW's request, English court censors Usenix Security presentation on keyless entry systems for luxury cars

27 July 2013

Cyberculture author and privacy commentator Cory Doctorow highlights the imposition of restrictions on research by UK courts at the behest of car manufacturers, emphsaising that the companies were seeking to hide their incompetence and cover up the risks to which they had exposed their customers.

The Telegraph

Academic banned from publishing Porsche security codes

27 July 2013

Focusing on the impact for high-end luxury car manufacturers, this article defends the intentions of Birmingham researchers while acknowledging the potential criminal misuse of the research that led to a controversial high court injunction against publishing.

Phys.org

3G protocols come up short in privacy, say researchers

11 October 2012

Focusing on a paper written by the Security and Privacy group in collaboration with Technische Universitat Berlin and Deutsche Telekom Laboratories, this article explains the background of 3G and highlights the methods and findings of the research with a view to improving future mobile standards.

New Scientist

Honeytrap reveals mass monitoring of downloaders

4 September 2012

Emphasising the speed and scale of monitoring of BitTorrent downloads, this article briefly explains how peer-to-peer protocols work and describes the research undertaken by Security and Privacy Birmingham's Tom Chothia that uncovered the "massive monitoring" of popular downloads.

BBC

BitTorrent study finds most file-sharers are monitored

4 September 2012

This article highlights the surprising findings of Tom Chothia in a study on monitoring of file sharing, focusing on the speed and scale of monitoring as well as the kinds of organisations undertaking the monitoring, with implications for copyright enforcement and mass legal action.

Techspot

Researchers: Your IP is logged within 3 hours of downloading a torrent

4 September 2012

Discussing a study by Birmingham researchers that uncovered large-scale monitoring of BitTorrent file sharing, the article highlights the length of time monitoring has occured whilst noting that tracking is focused on the most popular torrents, before questioning the purpose and potential use of the monitoring.

The Engineer

Automatic Vote Counting

26 May 2010

This article explores the potential of earlier collaborations between the University of Birmingham and the University of Surrey, with a combined physical and cryptographic approach to increasing the security, privacy and verifiability of vote counting through digitisation and automation.

The Register

Defects in e-passports allow real-time tracking

26 January 2010

Linking research conducted at Birmingham that exposed traceability attacks in e-passports with previous developments exposing the risks of embedding RFID in passports, this article goes on to question the security of e-passports in general.