Academic Centre of Excellence in Cyber Security Research - University of Surrey

Lead Research Organisation: University of Surrey
Department Name: Computing Science

Abstract

The University of Surrey has established the Surrey Centre for Cyber Security to consolidate, organise and promote our Cyber Security activities across the University. The Centre builds on the existing capability and resources across the University of Surrey, which has been investing in Cyber Security research as a high-priority research area since 2004. The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security - building on the University's strength and the background of members of the Centre. Recognition of the Centre as an Academic Centre of Excellence in Cyber Security Research will help in consolidating research activities that are currently carried out across three faculties, and in creating new synergies for long-term collaborative research projects on the emerging interdisciplinary challenges of Cyber Security. It will also foster the international visibility and positioning of the Centre and expand its linkage with businesses, industry research institutions, and governmental bodies.

The initial composition of the Centre consists of 8 Core Members from Computing and Electronic Engineering (Institute for Communication Systems), with established track records in selected key areas of Cyber Security. Within the University there are also a further 19 Associate Members, who hold strong research expertise in areas that are strategically important in addressing interdisciplinary cyber security challenges and where existing mutual interests and potentials are likely to lead to the establishment of joint research initiatives within the proposed Centre.

In the short-term the Surrey Centre for Security will:

- consolidate and promote its research activities,
- establish an efficient organisation and management structure (including an Advisory Board),
- identify new directions and bid for interdisciplinary and technology-focused cyber-security research projects,
- establish a regular seminar series,
- expand on its postgraduate teaching and PhD programmes,
- refine its strategy upon the consultations with its liaison officer from GCHQ (and other governmental stakeholders).

In the medium-term the Centre will
- actively bid for new research projects and increase its research output in high-quality publication venues,
- engage in collaborative projects with other ACE-CSRs and our partners.

Planned Impact

This proposal is essentially concerned with impact: the funding requested is to support activities which are intended to achieve the maximum impact for our existing and future research work. Our planned activities are specifically aimed at strong engagement with industry, government, and the general public.

Our engagement with industry will be enhanced by our Advisory Board. We have a strong network of industrial partners to draw on, and the Advisory Board will provide broad coverage across practitioners and beneficiaries. The Board will inform our planned engagement activities, and will be used to provide informed advice on the opportunities that will be most effective in achieving impact, and on our plans for specific events.

The Surrey Centre for Cyber Security has created an Applied Security Lab, to support both teaching and research, with the infrastructure being provided by the University. The Centre coordinates the use of this lab to conduct applied security research, and showcase our Cyber Security work, in the form of demonstrators, projects and prototypes. This will provide a new "one-stop-shop" environment in which to host industrial visits. It will enable focused and detailed discussions, and will support our activities in developing new collaborative links with industry and engaging in meaningful dialogue with beneficiaries of our work.
 
Description This award has supported the growth of the Surrey Centre for Cyber Security and its engagement and advocacy activity. Members of the Centre work with a variety of industrial sectors including transportation, election systems, transactions, autonomous systems, robotics, communications and future internet, and our research has been applied in these sectors in conjunction with industrial partners. Members of the Centre engage with industry to influence major cyber security related standardization activities through involvement in working groups in ISO, Trusted Computing Group, ETSI, IETF, FIDO Alliance, and LoRa Alliance
Exploitation Route The Centre of Excellence provides a focus and driver for the University's research activity in Cyber Security, and enables engagement for applying our research outputs.
Sectors Digital/Communication/Information Technologies (including Software)

Financial Services

and Management Consultancy

Government

Democracy and Justice

Security and Diplomacy

Transport

 
Description Researchers within the Academic Centre of Excellence interact with a number of industrial sectors including automotive, rail, digital transactions, elections, autonomous systems, robotics, future communications and internet. The Centre has established regular cyber-industry facing briefings on topics of current interest, such as GDPR, Distributed Ledger Technologies, and AI and Security, and is providing the focus for growing a network of industrial collaborations and partnerships through joint projects, studentships, CyberInvest activities, and presentation at industry events. Members of the Centre engage with industry to influence major cyber security related standardization activities through involvement in working groups in ISO, Trusted Computing Group, ETSI, IETF, FIDO Alliance, and LoRa Alliance
First Year Of Impact 2015
Sector Digital/Communication/Information Technologies (including Software),Financial Services, and Management Consultancy,Government, Democracy and Justice,Security and Diplomacy,Transport
Impact Types Societal

Economic

Policy & public services

 
Description Contribution to APPG session on Government, Democracy and Voting
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
URL https://lordchrisholmes.com/blockchain-appg-evidence-meeting-government-democracy-and-voting/
 
Description Publication of the IET Report "Internet Voting in the UK", as Chair of the IET E-Voting Working Group, The rep[ort considers the opportunities challenges around the prospect of evoting in the UK.
Geographic Reach National 
Policy Influence Type Membership of a guideline committee
URL https://www.theiet.org/media/7025/internet-voting-in-the-uk.pdf
 
Description Academic Centre of Excellence in Cyber Security Research
Amount £80,001 (GBP)
Funding ID EP/R006938/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 06/2017 
End 06/2022
 
Description Applications of Distributed Ledger Technologies
Amount £614,484 (GBP)
Funding ID EP/P031811/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 05/2017 
End 05/2019
 
Description Commitment to Privacy and Trust in Internet of Things Security (ComPaTrIoTS) Research Hub
Amount £252,967 (GBP)
Funding ID EP/N023358/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2016 
End 01/2019
 
Description Eyes Can Tell: Applications of Eye-tracking Devices in Cyber Security Research
Amount £19,392 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 09/2016 
End 03/2017
 
Description GCHQ PhD studentships for Academic Centres of Excellence
Amount £115,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 09/2017 
End 03/2021
 
Description GCHQ PhD studentships for Academic Centres of Excellence
Amount £115,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 09/2017 
End 03/2021
 
Description H-DLP: Human-assisted machine learning for bootstrapping DLP (data loss prevention) systems
Amount £192,003 (GBP)
Funding ID KTP010417 
Organisation Innovate UK 
Sector Public
Country United Kingdom
Start 01/2017 
End 12/2020
 
Description Human Dimensions of Cyber Security
Amount £880,980 (GBP)
Funding ID EP/P011896/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2017 
End 12/2018
 
Description Joint Singapore-UK Research in Cyber Security
Amount £208,100 (GBP)
Funding ID EP/N020111/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2016 
End 04/2018
 
Description Microsoft Research PhD Scholarship
Amount £112,000 (GBP)
Organisation Microsoft Research 
Department Microsoft Research Cambridge
Sector Private
Country United Kingdom
Start 03/2018 
End 04/2022
 
Description Pass8 (PassInfinity)
Amount £34,000 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2017 
End 03/2017
 
Description PassInfinity: An "All in One" user authentication framework
Amount £28,968 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2017 
End 09/2017
 
Description Trust, Identity, Privacy and Security in the Digital Economy
Amount £364,323 (GBP)
Funding ID EP/N028295/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 05/2016 
End 05/2019
 
Description Trust, Identity, Privacy and Security in the Digital Economy
Amount £852,825 (GBP)
Funding ID EP/N02799X/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 09/2016 
End 09/2019
 
Title Tamarin models of different 5G protocols 
Description These are used to formally verify the security of 5G protocols in different trust models. You can now find these here https://bit.ly/3w4qgQt 
Type Of Material Computer model/algorithm 
Year Produced 2021 
Provided To Others? No  
Impact It will become available to the wider public soon. 
URL https://fmsec.github.io/5gtechsec.github.io/
 
Title Tamarin models of the privacy of IoT LoRa protocols 
Description These models are used to formally verify the privacy of LoRa protocols 
Type Of Material Computer model/algorithm 
Year Produced 2021 
Provided To Others? No  
Impact These are discussed at the LoRa Alliance Technical Committe and Security Working Group meetings and will/may impact future specifications 
URL https://bit.ly/3w5MNN0
 
Title Tamarin models of the security of IoT LoRa protocols 
Description These models have been used for the formal analysis of security and privacy of LoRa protocols. 
Type Of Material Computer model/algorithm 
Year Produced 2020 
Provided To Others? Yes  
Impact These models have lead to improvement in the LoRa specifications. 
URL http://people.itcarlson.com/ioana
 
Description Collaboration with Clearswift Ltd 
Organisation Clearswift Ltd
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey's Dr Shujun Li initialised the conversation with Clearswift Ltd in 2014 which led to an Innovate UK KTP application. The KTP application was successful in 2016 and the project officially started in 2017. Dr Shujun Li provided a potential technology to solve a problem facing Clearswift and other DLP (data loss prevention) vendors. Dr Shujun Li and Dr Ben Shenoy of University of Surrey play the roles of academic supervisors in the KTP project. The University of Surrey is in charge of managing HR matters around a KTP associate, and provided needed training.
Collaborator Contribution Clearswift Ltd provided the problem for the KTP project to attack, participated in the project proposal writing, provided match funding per KTP rules, and is hosting the KTP associate to work full-time at its main office in Theale, Reading.
Impact The project was terminated earlier in 2018 after the key academic Shujun Li left the University of Surrey to join the University of Kent. A major outcome of the collaboration is that the Associate of the project developed himself into the next stage of his career and joined a Chinese university as an Associate Professor.
Start Year 2014
 
Description Collaboration with Crossword Cybersecurity plc 
Organisation Crossword Cybersecurity
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey resercher Dr Shujun Li initialised collaboration with Crossword Cybersecurity plc on tech transfer of two new inventions from his research project.
Collaborator Contribution Crossword Cybersecurity plc has been a partner of an ongoing project on Pass8 (PassInfinity) and will be the partner of another forthcoming project. They provided and will provide in-kind support for both project. The figure reported above is for the forthcoming project only.
Impact The collaboration allowed a commercialisation idea being exploited, but did not materialise. It is currently being developed further before a new commercialisation effort will be re-started.
Start Year 2014
 
Description Collaboration with Data61, CISRO, Australia 
Organisation Commonwealth Scientific and Industrial Research Organisation
Country Australia 
Sector Public 
PI Contribution This was continuation of our previous collaboration with NICTA, Australia after its merger into CISRO's Data61 department. CISRO supported this project proposal as an unfunded partner and participated in all WPs.
Collaborator Contribution Two researchers and some interns from CISRO have contributed to this project by conrtributing to all WPs, attending meetings to discuss research plan and to provide data on a new user authentication system for timing attack analysis. A joint user study on eye-tracking for the user authentication system CISRO developed is being designed and to be conducted.
Impact The collaboration ended in 2018 when the project COMMANDO-HUMANS ended. A number of joint research publications were produced.
Start Year 2016
 
Description Collaboration with NCC Group on PassInfinity 
Organisation NCC Group
Country United Kingdom 
Sector Private 
PI Contribution We developed a new user authentication system called PassInfinity since late 2016 and got an EPSRC IAA grant to develop a prototype and conduct a usability and security test.
Collaborator Contribution The company has been providing in-kind support on software development and will provide paid services on security evaluation.
Impact The work led to an initial security testing report of the PassInfinity prototype.
Start Year 2017
 
Description Collaboration with Singapore Management University 
Organisation Singapore Management University (SMU)
Country Singapore 
Sector Academic/University 
PI Contribution The project allowed researchers at the University of Surrey to collaborate with five researchers at the Singapore Management University. The work proposed in the project is split between the two research teams and both sides helped each other.
Collaborator Contribution The Singapore Management University is in charged of WP3 and contributed to WP2. They contributed to management of the project as well.
Impact The collaboration ended in 2018 when the project COMMANDO-HUMANS ended. A joint publication on timing attack against PIN entries was prodcued. A joint software CogTool+ was co-developed.
Start Year 2016
 
Description Collaboration with University of Split, Croatia 
Organisation University of Split
Country Croatia 
Sector Academic/University 
PI Contribution This is a continuation of collaboration between Dr Shujun Li and two researchers of the University of Split since 2010. The collaboration was broadened to cover all memebrs of of the COMMANDO-HUMANS project.
Collaborator Contribution Two researchrs from the University of Split contributed to all WPs and attended all quarterly meetings of the COMMANDO-HUMANS project. They have been working with other partners espcially CISRO in an enhanced timing attack.
Impact This collaboration ended after the project COMMANDO-HUMANS ended. During the collaboration phase, a number of joint research publications were produced.
Start Year 2011
 
Description Consortium for COMMANDO-HUMANS project 
Organisation Commonwealth Scientific and Industrial Research Organisation
Country Australia 
Sector Public 
PI Contribution Surrey University team will (co-)lead several work packages of the joint project COMMANDO-HUMANS, and be the consortium coordinator. The team will also host two annual project meetings one in 2016 and the other in 2018.
Collaborator Contribution Singapore Management University team will (co-)lead several work packages, and coordinating research activities from Singapore side. The team will also host an annual project meeting in 2017.
Impact The collaboration led to a joint research project COMMANDO-HUMANS funded by EPSRC and Singapore's NRF jointly. The project ended in 2018, with a number of research outcomes produced (see their separate researchfish entries).
Start Year 2015
 
Description Consortium for COMMANDO-HUMANS project 
Organisation School of Information Systems (SIS)
Country Singapore 
Sector Academic/University 
PI Contribution Surrey University team will (co-)lead several work packages of the joint project COMMANDO-HUMANS, and be the consortium coordinator. The team will also host two annual project meetings one in 2016 and the other in 2018.
Collaborator Contribution Singapore Management University team will (co-)lead several work packages, and coordinating research activities from Singapore side. The team will also host an annual project meeting in 2017.
Impact The collaboration led to a joint research project COMMANDO-HUMANS funded by EPSRC and Singapore's NRF jointly. The project ended in 2018, with a number of research outcomes produced (see their separate researchfish entries).
Start Year 2015
 
Description Consortium for project ACCEPT 
Organisation Neighbourhood and Home Watch Network
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation Transport Research Laboratory Ltd (TRL)
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation University College London
Department Genetics Institute
Country United Kingdom 
Sector Academic/University 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation University of Warwick
Department WMG
Country United Kingdom 
Sector Academic/University 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation Association of Train Operating Companies
Country United Kingdom 
Sector Learned Society 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation Loughborough University
Country United Kingdom 
Sector Academic/University 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation Royal Holloway, University of London
Country United Kingdom 
Sector Academic/University 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation Tees, Esk and Wear Valleys NHS Foundation Trust
Department Roseberry Park Hospital
Country United Kingdom 
Sector Hospitals 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation Thales Group
Department Thales Research & Technology (Uk) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Consortium for project: Improving customer experience while ensuring data privacy for intelligent mobility 
Organisation University of Southampton
Country United Kingdom 
Sector Academic/University 
PI Contribution Surrey has brought together the consortium and is leading this project
Collaborator Contribution The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, and ThalesUK bring expertise on rail technology.
Impact Not yet applicable
Start Year 2015
 
Description Partnership with Thales 
Organisation Thales Group
Department Thales UK Limited
Country United Kingdom 
Sector Private 
PI Contribution We are having meetings to align our research to a need they have and have a use-case linked to what they do.
Collaborator Contribution We are having meetings to align our research to a need they have and have a use-case linked to what they do.
Impact No outputs to disclose yet. I would need to double-check with Thales
Start Year 2019
 
Description Partnership with the LoRaAlliance 
Organisation LoRa Alliance
Country United States 
Sector Charity/Non Profit 
PI Contribution We work part of the LoRa Alliance Technical committee (TC) and Security Working Group (SWG) on the privacy and security of LoRa devices
Collaborator Contribution They discuss with us our findings in regular TC and SWG meetings and these findings are taken into account in their specs.
Impact one of the work-in-progress input in here (the one where the lead authors is Budykho K.) + the EuroS&P 2020 paper mentioned in the award has already been input into this collaboration
Start Year 2020
 
Description Visiting position in Univ Clermont-Auvergne 
Organisation University of Clermont Auvergne
Country France 
Sector Academic/University 
PI Contribution The PI is a visiting academic there working on aspects related to the project.
Collaborator Contribution PI applied for this position and got it and we are working on these project together as well
Impact none yet, but to follow
Start Year 2020
 
Title HIDING INFORMATION IN A DIGITAL ENVIRONMENT 
Description Information is hidden in a digital environment by translating the information into one or more activities according to an encoding scheme in which the manner in which the one or more activities are performed conveys information to an intended recipient. The encoded information is then sent by controlling one or more entities to perform the encoded one or more activities. In some embodiments, a marker can be included to signal a start point of the concealed information. The recipient can continuously monitor the activities performed by one or more entities known to be controlled by the sender, to detect the marker that signals the start of hidden information. 
IP Reference WO2016075459 
Protection Patent application published
Year Protection Granted 2016
Licensed No
Impact It is being commercialised by a tech transfer company Crossword Cybersecurity plc. Commercial impact has not been produced yet.
 
Title Improved Authentication 
Description This is a patent applicaiton filed by the University of Surrey to protect Pass8 (PassInfinity), a new user authentication technology developed in the context of the COMMANDO-HUMANS project as a byproduct. It was filed in January 2017 and is currently evaluated by UK IPO. It was also the result of the broader work funded by the EPSRC funded ACE-CSR at the University of Surrey. 
IP Reference GB1700649.5 
Protection Patent application published
Year Protection Granted 2017
Licensed No
Impact Not yet.
 
Title CogTool+ 
Description It is an extended tool based on CogTool (https://github.com/cogtool) supporting meta-modelling and automated simulation of a large number of models of the same meta-model. It is still being developed and the first beta version is expected to be released in summer 2017. 
Type Of Technology Software 
Year Produced 2019 
Open Source License? Yes  
Impact The development of the tool started from the beginning of the project and the first complete prototype was done in 2018. It has not been released publicly because we are waiting for a related paper to be published. 
 
Description 5G Security architecture overview and its support for services such as Internet of Vehicles and multicasting/broadcasting, seminar to IET ESSEX branch 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Here is the talk abstract:

Security and privacy provisioning have evolved considerably in mobile networks from GSM to 5G. However, 5G aims to provide connectivity for challenging applications such as ultra-reliable low latency (uRLLC) , one example here is the Internet of Vehicles (IoV) application, also the enhanced mobile broadband (eMBB): Defined as an extension to existing 4G broadband services, one example is live streaming (multicasting and broadcasting).

The talk presented the current security practices in all the protocols stack layer. The 4G and 5G security architecture were presented and show an approach to better support the uRLLC and eMBB services. The security feature for IoV and live streaming also presented in more details to highlight the links with 4G/5G security.

Finally the talk finished with final thoughts and looking into the future (6G) such as using Machine Learning to automate security and physical layer security
Year(s) Of Engagement Activity 2021
URL https://communities.theiet.org/communities/events/item/253/10/26941
 
Description A number of invited talk on "Observer-Resistant Password Systems: How hard to make them both usable and secure?" in Singapore 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact 3 invited talks at different research institutions in Singapore.
Year(s) Of Engagement Activity 2017
 
Description A tutorial on "Human Factors in Cyber Security: User authentication as a use case" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact An invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society.
Year(s) Of Engagement Activity 2017
URL https://www.eventbrite.co.uk/e/human-factors-in-systems-safety-and-security-tickets-33332437217
 
Description Academic Visit to India 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact As part of the work in Deliverable 1, the PI made a visit to India to collaborate with Prof. Ramanujam from IMSc Chennai. This was not paid under AutoPaSS, but aligned to it. They are now working on a paper together.
Year(s) Of Engagement Activity 2019
 
Description An interview with Sussex Police's Cyber Crime Unit 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact An interview with two police officers working at Cyber Crime Unit of Sussex Police, for getting input about use cases of cyber crime.
Year(s) Of Engagement Activity 2017
 
Description An invited talk on "Human/User-Centric Security" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Invited talk at Digital: Definition Unknown, the Fast Stream Conference 2017, organised by UK Government's Civil Service Fast Stream.
Year(s) Of Engagement Activity 2017
 
Description Annual taks the annual conferece of UK-RISE 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact "TimeTrust: Robust Timing via Hardware Roots of Trust and Non-standard Hardware with Application to EMV Contactless Payments", talk at the 3rd Annual Conference of RISE (Research Institute in Hardware Security and Embedded Systems), online Nov. 2020

"TimeTrust: Robust Timing via Hardware Roots of Trust and Non-standard Hardware with Application to EMV Contactless Payments", talk at the 2nd Annual Conference of RISE (Research Institute in Hardware Security and Embedded Systems), London, UK, Nov. 2019
Year(s) Of Engagement Activity 2019,2020
URL http://ukrise.org
 
Description Article in New Statesman 
Form Of Engagement Activity A magazine, newsletter or online publication
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact An article on verifiable voting in the New Statesman Spotlight supplement special issue on Cyber Security.
Year(s) Of Engagement Activity 2019
URL https://www.eventbrite.co.uk/e/the-volt-project-voting-on-ledger-technologies-tickets-60521857505
 
Description Became an active part of WG8 of the ISO now 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact We are standardising under ISO 14443 an outcome from a paper.
Year(s) Of Engagement Activity 2022,2023
URL https://practical_emv.gitlab.io/
 
Description Bi-weekly mtgs with the LoRa Alliance Technical Committee or Security Working group 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact PI active member of the LoRa Alliance technical committee and security working group, on matters linked to the project
Year(s) Of Engagement Activity 2020,2021
 
Description Blockchain and Distributed Ledger Technologies event 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact Event designed for the industrial network of SCCS, on Blockchain and Distributed Ledger Technologies. Four talks, as follows:The olive and the anarchist
Phil Godsiff, Centre for Digital Economy, University of Surrey

Do we have consensus? - Applying 'smart' contracts to govern intangible assets,
Paul Galwas, Digital Catapult

Digital identity is broken. Is DLT the answer?
Steve Pannifer, Consult Hyperion

Blockchain technology.
Gery Ducatel, BT
Year(s) Of Engagement Activity 2017
 
Description Cyber Crime and Fraud Awareness seminar 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact A seminar organised by Surrey Centre for Cyber Security jointly with Lloyds Bank, aimed at their client base and also aimed at the SCCS network of business and indistry
Year(s) Of Engagement Activity 2017
 
Description Cyber Security in Space workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact 10:30 - 10:45 Welcome remarks by Mark Manulis, SCCS and Chris Bridges, SSC

10:45 - 11:20 Toby Harris, UK Space Agency: "UK Space and Cyber Security''
11:20 - 11:55 Ian Poyner, SSTL: "Threats throughout the life-cycle"

12:20 - 12:55 Andy Davis, NCC Group: "The cyber attack surface of the Space industry"
12:55 - 13:30 Francis Kinsella, Airbus: "Protecting and Defending Sovereign Space Assets"

14:30 - 15:05 Mark Bowyer, Airbus: "Securing Future NanoSats at Physical Layer"
15:05 - 15:40 Tomer Ashur, KU Leuven: "Broadcast Authentication for Europe's Global Navigation Satellite System"
15:40 - 16:00 Panel discussion: "Directions for Research in Space Cyber Security"
Year(s) Of Engagement Activity 2019
 
Description CyberUK presentation 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Technical Presentation on Distributed Ledger Technologies at CyberUK 2016
Year(s) Of Engagement Activity 2016
URL https://registration.livegroup.co.uk/cesg_cip16/
 
Description Distributed Ledger Technologies - SCCS industry engagement and networking event 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact This event was organised by the Surrey Centre for Cyber Security on January 24th, 2019 with a high-level overview given by Dr Mark Manulis. The event focused on distributed ledger technologies and their applications. It featured four invited talks, including the talk on research ativites at the University of Surrey in the area of DLTs and Blockchain. The TAPESTRY project was introduced as part of this talk by Prof. John Collomosse.
Year(s) Of Engagement Activity 2019
URL https://www.eventbrite.co.uk/e/blockchain-and-distributed-ledger-technology-industry-networking-even...
 
Description HHMC 2017 (Workshop on Hybrid Human-Machine Computing) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop co-sponsored by the COMMANDO-HUMANS project and chaired by the project's PI. It covers two related work from the COMMANDO-HUMANS project.
Year(s) Of Engagement Activity 2017
URL http://hhmc2017.commando-humans.net/
 
Description Hosting "breakfast briefing" with Institute of Directors on "The Cyber Security Landscape" 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact 60 members of the Institute of Directors and SCCS academics attended a series of three talks in a Breakfast Briefing hosted at the University of Surrey in conjunction with the Surrey Institute of Directors. The talks were given by Robert May, Chair and Cyber Security Champion for the Surrey IoD; Henry Pearson for NCSC; and Steve Schneider, Director of the Surrey Centre for Cyber Security. Following the talks there was a lively question and answer session with the three speakers, and the feedback after the event and requests for inclusion on the SCCS mailing list indicted an increased interest and awareness of cyber security matters among directors.
Year(s) Of Engagement Activity 2016
 
Description Human/User-Centric Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact It was an invited talk given at the Fast Stream Conference 2017 (Digital: Definition Unknown), organised by UK Government's Civil Service Fast Stream. The audience was mainly members of the UK Government's Civil Service Fast Stream. The talk was also advertised to general public through LinkedIn and Slideshare.net.
Year(s) Of Engagement Activity 2017
URL http://www.slideshare.net/hooklee/humanusercentric-security
 
Description Invited talk on "Pass8 (PassInfinity): A new 'all in one' multi-factor user authentication framework" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact An invited talk at a quarterly meeting of HESCA (Higher Education Smart Campus Association) in June 2017.
Year(s) Of Engagement Activity 2017
 
Description Keynote speech "Observer-Resistant Password Systems: How hard to make them both usable and secure?" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Postgraduate students
Results and Impact Invited talk at the 2nd Annual Bath PGR Conference on Computer Science (BCCS 2017), University of Bath, UK
Year(s) Of Engagement Activity 2017
URL http://people.bath.ac.uk/drs32/Conference/conference.htm
 
Description New Formal Methods for Security Netwrok 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact PI set up a network in the UK and abroad on formal methods for security and she is running it. We meet monthly and discuss reasearch and ideas on this topic. We = academia + industry + researchers/enthousiasts of all sorts.
Year(s) Of Engagement Activity 2021
 
Description Observer-Resistant Password Systems: How hard to make them both usable and secure? 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Undergraduate students
Results and Impact This was a talk given to a mixed audience of students, researchers and industry, as part of a half-day workshop on Human Factors in Cyber Security, Surrey Centre for Cyber Security and Department of Computer Science, University of Surrey, UK. It was also publicised through a blog article to the general public.
Year(s) Of Engagement Activity 2016
URL http://blogs.surrey.ac.uk/sccs/2016/03/31/from-shoulder-surfers-and-keyloggers-to-mitm-and-malware-c...
 
Description PRACTICE 2017 (Workshop on PRactical Applications of CogniTIve Computing in Emerging topics 2017) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop organised at the IEEE CYBCONF 2017 (3rd IEEE International Conference on Cybernetics), co-sponsored by the COMMANDO-HUMANS project.
Year(s) Of Engagement Activity 2017
URL http://practice2017.commando-humans.net/
 
Description Panel discussion at TEISS 2017 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Participated as panellist in the discussion on the topic of "Segregating third party access in the cloud" with the "Identity & Acess Management" stream of The European Information Security Summit (TEISS) 2017.
Year(s) Of Engagement Activity 2017
URL https://biztechevents.co.uk/teiss/cth_speaker_cat/speaker-2017/page/2/
 
Description Participation in Panel on Cybercrime at Surrey and West Sussex Federation of Small Businesses Annual Meeting 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact Participation in Panel on Cybercrime at Surrey and West Sussex Federation of Small Businesses Annual Meeting, at which there was a discussion about online risks to small businesses and how they can address them. The aim was to raise awareness of the risks to their businesses and to encourage them to take action to mitigate them. There was a lot of interest generated, and the session ran over time due to the volume of questions from the audience.
Year(s) Of Engagement Activity 2016
 
Description Pass8 (PassInfinity) 
Form Of Engagement Activity A broadcast e.g. TV/radio/film/podcast (other than news/press)
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact This was an interview broadcast via BBC World Service's Tech Tent programme. Dr Shujun Li was interviewed for his new technology Pass8 (PassInfinity). This interview was triggered by a press release of the University of Surrey and itself generated further media reports on the techonology.
Year(s) Of Engagement Activity 2017
URL http://mms.tveyes.com/Transcript.asp?StationID=7195&DateTime=2%2F17%2F2017+3%3A24%3A02+PM&Term=Unive...
 
Description Presentation at Future of Distributed Ledger Technology workshop, Newton Institute Cambridge 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Other audiences
Results and Impact Discussions around the future of distributed ledger technologies including policy and practice
Year(s) Of Engagement Activity 2019
URL https://gateway.newton.ac.uk/event/tgmw71
 
Description Presentation at RRUKA 2016 conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation entitled "Integrating data sources to enhance the experience for passengers with special needs and/or disabilities through privacy aware mobile applications" presented by Steve Wesemeyer, University of Surrey and Tracy Ross Loughborough University. Disseminating the results of a feasibility study funded by the Rail Industry.
Year(s) Of Engagement Activity 2016
URL http://www.rruka.org.uk/wp-content/uploads/2016/05/RRUKA-AC-2016-Draft-Programme-WEBSITE-v2.pdf
 
Description Presentation on Secure Electronic Voting to the UK PhD Winter School on Cyber Security, Newcastle 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Training and education for PhD students in Cyber Security
Year(s) Of Engagement Activity 2020
URL https://sites.google.com/view/phd-cyber-winterschool2020/home?authuser=0
 
Description Presentation on the VOLT project to the DLT Community of Interest 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presented on the VOLT project at the DLT Community of Interest event in Whitehall to an audience of approx 100 DLT enthusiasts and practitioners. The talk generated a substantial number of questions.
Year(s) Of Engagement Activity 2018
 
Description Reputation and Privacy in Gig Economy 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Presented research results on privacy-preserving reputation management scheme to participants of NCSC Annual Conference.
Year(s) Of Engagement Activity 2019
 
Description SPCPS 2017 (Workshop on Security and Privacy in Cyber-Physical Systems 2017) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop organised at IEEE CYBCONF 2017 (3rd IEEE International Conference on Cybernetics)
Year(s) Of Engagement Activity 2017
 
Description Seminar at University of Swansea 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Postgraduate students
Results and Impact Presentation describing our research outputs on a Secure Electronic Voting Systems and the formal verification of the Web Bulletin Board (DLT)
Year(s) Of Engagement Activity 2016
 
Description Strategic Advisory Board Meeting 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Other audiences
Results and Impact This was the first mtg with industrial and academic advisors for AutoPaSS. PhD students of the PI, not funded by this, also took part.
Year(s) Of Engagement Activity 2019
 
Description Talk about Verifiable voting and DLT at the Government Digital Service Academy, May 2019 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact Approximately 30 staff from the Government Digital Service attended a talk I was invited to give as part of their Academy termcard. The talk generated questions around verifiable voting and around DLT from a well-informed and engaged audience.
Year(s) Of Engagement Activity 2019
URL https://www.eventbrite.co.uk/e/the-volt-project-voting-on-ledger-technologies-tickets-60521857505
 
Description Talk at the FM-SEC -- formal methods in security network 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact I gave two talks in 2021 at the fm-sec network, which I also run
Year(s) Of Engagement Activity 2021
URL https://fmsec.github.io/fmsec
 
Description Talk at the UK-SPS international seminar series 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact title "Practical and Formal Analysis Security of Contactless Mobile Payments"
Year(s) Of Engagement Activity 2021
URL https://www.youtube.com/watch?v=3wzkd07A5ZU
 
Description Talk to GCHQ Blockchains workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact This was a workshop on blockchains organised bu GCHQ and with a mix of academic, business, and government participants. Steve Schneider gave a talk on distributed ledger technologies from the voting perspective
Year(s) Of Engagement Activity 2016
 
Description Thames VAlley Cyber Cluster event on GDPR 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact This was the first Thames Valley Cyber Security Cluster meeting to be held at the University of Surrey.
The key theme was the various changes in regulation relating to data privacy / protection, particularly GDPR, that will affect businesses across the UK.
In addition, we will have an update from the police on the latest cyber crime trends.
The event is primarily for those involved in the cyber security sector, although others are welcome to apply to attend.
Year(s) Of Engagement Activity 2017
 
Description Thames Valley Cyber Security Cluster Meeting 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact A series of talks on the General Data Protection Regulations and issues around it, hosted by the University of Surrey and organised in conjunction with the Thames Valley Cyber Security Cluster.
Year(s) Of Engagement Activity 2017
URL http://www.surrey.ac.uk/sccs/news/events/2017/gdpr_the_winds_of_regulatory_change.htm
 
Description press release on apple-pay and visa mobile-payment attacks 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact The work I lead on the GCHQ-funded TimeTrust project, under EPSRC-GCHQ research institute called UK-RISE (ukrise.org) lead to a serious cyber attack being uncover on ApplePay and Visa payment systens. this made the front pages of the BBC, and of most world-wide media outlets; see, e.g., here: https://www.bbc.co.uk/news/technology-58719891
Year(s) Of Engagement Activity 2021
URL https://www.bbc.co.uk/news/technology-58719891