Securing Communications after Device Compromise

Traditional adversary models in cryptography focus primarily on a network adversary with no access to endpoints. We now know that this was naïve - due to current security architectures, an adversary with physical access may have access to all past and future secret keys for their communications.

Previous attempts at solving this problem include the notion of forward secrecy, a cryptographic property which ensures that compromise of a secret (e.g. key) does not lead to compromise of all future secrets. This can be done by key ratcheting or key rotation, which updates the secret key after every session. A related technique on authentication is panic password, which would alert a third party of the duress - this is of course assuming that the adversary isn't aware of this covert mechanism, which makes for a weak model.

The project will start with developing a new security model against a strong physical adversary - we argue that the previous models do not satisfy certain security properties in our new model. In turn, we will develop new cryptographic techniques to mitigate the threats, with provably secure guarantees.

This project will be relevant in particular against insider threat, intimate partner threat, as well as communicating duress during authentication, including e-Voting.

This project falls within the EPSRC Global Uncertainties research area.

It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:

* The IT industry; vendors of hardware and software, and within this the IT Security industry;

* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;

* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;

* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;

* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;

* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.

Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.