Meet our experts…Professor Eerke Boiten

Professor Eerke Boiten joined the Cyber Technology Institute in April 2017 from the University of Kent where he was the Director of the Cyber Security Research Centre.

Professor Boiten spent the first twenty years of his research career, first in the Netherlands and then in the UK, on mathematics and logic based methods to guarantee and verify the correctness of software. He published over 50 peer reviewed papers on formal methods, including program transformation, viewpoint specification, and refinement in process algebra and state-based systems (e.g. Z). On the latter topic, he authored the monograph “Refinement in Z and Object-Z” with John Derrick (Springer 2004, 2015), and organised many conferences and workshops including the last nine editions of the BCS-FACS Refinement Workshop.

In recent years, he has been applying such techniques in the context of cryptography and security. He led the highly successful UK network on cryptography, security and formal methods CryptoForma. In addressing the broader cyber security research agenda, he also actively engages with other disciplines and external stakeholders.

Professor Boiten has also been a frequent commentator on issues in data security and privacy, including in The Guardian, Le Monde, and frequently in The Conversation, see: https://theconversation.com/profiles/eerke-boiten-104676/. Recent comment topics have included: health data sharing, Google, Facebook, the Right to be Forgotten, surveillance, encryption and Ransomware.

He is currently Principal Investigator on the Economical, Psychological and Societal Impact of Ransomware (EMPHASIS) project which aims to build economical and behavioural models of ransomware which can be used to improve ransomware mitigation and advice, as well as support providing support to law enforcement.

For more information about Professor Boiten and his publications, please visit: https://www.dmu.ac.uk/about-dmu/academic-staff/technology/eerke-boiten/eerke-boiten.aspx

Posted in Uncategorized | Leave a comment

Meet our experts….Dr Isabel Wagner

Dr Isabel Wagner

Dr Isabel Wagner is a Senior Lecturer in the Cyber Technology Institute here at De Montfort University. She completed her PhD in engineering (Dr.-Ing.) and M.Sc. in computer science (Dipl.-Inf. Univ.) from the Department of Computer Science, University of Erlangen in 2010 and 2005, respectively. In 2011 she was a JSPS Postdoctoral Fellow in the research group of Prof. Masayuki Murata at the University of Osaka, Japan.

Dr Wagner has made significant contributions in wireless sensor networks, computing education, and privacy-enhancing technologies. These diverse contributions are united by a focus on measurement and the application of simulation methodology and statistics. Dr Wagner’s work has been published in renowned peer-reviewed journals and conferences and has been cited more than 900 times (Google Scholar).

This month, Isabel has been elevated to the rank of Senior Member by the Association for Computing Machinery (ACM). ACM is the world’s largest computing society and honors the top 25% of its members as Senior Members for their demonstrated excellence in the computing field.

The following examples illustrate the results of her outstanding research:

In the area of wireless sensor networks, Dr Wagner proposed a new metric for the lifetime of sensor networks. This highly cited work (currently the 6th most-cited paper in ACM Trans. on Sensor Networks) analysed metrics and application scenarios for sensor networks, and proposed a composite metric that can be configured based on the requirements of the application scenario. This metric enables objective comparisons between different algorithms and configurations of sensor networks.

In computing education, Dr Wagner has focused on gender equality. In a large statistical study of the achievement of female CS students, she found that across all UK universities, female CS students are awarded significantly fewer first class degrees (corresponding to a 70% average) than male students (published in ACM Trans. on Computing Education).
This result is now informing her local work in supporting female students and making staff aware of unconscious biases.

In the area of privacy-enhancing technologies, Dr Wagner has investigated the measurement of privacy as a prerequisite for objective comparisons between privacy-enhancing technologies. She has proposed a taxonomy for privacy metrics and a general method to assess the strength of privacy metrics. Her study of privacy metrics for genomic privacy (published in ACM Trans. on Privacy and Security) evaluated 24 privacy metrics for genomics and found weaknesses in several common privacy metrics.

Her research has been funded by the Engineering and Physical Sciences Research Council (EPSRC), the Japan Society for the Promotion of Science (JSPS), and major companies. She also acts as an expert reviewer for the EPSRC, the EU Horizon 2020 programme, and several high-ranking journals and serves on the technical program committees of leading conferences.

Posted in Uncategorized | Leave a comment

Can you avoid being hit by ransomware?

Yes, you can. Having said that, for the NHS it was probably a bit more difficult to avoid it.

After last weekend, it is hardly necessary to explain what ransomware is anymore – even if not all media got the details correct. Ransomware is a particular type of malicious software (“malware”), that asks for a ransom to get the affected computer back to its original state. Like most ransomware, the current variant (“WannaCry”) replaces the user’s data files by encrypted versions for which only the criminals have the decryption key. Often such ransoms need to be paid in the online currency “bitcoin”. This means that even paying the ransom is a challenging experience for many of the victims, with the criminals often offering help (!) This is part of the game: the criminals need their victims to build up some trust, so they will also trust the criminals to deliver when they pay up. Nevertheless the official advice is still not to pay, as you can never be sure, and nobody likes to support this particular “business” model. As far as we can tell nobody has even received a decryption key after paying for this particular infection.

So how could you land with ransomware on your computer?

Old software, missing updates, clicking the wrong links …

All malware relies on “vulnerabilities” in software for the malware to take hold. In this case, it was a vulnerability in Microsoft operating systems, for which updates had been sent out in March 2017. Nobody who applied those updates will have been hit by WannaCry. Unfortunately, public free support for Windows XP (not sold since 2008) had stopped in 2014, so no free update for that was available. The vulnerability exists in Windows XP, too, and Microsoft had a fix available – initially for a price, but as of this weekend this is also available for free.

The existence of a vulnerability by itself will not normally lead to ransomware infection – it also needed some action by a user. The most common such action these days is clicking on a “wrong” link in an email which looks like it comes from a trusted source (“phishing”, or if it’s cleverly targeted, “spear fishing”). Unfortunately, there is an “arms race” in this area: criminals get better at creating realistic looking emails, so even though users are more aware of the risks, they also stand a worse chance of spotting the best phishing emails than ever before. With all sorts of internet services regularly sending out emails with bona fide links in there, this is a problem that will need a radical solution soon.

The NHS, despite a huge IT budget, was always at a higher risk of catching this strand of ransomware than most people at home. Many of their computers still run on Windows XP, so would not have been updated in time. In many cases, moving away from XP for the NHS (and many other large organisations) is not just a question of simple replacement cost. They also have crucial software that will not work with newer operating systems, or worse: an XP based computer may actually be built into a complex medical instrument. Replacing those in their entirety is a much bigger job, and even having had extended XP support over 2014-15 it is not clear the NHS could have realistically done so by now. Most home computers on XP have probably long been retired because they were getting too slow for the newest games …

This aspect of the story won’t go away with Microsoft releasing an XP update to combat WannaCry. Every update released for newer Microsoft operating systems addresses and through that implicitly publicizes a vulnerability that may have existed in XP already, with no free public updates provided for that …

Another very political can of worms in this story is that the vulnerability had been known to the NSA, held in their stash of vulnerabilities to exploit when they needed to break into people’s computers. The NSA will likely have known about this one since well before XP support was stopped.

Can you be safe even if you’ve been hit by ransomware?

Yes, provided you had backups of your data. That has always been a good strategy – disc drives can crash, laptops can get stolen, and in this case having a backup allows you to put the original files in place again instead of the maliciously encrypted ones. Because you also need to get rid of the malware, and you need to avoid re-infecting yourself and others, this is a task that should not be undertaken without expertise.

Current Research

Cyber security researchers are working on research to address all this in various directions, often with interdisciplinary aspects as some of it relates to how humans operate and can be manipulated. Ransomware encryption methods are broken, bitcoin payments on the blockchain are traced, email filtering gets improved to catch more phishing emails.

Funded by the national research funding agency EPSRC, Professor Eerke Boiten at the CTI is leading EMPHASIS, a £900K research project into all aspects of ransomware, with computer scientists, economists, psychologists and criminologists from the universities of Kent, Leeds and Newcastle, De Montfort University and City University London.

This blog post was written by Professor Eerke Boiten, Professor of Cyber Security at the Cyber Technology Institute, De Montfort University, Leicester.

 

 

Posted in Uncategorized | Leave a comment

CYRAN: a realistic environment for cyber warfare training

Cyber Security of ICS/SCADA systems is a major aspect of current research in the cyber community. Here at the Cyber Technology Institute, we have developed CYRAN – a hybrid cyber range that is a combination of physical and virtual components which is an ideal environment for hands-on training in cyber warfare training, cyber resilience testing and cyber technology development.

A key challenge in Cyber Security training is the ability to perform practical exercises in a realistic environment, especially for areas where the ability to incorporate real equipment is almost non-existent.

To this end, the Cyber Technology Institute at De Montfort University have created the CYRAN cyber range. CYRAN has been developed utilising a hybrid approach, combining virtualised components with actual physical hardware.  This includes the capacity for switches, routers, user terminals with a variety of operating systems, programmable logic controllers, human machine interfaces, geographically distributed networks and virtual private networks.

Scenarios can be developed to better represent operational environments by incorporating physical systems such as control systems and bespoke technologies, providing enhanced resiliency testing.

Once a scenario has been developed Red vs Blue exercises (where one team attack the system and the other attempt to identify and attribute the attacks) can be performed highlighting areas of weakness likely to be exploited by malicious actors and assessing the level of information required for successful attribution.  Tokens worth a predetermined number of points are spread throughout the scenario and are associated with particular techniques or exploits.

redAndblue

This approach introduces an element of competition, which can be tailored to assess the impact of differing schemes.  Competition can be simply between Red and Blue, but provision exists to monitor individual points meaning competition within teams can also be assessed.  Any combination of these can also be implemented; one that has proved successful in the past is to award Blue points solely to the team whilst awarding individual points to the Red team, leading to greater teamwork amongst the defenders whilst highlighting individuality for the attackers.

A key component of a scenario is the White team; not only do they ensure the smooth running of the event providing hints or extra information when necessary, but they can also take on the role of other members of an organisation to increase the realistic demands of a situation.

With CYRAN, we can provide attendees with practical and technical skills as well as the experience of working with others within a simulated scenario.  It is also  easy to create and add new scenarios in order to tailor the training to the specific needs of organisations.

For more information about the training opportunities with CYRAN, please contact us: cybertech.support@dmu.ac.uk.

For more detail about the development of CYRAN, please see: http://www.igi-global.com/chapter/cyran/172681

Posted in Uncategorized | Leave a comment

Spotlight on Research….Privacy Measurement by Dr Isabel Wagner

PryMe – a Universal Framework to Measure the Strength of Privacy-enhancing Technologies

privacy

Privacy is a fundamental human right codified in the European Convention on Human Rights. However, privacy in today’s digital society is constantly under threat, and privacy protections are needed to guard against privacy violations. Privacy-enhancing technologies can protect privacy on a technical level and thus offer much stronger protection than privacy policies or privacy laws. Our expert, Dr Isabel Wagner, has been awarded an EPSRC grant to advance the state of the art in privacy measurement – a fundamental building block for the creation of new privacy-enhancing technologies.

Privacy is a universal value and an important matter of human rights, security, and freedom of expression. However, in the digital era privacy is increasingly becoming eroded, and existing protections in terms of laws and privacy policies turn out to be insufficient because they do not prevent privacy violations from happening. In contrast, privacy protections on a technical level, so-called privacy-enhancing technologies, can prevent privacy violations and are thus a topic of much current research.

One way to show how effective new privacy-enhancing technologies are, i.e. to what extent they are able to protect privacy, is to use privacy metrics to measure the amount of privacy the technologies provide. Even though many privacy metrics have been proposed, there are many studies showing their shortcomings in terms of consistency, reproducibility, and applicability in different application domains. This is an important issue because use of a weak privacy metric can lead to real-world privacy violations if the privacy metric overestimates the amount of privacy provided by a technology.

The proposed research addresses this issue by evaluating the quality of existing privacy metrics, identifying their strengths and weaknesses, and building on this evidence to propose new, much stronger privacy metrics. Our aim is to create novel privacy metrics that measure the effectiveness of privacy-enhancing technologies consistently, reproducibly, and across application domains. To achieve this aim, we will (i) create the modular framework PryMe for the systematic evaluation of privacy metrics, (ii) apply the PryMe framework to evaluate privacy metrics across application domains, and (iii) propose strong new privacy metrics that work in each application domain.

By proposing a single framework to evaluate privacy metrics in many application domains, we allow research ideas on privacy metrics from different domains to complement each other, which will transform how privacy is measured. To further this transformation, we will release open source code for the PryMe framework to enable other researchers to study different application domains and new privacy metrics. In the long term, this will be relevant to improve privacy-enhancing technologies, and thereby improve privacy for end users.

Privacy measurement is important not only to improve privacy-enhancing technologies, but also to analyse trade-offs between privacy and data utility, or between privacy and security. Better privacy metrics therefore not only improve privacy for end users, but also improve the decision-making in situations when privacy needs to be weighed against utility or security. Better privacy metrics can also help improve the user acceptance of new technologies such as vehicular networks and smart homes by showing that privacy issues have been addressed on a technical level.

Dr Isabel Wagner is a Senior Lecturer in the Cyber Technology Institute at De Montfort University.

We are currently recruiting a Research Fellow to support this project: http://www.jobs.ac.uk/job/AXF213/research-fellow-in-privacy-enhancing-technologies/

For more information about this project, please contact: cybertech.support@dmu.ac.uk

Posted in Uncategorized | Leave a comment

#DMUCyberWeek at the Cyber Technology Institute

CyberWeek

We will be hosting an exciting programme of workshops and activities here in the Cyber Technology Institute at De Montfort University from Monday 8th May – Friday 12th May.

#DMUCyberWeek will be a combination of career events for our current students as well as an opportunity for local businesses and security enthusiasts to come and find out more about cyber security and the research and commercial engagement happening in the CTI.

On Monday, we will welcome a team from Cyber Security Challenge UK who will be delivering a day of career workshop sessions for our students: a great opportunity for them to explore the varied career options available when graduating from our cyber security programmes.

Tuesday and Wednesday will be focused on the issues of cyber threats in critical systems with workshops delivered by members of the Cyber Security Team from Airbus – one of our Industrial Advisory Group partners.

Later in the week, we will also have sessions on:

• Social Engineering from Ian Mann, the founder of ECSC Group PLC;

• Honeypots from Thomas Brandstetter who was the official Incident handler of the Stuxnet incident for Siemens;

• Pen-Testing from the Pen-Testing team from Deloitte – another partner organisation from our Industrial Advisory Group.

There will also be a social evening during the week which will be an opportunity for our academic experts, students, speakers and visitors to meet informally to discuss common interests in the field of cyber security.

We are really grateful to all the individuals and organisations taking part in #DMUCyberWeek and are looking forward to welcoming lots of visitors – both old, and, new!

For more information about #DMUCyberWeek, please contact: cybertech.support@dmu.ac.uk

Posted in Uncategorized | Leave a comment

“Simulated Critical Infrastructure Protection Scenarios” (SCIPS) – the gamification of cyber security strategy

In order to build and maintain secure computer systems, it is vital that Cyber Security is understood and acknowledged as a critical issue by all levels of an organisation.  To improve the awareness and understanding of cyber security in executives it is important that they recognise the potential impact that modern cyber threats may have on their business.
Experts in the Cyber Technology Institute at De Montfort University have developed a scenario planning game – SCIPS – in which a geopolitical situation plays out over the course of a number of turns .  The scenario requires executives to make a series of investment decisions based around the maintenance of a Critical National Infrastructure facility; an electric power generation plant.

SCIPS

Each participant takes on a predefined senior executive role, with the teams being required to balance a limited investment budget against competing market, corporate and personal priorities.  Each turn requires a team decision, this involves selecting from a range of potential security measures that may be implemented and also which budget will fund these measures.

The game has been designed to encourage discussion within the teams, with all actions having potential benefits but a reduction in any budget leads to a negative financial situation for at least one player.

As the game progresses, the actions taken by players can mitigate the impact of malicious actions upon their company, which in turn impacts upon the share price of the company.

Success in the game is based upon the financial status of the company at the end of the game, with the CEO of the company with the highest share price and projected dividend being declared the winner!

Game Overview – “Play Space”
The play space of the game is based around a game board, role cards, security activity cards (with associated costs and time), video feeds, newspaper ‘cuttings’, a tablet player interface and an overall leader board.  All of the components of the play space interact, using a mix of soft and hard (physical) game play elements.

Game Board
The game board provides an illustration of a power plant to set the scene for the players, and to act as a focal point around which they can gather.  It provides placeholders for any security activities that are purchased, to act as a quick reference for their increasing defensive capabilities.

Role Cards
The role cards are picked at random by the players, these describe their responsibilities within the organisation and their compensation packages.
There are 5 roles, each of which will have a different perspective on the situation given their position and responsibility.  The roles are;
• Chief Executive Officer (CEO)
• Chief Operating Officer (COO)
• Compliance Director
• Plant Director
• Security Director

Videos and Press Cuttings
At the beginning of each round a video is played to the teams via their tablet interfaces. It presents a simulated news broadcast that explains the initial scenario that will subsequently develop as the game progresses. The videos are supplemented by newspaper cuttings that summarise the news broadcasts so that players can refer back to salient points.

 Tablet Player Interface
The players within the teams interact with the game and leader board through the tablet player interface. In the example screenshot, a team purchases security cards.
The leader board displays the financial positions of each of the teams, providing a comparative evaluation of their performance at the end of each round.

About SCIPS

The SCIPS game is designed to introduce and encourage critical thinking about the nature and timeliness of Cyber Security investment and to promote the view that it is a strategic issue for companies, highlighting the fact that investment during an attack is too late.  Upcoming developments include the implementation of new scenarios; for example, an attack on a chemical engineering plant.

SCIPS has been developed by Allan Cook, a current PhD student in the Cyber Technology Institute at De Montfort University.

Final_Logo_Blue
For further information about SCIPS, and your organisation could benefit from it, please contact: cybertech.support@dmu.ac.uk

Further reading:

Cook et al, 2016.  Using Gamification to Raise Awareness of Cyber Threats to Critical National Infrastructure. IN: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research. Available at: http://ewic.bcs.org/upload/pdf/ewic_icscsr2016_paper10.pdf

 

Posted in Uncategorized | Leave a comment

Meet our experts…. Professor Helge Janicke

Helge_New

Professor Helge Janicke is the Head of the Cyber Technology Institute; as well as the Head of the School of Computing and Informatics at De Montfort University, Leicester.

Professor Janicke obtained his first degree in practical informatics from the University of Applied Sciences in Emden (Germany) and was awarded his PhD in Computer Science in 2007.

He has worked on Cyber Security with a wide range of organisations including Qinetiq, the Ministry of Defence and General Dynamics UK as part of the Data and Information Fusion Defence Technology Centre (DIF-DTC) consortium.

His research interests relate to formal verification techniques and their application to Cyber Security, SCADA and Industrial Control System Security as well as aspects of Cyber Warfare.

He works closely with Airbus Group and established DMU’s Airbus Group Centre of Excellence in SCADA Cyber Security and Forensics Research in 2013.

In addition, Professor Janicke is a general chair of the International Symposium on SCADA and Industrial Control Systems Cyber Security Research (ICS-CSR) as well as serving on the editorial board and as reviewer for a number of international journals.

 

Posted in Uncategorized | Leave a comment

Industry and academia: stronger together for a secure and resilient cyberspace

We are very fortunate at the Cyber Technology Institute to have the support of an Industrial Advisory Group (IAG), formed of world leading companies at the forefront of all 13 sectors of Critical National Infrastructure.  Comprised of Airbus Group, BT, Deloitte and Rolls-Royce, our IAG provides not just guidance to both research and teaching here in the CTI; but also funding through commercial contracts and collaborative research bids.

DMUwLogos

We are very proud of this long-standing partnership as we value the expertise they bring; and we understand the importance of the relationship between industry and academia. This is a view shared by Dr Kevin Jones, the Head of Cyber Operations Research Team for Airbus Group Innovations – himself a graduate of De Montfort University:

“We believe that partnerships and collaborations between academia and industry are important to address the UK cyber skills shortage, and ensure that the UK remains a leader and innovator in cyber security for years to come.  As an Airbus Group centre of excellence for ICS cyber security, De Montfort University is one of our major collaborators in the UK.”

Dr Kevin Jones, Airbus Group

The real-world experience of the members of our IAG informs our teaching which ensures that our programmes are relevant to the existing challenges faced by industry and our graduates gain the knowledge and skills to deal with them.

Through collaborative research, we are also able to transform current thinking in cyber security in order to anticipate the needs of the future.

These kinds of collaborations are clearly at the heart of meeting the objectives of a secure and resilient cyberspace.

Posted in Uncategorized | Leave a comment

What is the CTI?

Logo - bold (Full Black) CMYK

C.T.I stands for the Cyber Technology Institute.  The Cyber Technology Institute is a newly-formed research institute in the Faculty of Technology at De Montfort University.

Though, we are not really new….

In fact, the CTI is a collaboration between three well-established research centres: the Cyber Security Centre (CSC); the Software Technology Research Laboratory (STRL) and the Context Intelligence and Interaction Research Group (CIIRG).

The Cyber Security Centre is a well-established research centre with academics and experts working in a range of security and digital forensic research areas.  These include both the technical aspects of security, such as incident response, penetration testing, and industrial control system security; as well as the human factors of cyber security such as privacy issues and cyber psychology.

The Software Technology Research Laboratory is another well-established research centre with a history of developing and delivering high quality research and teaching in the field of software engineering with a focus on the study, analysis and advancement formal approaches to the specification, design and evolution of computing.

The Context Intelligence and Interaction Research Group focusses on the research areas of smart technologies and solutions using the latest emerging technologies, including advanced sensing technologies, mobile computing, Internet of Things, pervasive computing, semantic technologies, cloud computing, to support the new wave of applications, including smart homes, smart cities, intelligent transport, smart cyber-physical systems, to name but a few.

Bringing together these multi-disciplinary experts represents a holistic approach to the current and future challenges of cyber technology.

This means that the Cyber Technology Institute is excellently placed to work with industry and public sector partners to develop and disseminate practical solutions to key challenges of emerging technologies and to support the national strategy of developing a smart, safe, and secure cyber-space.

Learn more about our interesting research and partnerships in our upcoming posts.

In the meantime, for more information about the Cyber Technology Institute, please visit: www.dmu.ac.uk/cybertech.

Posted in Uncategorized | Leave a comment