Weekend Conference

8, 9 and 10 September 2017


Abstracts will be fully updated as we receive details from the speakers.

Raja Naeem Akram – Autonomous Drones ‐ Security, Privacy and Safety Evaluation of Dynamic and Static Fleets of Drones

Interconnected everyday objects, either via public or private networks, are gradually becoming reality in modern life -- often referred to as the Internet of Things (IoT) or Cyber-Physical Systems (CPS). One stand-out example are systems based on Unmanned Vehicles (drones) like Unmanned Aerial Vehicles (UAVs). Fleets of such unmanned vehicles (drones) are expected to assume multiple roles from mundane to high-sensitive applications, such as prompt pizza or shopping deliveries to the home, or to deployment on battlefields for combat missions. Drones, which we refer to as UAVs in this talk, can operate either individually (solo missions) or as part of a fleet (group missions), with and without constant connection with a base station. The base station acts as the command centre to manage the drones' activities; however, an independent, localised and effective fleet control is necessary, potentially based on swarm intelligence, for several reasons: 1) an increase in the number of drone fleets; 2) fleet size might reach tens of UAVs; 3) making time-critical decisions by such fleets in the wild; 4) potential communication congestion and latency; and 5) in some cases, working in challenging terrains that hinders or mandates limited communication with a control centre, e.g.\ operations spanning long period of times or military usage of fleets in enemy territory. This self-aware, mission-focused and independent fleet of drones may utilise swarm intelligence for a), air-traffic or flight control management, b) obstacle avoidance, c) self-preservation (while maintaining the mission criteria), d) autonomous collaboration with other fleets in the wild, and e) assuring the security, privacy and safety of physical (drones itself) and virtual (data, software) assets. In this talk, we investigate the challenges faced by fleet of drones and put forward a potential course of action on how to overcome them.

Jorge Blasco Alis – Wearable Biometrics

The growing popularity of wearable devices is leading to new ways to interact with the environment, with other smart devices, and with other people. Wearables equipped with an array of sensors are able to capture the owner's physiological and behavioural traits, thus are well suited for biometric authentication to control other devices or access digital services. However, wearable biometrics have substantial differences from traditional biometrics for computer systems, such as fingerprints, eye features, or voice. In this talk, we will briefly review how biometric systems work and how wearable devices can be used as authentication devices. We will also preview some ongoing work on a multi-factor authentication system based on a wrist wearable device.

Robert Carolina – Cyber negligence and the pace of change

In circumstances where the law imposes a "duty of care", persons can become liable to third parties for a failure to act "reasonably". While a failure to act reasonably in the selection and operation of cyber defences can produce loss of business assets (first party loss), it can also create legal (financial) liability to others who suffer losses as a result of the same security failure (third party loss). In this talk, we will explore different frameworks the law uses to assess the reasonableness of cyber defences, how the measurement of reasonableness changes over time, and the pace of that change.

Jennifer Janesko – FaBLES of an MSc Project in Information Security (with some Facts about Bluetooth Low Energy Security)

Bluetooth low energy (BLE) is a special type of Bluetooth developed with the specific goal of using as little power as possible. Although BLE has gained its market foothold in consumer devices such as headsets and smart watches, it is now being marketed more heavily for IoT and industry 4.0 implementations where failures in security could result in bodily injury and/or major, physical damages. This presentation provides an overview the challenges of BLE security testing, a methodology for performing a BLE security analysis and an evaluation existing tools for their suitability in assessing BLE applications.

Rikke Jensen – Blu-tack and phish alarms: creative practice and DIY security

In this presentation, I explore the relationship between digital practices and security through specific institutional cultures, examining how different members of those cultures conceptualise particularly risky spaces, objects, people, networks and structures. Using examples from my work within large organisations, I illustrate how creative practices, often used to negotiate creaking organisational infrastructures, navigate particular articulations of risk and security. I explore how people embedded within large organisations understand and experience risk primarily in relation to their use of digital technology and mobile devices; practices that range from clicking on 'dodgy' email attachments to securing WiFi access from informal sources. Whilst digital technologies, and those who use them, have largely been perceived as potentially risky and worthy of practices that seek to securitise them, there is evidence to suggest that the measures and systems that have attempted to curtail digital risks are potentially counter-productive. This presentation aims to illustrate the erosion of information security behaviours and attitudes as well as the production of subversive practices that creatively find ways around organisational measures in place to police them.

Heinrich Wilhelm Klöpping – The TTN volioti

The MSc project can be a daunting task, especially if you have never written one before. In this presentation Heinrich Wilhelm (Henk) Klöpping, MSc CISSP CCSP, will provide a number of tips and hints on how to finish succesfully. He will also provide an overview of the project itself, which revolves around the question if best practices as listed in international standards, guidelines and the Law can be employed to improve the security of information in the emerging volunteer driven, decentralised, technocrat-anarchistic Internet of Things infrastructure. Or, in short: can we make IoT safer using what we've been taught?

Konstantinos Markantonakis – Ambient Sensing Based Relay Attack Detection in Smartphone Contactless Transactions

Relay attacks are passive man in the middle attacks, aiming to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. In the field of smartphones, proposals have been put forward suggesting sensing the natural ambient environment as a potentially effective means for proximity/relay attack detection. However, these proposals are not in compliance with industry imposed constraints (e.g. EMV and ITSO) that mandate that transactions should complete within a certain time-frame (e.g. 500ms for EMV contactless transactions). We evaluated the effectiveness of 17 ambient sensors, widely available in modern smartphones, as a proximity/relay attack detection method for time restricted contactless transactions. Threshold-based and machine learning analysis techniques demonstrated limited effectiveness of natural ambient sensing in countering relay attacks in such transactions. We proposed the generation of an artificial ambient environment (AAE) as a potential alternative. The use of infrared light as an AAE actuator was evaluated. Our results indicate a high success rate, while the proposed solution is in compliance with industry requirements.

Daniele Sgandurra – The Evolution of Ransomware

During the last months, cyber-criminals have targeted Internet users with a wide range of malware aimed at illicitly making money. Ransomware has emerged as one of the most difficult malware family to defend from, as it might be computationally unfeasible to revert ransomware's damage. Crypto-ransomware encrypts personal files to make them inaccessible to its victims, and users are forced to pay a ransom to regain access to their data. Over the years, ransomware' capabilities have progressed from locking victims' computer screen, to encrypting files, to encrypting the keys that decrypt the files, and so on. In this talk I will discuss the evolution of ransomware, from its early beginning in 1989 to today's world-wide infections, like the WannaCry and NotPetya incidents. I will also show some current research and industrial solutions used to help victims of ransomware recovering their encrypted files.