Research

Research Projects

The Information Security Group attracts funding from government and industry for its research projects. We also play a leading role in a number of international collaborative research projects. The following is a list of some current research projects. Details of completed projects can be found here.

Current projects

Visualisation and Other Methods of Expression (VOME)

The purpose of VOME is to explore how user communities engage with concepts of information privacy and consent in on-line interactions. Researchers from the Information Security Group (ISG) at Royal Holloway, University of London, are participating in a three year collaborative research project with consent and privacy specialists at Salford and Cranfield Universities, Consult Hyperion and Sunderland City Council, to explore how people engage with concepts of information privacy and consent in on-line interactions. The aim is to develop richer models of user requirements which ultimately enable users to make clearer on-line disclosure choices about how they manage their identity. It is anticipated that this research will contribute to removing some of the barriers that inhibit the use of on-line services through the development of software prototypes which better reflect user’s concerns about privacy and consent. In turn this will facilitate the development of systems by service providers and manufacturers that make users feel secure and confident in the way their identity information is handled.

Instant Knowledge: Secure Autonomic Business Collaboration

This 3 year research programme which commenced in 2008 involves collaboration with researchers at the University of Strathclyde and the University of Southampton. It is funded by EPSRC and Mobile VCE, an industry/academia consortium involving seven universities and around 18 industrial partners. It examines privacy in social networks, aiming to provide a secure professional social network.

ECRYPT-II Network of Excellence

The Information Security Group is an active participant in the ECRYPT-II Network of Excellence, funded by the EU under Framework Programme 7. This network consists of more than 30 academic and industry institutions across Europe and promotes the ongoing development of cryptographic research.

International Technology Alliance

The Network and Information Sciences International Technology Alliance (ITA) is a large collaborative research project funded jointly by the U.S. ARL and the U.K. MoD, and intended to last for 10 years. The ITA has 24 academic and industrial partners, of which the ISG is one. The ITA will address some of the fundamental science underpinning the complex information network issues that are vital to future coalition military operations. The ITA is focused on performing research in four technical areas, one of which, security across systems of systems, is concerned with solving security issues that arise when two different networks need to interoperate. The ISG is leading one of the three projects that make up the security component of the ITA, and contributing to another.

Effective key management techniques for wireless sensor networks

This project is funded by the EPSRC and started in February 2007. Its duration is 3 years. One of the major challenges in designing wireless sensor networks is to provide security (such as authentication of sensors, integrity of exchanged data or secrecy of communications). These services are provided by the use of cryptographic mechanisms, which themselves depend on reliable distribution and management of cryptographic keys. Key management presents a particular challenge in wireless sensor networks because the sensors are physically fragile, there is no significant infrastructure in place in a sensor network and because the physical location of the sensors can not normally be predicted in advance of the establishment of the network. This project is studying the problem of key management in wireless sensor networks. The first goal of the project is to design mathematical models that can be used to analyse key management mechanisms. These models will also allow the efficiency, strength and scalability (ability to support large networks) of key management mechanisms to be analysed and compared. Unfortunately it is unlikely that key management mechanisms can be designed that simultaneously have all three of these desirable properties at an optimal level. Thus the second goal of the project is to determine the tradeoffs that are likely to be necessary between these features. The third goal of the project is to design a range of different key management techniques with desirable properties that can be used in wireless sensor networks.

Completed projects

Trust establishment in mobile distributed computing platforms

This project was part of the UK e-Science research programme and was funded by the EPSRC. The project commenced in April 2006 and lasted for 3 years. The primary focus of the research was to provide mechanisms and protocols that can be used to establish trust in a mobile grid computing environment. The project investigated methods of authentication between the grid and roaming terminals, or collections of terminals, where these terminals have limited computing resources and may not be able to support standard authentication protocols. The other main area of interest was trusted platform technology, and how it may be applied to distributed computing platforms. The industrial partner on the project was Hewlett-Packard Labs, whose work in this research area includes the Daonity project.

A long view of curves in cryptography

Elliptic curve cryptography is an important technology for securing e-commerce and communications systems. The security of elliptic curve cryptosystems depends on the hardness of computational problems arising in the theory of algebraic curves over finite fields. The project was intended to undertake a thorough, long-term study of some of these problems. The results aimed to give a deeper understanding of the security of elliptic curve cryptography. The project took the form of an EPSRC Advanced Fellowship awarded to Prof. Steven Galbraith and started in January 2007.

Open Trusted Computing (OpenTC)

OpenTC is an EU 6th Framework Integrated Project. This project focuses on the development of trusted and secure computing systems based on open source software. The project targets traditional computer platforms as well as embedded systems such as mobile phones. The consortium involves 23 companies and universities across Europe.The project began in November 2005 and will last for 42 months.

Foundational problems in the arithmetic of curves and abelian varieties over finite fields

This project ran for 2 years and was funded by the EPSRC. It completed in April 2008. The project studied mathematical problems underlying the security of public key cryptosystems. For example, the security of the RSA cryptosystem is related to the problem of factorising an integer into a product of prime numbers. If the numbers are large enough this computational problem would take infeasibly large computer resources to solve. A full understanding of the RSA cryptosystem requires a knowledge of many parts of mathematics. For example, there are special factoring algorithms which work well on certain types of numbers (e.g., products of two primes which are very close together, or numbers divisible by primes of a certain form). Hence, to be sure of the security of a system it is important to determine the probability that a randomly chosen public key would be vulnerable to such attacks. Fortunately, a lot of the foundational mathematical theory behind RSA (e.g., the prime number theorem) was developed by number theorists a long time ago, and so we have a good understanding of these issues. The research covered in this project was into a different type of public key cryptography, one which is based on a hard mathematical problem called the `discrete logarithm problem in divisor class groups of curves over finite fields'. As with RSA, a full understanding of these cryptosystems requires knowledge about a number of mathematical questions. Unlike RSA, many of these questions have not been studied in the past. The aim of this project was to carry out mathematical research into some of the foundational mathematical problems which are important for an understanding of cryptosystems based on algebraic curves. One set of problems which were studied are the analogues of the problems mentioned above for RSA. For example, if a curve is chosen `randomly' over a finite field then it is important to determine how likely the divisor class group has size divisible by a large prime number.

Authentication and Identity Management (AIM) Club

Our research clubs bring together interested parties from various commercial/industry sectors and academia. The aims are to highlight common problems, to exchange views, to provide a series of specialised seminars given by invited experts and to share ideas about future developments. The AIM Club was set up to explore the technical and business issues of relevance to the provision of authentication and identity management. The AIM club was sponsored by the following organisations: Association for Payment Clearing Services (APACS), Barron McCann, BT exact Technologies, CESG, Prudential, and Thales e-Security Ltd.

Novel security architectures and policy management techniques for e-Science

This project was funded by the UK Engineering and Physical Sciences Research Council (EPSRC) for two years, and completed in January 2008. It formed part of the UK e-Science research programme. The overall aims of the project were to:

  • Explore alternative grid security architectures that overcome the limitations of certificate-based PKIs, using identity-based public key cryptography (ID-PKC) and certificateless public key cryptography (CL-PKC).
  • Demonstrate that ID-PKC and CL-PKC can be used to support authentication, authorization and delegation services for e-Science and compare the resulting services to those available in existing technologies.
  • Examine the convergence of grid and web services technologies, and develop a basic framework for the application of ID-PKC and CL-PKC to securing web services that parallels the existing use of PKI for this purpose.

Security Analysis of the Advanced Encryption Standard (AES)

The Belgian block cipher Rijndael was chosen as the Advanced Encryption Standard (AES) in 2000. The AES was created as a result of the U.S. government's National Institute of Standards' (NIST) programme to choose a block cipher to succeed the Data Encryption Standard (DES). The AES has a very high degree of algebraic and geometric structure. The aim of this research project was to investigate this structure both from a mathematical and a security viewpoint. The project was funded for 3 years and completed in February 2007.

PKI Club

Our research clubs bring together interested parties from various commercial/industry sectors and academia. The aims are to highlight common problems, to exchange views, to provide a series of specialised seminars given by invited experts and to share ideas about future developments. In the PKI club, we examined the business, trust and technical issues surrounding Public Key Infrastructures. We covered the following topics:

  • What is PKI?
  • Who needs PKI and who gains most from it?
  • What applications does PKI really enable and what are the benefits?
  • What are the implications of recent electronic signature legislation?
  • How should private keys be managed?
  • What are the implications of using a server centric approach and where is such an approach best suited?
  • What are the alternatives to PKI (e.g. identity-based encryption)?
  • What is the future of PKI?

The PKI club was sponsored by the following organisations: Abbey, Association for Payment Clearing Services (APACS), Barron McCann, beTRUSTed, BT exact Technologies, CESG, Hewlett-Packard Laboratories Bristol, Indicii Salus, Mondex, and Prudential. The club ran from 2002 to 2006.

Provable Security in Asymmetric Encryption Schemes

This project looked at the security properties of asymmetric encryption systems that can be proven rather than heuristically justified. In particular, it looked at the KEM-DEM construction and the more established random oracle model, both of which are commonly used in industry and by standardisation bodies. This allowed us to test the limits of the models and how the core assumptions of the models interact to give a proof of security. The project was a Postdoctoral Research Fellowship for Dr. Alex Dent. It was funded by EPSRC for 2 years and concluded in December 2005.

Mobile VCE Core 3 Research Programme

A UK collaborative programme of research in mobile telecommunications, funded by the Virtual Centre of Excellence in Mobile and Personal Communications Ltd.

Dynamic update of shared control systems

An EPSRC funded investigation of solutions to the problem of enabling dynamic changes to a shared control system that are more efficient and considerably less expensive than establishing a new system.

Quantum Cryptography

An EPSRC funded project.

The future of PKI

A one-year project funded by PriceWaterhouseCoopers.

USB_Crypt

An EU 5th framework project which developed a high performance USB security token, and considered its integration into a variety of applications.

NESSIE - New European Schemes for signature, integrity and encryption

An EU 5th framework project concerned with the evaluation of cryptographic algorithms.

Mobile VCE Core 2 Research Programme

A UK collaborative programme of research in mobile telecommunications, funded by the Virtual Centre of Excellence in Mobile and Personal Communications Ltd. This project ended in September 2003.

PAMPAS

An EU 5th Framework project that had the objective of establishing a roadmap for future European research on mobile privacy and security. The project ended in May 2003.

SHAMAN

An EU 5th Framework project examining security issues for post 3rd generation mobile telecommunications networks, which ended in February 2003.

Finger_Card

An EU 5th framework project which developed a smart card with an integrated fingerprint reader and integrated it into a variety of applications, which ended in June 2002.

Beyond PKI

A completed project funded by British Telecommunications.

USECA

An EU ACTS programme project which ended in 2000. The focus of this project was security for mobile telecommunications. One of its contributions was to play a major role in the development of the specifications for 3GPP air interface security.

ASPeCT

An EU ACTS programme project on security for third generation mobile telecommunications systems which ended in 1998.

3GS3

A DTI/EPSRC LINK project on security for third generation mobile telecommunications systems, which ended in 1996. The 3GS3 project produced three Technical reports, all of which are available on line:

  • Technical Report 1 (on Security features, i.e. Security services) - available in zipped pdf;
  • Technical Report 2 (on Security mechanisms) - available in zipped postscript or zipped pdf;
  • Technical Report 3 (on Security architecture) - available in zipped pdf.

Authentication protocols with asymmetric computing requirements

An EPSRC-funded three-year research project which ended in 2001.

Elliptic Curve Cryptosystems

An EPSRC-funded research project through the ROPA scheme, which ended in 1998.

Digital Signatures and Hash Functions

An EPSRC-funded research project which ended in 1999.

Research into design and analysis of digital signature schemes

A two-year project from 1994 which was funded by the Lloyds of London Tercentenary Foundation.

Audit and control of digital signatures in a business environment

A 6-month project sponsored by the Information Systems Audit and Control Foundation to produce a state-of-the-art report on Digital Signatures.