Research ISEC

We are currently involved in a number of research projects on several areas within cyber security, communications and self-aware systems.

We are currently involved in a number of research projects on several areas within cyber security, communications and self-aware systems such as Cyber Physical Security, Forensic Timeline Profiling, Malware, Semantic Attacks within the Cloud, Cloud Security, Cyber Threats in Emergency Management.

EU Horizon 2020 TRILLION project

Summary: TRILLION will be an open, flexible, secure and resilient socio-technical platform to foster effective collaboration of citizens and law enforcement officers. Using the TRILLION platform, citizens will be able to report crimes, suspicious behaviour and incidents, identify hazards and assist law enforcement agents through active participation for achieving better urban security management. On the other hand, Law Enforcement Agencies (LEAs) will be able to detect incidents in a more efficient, content and context aware manner, locate on-site citizens, other LEA representatives and first responders communicate with them, request more information and assign them specific actions to address on-going incidents.

Duration: 2015-2018

Contact: Greenwich participation is on the security, training and legal aspects of the system, coordinated by Dr. George Loukas.

Partners/Fundings: EU Horizon 2020 TRILLION project (4.3 million euro: UoG 335,000 euro)

Safeguarding Autonomous Vehicles from Cyber Attacks

Summary: This research is concerned with smart and adaptive security systems that are capable of detecting threats that fall across the cyber physical domain and responding to those threats. Dynamic adjustment of the security system is required, enabling it to respond to threats as they evolve. This also requires a reasonable proportion of available resources to be committed to the security function in a context-aware way. A compromise can be detected by comparing the current configuration to the mission goal, as originally defined. Diagnostics using AI algorithms and data mining techniques will be used to verify positional and control data authenticity so that the severity of the threat can be determined and the appropriate action to be taken can be initiated in response to the threat. To achieve this a set of algorithms will be developed to classify potential threats, in real time, by identifying the risk associated with the threat. In order to be both operationally and commercially relevant the research funded by this proposal will aim to:- * Achieve real-time detection of a cyber threat * Determine in real time the action to be taken to mitigate the threat * Determine the action to be taken to counter the threat The key challenge is to achieve this without noticeably increasing production costs or the energy usage of the autonomous vehicle. The resource cost of the security mechanism must be in proportion with the system, providing a balance between protection against cyber threats and the resource requirements of mission-critical functions.

Duration: 2013-2016

Supervisors: Richard Anthony, Diane Gan (PI) and George Loukas.

Students: Anatolij Bezemskij.

Partners/Fundings: dstl 3-year PhD studentship

Cyber-physical security of semi-autonomous vehicles

Summary: A cyber-physical system is vulnerable in both the cyber and physical space and especially where the two overlap, as a cyber-attack may cause it to initiate the wrong physical action, inconsistent with system states and goals. This research aims to equip cyber-physical systems with early warning of cyber threats, analogous to the sensation of "something is wrong" that humans experience when they enter an environment with real or perceived threats that are not immediately identifiable.

Duration: 2012-2015

Supervisors: George Loukas (P.I.) and Diane Gan

Students: Tuan Vuong

Partners/Fundings: UoG VC's 3-year PhD studentship

Cyber Profiling

Summary: ECENTRE's (England's Cybercrime Centre of Excellence Network for Training Research and Education) goal is to support national and EU education and training initiatives in the fight against cybercrime by contributing to the development of high-quality educational provisions preparing individuals for careers in forensic computing, law enforcement and the commercial cybercrime security sectors as part of the EU-wide 2Centre network. The research role of the University of Greenwich is to develop a forensic toolkit for determining whether a bot or a human through cyber profiling.

Duration: 2013-2014

Supervisors: George Loukas (P.I.)

Partners/Fundings: EU ISEC 2011: ECENTRE – Cybercrime Centre of Excellence Network for Training Research and Education

Design and development of a test-bed for cyber-physical security

Summary: The aim of the project was to design a cyber-physical test-bed consisting of a semi-autonomous robotic base with embedded system boards, network connections and sensors and demonstrate different attack types and their impact on the physical operation of the system.

Duration: 2012-2013

Supervisors: George Loukas (P.I.)

Partners/Fundings:UoG RIP 2012

Forensic Timeline Profiling

Summary: This project proposes research to extend 'computer profiling' analysis, specifically profiling events and the characteristics that can be determined from timelines such as grouping of artefacts, temporal proximity, periods of usage, types of usage and repetitive or habitual behaviour.
Timeline Analysis is the recovery of artefacts from a computer with the aim of placing a suspect behind the keyboard at the specific time that a crime was committed. These artefacts need to be analysed and significant correlations to be identified. The artefacts, operating system records, application logs or file system metadata when placed as a time ordered list can be a very powerful tool for showing events that are in temporal proximity to other significant events, for example establishing what term was typed into a search engine a minute before an illegal picture or movie file is downloaded to a computer. The weakness of timeline analysis is the assumption that there is association, if not in fact directly causality to artefacts that are in temporal proximity, which may or may not be a valid conclusion. One can say that the temporal proximity of a minute in the above example is not unreasonable but there is no formality to that conclusion, especially if the proximity is two or three or ten minutes.

Duration: 3 years

Supervisors: Dr Diane Gan, Dr George Loukas, Dr Cos Ierotheou

Students: David Gresty

Semantic Attacks within the Cloud

Summary: This work focuses on complex semantic attack vectors that are increasingly in use. A semantic attack is a type of social engineering that employs a semiotical manipulation for bypassing technical defences. By semiotical manipulation we mean/refer to the process of engineering user interpretation to convince and or persuade that user to perform some action and to download malware. Spoofed websites, obfuscated URLs and phishing emails are common examples of semantic attacks, where the attacker attempts to con the target into accessing a malicious payload./p>

Duration:

Supervisors: Dr George Loukas, Dr Diane Gan, Dr Cos Ierotheou

Students: Ryan Heartfield

Partners/Fundings: Work-based funding

Security of Mobile Applications within the Cloud

Summary: The use of mobile appliations within Cloud Computing offers criminals a new target, as it opens Cloud providers to new cyber attacks aimed at users within the cloud.
A series of investigations are underway that will lead to a technique for measuring the security of a cloud system. Research will be conducted into current cyber attacks and their impact on cloud metrics that in turn impact on the perceived security of a cloud system itself. The focus will be how an attack can impact on the resilience and availability of a cloud service, and therefore how this impacts on its security. Since a cloud services are delivered over a network, the resilience of the service is tied to the resilience of the network over which it is built.

Duration:

Supervisors: Dr Diane Gan, Dr George Loukas, Prof Lachlan Mackinnon

Students: Saiyed Tausifali Mahmmedhusen

Cyber threats in Emergency Management

Summary: Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or the result of malicious intent, can have severe implications for emergency management. We are carrying out research on the cyber threats that have the potential to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. We focus on cyber threats to communication, sensing, information management and vehicular technologies used in emergency management.

ISEC is part of the Faculty of Liberal Arts and Sciences, University of Greenwich.