Speaker:
Bio:
Dr. Alma Oračević completed her Ph.D. in Electrical Engineering at the University of Zagreb, Croatia in February 2016. Her research background and interests include context-aware security, SDN security, edge learning, security of wireless networking, digital twins and the security of the Internet of things. She is currently a Lecturer in Cybersecurity at the University of Bristol, United Kingdom. Previously she taught at Innopolis University in Kazan, Russian Federation and the University of Bihac in Bosnia and Herzegovina. While at Bihac she was awarded a Fulbright scholarship to visit Georgia Tech in Atlanta for one year as a visiting scholar and Lecturer for Computer networks. She has published over two dozen papers in security, networking, and systems journals and conferences.
Abstract:
AI advances and their benefits and drawbacks in cybersecurity domain
Speaker:
Bio:
Benjamin Dowling joined the Department of Computer Science at the University of Sheffield as a Lecturer in Cybersecurity in August 2021, and is a member of the Security of Advanced Systems Research Group. Previously, Benjamin was a postdoctoral researcher at the Applied Cryptography group at ETH Zurich, and at the Information Security Group at Royal Holloway, University of London. He received his PhD at the Queensland University of Technology, which focussed primarily on the provable security of internet protocols. Benjamin is interested in the analysis of real-world cryptography, extending security frameworks to bridge the gap between theoretical cryptography and its usage in the real-world. His notable publications examine the security of secure communication protocols such as SSL/TLS, secure messaging protocols such as Signal, and achieving post-quantum security in practical cryptographic protocols.
Title:
Out-of-Band Authentication in Secure Messaging Schemes.
Abstract:
Current messaging protocols such as Signal are capable of offering strong guarantees of security, even after a state compromise; this is often known as post-compromise security. However, despite a great deal of research analyzing the confidentiality properties of secure messaging, entity authentication has largely been abstracted away. Modern messaging applications often rely on out-of-band communication to achieve entity authentication, with human users actively engaging with the protocol, verifying and attesting to long-term public keys. This is done primarily to reduce reliance on trusted third parties (by replacing that role with the user), but current out-of-band solutions for entity authentication fail to achieve similar post-compromise guarantees. In this talk, we examine Signal's user-mediated authentication protocol and discuss why it fails to achieve these goals, pointing to legacy design choices that prevent more robust solutions. We propose a mechanism that can be generically built atop Signal, achieving post-compromise entity authentication, without impacting the underlying legacy protocol. Finally, we discuss further applications for our approach, which has direct implications for existing and future ratcheted secure messaging applications."
Speaker:
Bio:
Kirsty Paine provides technical thought leadership for strategic accounts at Splunk. As an experienced technologist, strategist and security specialist, she thrives on understanding difficult problems and finding creative solutions. Kirsty has spent nearly a decade working in cyber security, engaging in international technical fora and with UK and European policymakers on topics of pecialising in international and European technical standards and policy spanning security, privacy, cryptography, AI and internet technologies. Kirsty's long-standing mantra is simple and straightforward: "Make Good Choices".
Title:
On the internet, who decides what "legacy" means?
Abstract:
The internet has never changed as much as it has changed in the last 5 years. Some recent standards like DoH and TLS1.3 are seeing slower-than-expected adoption, in part due to their impact on both legacy equipment and modern security techniques. Additionally, whilst security techniques have evolved over the last 10 years, telephony and internet technologies have grown ever closer - yet a reluctance to cross-pollinate expertise could be leading to security siloes and ultimately poorer security for end users.
Speaker:
Bio:
Martin Sadler is Special Advisor to the Vice Chancellor, on industrial strategy, at the University of Bristol. Much of his career was in corporate research at HP and HPE, where he was VP for research and led the company’s cyber security research. He chairs the National Cyber Security Centre’s Research Advisory Panel, and the external advisory group for the Quantum Communications Hub. He has been a part of many academic, Government and research council panels, working groups and advisory boards for over 20 years, most recently chairing a task and finish group for BEIS on quantum communications and the future quantum internet. Martin’s first degree was in Mathematics. He was awarded an Honorary DSc, from the University of Bath in June 2009, and an OBE in the New Year Honours List in 2013. In 2014 he was awarded an Honorary Fellowship, from Royal Holloway, University of London.
Abstract:
Do we understand cyber security any better than we did 25 years ago? By considering a few examples we'll ask the extent to which the science of cyber security has developed, and where we still need a lot more research.
Speaker:
Bio:
Colin Topping is the cyber incident director at Rolls-Royce PLC. He is also undertaking a part-time Ph.D. at the Bristol Cyber Security Research Group, University of Bristol, United Kingdom. This is funded by the National Cyber Security Centre. His principal research interest is focused on cyber security within the supply chain in an ever increasing global, technical, and interdependent environment.
Speaker:
Bio:
Mitch Mellard has almost 8 years of experience in the information security sector, working in a number of roles which have given a wide array of experience across a professional Security Operation Centre (SOC) environment, including Security Analyst, Subject Matter Expert (SME), and Threat intelligence Analyst.
Abstract:
A whistle stop tour of some of the evolving trends, techniques, and challenges from the last 18 months in information security, from the point of view of a Threat Intelligence Analyst, including Geopolitics, Threat Actors, Malware/Ransomware, and Vulnerabilities."
Speaker:
Title:
Tracking tech threat trends
Abstract:
How it relates to how the government and marketplace fund security innovation"
Speaker:
Bio:
Niamh Healy is a Ph.D. candidate in the Department of Computer Science at University College London, where she is part of the inaugural cohort of the EPSRC Centre for Doctoral Training in Cybersecurity. Niamh’s Ph.D. research focuses on how governments and digital technology companies resolve disputes about digital technology.
Title:
“My way or the Huawei”: Understanding coercion through weaponized interdependence amongst allied states via a study of the United Kingdom’s response to the United States’ treatment of Huawei
Abstract:
The United States (US)’s concerns around a ‘rising China’ are increasingly expressed through attempts to control global technology and data flows. In their account of ‘weaponized interdependence’, Farrell and Newman argue that network structures shape the capacities of different actors such that states can gain power via control of hubs in global economic networks. Despite sustained discussion of how weaponized interdependence operates in adversarial relationships, relatively scant attention has been paid to states who experience coercion via weaponized interdependence in the context of alliance relationships. This talk will discuss the experiences of the United Kingdom in light of US treatment of the telecommunications company Huawei. Over the past decade, the US has systematically excluded Huawei from participation in US telecommunications networks while urging its allies to do the same. This talk will analyse how UK government officials and other political actors responded to US pressure around Huawei’s involvement in UK telecoms networks in order to deepen understanding of how weaponized interdependence operates in the relationships of closely allied states.
Speaker:
Bio:
Andre Barrinha is a Senior Lecturer in International Relations at the University of Bath and a Leverhulme Trust Research Fellow (2019-2022). His work is published in journals such as International Affairs, Mediterranean Politics, Third World Quarterly, Journal of Common Market Studies and Journal of European Integration. He is also one the authors of International Relations Now and Then (Routledge, 2nd ed.). Dr Barrinha is currently working on cyber-diplomacy as an emerging practice in international relations. In 2019, he was awarded the Best Article in Global Affairs Award for a co-authored piece with Thomas Renard on cyber diplomacy and the English School. Between 2016 and 2018 he was one of the founders and conveners of the British International Studies Association European Security Working Group.
Title:
Are the threats we have in cyberspace of a sufficiently serious nature for states to cooperate in order to prevent them?
Abstract:
This will be answered by briefly comparing developments in cyber-diplomacy at the UN level since the late 1990s with developments in outer space in the 1960s during the Cold War.
Speaker:
Bio:
Dr Daniel Shiu is the Chief Cryptographer at Arqit. Previously he worked at GCHQ in such roles as the Head of Cryptographic Design and Quantum Information Processing, and the Head of the Heilbronn Institute for Mathematical Research (HIMR). During his government career Daniel’s results and expertise earned him multiple awards, including an international award for the best crypto-mathematician, three separate annual awards for the best cryptanalytic achievement, and a distinguished membership of the Crypto-Mathematics Institute.
Title:
Life without Certificates – the case for active authentication
Abstract:
Public key certificate issues have been part of a large number of high-profile security failures, both in recent years and historically. The rationale for certificates applies to the 20th century Internet, but not the modern high-connectivity and inhomogeneous 21st century Internet. At a time when Internet encryption is being rethought, how can we use the Cloud revolution to move away from this passive, offline, legacy technology to the continual, active authentication demanded by the zero -trust approach?
Speaker:
Bio:
Dr. Ben Shreeve is a research associate at the University of Bristol. His work explores how organisations go about making cyber security decisions by studying how groups evaluate risk and identify priorities. He has worked closely with the Metropolitan Police Service and City of London Police on the development of cyber security awareness exercises.
Abstract:
Ben will discuss his current development of a new exercise to study how organisations make decisions during unfolding cyber incidents. This work will help us to understand how choices are made in fast paced environments where the consequences are making the wrong choice are often serious. Collaboration with industry is key to this work and Ben has worked closely with a wide range of Government Departments and Multinational Organisations to help raise awareness of the importance of cyber security decision making
Speaker:
Bio:
Abstract:
Speaker:
Bio:
Abstract:
Speaker:
Bio:
Dr Nilufer Tuptuk is a lecturer at the Dawes Centre for Future Crime, Department of Security and Crime Science, UCL. She completed her PhD in Security of Industrial Control Systems at UCL. She has an MSc in Advanced Computing from Imperial College and a BSc in Computer Science from Queen Mary. Her research work focuses on cyber-physical systems security, application of AI in cybersecurity and IoT-related cybercrime. She is the co-investigator for several projects at the PETRAS centre including Processes for Securing for Water Resource Management Systems (PSWaRMS) and Early Anomaly Detection for Securing IoT in Industrial Automation (ELLIOTT), and a new project on Crime Enabled by Autonomous Vehicles at the Dawes Centre for Future Crime.
Title:
The Future of Industrial Control System Security
Abstract:
Industrial Control Systems (ICS) are command and control systems that monitor and control critical infrastructures, such as natural gas and oil plants, electric power grids, water and waste-water treatment, transportation and manufacturing. ICS are attractive targets to attackers because national security, public health and safety, and economic growth all rely on their correct operation. This talk introduces the challenges of securing ICS. I will discuss how the ICS threat landscape has evolved over the years; the motivation and required knowledge of different attacks; what to expect in near future; and what can be done to protect ICS from future attacks."
Speaker:
Bio:
Sarah is CISO for UCL, joining in June 2021. With her team, she is responsible for enabling UCL to develop and maintain a resilient cyber security risk posture.Sarah has extensive experience in driving cyber security transformation. She started her cyber security journey from a Head of IT view point at the University of Oxford, moving into global CISO roles in industry and spending three years partnering global CISO’s while working as a Security Leadership Partner at Gartner. Sarah is very proud to be back in Higher Education at a time when there is final acceptance that the journey to cyber resilience is a worthwhile one.
Title:
The positives of living with legacy – a CISO’s view
Abstract:
In recent years Higher Education has finally been alerted to the idea that it is not immune from the torment of highly impactful and damaging cyber-attacks. Appetite for cyber security resilience is high, acceptance that practical change will be needed to achieve resilience is still lagging.
This talk explores practical transformation approaches to improving Higher Educations chances of surviving potential impactful incidents, while maintaining it’s legacy charm. "
Speaker:
Bio:
I am currently a second year PhD student, part of the CDT for Cybersecurity and the Information Security group at University College London. My main interests are post-quantum cryptography, specifically isogeny-based protocols and applications. My main supervisors are Philipp Jovanovic and Sarah Meiklejohn.
Before starting my PhD, I completed my Undergraduate and Master’s degree in Mathematics at the University of Cambridge, specialising in Algebraic Number Theory and Elliptic Curves.
I am passionate about communicating cryptography and mathematics to others, and have written a series of blog posts on isogeny-based cryptography (see www.mariascrs.com), as well as giving a number of outreach talks to STEM students.
Abstract:
My project focuses on post-quantum cryptography: a type of cryptography that is secure against both quantum and classical computers. In particular, I am interested in a specific type of post-quantum cryptography called isogeny-based cryptography. Here, we build secure protocols using the fact that finding a (well-behaved) map be two elliptic curves is hard. Currently, isogeny-based protocols are much slower than other types of post-quantum cryptography. My research aims to increase their efficiency, as well as find new interesting applications.
Speaker:
Bio:
Henry is a third year PhD student on the UCL Cybersecurity CDT supervised by David Pym and Christos Ioannidis. Before joining UCL, he worked as an inflation and interest rates strategist for Barclays Investment Bank. His research has appeared in Computers and Security and the Workshop on the Economics of Information Security (WEIS).
Abstract:
Cybersecurity is a relatively new field so far as risk management is concerned and it is sometimes difficult for decision makers to separate fact from hyperbole and scaremongering. My research help address questions such as: what is the right price for cyber-insurance; what are the best defence strategies against ransomware attacks; and which cyber-security product offers best value?
Speaker:
Bio:
In 2020 I completed BSc Politics and International Relations with Mandarin and Russian, focusing on Russian and Chinese cyber space politics. I was a Cyber 9/12 national policy competition semi-finalist and am an ESU Oracy Mentor and Trainer (public speaking). I am excited to be developing an anticipation mechanism to help prevent nation state cyber attacks against critical national infrastructure. I undertake technical analysis of Advanced Persistent Threats, associated threat groups and tactics, techniques and procedures, and political analysis of cyber attack motivations and approaches.
Abstract:
Nation state cyber attacks against space infrastructure: toward a techno-political future risks model
Speaker:
Bio:
My academic background and passion for psychology complements my interest in the intersection of cybersecurity, privacy and human behaviour. I’m particularly interested in exploring the implications of technology on interpersonal violence and abuse.
Abstract:
Domestic Violence in the Digital Age: Investigating the Role of Smart Home Technologies
Speaker:
Bio:
I am a first year Ph.D. candidate in Cybersecurity. My research studies the interdisciplinary dilemmas arising from the intersection of regulation, businesses, and consumers within the cryptocurrency field. I am also a licenced lawyer having practiced and consulted in areas such as criminal, civil, commercial law, and emerging technologies.
Abstract:
Regulating Cryptocurrency Gatekeepers with a "Trail & Error"
Speaker:
Bio:
I am a PhD candidate at UCL. My research focuses on the characterization and detection of conspiracy theories and discriminating behavior in mainstream and non-mainstream online social networks, and large scale data processing. While I was undertaking my master's degree in Data Science and Engineering, at the Cyprus University of Technology (CUT), my research focused on device-centric authentication, federated identity management, cybersafety, and the detection and characterization of inappropriate content online.
Title:
"You failed Q-LARP!" Towards Understanding and Characterizing the Narratives of QAnon Adherents on Alternative Social Networks
Abstract:
The QAnon conspiracy theory claims that a cabal of blood-thirsty politicians and media personalities are engaged in a war to destroy society. By interpreting cryptic “drops” of information from an anonymous insider calling themself Q, adherents of the conspiracy theory believe that Donald Trump is leading them in an active fight against this cabal. QAnon has been covered extensively by the media, as its adherents have been involved in multiple violent acts, including the January 6th, 2021 seditious storming of the US Capitol building. Nevertheless, we still have relatively little understanding of how the theory evolved and spread on the Web, and the role played in that by multiple platforms.
In this talk, we present the analysis we did on content QAnon adherents and Q posted online, towards understanding the narratives of the conspiracy.
Speaker:
Bio:
Reza is a PhD researcher in Cybersecurity at University College London. He is an IT and security practitioner in the tech industry; his research interests include security of supply chains, cyber / operational resilience and threat modelling.
Title:
Quantifying the cybersecurity factor in the context of mergers and acquisitions.
Abstract:
The project’s focus is on global supply chains and cross-border mergers & acquisitions (M&A). In particular, it explores the development of a socio-technical framework for quantification of cybersecurity risk and cyber resilience in tech M&A."
Speaker:
Bio:
Marius is a third-year PhD student at the Department of Computer Science, UCL, London. His thesis is focused on the development of a methodology for the design and construction of information security models. His areas of interest include but are not limited to technical, managerial and psychological aspects of information security, systems optimisation and modelling in various organisational contexts. He previously studied Computer Science at the Alexandru Ioan Cuza University of Iasi, where he obtained a BSc Degree with a dissertation on Procedural Generation of Realistic 3D Terrain. Then, he moved to UCL to undertake an MSc in Information Security, which was finalised with a dissertation on the ability to use grammar inference algorithms to optimise the data structures used by traditional IDS systems concerning storage space, to increase their viability in the actual IoT context. Furthermore, Marius was a security & privacy intern at Continental AG. His responsibilities included producing different analysis documents related to the ISO 26262 (technical risk analysis, failure mode effect analysis) and 27000 (attack tree analysis, security concept) standards while providing information security advice to teams involved in the production of functionalities related to the self-driving car.
Title: An epistemic account of information security models
Abstract:
As the world has evolved to become ever more dependent on complex ecosystems, it has become ever more important to be able to reason rigorously about the design, construction, and behaviour not only of individual systems but also of their composition. In such situations, it is inevitable that no one type of model will be sufficient to describe all of the aspects of ecosystems about which rigorous reasoning is required. We propose here a meta-theoretical framework within which different types of models may be categorised and their interactions, especially during the construction of models, can be understood from an epistemic perspective. Its explicit goals are to facilitate a better understanding of the nature of models and to provide a more inclusive language for the description of heterogeneous models. Although descriptive in nature, we envision this framework as a necessary first step in the development of a methodology for heterogeneous model design and construction, diverse enough to characterise the myriad of model types used in the field of information security while at the same time addressing validation concerns that can reduce their usability in the area of security decision-making.