Smart infrastructure company Costain have just announced that they are joining I-Trace, a part-government funded project led by Cisco and involving a consortium of partners including WMG at the University of Warwick, BT and Senseon to conduct cybersecurity trials in real-world infrastructure settings.

WMG have already been working closely with Costain on an IoT (internet of things)-enabled Data across the Supply Chain (SIDS) project, which is funded by the WMG Centre High Value Manufacturing (HVM) Catapult. That project aims to develop a set of principles of cyber secure data sharing in a networking infrastructure, such as a manufacturing supply chain. The research team, led by WMG’s Professor Carsten Maple, hoped to allow businesses to take a risk-based approach to data sharing, encouraging industries to be more connected.

Professor Maple explains:

“The SIDS project is an integral component of our work in designing secure and resilient supply chains. Within a smart factory, you are in control of your own data. But if you start to add other parties into that, you need to understand what the risks are and how to mitigate them. For example, if you can turn your production system on via a mobile phone, you need to know the cyber security credentials of the network provider, the phone manufacturer, the app developer and so on.”

Professor Maple and his team at WMG at the University of Warwick have had a long-standing research partnership with Costain, to explore and apply the principles of secure data sharing.

Kevin Reeves, Director of IoT & Digital Twin at Costain, is an Honorary Research Fellow at WMG and he has been working with us to understand how digital manufacturing and production-based approaches can be applied to design and build activities in infrastructure projects as part of a digital transformation programme at Costain. Kevin explains:

“In production, it is all about repeatability. At Costain, we wanted to introduce a greater degree of standardisation into infrastructure projects. This will mean quicker mobilisation, fewer training costs, standard digital tools and services across the business. Doing this means integrating systems with suppliers and clients, which brings new challenges and the need for tighter security.”

Using the principles of secure data sharing developed in the SIDS project, Kevin has worked with WMG to create a digital blueprint of their enterprise system, so that they could assess their vulnerability to cyber-attacks, and shore-up their system, giving assurance to the entire supply chain.

This partnership with WMG has supported Costain in achieving the Cyber Essential Plus Scheme accreditation via the National Cyber Security Centre (NCSC), as well as the globally recognised cyber security international standard, ISO 27001. Costain have now created a specialist cyber security team to continue learning about new cyber threats as they emerge.

Kevin also noted that:

“Our clients increasingly require cyber security credentials before being willing to integrate their systems with ours. While this is a huge opportunity, data sharing and privacy is a massive challenge for industry, and it’s been exacerbated by the increase in remote working due to Covid-19.”

Professor Maple and his team believe one of the challenges for the future will be ensuring the right skills to support integration of supply chains in the future. While these practices offer huge opportunities for businesses to grow and increase competitiveness in the global market, the challenges are increasing in line. The threat landscape is always evolving, with remote working and increasing digitisation of infrastructure all becoming targets for hackers.

The new I-Trace project builds on this work. Tim Embley, research and innovation director at Costain said:

“The IoT is central to the fourth industrial revolution, which is seeing infrastructure delivery and operations become more data-driven, using insights gathered from connected devices, sensors, and telematics to inform long and short-term decision-making,” said “IoT security is a critical issue as cyber-attacks increase in both frequency and potency. There is a world of unseen potential when it comes to AI and blockchain in terms of increasing the resilience of IoT networks and better securing the integrity of IoT data that is so critical to driving safer, faster, greener and more efficient delivery and operations of infrastructure.”

I-Trace is a part-government funded, co-innovation project led by Cisco and involving a consortium of partners including BT, Senseon and the Warwick Manufacturing Group (WMG) at the University of Warwick. Costain has joined the i-Trace consortium to conduct cybersecurity trials in real-world infrastructure settings.

Using real-world data from live Costain project sites, the project will demonstrate how the unique i-Trace solution brings together two complementary technologies to secure critical data. Firstly, using machine learning systems to detect security threats on IoT devices via the network. Secondly, using distributed ledger technology (DLT) to guarantee that the data generated by these IoT devices is tamperproof and immutable, wherever it is in the network. These technologies will be deployed across Costain’s networks to secure M2M telematics, connected IoT sensors and monitoring equipment.

Peter Shearman, Head of Innovation, Emerging Technology and Incubation at Cisco UK and Ireland said:

“Securing IoT networks is a considerable challenge due to its scale and complexity, which has prevented organisations from maximising its use and taking their deployments to the next level,” added Peter Shearman, Head of Innovation, Emerging Technology and Incubation at Cisco UK and Ireland. “Our aim is to successfully trial a solution that offers end-to-end security of real-world IoT networks, which delivers the immutability and scalability required by commercial deployments, as well as being manageable and cost-effective. This has the potential to pave the way for IoT innovation that has never been seen before in the construction industry and beyond.”

The project will tap into the capabilities of the leading technology, security, and academic partners to prove the commercial viability of using these emerging technologies to secure the integrity of IoT data. i-Trace is part-government funded through Innovate UK and the UKRI’s Strategic Priorities Fund.

Read more about de-risking data sharing in the supply chain here.

The UK Government has announced that it will switch its contact-tracing app to a model based on technology by Apple and Google. Professor Carsten Maple, of WMG at the University of Warwick, discusses the impact that this might make to public confidence in the app.

Professor Maple is Professor of Cyber Systems Engineering and recently led research that showed that the UK public wants the NHS to be the controlling body in the Covid-19 contact-tracing app.

Professor Maple said: “The Government changing their stance on the architecture is a significant development. It is worrying that the Government feel they cannot create an app which could, by its own assessment, have a significant impact on controlling the pandemic, without relying on the support of the major tech companies. We should recall that the early versions of apps in other countries could not avail themselves of this Apple and Google capability, but were still effective in controlling the virus. It will be interesting to see how the Government will now attempt to gather the data that they said was so important to control the pandemic, and worth the privacy intrusions that arose in their abandoned version, now that they are taking this new route. This, in itself, could erode confidence in any app that is released."

Professor Carsten Maple will be presenting at the Facial Recognition and Biometrics - Technology and Ethics conference at the Royal Society on Wednesday (29 January).

The conference organised by the Foundation for Science and Technology and the Ada Lovelace Institute will be chaired by Lord Willetts.

Professor Maple joins an inspiring line-up of speakers including Elizabeth Denham CBE, UK Information Commissioner, Matthew Ryder QC, Matrix Chambers and Carly Kind, Director, Ada Lovelace Institute, to present to guests from parliament, industry and the research community.

Facial recognition, and other forms of biometric technologies, are being rapidly developed, and deployed by both the public and private sectors. These technologies promise significant benefits for individuals and institutions, but may also be increasing used in policing and forensics. Questions arise about standards, ethics, privacy, and public acceptability of these technologies across different potential applications.

Find more information and register to attend here.

The concept of widespread Connected and Automated Mobility (CAM) is quickly becoming something of a reality thanks to a national and global push to develop the next generation of transport solutions. An integral part of the Government’s Road to Zero strategy, CAM is expected to become widely deployed across the UK and will be a key driver behind ambitions to eventually achieve zero accidents, zero congestion and zero emissions on the road.

Evolving into a sector that is predicted to be worth £907 billion by 2035, CAM has also conjured new societal and technological challenges that need to be considered. At WMG, University of Warwick, we’ve been tackling some of these challenges by focusing on how to improve security, privacy and safety in connected and automated vehicles from a cyber-perspective, conducting rigorous testing and exploring innovative technologies in a real-world environment.  

Overcoming public anxiety

It’s not surprising to see that earning the public’s trust and subsequently reducing anxiety around this new form of travel is somewhat of a barrier to widespread adoption. However, our work to improve the privacy and safety of connected and automated vehicles will help to demonstrate the scalability and wider benefits of this new technology. 

Our real-world testing considers how vehicles will connect with each other, as well as to the roadside infrastructure, and also how parts of this infrastructure can be intelligent in the ways that they share information with each other. Our work considers how this connectivity informs the automated activity of respective vehicles and more importantly influences how we expect vehicles to react when a data breach is attempted. For example, if a hacker manages to access the data in a vehicle or vehicular system, how do we safeguard against compromising the vehicle’s identity and history, how do we protect the locations that the vehicle has visited, or indeed how do we control what the vehicle does next in terms of its interactions with the roadside and other vehicles following a breach. 

Transferring information within the roadside infrastructure

When a vehicle is travelling down a road it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the key of the other vehicle needs to be verified. However, having to check this in-Cloud infrastructure creates additional communication overhead, increasing the time before the vehicle receives the necessary verification. Instead, through the use of ‘Decentralised PKI’, vehicles can verify messages much faster as the key information is distributed over Edge infrastructure that sits next to the road. Essentially, this means that the roadside infrastructure can communicate with each other and directly transfer shared information, such as traffic levels, vehicle speed and direction. This eliminates the reliance on Cloud servers, saving communication time.

Protecting a vehicle’s identity

For a vehicle to send and receive these sorts of messages from other vehicles and the roadside effectively and reliably, it is important that the messages it sends contain proof that the vehicle is who it claims to be; these messages can be transmitted between cars or the road’s infrastructure from up to 500 meters away. Our ‘Group Signatures’ solution proves a vehicle’s identity without allowing that individual vehicle to be tracked over a long time. This method only indicates that the vehicle is a member of a group, making it much harder for privacy to be compromised, revealing the history of all the locations a respective vehicle, and therefore individual, has visited.

Verifying vehicle identities

However, it is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities of senders of messages per second.

Therefore, with our ‘Authentication Prioritisation’ solution, the order in which the identity of messages are verified is decided based on assigning a priority to the messages. These priorities can be defined by vehicle distance, direction of travel or positioning on the road. A higher priority means that those messages are verified first.

Embedding the foundations for effective adoption

As we continue our research into privacy and security issues associated with CAM, our end goal is to achieve the right technological balance to enable effective and quick communication between vehicles and the roadside infrastructure, whilst protecting the privacy of individual vehicles and allowing reliable and safe messages to be filtered by vehicles in order of importance. At WMG, we are making significant strides towards achieving these goals and supporting the ultimate objective of assisting with the widespread adoption of Connected and Automated Mobility on UK roads.

• The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick
• WMG undertook real-world testing of four innovations in the IoT-enabled Transport and Mobility Demonstrator.
• They were able to connect CAVs to other CAVs and roadside infrastructure more securely and privately.

The privacy and security of data in CAVs has been improved thanks to WMG, University of Warwick who tested four innovations that were results of the PETRAS project. CAVs can now connect to each other, roadside infrastructure, and roadside infrastructure to each other more securely.

In the near future Connected and Autonomous Vehicles are expected to become widely used across the UK. To ensure a smooth deployment, researchers from WMG, University of Warwick undertook real-world testing of four academic innovations in the IoT-enabled Transport and Mobility Demonstrator project funded by Lloyd’s Register Foundation.

The testing looked at how the vehicles will connect to each other, as well as to roadside infrastructure, and the roadside infrastructures to each other.

The four innovations tested were developed within the PETRAS Internet of Things Research Hub and aimed to improve the security, privacy and safety of future connected vehicles.

The four new innovations included:

1. Group Signatures

For a vehicle to communicate it is important that the messages it sends contain a proof that the vehicle is who they claim to be (via a digital signature). However, by revealing and proving the vehicle’s identity it allows that vehicle to be tracked over a long time. In order to provide privacy a group signature can be used, which only indicates that the vehicle is a member of a group.

The group signature scheme can be extended to use a timestamp that updates every 10 minutes as a component of the signature. Therefore, if the vehicle was to send the exact same message at 10:00am and 10:10am the group signature would differ and an eavesdropper would not be able link that the vehicle sent both messages. This scheme would be useful in vehicle platooning where vehicles want to demonstrate they are part of the platoon group.

2. Authentication Prioritisation

It is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities included in messages per second. For example, if a vehicle is on a busy motorway in traffic there may already be more vehicles sending messages that can be verified in a timely manner. An adversary may also try to send many messages with incorrect signatures in order to prevent vehicles from verifying the identity of actual vehicles. Therefore the order in which the identity of messages are verified is decided based on assigning a priority to the messages. A higher priority means that those messages have the identity of the sender verified first.

3. Decentralised PKI

When a vehicle is travelling down a road it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the public key of the other vehicle needs to be downloaded from a keyserver. However, hosting this keyserver in the cloud has limitations due to additional communication hops increasing the time before the vehicle receives the necessary keys. Instead, vehicles can receive these keys faster if the keysever is distributed over Edge infrastructure that sits next to the road.

4. Decentralised PKI with Pseudonyms

This innovation extended the previous innovation to support periodically issuing new identities to vehicles on the road to provide privacy. Both this innovation and group signatures may be required, as they are useful in different scenarios.

Each of the techniques above were demonstrated in the real world on the campuses of the Universities of Warwick and Surrey, as well as Millbrook Proving Ground.

A follow up executive summary, informed through feedback when the work was presented at the House of Lords, is now available. The summary makes a number of recommendations, including more communication infrastructure should be deployed, and that researchers should have an ability test different types of cyberattacks on CAVs and roadside infrastructure. 5G should also be used to perform the testing, as 5G is being rolled out across the UK in the future.

Lead of the project Professor Carsten Maple of WMG, University of Warwick comments:

“The cyber-security of CAVs is key to make sure that when the vehicles are on the roads, the data is trustworthy and that vehicle communications do not compromise privacy. We tested four innovations developed in the PETRAS Project, and being able to apply them to the real world is the first major step in testing security of CAV systems.

“The units being investigated to be used in cars and on the roadside were taken to Parliament in February to demonstrate how they work; now we can focus on further testing in the real world. Future work include will include testing on 5G systems, and with different types of attacks”.

WMG Professor of Cyber Security Engineering and Director of Research in Cyber Security Carsten Maple has been appointed as Deputy Pro-Vice-Chancellor (North America) for the University of Warwick.

In his new role, Carsten will work closely with Professor Mike Shipman, Pro-Vice-Chancellor (International), to extend and deepen the relationships with the University’s partners in North America, and to pursue opportunities for funding, student mobility, and research and teaching collaboration.

Professor Maple explained: “I am passionate about the international agenda having been a visiting professor at four institutions overseas, and participated in three government-sponsored missions to the United States. I am delighted to be undertaking this important role.”

Commenting on the new role, Professor Chris Ennew, University of Warwick Provost, said:

“Carsten’s profile, skills and experience make him the ideal person to undertake this crucial role to develop University-level strategic partnerships in North America. The appointment of Carsten to the role of Deputy Pro-Vice-Chancellor for North America is a key step towards delivery of the University’s Internationalisation Strategy.”

Professor Simon Swain, Pro-Vice-Chancellor (External Engagement) said: “Carsten’s appointment is an enormous boost to the International team and we are all looking forward to working with him on our hugely ambitious goals in North America.”

Professor Maple is a co-lead of the Cyber Security GRP and the Principal Investigator of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research at the University and the Transport & Mobility lead of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity. He has published over 200 peer-reviewed papers has provided evidence and advice to governments and organisations across the world, including being a high-level scientific advisor for cyber security to the European Commission. He is a member of various national and international boards and expert groups, is Immediate Past Chair of the Council of Professors and Heads of Computing in the UK and a fellow of the Alan Turing Institute.

Professor Maple will manage this new role alongside his current research responsibilities within WMG.

Three WMG Professors have now joined the The Alan Turing Institute as Fellows.

Our Professor of Cyber Systems Engineering Carsten Maple, Professor of Data Science, Giovanni Montana, and Professor of Marketing and Service Systems Irene Ng; are now all part of the prestigious line-up of expert Fellows.

The Alan Turing Institute is a national body championing data science and artificial intelligence research. It was created by five founding universities - Cambridge, Edinburgh, Oxford, UCL and the University of Warwick plus the EPSRC, with a further eight new universities – Leeds, Manchester, Newcastle, Queen Mary University of London, Birmingham, Exeter, Bristol, and Southampton – joining in 2018.

Cyber Security research across the University of Warwick has been recognised as an “Academic Centre of Excellence in Cyber Security Research” (ACE-CSR) by the UK’s National Cyber Security Centre (NCSC) and The Engineering and Physical Sciences Research Council (EPSRC).

The recognition was announced today by Ben Gummer MP, Minister for the Cabinet Office.

The Warwick Academic Centre of Excellence in Cyber Security Research brings together researchers from a number of University of Warwick departments in particular WMG, Politics and International Studies (PAIS), Computer Science, Warwick Business School, and several others.

Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said:

“It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.

“At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.

“These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.”

"Breaches continue to take place without companies identifying the breach, or at least the full impact of the breach. The time taken between the breach occurring and notification to those whose details are breached can leave to risk of compromise of other accounts.

"We have an issue about how we authenticate ourselves to systems currently - mostly relying solely on passwords or personal information (when a password is forgotten)."

Carsten Maple, Professor of Cyber Systems Engineering at WMG's Cyber Security Centre (CSC)