The UK public want the NHS to be controlling body in Covid-19 contact-tracing app – says new research
The public have massive trust in the NHS, who should have control and access to data in the Covid-19 contact-tracing app, according to new research by researchers in WMG at the University of Warwick, and at the University of Birmingham.
"With all of the possible design choices for a contact-tracing app, many commentators and experts have argued which approach is in the best interests of the public. For example, some have argued that centralised apps create privacy invasions that are unacceptable; others have argued that to be effective the apps should be centralised. However, as yet, the opinions of the public have not been gathered and so we have undertaken a significant survey to elicit their thoughts. We have examined how important privacy is to them and how willing they are to engage and share information."
Dr Rebecca McDonald, lecturer in experimental economics from the University of Birmingham said:
"The first encouraging results of our study are that only 9.6% of the public always chose to opt out of using the contact tracing apps we described to them. We asked people to express a direct preference between controlling the pandemic or preserving privacy, and we found that over half (57.4%) of participants favoured prioritising controlling the pandemic over privacy, contrasting with around a fifth (20.1%) favouring protecting privacy over controlling the pandemic."
However the most powerful and important result from the survey was the contrasting degrees to which participants trust different agencies or individuals with their data, even when anonymised. The group least trusted to be given access to this data was other app users but by far the most trusted group or organisation was the NHS.
Professor Carsten Maple in WMG at the University of Warwick said:
"It is clear that the NHS enjoyed overwhelming trust in terms of access to personal data collected by such apps, even when anonymised. Surprisingly, respondents’ choices suggest they would be most concerned about the decentralised approach that protects from Government access to information and instead shares information among other app users. The results indicate that users want a centralised approach, like the one currently being adopted by NHSX.
"Our research clearly shows that the public is broadly supportive of the use of a COVID-19 contact tracing app and would download it in significant numbers, providing the app providers listen to their wishes on who should have access to their data. The NHS is by far the most trusted gatekeeper for that data."
The table below shows in percentage terms how much more willing people are to use an app when their data is shared with different organisations (as in a centralised approach), compared to when it is shared with other app users (as in a decentralised approach).
The research highlights that people have a strong desire to understand the way a contact tracing app would work, and many respondents said they would need control over what data is shared about them, and who it is shared with, before they would be willing to download the app. Since widespread uptake is needed for the app to be effective, addressing these potential barriers has to be at the heart of any large-scale roll out of the contact tracing app. The appetite is there, but the public need transparency in order to trust, download, and use the app.
The research also found that public would also have concerns about linking proximity data to other data sources. (They were particularly concerned about the linkage of their shopping location from credit/debit cards data. Some also had concerns about practical things like the impact on their phone’s battery life, or the amount of data the app might need to use.
The researchers surveyed 2,171 members of the UK general population in a nationally representative sample and have published that research in a paper entitled “Speak for Yourself! Attitudes to contact tracing applications in the context of COVID 19: results from a nationally representative survey of the UK population” at: https://github.com/carstenmaple/SpeakForYourself.
NB the paper has not been peer reviewed but has been published now due to the urgency of the issues it examines.
The Cyber Security for Connected and Autonomous Mobility (CAM) has been investigated in a series of projects funded by the Centre for Connected and Autonomous Vehicles (CCAV) and supported by Zenzic and InnovateUK (part of UKRI).
Out of seven projects, WMG, at the University of Warwick was involved in three:
1. Positioning, Navigation and Timing (PNT) Cyber Resilience: a Lab2Live Observer Based Approach
Each project was tasked with exploring innovative methods for measuring and monitoring cyber security, defining a set of requirements for a future Cyber Security facility/capability and understanding the commercial landscape for such a facility.
These 3 objectives were addressed across a number of different themes with Cyber for CAM: Monitoring, Threats to connected vehicle, networks, Threats to automated vehicles or Countermeasure and risk mitigation.
Dr Elijah Adegoke, from WMG, University of Warwick was involved in the PNT Cyber Resilience project. In collaboration with Spirent, key recommendations made to Government include that spoofing and jamming attacks on GNSS signals are capable of leading to severe loss of functionality and safety in CAVs; thus there is an urgent need to invest in independent facilities capable of seamlessly testing attacks on CAM PNT systems in both controlled laboratory and live environments.
Zenzic, the University of Warwick and Spirent now aim to work with standardisation bodies to guide the development of GNSS attack detection and GNSS resiliency assessment standards, and the responsible disclosure of information on threat actors and attack events.
Dr Adegoke commented: “To investigate jamming and spoofing in CAM PNT systems, a test facility needs to be able to quantify the resilience of a CAV against both radio frequency based and software attacks for diverse receiver operating systems and hardware architectures. Access to a drive-in anechoic chamber, such as WMG’s Communications and Sensors Lab in the Professor Lord Bhattacharyya Building, to allow the legal testing of over-the-air attacks is highly beneficial.”
Professor Carsten Maple, of WMG, University of Warwick, was involved in ResiCAV and BeARCAT.
ResiCAV was led by Horiba Mira, and highlighted how connected and autonomous vehicles (CAVs) and their associated infrastructure can develop real-time responsiveness to cybersecurity threats, and highlighted the ‘urgent need’ for a national road transport cybersecurity programme in order for the UK to safely support CAV adoption across the transport network. Professor Carsten Maple comments:
“The ResiCAV project has proven that the UK could become a world-leader in automotive cybersecurity and vehicle resilience, however this can only be done if there is a collaboration between industry and the shared use of testbeds. The project has shown that cyber resilience can only be effectively achieved by developing a new engineering methodology. We have, with partners, started the journey to formalising the methodology, and provide the tools and techniques for achieving resilience through manufacture and operation.
“I hope this next step after this project is to see funding for the development of the ‘UK Centre of Excellence for Road Transport Cybersecurity Resilience’ to thrust the UK to the forefront of automotive cybersecurity.”
Professor Maple was also involved in BeARCAT, led by Cisco the BeARCAT project highlights that with the high infrastructure set-up costs and extensive overheads in the management of a test facility for automotive cyber security, the most cost-effective course of action is for a UK CTF (Cyber Test Facility) to be collocate with the existing testbeds. He comments:
“We are pleased to have developed a Security Framework for cyber security testing in the CAV ecosystem, including coverage of security threat modelling and risk assessment. Working with our partners we have defined mechanisms for communications resilience and provide a blueprint, based on the security framework, for testing certification. We hope these contributions will be helpful to the Government as it seeks to establish a world-leading capability in developing and assessing cyber security for automotive systems.”
All three projects prove the UK could be pioneering Cyber Security in Connected and Autonomous Mobility if companies within the industry work together to share resources and testbeds, which could bring autonomous vehicles one step closer to our roads.
The concept of widespread Connected and Automated Mobility (CAM) is quickly becoming something of a reality thanks to a national and global push to develop the next generation of transport solutions. An integral part of the Government’s Road to Zero strategy, CAM is expected to become widely deployed across the UK and will be a key driver behind ambitions to eventually achieve zero accidents, zero congestion and zero emissions on the road.
Evolving into a sector that is predicted to be worth £907 billion by 2035, CAM has also conjured new societal and technological challenges that need to be considered. At WMG, University of Warwick, we’ve been tackling some of these challenges by focusing on how to improve security, privacy and safety in connected and automated vehicles from a cyber-perspective, conducting rigorous testing and exploring innovative technologies in a real-world environment.
Overcoming public anxiety
It’s not surprising to see that earning the public’s trust and subsequently reducing anxiety around this new form of travel is somewhat of a barrier to widespread adoption. However, our work to improve the privacy and safety of connected and automated vehicles will help to demonstrate the scalability and wider benefits of this new technology.
Our real-world testing considers how vehicles will connect with each other, as well as to the roadside infrastructure, and also how parts of this infrastructure can be intelligent in the ways that they share information with each other. Our work considers how this connectivity informs the automated activity of respective vehicles and more importantly influences how we expect vehicles to react when a data breach is attempted. For example, if a hacker manages to access the data in a vehicle or vehicular system, how do we safeguard against compromising the vehicle’s identity and history, how do we protect the locations that the vehicle has visited, or indeed how do we control what the vehicle does next in terms of its interactions with the roadside and other vehicles following a breach.
Transferring information within the roadside infrastructure
When a vehicle is travelling down a road it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the key of the other vehicle needs to be verified. However, having to check this in-Cloud infrastructure creates additional communication overhead, increasing the time before the vehicle receives the necessary verification. Instead, through the use of ‘Decentralised PKI’, vehicles can verify messages much faster as the key information is distributed over Edge infrastructure that sits next to the road. Essentially, this means that the roadside infrastructure can communicate with each other and directly transfer shared information, such as traffic levels, vehicle speed and direction. This eliminates the reliance on Cloud servers, saving communication time.
Protecting a vehicle’s identity
For a vehicle to send and receive these sorts of messages from other vehicles and the roadside effectively and reliably, it is important that the messages it sends contain proof that the vehicle is who it claims to be; these messages can be transmitted between cars or the road’s infrastructure from up to 500 meters away. Our ‘Group Signatures’ solution proves a vehicle’s identity without allowing that individual vehicle to be tracked over a long time. This method only indicates that the vehicle is a member of a group, making it much harder for privacy to be compromised, revealing the history of all the locations a respective vehicle, and therefore individual, has visited.
Verifying vehicle identities
However, it is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities of senders of messages per second.
Therefore, with our ‘Authentication Prioritisation’ solution, the order in which the identity of messages are verified is decided based on assigning a priority to the messages. These priorities can be defined by vehicle distance, direction of travel or positioning on the road. A higher priority means that those messages are verified first.
Embedding the foundations for effective adoption
As we continue our research into privacy and security issues associated with CAM, our end goal is to achieve the right technological balance to enable effective and quick communication between vehicles and the roadside infrastructure, whilst protecting the privacy of individual vehicles and allowing reliable and safe messages to be filtered by vehicles in order of importance. At WMG, we are making significant strides towards achieving these goals and supporting the ultimate objective of assisting with the widespread adoption of Connected and Automated Mobility on UK roads.
- The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick
- WMG undertook real-world testing of four innovations in the IoT-enabled Transport and Mobility Demonstrator.
- They were able to connect CAVs to other CAVs and roadside infrastructure more securely and privately.
The privacy and security of data in CAVs has been improved thanks to WMG, University of Warwick who tested four innovations that were results of the PETRAS project. CAVs can now connect to each other, roadside infrastructure, and roadside infrastructure to each other more securely.
In the near future Connected and Autonomous Vehicles are expected to become widely used across the UK. To ensure a smooth deployment, researchers from WMG, University of Warwick undertook real-world testing of four academic innovations in the IoT-enabled Transport and Mobility Demonstrator project funded by Lloyd’s Register Foundation.
The testing looked at how the vehicles will connect to each other, as well as to roadside infrastructure, and the roadside infrastructures to each other.
The four innovations tested were developed within the PETRAS Internet of Things Research Hub and aimed to improve the security, privacy and safety of future connected vehicles.
The four new innovations included:
1. Group Signatures
For a vehicle to communicate it is important that the messages it sends contain a proof that the vehicle is who they claim to be (via a digital signature). However, by revealing and proving the vehicle’s identity it allows that vehicle to be tracked over a long time. In order to provide privacy a group signature can be used, which only indicates that the vehicle is a member of a group.
The group signature scheme can be extended to use a timestamp that updates every 10 minutes as a component of the signature. Therefore, if the vehicle was to send the exact same message at 10:00am and 10:10am the group signature would differ and an eavesdropper would not be able link that the vehicle sent both messages. This scheme would be useful in vehicle platooning where vehicles want to demonstrate they are part of the platoon group.
2. Authentication Prioritisation
It is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities included in messages per second. For example, if a vehicle is on a busy motorway in traffic there may already be more vehicles sending messages that can be verified in a timely manner. An adversary may also try to send many messages with incorrect signatures in order to prevent vehicles from verifying the identity of actual vehicles. Therefore the order in which the identity of messages are verified is decided based on assigning a priority to the messages. A higher priority means that those messages have the identity of the sender verified first.
3. Decentralised PKI
When a vehicle is travelling down a road it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the public key of the other vehicle needs to be downloaded from a keyserver. However, hosting this keyserver in the cloud has limitations due to additional communication hops increasing the time before the vehicle receives the necessary keys. Instead, vehicles can receive these keys faster if the keysever is distributed over Edge infrastructure that sits next to the road.
4. Decentralised PKI with Pseudonyms
This innovation extended the previous innovation to support periodically issuing new identities to vehicles on the road to provide privacy. Both this innovation and group signatures may be required, as they are useful in different scenarios.
Each of the techniques above were demonstrated in the real world on the campuses of the Universities of Warwick and Surrey, as well as Millbrook Proving Ground.
A follow up executive summary, informed through feedback when the work was presented at the House of Lords, is now available. The summary makes a number of recommendations, including more communication infrastructure should be deployed, and that researchers should have an ability test different types of cyberattacks on CAVs and roadside infrastructure. 5G should also be used to perform the testing, as 5G is being rolled out across the UK in the future.
Lead of the project Professor Carsten Maple of WMG, University of Warwick comments:
“The cyber-security of CAVs is key to make sure that when the vehicles are on the roads, the data is trustworthy and that vehicle communications do not compromise privacy. We tested four innovations developed in the PETRAS Project, and being able to apply them to the real world is the first major step in testing security of CAV systems.
“The units being investigated to be used in cars and on the roadside were taken to Parliament in February to demonstrate how they work; now we can focus on further testing in the real world. Future work include will include testing on 5G systems, and with different types of attacks”.
- Self-driving vehicles can use 5G for remote driving and enhanced vehicular perception through the sharing of sensor data with other vehicles and the roadside infrastructure
- As 5G becomes ever more popular, researchers at WMG, University of Warwick, install Europe’s first over-the-air 5G New Radio test user equipment.
- The equipment will be used in connected autonomous vehicles on the Midlands Future Mobility testbed.
A future of self-driving vehicles enabled by the latest high-speed 5G mobile technology is to be investigated by the University of Warwick thanks to the installation of state of the art test equipment.
The first over-the-air 5G New Radio standard-compliant test user equipment (UE) in Europe has been homed at WMG, University of Warwick. The equipment will be put in Connected Autonomous Vehicles (CAVs) being tested on the Midlands Future Mobility (MFM) testbed on the University campus, to share sensor data with other vehicles and the roadside infrastructure.
With the accelerating deployment of 5G functions on existing wireless telecommunication networks, the time is right to test the full potential of 5G independently. As the lead of the MFM testbed for CAVs, WMG, at the University of Warwick, has set enabling and performance testing of high throughput, low latency CAV use cases as one of their key research focusses.
Its use cases include remote driving and enhanced vehicular perception through the sharing of sensor data with other vehicles and the roadside infrastructure. Moreover, WMG also aims to enhance the quality of future mobility services by exploring how to seamlessly stream infotainment content for CAV passengers over a 5G link.
In this role, WMG have just installed Europe’s first 5G New Radio test UE that is fully compliant with Release 15 of the 5G technology standard developed by the 3GPP. It can emulate full UE operation and test real-time performance of 5G wireless connections to external base stations.
The mobile UE can be placed inside MFM vehicles on its 5G campus testbed, and payload data can be sent through 5G infrastructure into its further 5G network.
WMG and MFM are already engaged with a variety of industrial partners regarding connectivity, technology verification and validation, and the understanding and optimisation of user interaction with driverless technology. This new installation will further support their leading role in CAV development and testing, and help them accelerate the related product and service design and deployment.
Besides providing 5G automotive communication, this technology is, among others, also transferable to the manufacturing sector and supports Industry 4.0 use cases in which massive connectivity, high throughput and low latency mobile communication requirements exist as well.
A team of researchers led by Dr Matthew Higgins, Associate Professor at WMG, is now integrating this new technology component from NI into their current projects.
WMG’s Dr Matthew Higgins said:
“Crucial to our research strategy is the ability to understand and demonstrate the potential of 5G communications systems to our project partners early in their product development cycle. NI’s latest 5G test solution enables us to conduct standard-compliant, real-time 5G link performance tests inside both a controlled lab environment as well as outdoors in campus trials before commercial hardware is available.”
Dr Erik Kampert, HVM Catapult Senior Research Fellow added that:
“Being experienced users of state-of-the-art 5G communications equipment, this unique UE solution from NI facilitates us to expand our capabilities for CR&D work and collaborative project with CAV partners.”
James Kimery, Director of Wireless Research and SDR marketing at NI said:
“5G promises to not only revolutionize the wireless industry but also pervade and expand into other areas. For 5G application research, standard compliant technologies and solutions such as the NI Test UE are critically important to furthering this research and spurring innovation. NI is very excited to work with researchers at WMG and MFM and applaud their vision of evolving 5G into automotive, manufacturing, and beyond.”
In his new role, Carsten will work closely with Professor Mike Shipman, Pro-Vice-Chancellor (International), to extend and deepen the relationships with the University’s partners in North America, and to pursue opportunities for funding, student mobility, and research and teaching collaboration.
Professor Maple explained: “I am passionate about the international agenda having been a visiting professor at four institutions overseas, and participated in three government-sponsored missions to the United States. I am delighted to be undertaking this important role.”
Commenting on the new role, Professor Chris Ennew, University of Warwick Provost, said:
“Carsten’s profile, skills and experience make him the ideal person to undertake this crucial role to develop University-level strategic partnerships in North America. The appointment of Carsten to the role of Deputy Pro-Vice-Chancellor for North America is a key step towards delivery of the University’s Internationalisation Strategy.”
Professor Simon Swain, Pro-Vice-Chancellor (External Engagement) said: “Carsten’s appointment is an enormous boost to the International team and we are all looking forward to working with him on our hugely ambitious goals in North America.”
Professor Maple is a co-lead of the Cyber Security GRP and the Principal Investigator of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research at the University and the Transport & Mobility lead of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity. He has published over 200 peer-reviewed papers has provided evidence and advice to governments and organisations across the world, including being a high-level scientific advisor for cyber security to the European Commission. He is a member of various national and international boards and expert groups, is Immediate Past Chair of the Council of Professors and Heads of Computing in the UK and a fellow of the Alan Turing Institute.
Professor Maple will manage this new role alongside his current research responsibilities within WMG.
Three WMG Professors have now joined the The Alan Turing Institute as Fellows.
Our Professor of Cyber Systems Engineering Carsten Maple, Professor of Data Science, Giovanni Montana, and Professor of Marketing and Service Systems Irene Ng; are now all part of the prestigious line-up of expert Fellows.
The Alan Turing Institute is a national body championing data science and artificial intelligence research. It was created by five founding universities - Cambridge, Edinburgh, Oxford, UCL and the University of Warwick plus the EPSRC, with a further eight new universities – Leeds, Manchester, Newcastle, Queen Mary University of London, Birmingham, Exeter, Bristol, and Southampton – joining in 2018.
UK Governments National Cyber Security Centre declares Warwick an official Academic Centre of Excellence in Cyber Security Research
Cyber Security research across the University of Warwick has been recognised as an “Academic Centre of Excellence in Cyber Security Research” (ACE-CSR) by the UK’s National Cyber Security Centre (NCSC) and The Engineering and Physical Sciences Research Council (EPSRC).
The recognition was announced today by Ben Gummer MP, Minister for the Cabinet Office.
The Warwick Academic Centre of Excellence in Cyber Security Research brings together researchers from a number of University of Warwick departments in particular WMG, Politics and International Studies (PAIS), Computer Science, Warwick Business School, and several others.
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said:
“It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.
“At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.
“These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.”
Expert Comment: Prof Carsten Maple - One billion affected by Yahoo hack
"Breaches continue to take place without companies identifying the breach, or at least the full impact of the breach. The time taken between the breach occurring and notification to those whose details are breached can leave to risk of compromise of other accounts.
"We have an issue about how we authenticate ourselves to systems currently - mostly relying solely on passwords or personal information (when a password is forgotten)."
Carsten Maple, Professor of Cyber Systems Engineering at WMG's Cyber Security Centre (CSC)