The concept of widespread Connected and Automated Mobility (CAM) is quickly becoming something of a reality thanks to a national and global push to develop the next generation of transport solutions. An integral part of the Government’s Road to Zero strategy, CAM is expected to become widely deployed across the UK and will be a key driver behind ambitions to eventually achieve zero accidents, zero congestion and zero emissions on the road.
Evolving into a sector that is predicted to be worth £907 billion by 2035, CAM has also conjured new societal and technological challenges that need to be considered. At WMG, University of Warwick, we’ve been tackling some of these challenges by focusing on how to improve security, privacy and safety in connected and automated vehicles from a cyber-perspective, conducting rigorous testing and exploring innovative technologies in a real-world environment.
Overcoming public anxiety
It’s not surprising to see that earning the public’s trust and subsequently reducing anxiety around this new form of travel is somewhat of a barrier to widespread adoption. However, our work to improve the privacy and safety of connected and automated vehicles will help to demonstrate the scalability and wider benefits of this new technology.
Our real-world testing considers how vehicles will connect with each other, as well as to the roadside infrastructure, and also how parts of this infrastructure can be intelligent in the ways that they share information with each other. Our work considers how this connectivity informs the automated activity of respective vehicles and more importantly influences how we expect vehicles to react when a data breach is attempted. For example, if a hacker manages to access the data in a vehicle or vehicular system, how do we safeguard against compromising the vehicle’s identity and history, how do we protect the locations that the vehicle has visited, or indeed how do we control what the vehicle does next in terms of its interactions with the roadside and other vehicles following a breach.
Transferring information within the roadside infrastructure
When a vehicle is travelling down a road it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the key of the other vehicle needs to be verified. However, having to check this in-Cloud infrastructure creates additional communication overhead, increasing the time before the vehicle receives the necessary verification. Instead, through the use of ‘Decentralised PKI’, vehicles can verify messages much faster as the key information is distributed over Edge infrastructure that sits next to the road. Essentially, this means that the roadside infrastructure can communicate with each other and directly transfer shared information, such as traffic levels, vehicle speed and direction. This eliminates the reliance on Cloud servers, saving communication time.
Protecting a vehicle’s identity
For a vehicle to send and receive these sorts of messages from other vehicles and the roadside effectively and reliably, it is important that the messages it sends contain proof that the vehicle is who it claims to be; these messages can be transmitted between cars or the road’s infrastructure from up to 500 meters away. Our ‘Group Signatures’ solution proves a vehicle’s identity without allowing that individual vehicle to be tracked over a long time. This method only indicates that the vehicle is a member of a group, making it much harder for privacy to be compromised, revealing the history of all the locations a respective vehicle, and therefore individual, has visited.
Verifying vehicle identities
However, it is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities of senders of messages per second.
Therefore, with our ‘Authentication Prioritisation’ solution, the order in which the identity of messages are verified is decided based on assigning a priority to the messages. These priorities can be defined by vehicle distance, direction of travel or positioning on the road. A higher priority means that those messages are verified first.
Embedding the foundations for effective adoption
As we continue our research into privacy and security issues associated with CAM, our end goal is to achieve the right technological balance to enable effective and quick communication between vehicles and the roadside infrastructure, whilst protecting the privacy of individual vehicles and allowing reliable and safe messages to be filtered by vehicles in order of importance. At WMG, we are making significant strides towards achieving these goals and supporting the ultimate objective of assisting with the widespread adoption of Connected and Automated Mobility on UK roads.
Today, Tuesday 11 April 2017, Business Secretary Greg Clark and Transport Minister John Hayes have announced a range of research funding which included a total of £4.25 million, split between a battery research project and an autonomous vehicle research project, both with input from WMG at the University of Warwick.
UK Governments National Cyber Security Centre declares Warwick an official Academic Centre of Excellence in Cyber Security Research
Cyber Security research across the University of Warwick has been recognised as an “Academic Centre of Excellence in Cyber Security Research” (ACE-CSR) by the UK’s National Cyber Security Centre (NCSC) and The Engineering and Physical Sciences Research Council (EPSRC).
The recognition was announced today by Ben Gummer MP, Minister for the Cabinet Office.
The Warwick Academic Centre of Excellence in Cyber Security Research brings together researchers from a number of University of Warwick departments in particular WMG, Politics and International Studies (PAIS), Computer Science, Warwick Business School, and several others.
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said:
“It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.
“At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.
“These universities conduct world class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.”
We are excited to announce that we will be working with Cyber Scheme, by helping to run assessments for its newly accredited CSTL examination for the Team Leader qualification.
The Cyber Scheme is run by an independent board of directors drawn from a range of backgrounds but with significant experience in business and cyber security. The not-for-profit Cyber Scheme has been set up with the approval of NCSC (formerly GCHQ) as the national authority on cyber security.
WMG at the University of Warwick is delighted to announce the appointment of cyberpsychologist Professor Monica Whitty, who joins the Cyber Security research team from the University of Leicester, as Professor of Human Factors in Cyber Security.
As WMG’s first cyberpsychologist, Professor Whitty will work alongside colleagues in WMG’s Cyber Security Centre concentrating on the human element focusing on behaviour online to identify cyber criminals and in turn protect people from becoming victims.
Professor Whitty’s research spans 15 years focusing on the way individuals behave in cyberspace examining identities created in cyberspace, online security risks as well as detecting and preventing cybercrimes (e.g., mass-marketing fraud, insider threats).
Expert Comment: Prof Carsten Maple - One billion affected by Yahoo hack
"Breaches continue to take place without companies identifying the breach, or at least the full impact of the breach. The time taken between the breach occurring and notification to those whose details are breached can leave to risk of compromise of other accounts.
"We have an issue about how we authenticate ourselves to systems currently - mostly relying solely on passwords or personal information (when a password is forgotten)."
Carsten Maple, Professor of Cyber Systems Engineering at WMG's Cyber Security Centre (CSC)
We are delighted that WMG has been awarded seven tuition fee bursaries through the UK Government’s National Cyber Security Programme, for individuals to retrain in cyber security.
Sponsored by the Department for Culture, Media and Sport, the bursaries are part of a pilot programme to address the significant mismatch in the supply and demand of adequately skilled cyber security professionals.
The project has been a huge help to the seven students who wouldn’t have been able to take up their studies without financial support. Current MSc Cyber Security and Management student, Ella-Karita Halsey commented: “I was overwhelmed when I was offered a bursary. I believe the bursary is set to propel me into a career within cyber security, and the GCHQ provisionally certified route of study gives a wide range of interesting topics, that are recognized as industry standard within the cyber community”. Davina Pattni also received a bursary to study for her MSc Cyber Security and Management: “The bursary has given me an opportunity to fast track my career within the cyber security industry."
“We have learned of another high profile breach this morning – this time, Tesco Bank. As yet we know little of how the breach occurred, but what we do know is that a number of accounts were subjected to "online criminal activity" over the weekend, with "some cases" resulting in money being withdrawn fraudulently. Of course Tesco has stated it will refund money to those affected, but failed to answer two key questions: How did the breach occur and what about the impact and associated costs for those affected?
“For the first question, it may not be necessary to provide this answer today, but it will be important. Were card machines breached? Was there a human error either within Tesco or one of its partners? These questions will be important as they will determine the follow-up actions needed by Tesco and it customers.
WMG Honorary Fellow, Professor Colin Williams, will be delivering a series of special weekly lectures exploring The Human Story of Cybernetics.
The nine-week course at WMG’s Cyber Security Centre, commences on Thursday 13th October with ‘When Minds Explode,’ focusing on the intellectual history of the initialisation and early development of Cybernetics. Other lectures include ‘Meat the Machine’ and ‘Cauldrons of Fire and Crucibles of Ice.’