Supervisors:
Jamie Twycross
Steven Bagley
Steven Furnell
Nowadays, companies, organizations, and even governments are facing an issue in terms of cyber security which is Advanced Persistent Threats (APTs). APTs are sophisticated, highly skilled hacker groups that conduct complex and sophisticated targeted attacks over an extended period of time against computer systems and networks. The attribution of these groups helps build effective countermeasures and prevent any false blame to help build trust between nations and organizations. This research aims to improve the current attribution processes.
Tim Muller
Xavier Carpent
This project is dedicated to enhancing the robustness, reliability, and security of randomness consensus mechanisms within distributed systems, with a special focus on the challenges posed by voting in dynamic and open networks. This research aims to develop a protocol that not only counters manipulations by malicious actors but also supports scalability, maintains participants' privacy and anonymity, and ensures unbiased and transparent decision-making processes. These efforts are directed toward ensuring the integrity and reliability of consensus outcomes in these environments.
In recent years, the number of Internet-connected devices has increased rapidly, particularly due to adoption in Internet of Things and smart home contexts. Consequently, users find themselves faced with potential challenges in terms of maintaining device security and safeguarding individual privacy. For example, it is recognised that users often cannot easily express their security preferences, control the sharing of data, nor determine who has access to this data and for what purpose. Moreover, users have limited opportunities to configure their devices. Therefore, this research aims to improve security and privacy in IoT and smart homes, with particular attention to aspects at the human computer interaction level.
Nicholas Gervassis
Diverse and global organisations operating in different regions and employing people from different cultures face an enormous challenge of data security and privacy and comply with different rules and regulations for handling customer data. Europe has started enforcing GDPR, and different countries also have rules and regulations that companies must comply with. Hence, large organisations have an uphill task of training their employees and upgrading their systems to comply with these rules and regulations while maintaining data privacy and security. This research explores the impact of data security, privacy rules and regulations on global and diverse organisations. This research also intends to provide a strategic roadmap to tackle such challenges.
The Internet of Vehicles (IoV) is a distributed network that allows vehicles to communicate in real-time with minimal or no human interaction over a secure Vehicular Ad hoc Network (VANETs). However, the growth of IoV will create security issues that may threaten both industries and users. This research investigates the security requirements and issues in IoV. It examines the different possible attacks, with the aim of proposing and evaluating efficient countermeasures to enhance security and improve user-safety.
The Internet of Underwater Things (IoUT) is one critical and growing area to develop an intelligent underwater environment for surveillance and marine exploration. However, unreliable underwater communication channels, unpredictable movement of network nodes, and resource constraints all represent practical concerns. Moreover, attacks that seek to exploit the limitations in IoUT means that security and privacy of the devices and networks is an important consideration. This project is investigating the necessary safeguards for IoUT communication and devices, alongside the security and privacy demands associated with different attacks.
Helena Webb
These days attackers are increasingly focusing on human targets to get access to information systems. Thus, cyber security awareness and education is vital to reduce human-related vulnerabilities. However, such security education is often provided via a generic programme that ignores distinctions in online behaviour and other significant characteristics that may separate individuals. This study investigates how such differences may be used to influence and adapt the provision, to deliver more tailored and targeted cyber security awareness.
Christian Wagner
The COVID-19 pandemic has led to an increase in home and hybrid working. While this offers flexibility, it can also lead to increased cyber security risks. Many organisations believe that staff have picked up bad cyber security practices since working remotely. At the same time, many also lack attention toward guiding and supporting their staff in the cyber security practices required of them. This research aims towards a framework for enhancing the support for home and hybrid workers, considering both the provisions that need to be made for the users and the means to help organizations to track and manage the level of security-compliance.
Today's IT users face an increasing range of contexts in which they may wish to control access to and sharing of their data, such as mobile apps accessing users' sensitive data, cookies tracking user's activity and social media sites targeting users for advertisement. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating the essential considerations the users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable and they do not have sufficient and proper control of all permissions on platforms. Therefore, this research is investigating means of improving the communication to users and supporting their related decision making.
The gradual increase of interconnectivity across the developing world makes it susceptible to increasing cyber threats that are likely to influence the nation's political stability, economic development, and international relations. Organisations in the ICT industry have also made efforts to increase the awareness level of employees to equip them against potential threats in the cyber world. Contextual studies targeting the ICT industries of African commonwealth member countries can guide experts in the field to understand the underlying requirements for developing relevant programs. This research evaluates cybersecurity awareness in various contexts and examines existing practices of selected developing countries. Also, a context-aware program will be looked at for addressing the personalised cybersecurity awareness-related needs of the users.
The ability to use technology has become a necessity for everyone, including people with vision, hearing, mobility, learning and cognitive impairments. Security is one of the significant requirements that every user expects when using digital technology. Hence, issues of accessibility and usability are important when considering security. Accessibility and usability seek to make desired behaviours simpler for the user, whereas security aims to make unwanted acts more difficult. Both factors need to be considered when evaluating a system, because improving one could improve the other. People with disabilities may encounter challenges while using technology. They need to be provided with the same level of security functionality in an accessible and usable manner. The main aim of this study is to identify the impact of accessibility, usability, and security for users with various types of disability.
Despite the substantial advancements in developing cyber security controls and solutions, they become useless if people fail to use them effectively. Therefore, security solutions need to be integrated into people’s habits, behaviours, and daily actions, i.e., security culture. However, the usability of the controls can impact their adoption in security behaviour and its transition into a security culture. This project is examining the relationship, with the intention of enabling organisations to better understand the areas in which usability barriers may impede their efforts toward an effective culture.
Oliver Butler
Mike Pound
Incidents of abusive material found online have massively increased in the last decade, presenting an epidemic that law enforcement agencies are struggling to keep up with. In image or video documented crime perpetrators often take steps to maintain anonymity, including hiding their faces; biometric analysis of this type of content is one way to identify the people involved. Hands and forearms are more often visible, and contain many unique features such as hand geometry, palm and knuckle prints, under-skin vein patterns, androgenic hair patterns, and skin marks such as scars, freckles, and tattoos. This project is investigating the usability of these features for offender identification, as well as effective and accurate methods of extracting them.
Automotive Control Systems control various aspects of a vehicle’s powertrain, safety, and comfort systems, and as a result are given a significant amount of responsibility. It is therefore important that the security mechanisms within these systems are well designed and capable of preventing both an external and internal attack. Vulnerabilities present within these systems could cause significant damage to the vehicle, its passengers, and other road users due to the amount of physical actuators that each system controls. This project aims to determine if the automotive control systems utilised, both past and present, have been designed with a tendency towards functionality over security. It also covers ways that vulnerabilities in such systems could be prevented, without hindering their capabilities and functionality.
University of NottinghamJubilee CampusWollaton Road Nottingham, NG8 1BB
For all enquires please visit: www.nottingham.ac.uk/enquire