Research in Focus

Cybersecurity research contributing to improved resilience and security

By Rachel Stammers

Cybersecurity

With our lives increasingly conducted online, Surrey’s cybersecurity researchers are developing ever more inventive techniques to protect our privacy and keep transactions safe – while gearing up for the quantum era.

When life changes bring online risk

In an era of unregulated social media and fake news, how can individuals protect their privacy and defend their reputation? Academics in the Surrey Centre for Cyber Security are focused on finding solutions.

When people go through serious life events – such as serious illness, divorce or coming out as LGBTQ+ – they are likely to reveal personal data online which could be exploited by criminals.

Professor Nishanth Sastry, who specialises in social networks, is Principal Investigator on the three-year £3.44 million AP⁴L project which aims to protect people undergoing these events from stalking, trolling and other online dangers.

In the project, Surrey will work with the Universities of Cambridge, Edinburgh, Edgehill, Strathclyde and QMUL to develop new privacy-enhancing technologies that could help people to manage crucial moments of their lives. The tools they are creating include an immersive ‘Risk Playground’ which will enable people to explore potentially risky interactions in safe ways, and ‘Security Bubbles’ which will bring relevant people together during a person’s major event. They will also develop AI-based ‘Transition Guardians’ which will alert people in real-time if they are exposing themselves to risk.

Professor Sastry says: “The project is about giving ordinary people back control of their online lives – whether they are going through a break-up and would like to ensure their location data is not available anywhere online or they have just been diagnosed with a serious illness, and they don't want everyone on their social channels to know."

Young woman working on desktop computer at home

Photo: Getty Images

Professor Nishanth Sastry

Paying a high price

Contactless payments by phone have made life easier when we shop, but can leave us vulnerable to theft. Surrey’s academics have demonstrated how these systems can be attacked, and pushed the industry towards change.

A team from University of Surrey and University of Birmingham, led by Dr Ioana Boureanu of Surrey’s Department of Computer Science, has uncovered a security flaw which arises when ApplePay is combined with Visa. Exploiting a vulnerability that occurs when Visa cards are set up in ApplePay’s ‘Express Transit mode’ – often used by commuters to make swift contactless payments at stations – hackers were able to bypass an iPhone’s Apple Pay lock screen and perform contactless payments. Alarmingly, criminals could use this approach to bypass the contactless limit, allowing transactions of any amount to go through.

The TimeTrust project, which completes in October 2022, has succeeded in using formal methods, applied security and ethical hacking to uncover the flaw. As a result, Visa is now changing its systems and the team is working with the ISO/IEC standardisation bodies to propose a general fix which will solve the problem beyond Apple and Visa.

One of the fixes developed by Surrey’s researchers works not just for payments but for all NFC (near field communication) transactions, and is now being taken forward by the British Standards Institute with a view to modifying international standards.

Dr Boureanu explains: “We are moving forward into a space of contactless communications in mobile devices where our phones enable us not just to make payments but to prove IDs and access facilities without any user interaction, thanks to the contactless chip inside these mobile devices.

"Getting security protocols based on contactless right - not just for payments - is therefore of timely importance. in this space, we are excited by our ongoing work with ISO, branching out of the Timetrust project and our fix to the Apple-Visa vulnerability, which aims at better contactless security across the piece, in a standardised way."

Professor Liqun Chen is leading research to protect the privacy of people when quantum computers are introduced

Protecting our privacy in the quantum era

Professor Liqun Chen of Surrey Centre for Cyber Security has invented or coinvented cryptographic solutions which protect the privacy of millions of people every day. As a principal research scientist at Hewlett Packard Labs, she helped develop the Trusted Platform Module (TPM) which is used in most personal computers today.

Quantum computers are the future, and new cryptographic solutions are required to ensure their security. Professor Chen recently led a €5m EU-funded project with partners from 10 different countries to develop cryptographic algorithms for a new generation quantum-resistant TPM. These algorithms have been successfully demonstrated in sectors where privacy and security are crucial – online banking, activity tracking in healthcare, and device management.

Read the rest of Research in Focus about resilience and security

Meet our new Associate Dean

The Faculty's new Associate Dean (Research and Innovation), Professor Jin Xuan, provides an overview of the latest issue of Research in Focus. This time, we're focusing on the work we do in resilience and security, covering a wide range of research projects.

Physical infrastructure

In today’s environmental crisis, maintaining and improving our built environment is a bigger challenge than ever before. Our civil and mechanical engineers are working to build sustainability and resilience into the vital infrastructure that surrounds us.

Flasks being used for radiation detection research

National defence

Research in the physical sciences and engineering is playing an important role in building the UK’s defences – from innovative face recognition techniques that can locate criminals to the development of novel materials for radiation detection.