Log in
Mobile telecommunication networks serve nearly 7 billion users; over 90% of the world's population. The flexibility and pervasive nature of mobile networks underpin an enormous range of business and personal activities. Many systems are based on GSM (Global System for Mobile Communications) standards for digital cellular networks that were created by the European Telecommunications Standards Institute (ETSI) in the 1990s to replace analogue network standards. A key factor in the success of GSM has been the ability to authenticate legitimate users and to provide privacy for wireless transmissions. A strong authentication mechanism is critical for the economic operation of mobile telephony.
The security of GSM is based on a secret key, known only to the network operator and the Subscriber Identity Module (SIM), and an authentication algorithm implemented by the SIM and the network operator. A network operator may implement its own authentication algorithm, but many adopted the example implementation (known as COMP128, or COMP128-1) suggested by the GSM Association (GSMA). COMP128-1 was later found to be flawed. Cryptographers at Royal Holloway, at the request of GSMA, designed a replacement algorithm (COMP128-2), the example implementation offered by the GSM Association (GSMA) to over 800 Mobile Network Operators (MNO) in over 200 countries. The algorithm is still regarded as robust and it and derivative algorithms are relied upon by enormous numbers of users every day.
The development of any substantial security system is informed by international standards. In particular, system designers refer to these standards when deciding which cryptographic primitives and what key sizes to use. Thus it is essential that the guidelines and best practice published in standards are accurate and robust. Of the official standards bodies concerned with security, the most influential is ISO. Prof. Chris Mitchell has been a UK representative expert to ISO since 1992. His research has led to a number of important amendments to ISO standards and he has played a major role in drafting (and maintaining) those standards.
By default, Internet traffic is vulnerable to eavesdropping and modification. TLS is a protocol that has become the de facto method for securing application-layer messages. TLS is implemented in all major web browsers and servers and is used daily by hundreds of millions of people for applications such as e-commerce, social networking and Internet banking. Royal Holloway researchers identified flaws in the way in which TLS encrypts data, resulting in practical attacks that compromised the security goals of TLS. The researchers also helped major vendors, such as Google, Microsoft and Oracle, to assess and develop countermeasures to the attacks.
Professor Sasse created, developed and delivered the user-centric perspective that now underpins security thinking in both corporate and public-sector domains. This perspective shaped the UK government's Identity Assurance Programme (IDAP), a federated identity solution that will provide access to all e-government services in the UK. HP has incorporated the compliance budget model into its Security Analytics product, which enables companies to calculate the impact of a given security mechanism on individual and corporate productivity. Sasse's work also underpins new and improved security products, including First Cyber Security's SOLID and Safe Shop Window tools, which protects over 70% of UK online shopping revenue; GrIDSure's one-time PIN system (now part of the SafeNet Authentication Service); and iProov's authentication service.
Work conducted at UEL in the area of secure software systems engineering has had impacts on both the private and public sectors, in the UK and abroad. Through its application to financial pre-employment screening it has enabled an award-winning UK company to improve its security processes and become a world leader with respect to secure systems in their sector. This has, in turn, allowed the company to develop a competitive advantage in the market and attract more and larger multinational clients. In the public service sector our work has enabled a Greek governmental department — the National Gazette — to analyse the security implications of fully automating their processes and identify security mechanisms that enhance the security of their new systems. This has improved their service delivery, with significant impacts on Greek society.
Professor Ross Anderson's (University of Cambridge) research in security economics has had considerable impact on public policy and industry practice. Through two reports for ENISA, his work has directly influenced European Commission policy on combatting cyber-crime and on protecting the internet infrastructure. Through his membership of a Blackett Review and appearances before parliamentary committees, he has influenced UK government policy on cyber- security. Personally, and through the positions to which members his research team have moved, his research has influenced a range of organisations, including the US government, the European Union, Google, and Microsoft.
This case study highlights the research at Plymouth University into the development of a specialist security thread in banknotes which has been commissioned and adopted by De La Rue, the world's largest commercial currency printer and papermaker. The system has provided quality assurance for over five billion banknotes, including the Euro, and improved the performance of a worldwide business through the introduction of new technology. Potential future losses through counterfeit have been mitigated by the improved quality assurance systems.
Professor Mary Kaldor convened a study group that proposed a new human security doctrine for the European Union at the request of its High Representative for Common Foreign and Security Policy. This doctrine defined a new approach for EU involvement in situations requiring a security and defence response, with special attention to conflict and disaster in developing countries. It has influenced security and defence policy at the EU and country member levels, and has proved to dramatically reduce violence and contribute to peacekeeping efforts and a return to civil society when applied in conflict-ridden contexts such as Chad, Somalia, Iraq and Libya.
Professor Adam Tomkins of the University of Glasgow provides research-based evidence and advice to the House of Lords Select Committee on the Constitution, serving as one of their legal advisers since 2009 and, in that time, drafting reports on more than 30 Government Bills. His research has directly influenced law and policy, most markedly in two recent Acts of Parliament. Tomkins' research on the constitutional conventions of ministerial responsibility influenced a series of amendments to the Health and Social Care Act 2012; his research into national security and the due process of law proved critical, again resulting in several amendments, to the Justice and Security Act 2013.
The Network & Information Security Technology Lab (NISTL) at Liverpool John Moores University (LJMU) conducts research in securing networked systems against the growing threat of cyber crime. The research has generated a correlated set of new security protocols, novel system composition methods and efficient digital forensic analysis schemes for more effective layered security protection. Their main impacts for the period 01/2008 - 07/2013 are highlighted below:
In addition to the above direct impacts, our work is also beneficial to other organisations and even the general public, as they all require security techniques for information protection.