Similar case studies

REF impact found 15 Case Studies

Currently displayed text from case study:

Analysis of IT Security Techniques for International Standardisation

Summary of the impact

The development of any substantial security system is informed by international standards. In particular, system designers refer to these standards when deciding which cryptographic primitives and what key sizes to use. Thus it is essential that the guidelines and best practice published in standards are accurate and robust. Of the official standards bodies concerned with security, the most influential is ISO. Prof. Chris Mitchell has been a UK representative expert to ISO since 1992. His research has led to a number of important amendments to ISO standards and he has played a major role in drafting (and maintaining) those standards.

Submitting Institution

Royal Holloway, University of London

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Political

Research Subject Area(s)

Information and Computing Sciences: Computation Theory and Mathematics, Computer Software, Data Format

Design of a block cipher used in TETRA secure radio

Summary of the impact

Terrestrial Trunked Radio (TETRA) is a very well known, international specification for secure mobile radio and `walkie-talkie' communication, that is extensively used and relied upon by emergency and public safety services such as police, ambulance and fire services, as well as governmental and private bodies. The European Telecommunications Standards Institute (ETSI) began standardising TETRA in the 1990s and it is now widely used throughout the world. Foundations of its success include resilience and reliability, but security is a major feature, being underpinned by expert cryptographic design. In particular the authentication and key generation mechanisms in TETRA rely on a block cipher (HURDLE) which was designed by a team of cryptographers at Royal Holloway.

The work carried out at Royal Holloway underpins the integrity and security of TETRA safety- critical networks throughout the world to the present day. A secure design for emergency service communications minimises both the amount of disruption criminals can cause to service operations, and the amount of operational information such criminals can glean from eavesdropping, contributing to the safety and security of society as a whole as well as the economic benefits to manufacturers of TETRA-based equipment.

Submitting Institution

Royal Holloway, University of London

Unit of Assessment

Mathematical Sciences

Summary Impact Type

Technological

Research Subject Area(s)

Information and Computing Sciences: Computation Theory and Mathematics, Data Format

Design of Authentication Algorithms for GSM Phones

Summary of the impact

Mobile telecommunication networks serve nearly 7 billion users; over 90% of the world's population. The flexibility and pervasive nature of mobile networks underpin an enormous range of business and personal activities. Many systems are based on GSM (Global System for Mobile Communications) standards for digital cellular networks that were created by the European Telecommunications Standards Institute (ETSI) in the 1990s to replace analogue network standards. A key factor in the success of GSM has been the ability to authenticate legitimate users and to provide privacy for wireless transmissions. A strong authentication mechanism is critical for the economic operation of mobile telephony.

The security of GSM is based on a secret key, known only to the network operator and the Subscriber Identity Module (SIM), and an authentication algorithm implemented by the SIM and the network operator. A network operator may implement its own authentication algorithm, but many adopted the example implementation (known as COMP128, or COMP128-1) suggested by the GSM Association (GSMA). COMP128-1 was later found to be flawed. Cryptographers at Royal Holloway, at the request of GSMA, designed a replacement algorithm (COMP128-2), the example implementation offered by the GSM Association (GSMA) to over 800 Mobile Network Operators (MNO) in over 200 countries. The algorithm is still regarded as robust and it and derivative algorithms are relied upon by enormous numbers of users every day.

Submitting Institution

Royal Holloway, University of London

Unit of Assessment

Mathematical Sciences

Summary Impact Type

Technological

Research Subject Area(s)

Information and Computing Sciences: Computation Theory and Mathematics, Data Format

Security Economics

Summary of the impact

Professor Ross Anderson's (University of Cambridge) research in security economics has had considerable impact on public policy and industry practice. Through two reports for ENISA, his work has directly influenced European Commission policy on combatting cyber-crime and on protecting the internet infrastructure. Through his membership of a Blackett Review and appearances before parliamentary committees, he has influenced UK government policy on cyber- security. Personally, and through the positions to which members his research team have moved, his research has influenced a range of organisations, including the US government, the European Union, Google, and Microsoft.

Submitting Institution

University of Cambridge

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Political

Research Subject Area(s)

Information and Computing Sciences: Computation Theory and Mathematics, Data Format

Electronic Payments

Summary of the impact

Research examining the vulnerabilities in electronic payment systems conducted by Professor Ross Anderson and his research team at the University of Cambridge since 1995 has had profound impact on the current generation of payment systems. Research outcomes have (i) led existing businesses to redesign application programming interfaces (APIs) used by hardware security modules; (ii) created a new company, Cronto; (iii) convinced authorities to review certification systems so that products are more secure; and (iv) fuelled public awareness of, and discourse about, the security of electronic payment systems.

Submitting Institution

University of Cambridge

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Economic

Research Subject Area(s)

Information and Computing Sciences: Computation Theory and Mathematics, Computer Software, Data Format

Case Study 1 - Securing Networked Systems

Summary of the impact

The Network & Information Security Technology Lab (NISTL) at Liverpool John Moores University (LJMU) conducts research in securing networked systems against the growing threat of cyber crime. The research has generated a correlated set of new security protocols, novel system composition methods and efficient digital forensic analysis schemes for more effective layered security protection. Their main impacts for the period 01/2008 - 07/2013 are highlighted below:

  • [text removed for publication]
  • Thales (engaging in commercial secure system development) has continued collaboration with us to exploit our findings on system composition since 2008. This enabled Thales to deliver three invention disclosures and one security-enhanced commercial solution. The open source software version produced was downloaded 14,323 times since 04/2009.
  • [text removed for publication]
  • Our research in forensic analysis led to the generation of a patent in 2009, which was later implemented by the lab into a software tool. Merseyside Police used the tool to enhance its efficiency in digital forensic analysis by 8.5 times.

In addition to the above direct impacts, our work is also beneficial to other organisations and even the general public, as they all require security techniques for information protection.

Submitting Institution

Liverpool John Moores University

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Technological

Research Subject Area(s)

Information and Computing Sciences: Artificial Intelligence and Image Processing, Data Format, Distributed Computing

Cyberstalking countermeasures adopted by Government bodies

Summary of the impact

The extensive knowledge and understanding built up by the National Centre for Cyberstalking Research (NCCR) at the University of Bedfordshire (UoB) has provided the basis for decisions, plans and training programmes by UK government and official bodies including the Stalking and Harassment Working Group of the Association of Chief Police Officers (ACPO), who are seeking to understand, counter and legislate for cyberstalking; a change in UK law has taken place. Public presentations and extensive international media coverage of the NCCR findings has resulted in an appreciation of, and public debate on, the nature and dangers of cyberstalking, along with potential protection options for victims.

Submitting Institution

University of Bedfordshire

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Legal

Research Subject Area(s)

Information and Computing Sciences: Data Format
Technology: Communications Technologies

Cyber Security: Situational Awareness and Infrastructure Protection research changing policy and practice

Summary of the impact

Cyber security and situational awareness research has impacted organisations' strategy, policy and practice. Impact was delivered through nuWARP (Northumbria University Warning, Advice and Reporting Point) registered as part of the UK Government's Centre for the Protection of National Infrastructure. International impact: direct contribution to EU Cyber Security Strategy; improved practices at the Nigerian Economic and Financial Crimes Commission; redeveloped business model at Star Spreads (online gambling company) leading to safer practices for customers. National impact: contributed to improved business models and policies in SMEs (Washington Metalworks, Shared Interest, SRM Ltd), which have improved data security and online practice.

Submitting Institution

Northumbria University Newcastle

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Technological

Research Subject Area(s)

Information and Computing Sciences: Artificial Intelligence and Image Processing, Information Systems

Human-centred security in government and commercial applications

Summary of the impact

Professor Sasse created, developed and delivered the user-centric perspective that now underpins security thinking in both corporate and public-sector domains. This perspective shaped the UK government's Identity Assurance Programme (IDAP), a federated identity solution that will provide access to all e-government services in the UK. HP has incorporated the compliance budget model into its Security Analytics product, which enables companies to calculate the impact of a given security mechanism on individual and corporate productivity. Sasse's work also underpins new and improved security products, including First Cyber Security's SOLID and Safe Shop Window tools, which protects over 70% of UK online shopping revenue; GrIDSure's one-time PIN system (now part of the SafeNet Authentication Service); and iProov's authentication service.

Submitting Institution

University College London

Unit of Assessment

Computer Science and Informatics

Summary Impact Type

Economic

Research Subject Area(s)

Economics: Applied Economics
Commerce, Management, Tourism and Services: Business and Management

Ensuring Banknote Security

Summary of the impact

This case study highlights the research at Plymouth University into the development of a specialist security thread in banknotes which has been commissioned and adopted by De La Rue, the world's largest commercial currency printer and papermaker. The system has provided quality assurance for over five billion banknotes, including the Euro, and improved the performance of a worldwide business through the introduction of new technology. Potential future losses through counterfeit have been mitigated by the improved quality assurance systems.

Submitting Institution

Plymouth University

Unit of Assessment

Electrical and Electronic Engineering, Metallurgy and Materials

Summary Impact Type

Technological

Research Subject Area(s)

Information and Computing Sciences: Artificial Intelligence and Image Processing, Information Systems
Engineering: Electrical and Electronic Engineering

Filter Impact Case Studies

Download Impact Case Studies