Supervisors:
Jamie Twycross
Steven Bagley
Steven Furnell
Nowadays, companies, organizations, and even governments are facing an issue in terms of cyber security which is Advanced Persistent Threats (APTs). APTs are sophisticated, highly skilled hacker groups that conduct complex and sophisticated targeted attacks over an extended period of time against computer systems and networks. The attribution of these groups helps build effective countermeasures and prevent any false blame to help build trust between nations and organizations. This research aims to improve the current attribution processes.
Ying He
In recent years, the number of Internet-connected devices has increased rapidly, particularly due to adoption in Internet of Things and smart home contexts. Consequently, users find themselves faced with potential challenges in terms of maintaining device security and safeguarding individual privacy. For example, it is recognised that users often cannot easily express their security preferences, control the sharing of data, nor determine who has access to this data and for what purpose. Moreover, users have limited opportunities to configure their devices. Therefore, this research aims to improve security and privacy in IoT and smart homes, with particular attention to aspects at the human computer interaction level.
Xavier Carpent
Nicholas Gervassis
Diverse and global organisations operating in different regions and employing people from different cultures face an enormous challenge of data security and privacy and comply with different rules and regulations for handling customer data. Europe has started enforcing GDPR, and different countries also have rules and regulations that companies must comply with. Hence, large organisations have an uphill task of training their employees and upgrading their systems to comply with these rules and regulations while maintaining data privacy and security. This research explores the impact of data security, privacy rules and regulations on global and diverse organisations. This research also intends to provide a strategic roadmap to tackle such challenges.
Tim Muller
The Internet of Vehicles (IoV) is a distributed network that allows vehicles to communicate in real-time with minimal or no human interaction over a secure Vehicular Ad hoc Network (VANETs). However, the growth of IoV will create security issues that may threaten both industries and users. This research investigates the security requirements and issues in IoV. It examines the different possible attacks, with the aim of proposing and evaluating efficient countermeasures to enhance security and improve user-safety.
The Internet of Underwater Things (IoUT) is one critical and growing area to develop an intelligent underwater environment for surveillance and marine exploration. However, unreliable underwater communication channels, unpredictable movement of network nodes, and resource constraints all represent practical concerns. Moreover, attacks that seek to exploit the limitations in IoUT means that security and privacy of the devices and networks is an important consideration. This project is investigating the necessary safeguards for IoUT communication and devices, alongside the security and privacy demands associated with different attacks.
These days attackers are increasingly focusing on human targets to get access to information systems. Thus, cyber security awareness and education is vital to reduce human-related vulnerabilities. However, such security education is often provided via a generic programme that ignores distinctions in online behaviour and other significant characteristics that may separate individuals. This study investigates how such differences may be used to influence and adapt the provision, to deliver more tailored and targeted cyber security awareness.
The COVID-19 pandemic has led to an increase in home and hybrid working. While this offers flexibility, it can also lead to increased cyber security risks. Many organisations believe that staff have picked up bad cyber security practices since working remotely. At the same time, many also lack attention toward guiding and supporting their staff in the cyber security practices required of them. This research aims towards a framework for enhancing the support for home and hybrid workers, considering both the provisions that need to be made for the users and the means to help organizations to track and manage the level of security-compliance.
Today's IT users face an increasing range of contexts in which they may wish to control access to and sharing of their data, such as mobile apps accessing users' sensitive data, cookies tracking user's activity and social media sites targeting users for advertisement. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating the essential considerations the users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable and they do not have sufficient and proper control of all permissions on platforms. Therefore, this research is investigating means of improving the communication to users and supporting their related decision making.
The gradual increase of interconnectivity across the developing world makes it susceptible to increasing cyber threats that are likely to influence the nation's political stability, economic development, and international relations. Organisations in the ICT industry have also made efforts to increase the awareness level of employees to equip them against potential threats in the cyber world. Contextual studies targeting the ICT industries of African commonwealth member countries can guide experts in the field to understand the underlying requirements for developing relevant programs. This research evaluates cybersecurity awareness in various contexts and examines existing practices of selected developing countries. Also, a context-aware program will be looked at for addressing the personalised cybersecurity awareness-related needs of the users.
The ability to use technology has become a necessity for everyone, including people with vision, hearing, mobility, learning and cognitive impairments. Security is one of the significant requirements that every user expects when using digital technology. Hence, issues of accessibility and usability are important when considering security. Accessibility and usability seek to make desired behaviours simpler for the user, whereas security aims to make unwanted acts more difficult. Both factors need to be considered when evaluating a system, because improving one could improve the other. People with disabilities may encounter challenges while using technology. They need to be provided with the same level of security functionality in an accessible and usable manner. The main aim of this study is to identify the impact of accessibility, usability, and security for users with various types of disability.
Despite the substantial advancements in developing cyber security controls and solutions, they become useless if people fail to use them effectively. Therefore, security solutions need to be integrated into people’s habits, behaviours, and daily actions, i.e., security culture. However, the usability of the controls can impact their adoption in security behaviour and its transition into a security culture. This project is examining the relationship, with the intention of enabling organisations to better understand the areas in which usability barriers may impede their efforts toward an effective culture.
Oliver Butler
Mike Pound
Incidents of abusive material found online have massively increased in the last decade, presenting an epidemic that law enforcement agencies are struggling to keep up with. In image or video documented crime perpetrators often take steps to maintain anonymity, including hiding their faces; biometric analysis of this type of content is one way to identify the people involved. Hands and forearms are more often visible, and contain many unique features such as hand geometry, palm and knuckle prints, under-skin vein patterns, androgenic hair patterns, and skin marks such as scars, freckles, and tattoos. This project is investigating the usability of these features for offender identification, as well as effective and accurate methods of extracting them.
Sarah Sharples
Robert Houghton
Despite algorithmic advancements to protect networks and systems, successful cyberattacks continue to increase. A leading cause and a known vector for successful cyber breaches is well-intentioned insiders who unwittingly participate in the facilitation of such attacks. In this project we exclusively investigate factors that influence unintentional (also known as accidental) insider threat within organisations by applying established risk and safety and human factors based models from the engineering discipline to create a novel sociotechnical solution that is holistic in its nature to identify, intervene and mitigate such threats as they unfold.
The UK Data Protection Act and GDPR mandate that the design process for new products and services consider data protection and privacy risks within them. The state-of-the-art for storing personal data in the home and setting user preferences in smart devices requires research. This project investigates the design and governance guidelines for a solution where data never leaves the home and explores an ‘as a service’ based model to manage the cybersecurity of the solution that stores data in individuals’ homes. This enables users to make informed choices about how much and who they share their data with, and in the same vein focus on tailored services of smart devices to improve convenience, and reduce concern about data misuse or theft.
University of NottinghamJubilee CampusWollaton Road Nottingham, NG8 1BB
For all enquires please visit: www.nottingham.ac.uk/enquire