Supervisors:
Jamie Twycross
Steven Bagley
Steven Furnell
Nowadays, companies, organizations, and even governments are facing an issue in terms of cyber security which is Advanced Persistent Threats (APTs). APTs are sophisticated, highly skilled hacker groups that conduct complex and sophisticated targeted attacks over an extended period of time against computer systems and networks. The attribution of these groups helps build effective countermeasures and prevent any false blame to help build trust between nations and organizations. This research aims to improve the current attribution processes.
Tim Muller
Xavier Carpent
This project is dedicated to enhancing the robustness, reliability, and security of randomness consensus mechanisms within distributed systems, with a special focus on the challenges posed by voting in dynamic and open networks. This research aims to develop a protocol that not only counters manipulations by malicious actors but also supports scalability, maintains participants' privacy and anonymity, and ensures unbiased and transparent decision-making processes. These efforts are directed toward ensuring the integrity and reliability of consensus outcomes in these environments.
In recent years, the number of Internet-connected devices has increased rapidly, particularly due to adoption in Internet of Things and smart home contexts. Consequently, users find themselves faced with potential challenges in terms of maintaining device security and safeguarding individual privacy. For example, it is recognised that users often cannot easily express their security preferences, control the sharing of data, nor determine who has access to this data and for what purpose. Moreover, users have limited opportunities to configure their devices. Therefore, this research aims to improve security and privacy in IoT and smart homes, with particular attention to aspects at the human computer interaction level.
Nicholas Gervassis
Diverse and global organisations operating in different regions and employing people from different cultures face an enormous challenge of data security and privacy and comply with different rules and regulations for handling customer data. Europe has started enforcing GDPR, and different countries also have rules and regulations that companies must comply with. Hence, large organisations have an uphill task of training their employees and upgrading their systems to comply with these rules and regulations while maintaining data privacy and security. This research explores the impact of data security, privacy rules and regulations on global and diverse organisations. This research also intends to provide a strategic roadmap to tackle such challenges.
Helena Webb
These days attackers are increasingly focusing on human targets to get access to information systems. Thus, cyber security awareness and education is vital to reduce human-related vulnerabilities. However, such security education is often provided via a generic programme that ignores distinctions in online behaviour and other significant characteristics that may separate individuals. This study investigates how such differences may be used to influence and adapt the provision, to deliver more tailored and targeted cyber security awareness.
Christian Wagner
The COVID-19 pandemic has led to an increase in home and hybrid working. While this offers flexibility, it can also lead to increased cyber security risks. Many organisations believe that staff have picked up bad cyber security practices since working remotely. At the same time, many also lack attention toward guiding and supporting their staff in the cyber security practices required of them. This research aims towards a framework for enhancing the support for home and hybrid workers, considering both the provisions that need to be made for the users and the means to help organizations to track and manage the level of security-compliance.
Today's IT users face an increasing range of contexts in which they may wish to control access to and sharing of their data, such as mobile apps accessing users' sensitive data, cookies tracking user's activity and social media sites targeting users for advertisement. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating the essential considerations the users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable and they do not have sufficient and proper control of all permissions on platforms. Therefore, this research is investigating means of improving the communication to users and supporting their related decision making.
The gradual increase of interconnectivity across the developing world makes it susceptible to increasing cyber threats that are likely to influence the nation's political stability, economic development, and international relations. Organisations in the ICT industry have also made efforts to increase the awareness level of employees to equip them against potential threats in the cyber world. Contextual studies targeting the ICT industries of African commonwealth member countries can guide experts in the field to understand the underlying requirements for developing relevant programs. This research evaluates cybersecurity awareness in various contexts and examines existing practices of selected developing countries. Also, a context-aware program will be looked at for addressing the personalised cybersecurity awareness-related needs of the users.
The ability to use technology has become a necessity for everyone, including people with vision, hearing, mobility, learning and cognitive impairments. Security is one of the significant requirements that every user expects when using digital technology. Hence, issues of accessibility and usability are important when considering security. Accessibility and usability seek to make desired behaviours simpler for the user, whereas security aims to make unwanted acts more difficult. Both factors need to be considered when evaluating a system, because improving one could improve the other. People with disabilities may encounter challenges while using technology. They need to be provided with the same level of security functionality in an accessible and usable manner. The main aim of this study is to identify the impact of accessibility, usability, and security for users with various types of disability.
Oliver Butler
Mike Pound
Incidents of abusive material found online have massively increased in the last decade, presenting an epidemic that law enforcement agencies are struggling to keep up with. In image or video documented crime perpetrators often take steps to maintain anonymity, including hiding their faces; biometric analysis of this type of content is one way to identify the people involved. Hands and forearms are more often visible, and contain many unique features such as hand geometry, palm and knuckle prints, under-skin vein patterns, androgenic hair patterns, and skin marks such as scars, freckles, and tattoos. This project is investigating the usability of these features for offender identification, as well as effective and accurate methods of extracting them.
Automotive Control Systems control various aspects of a vehicle’s powertrain, safety, and comfort systems, and as a result are given a significant amount of responsibility. It is therefore important that the security mechanisms within these systems are well designed and capable of preventing both an external and internal attack. Vulnerabilities present within these systems could cause significant damage to the vehicle, its passengers, and other road users due to the amount of physical actuators that each system controls. This project aims to determine if the automotive control systems utilised, both past and present, have been designed with a tendency towards functionality over security. It also covers ways that vulnerabilities in such systems could be prevented, without hindering their capabilities and functionality.
Recent results have shown that we are at the bounds of efficiency of the traditional techniques. The only way to make GC faster and lighter is to explore alternative techniques, or to find ways to cut corners around the standard security requirements. We will develop a more general framework for GC, allowing for these generalisations. We will study 3 flavours of alternative techniques, and investigate their theoretical and practical effectiveness. We will also look at weakening security requirements to allow for much faster computation.
Cybersecurity awareness is important in educational environment as there exists a wide gap in the understanding of related issues because many students only have basic understanding of cyber threats, and the risks associated with them. Proponents of change indicate that students require cybersecurity awareness within their educational institutions to enable them to navigate the digital landscape and safety in the increasingly interconnected world. Moreover, students in various non-computing disciplines would still benefit from some coverage of the cybersecurity issues relevant to their topic area. This research aims to assess the extent of cybersecurity coverage in non-computing disciplines and to design an approach that enables relevant aspects to be identified and incorporated, as appropriate to the needs of the topic and the learner.
Nowadays, individual cyber protection across different environments is essential because most people may face risks when using technology. Protecting against cyberattacks, recovering from them, and learning from past incidents is vital for individuals. However, there is a lack of studies on people's cyber protection, partly because it is unclear how to define this term, which should include both cybersecurity and online safety. Additionally, current studies often overlap in defining cybersecurity and online safety, which can lead to confusion about the scope of each term. This study aims to raise awareness of cybersecurity and online safety among individuals with various skills and knowledge, enabling people to protect themselves against attack.
University of NottinghamJubilee CampusWollaton Road Nottingham, NG8 1BB
For all enquires please visit: www.nottingham.ac.uk/enquire