Inderjeet Gill

Practical post-quantum lattice-based non-interactive key exchange

The Diffe-Hellman non-interactive key exchange is critical to many protocols and applications, such as the Signal protocol and Noise protocol framework. The non-interactive property importantly allows asynchronous communication, valuable privacy properties and other practical benefits such as energy savings in wireless and sensor networks.The emergence of quantum computers threatens the security of modern cryptosystems (including those utilising Diffe-Hellman) through their ability to solve the underlying hard problems. The need for quantum-resistant alternatives is therefore paramount. This project will be primarily building on the work of SWOOSH - a proposed post-quantum lattice-based non-interactive key exchange, with a focus on practicality, security and privacy preserving properties. I will be addressing several open problems in SWOOSH. For example, investigating attacks on the construction, the non-interactive zero knowledge proof required for active security, resulting complete instantiations, estimating the hardness of the inhomogeneous 1-dimensional short integer solution problem, theoretical results on SWOOSH’s feasibility, and analysis of its privacy properties.

Dr François Dupressoir (Bristol)

Dr Chloe Martindale (Bristol)

Dr Andrés Domínguez Hernández (Turing Institute)

Alexander Kopsch

Cybersecurity at the edge: Researching the privacy and security dimensions of indigenous cyberactivism in Ecuador

The use of information and communication technologies (ICTs) by Ecuador's indigenous activists leads to new security and privacy risks. While increasing visibility and connectivity, ICTs also enable the government to monitor, censor, and target these groups online. Privacy-enhancing tools (PETs) see little uptake in these contexts, as designers lack local views.

This research will explore how PETs are appropriated or reconfigured to support indigenous cyberactivism in Ecuador.

My methods will revolve around ethnographic fieldwork in Ecuador.The outcome of this work will be a set of design recommendations for PETs that are tailored to the needs of indigenous protesters. It will also contribute to the under-researched field of privacy and cybersecurity experiences in Latin America.

Professor Richard Owen (Bristol)

Dr Marvin Ramokapane (Bristol)

Dr Andrés Domínguez Hernández (Turing Institute)

Katie Thomas

Investigating the balance of privacy versus security in a family environment

With the growing fear surrounding children’s online safety, parents and caregivers have turned to technology for support through monitoring apps and parental controls. However, parents face the internal conflict of recognising their child’s desire for autonomy and respect while also experiencing a desire to keep their children safe. In contrast, children have stated that monitoring apps have negatively impacted their relationship with their parents as they do not feel trusted. Thus, the current design of parental controls has resulted in children not feeling respected and heard, while parents feel they lack the capability to make security decisions as a family efficiently. This research aims to explore how the design of parental controls within technology can influence a family’s security decision making, with a focus on the trust, privacy, and security elements of parental controls and children’s rights to privacy. A mixed methodology approach will be applied, using qualitative and quantitative methods to collect and analyse the data. The intended contribution of this project would be the development of a design that provides parents with a better opportunity to balance respecting their children’s autonomy while also providing appropriate security features to protect their children.

Professor Adam Joinson (Bath)

Professor Danaë Stanton Fraser (Bath)

Advancing Secure and Private Communication: A Post-Quantum Mix-Net Approach

Traffic analysis of widely available metadata allows for location tracking, mass surveillance, and targeted attacks from adversaries. Mix Networks, a promising anonymous communication routing protocol, offers scalable anonymity against global adversaries, and are less prone to metadata attacks than more commonly used methods, such as onion routing. However, as this is an emerging area of research, there is a need for enhancing protocol performance, reliability, and agility. Furthermore, motivated by the threat posed by quantum computers to conventional encryption methods, this research also aims to address the integration of post-quantum cryptographic algorithms with mix network protocols. By bridging the gap between secure communication and privacy technologies, this research not only strives to enhance user privacy and data protection but also contributes to the broader development of anonymous communication methods and post-quantum cryptography.

Dr Sana Belguith (Bristol)

Dr Chloe Martindale (Bristol)

Dr Tariq Elahi (Edinburgh)

Linguistic Anomaly Detection at Scale

Dr Matthew Edwards (Bristol)

Dr Claudia Peersman (Bristol)

Wearable Sensors. What Happens to the Data?

Wearable devices can be used as lifestyle enhancers, allowing users to set, measure and monitor health and fitness goals by providing personalised and immediate feedback based on data obtained via various sensors embedded in the device.  This data is instrumental in modelling and inferring physiological and psychological well-being, providing valuable support for individuals in managing their health. However, the collection of this data raises several privacy and security concerns for users and carries broader implications for society.

Considering the growing adoption of wearables as digital diagnostic tools, my research aims to investigate how users can be effectively informed about the data collected and generated by these devices. I aim to employ various methods to explore and understand users’ perceptions and comprehension of the smart-wearable ecosystem, and as well as their attitudes toward data collection and use. Leveraging these insights, I will collaborate with diverse stakeholders to co-create a potential solution that empowers users to make informed decisions.

Dr Marvin Ramokapane (Bristol)

Dr Lukasz Piwek (Bath)

Harry Williams

Examining Cybersecurity Imaginaries through Fiction

There is a well-documented relationship between fiction and the construction of imaginaries, or how people perceive the world around them (Cave et al., 2018). Public perceptions of cybersecurity are strongly influenced by media representations (Gordon, 2010), and inaccurate portrayals can lead to misplaced anxieties, perceptions, and behaviours, expanding the gap between reality and fiction (Krapp, 2019). However, the crossover between fiction and cybersecurity remains relatively unexplored. This project maps cybersecurity portrayals in fictional media, studying how they have evolved over time and how they have shaped public imaginaries of cybersecurity. It aims to bridge the gap between the social and technical elements of fictional representations, considering both the technical accuracy and how this constructs a shared imaginary of cybersecurity to a largely non-expert audience. 

Dr Andre Barrinha (Bath)

 Cybersecurity in the Global South: Exploring the bi-directional relationship between CSIRTs and norms for responsible state behaviour in cyberspace

As cybersecurity has become an increasingly important part of the operations of states and how they relate to one another, international cybersecurity policies and guidelines have been promulgated nationally and internationally to govern the operations of actors in the space. As these guidelines are adopted, contribution, interpretation and implementation may differ across stakeholder groups and socio-economic regions.

 This research explores the role of technical stakeholder groups as epistemic communities in the development and operationalization of international cybersecurity policies. Specifically, it looks at how Computer Security Incident Response Teams (CSIRTs) as epistemic communities engage with the United Nations norms for responsible state behaviour in cyberspace, both in terms of contribution to their definition, but also in how they implement them. It will look specifically into the realities of CSIRTs in the Global South.

Dr Andre Barrinha (Bath)

Dynamic Risk Assessment for Critical Infrastructures

Industrial Control System play a crucial role in Critical Infrastructures. Most of them are legacy systems combined with modern Internet of Things devices which only broadens their threat landscape. Traditional risk assessment methods fail to capture their dynamic nature and take countermeasure in real time. This project aims to conceptualize an algorithm to inform in near real time Incident Fault Trees used for risk assessments. The end goal is leverage incoming data to spot compromised parts of the network and identify attack paths as well as attackers intentions. Ultimately, the model would be able to isolate compromised parts and take necessary measures to keep the Infrastructure running in a safe even if reduced capacity.

Professor Awais Rashid (Bristol)

Dr Sridhar Adepu (Bristol)