Article

PETRAS awards £3.6 M to tackle issues of cybersecurity, privacy and trust at the edge

L I M

The PETRAS National Centre of Excellence awarded £3.6 M for 18 new research projects to research institutes across the UK to tackle cybersecurity at the edge of the internet 

These new research projects add to the Centre’s portfolio of work and look to answer social and technical cybersecurity challenges of edge devices and systems, whilst considering issues such as privacy, ethics and trust in these technologies. These include security in the home, Critical National Infrastructure (CNI), agriculture, healthcare and wellbeing and in cashless payment systems.

Jeremy Watson CBE FREng FIET CEng, PETRAS Director and Professor of Engineering Systems at UCL STEaPP said:

‘IoT, AI and Machine Learning technologies present society and the UK economy with great opportunities, but to realise their full potential they must be developed and adopted safely and securely. I am delighted to announce eighteen new research projects that look to tackle cybersecurity challenges through collaborative research excellence between academia and the public and private sectors’ 

Digital Infrastructure Minister Matt Warman said:

‘The need for cutting-edge cyber security has never been greater and this significant investment will help keep people and businesses secure online so we can build back safer from the pandemic.’ 

‘We have a world-leading cyber sector which plays a crucial role protecting the country and our digital economy, so it is vital we continue to see investment of this kind to help tackle the ever-evolving cyber security challenge.’ 

Health and wellbeing devices, for example diagnostic and monitoring sensors for identifying chronic diseases and wellbeing enabling devices, can confer knowledge and autonomy to end users over managing their health and wellbeing. They also promise to alleviate some of the mounting pressures in the healthcare sector created by issues such as ageing populations and funding demands. What is crucial in realising the potential to consumers and the healthcare sector is ensuring security, privacy and trust in these systems.

The CyFer project examines the cybersecurity, privacy, bias and trust in female-oriented technologies (FemTech) focusing on fertility tracking apps and IoT devices. Fertility apps have millions of users and IoT devices are starting to boom ($50 billion by 2025). These technologies gain user-entered data and take body measurements via sensors. By collecting a vast amount of data and processing them through advanced algorithms, e.g. AI, these technologies assist in managing reproductive and sexual health, and give scientists more insight into people’s bodies.

CyFer project lead Dr Maryam Mehrnezhad, Newcastle University explained:

The lack of dedicated standardisation around this intimate data leads to careless industrial practices; putting the users at serious risk. In CyFer, we take a multi-dimensional approach and conduct user and system studies. Our results will inform the next generation of FemTech solutions enabling the millions of users to improve the quality of their lives without any risk and fear,’

In addition, the HIPSTER project, led by Dr Daniel Prince at Lancaster University, is working with expert software developers in Health IoT to address the trust, security and privacy needs of their systems in most cost-effective way. Its critical objective is to mitigate breaches of trust, security and privacy in these systems. Otherwise the risk of undermining trust, resulting in their lack of adoption, can ultimately discourage further life improvements.  

IoT and AI technologies can supply a variety of benefits to farmers and the agricultural sector. They facilitate real-time monitoring of crop and livestock, reduce waste and costs, achieve a more sustainable environmental impact, as well as reach a higher productivity with a smaller workforce. The market for smart agriculture is rapidly growing, as IoT devices are set to become more ubiquitous. As the adoption of digital technologies at the farm level grows, so do cybersecurity threats due to an increase in attack surfaces.  

The FARM project addresses adoption in Agritech by defining a new Digital Twin framework based on models enabling multiscale runtime analysis, dynamic forecasting, and process optimisation.

FARM project lead Dr Michele Sevegnani at Glasgow University noted:

‘Models will explain and guide interventions in unanticipated runtime behaviours therefore providing mathematical foundations for key autonomous aspects such as graceful degradation and anticipatory adaptation in the face of faults, cyber-attacks, and other challenges. Our research will be motivated by two use cases provided by our partners: an automated turmeric farm by Quanta Computer, and a smart collar system for cow monitoring by Afimilk.’ 

The uptake of internet-enabled smart home devices is on the increase and has been further accelerated with people spending more time at home. The COVID-19 pandemic saw consumer behavioural changes such as an increase in purchases of touchless appliances to minimise germ spread. Smart home devices are becoming more affordable and offer consumers benefits such as remote control of home functions, energy efficiency savings and enhanced security features. However, smart home devices are not siloed and, while they connect to wider systems and networks across industries and sectors, they also bring new cybersecurity areas of concern. Existing research on power grid security mainly focuses on utility-side cyber attacks and the associated SCADA system security. In contrast, the cyber threats posed by end-user appliances on power grid operations have received little attention.

This challenge is investigated by the Power-SPRINT project, led by Dr Subhash Lakshminarayana at the University of Warwick, which looks into the security challenges of such convergent systems. It focuses on cyber threats posed by end-user appliances on power grid operations.  

Furthermore, PrivIoT project seeks to prevent potential digitally enabled harms from the convergence of home devices with wider IoT systems. This aim is achieved by providing end users effective tools around privacy, security, and personal safety. The project specifically focuses on the UK government’s smart meter rollout with home IoT devices, smart meters, and Demand-Side Mangement (DSM) technologies.

PrivIoT project lead Dr James Nicholson at Northumbria University, added:

This project is a collaboration between the universities of Northumbria, Royal Holloway, Manchester and Nottingham, and includes OTASKI Energy Solutions, Toshiba, and CybSafe as non-academic partners who will drive different aspects of the project. We are very excited to be involved in this project, which takes a socio-technical approach to minimise the security and privacy harms that can arise from combining multiple, novel, connected technologies in the home. We will be looking to truly understand the technical landscape of concrete threats before exploring how best to communicate these to citizens and encourage open discussions amongst communities. Finally, we will explore tools that support citizens’ understanding of these harms while also allowing them to control data flows.’ 

Cybersecurity of the IoT in Critical National Infrastructure (CNI) industries such as transport, energy and utilities is a strategic priority for the UK Government and is an area that PETRAS has a strong legacy in. The implications of cyber breaches in this domain was made all too apparent with the recent incident on US oil and gas pipe lines described as “one of the most expensive attacks to an economy.”

Looking at solutions for securing IoT systems in the utilities sector, the PSWaRMS project will use AI-based technology to focus on the water sector in particular. The project recognises the commonality of concerns across the CNI sectors, exploring the security processes for cyber-physical systems to build a generalisable approach through detailed, practical work to demonstrate the effectiveness of the approach across the CNI sectors.

PSWaRMS researcher Dr Nilufer Tuptuk commented:

‘PSWaRMS is a collaboration between two leading universities in cybersecurity (University College London and University of Warwick), a water supply and treatment utility company (Yorkshire Water) and a cybersecurity service specialist in security of CNI (Nexor), to develop a set of proactive security capabilities to protect CNIs against existing and future cyber attacks. The project involves developing an AI-driven situational awareness tool that gathers data from external and internal sources to manage security, and development of a moving target defence mechanism using AI-generated randomised network settings to reduce the attack surface.’

The CoSTCMoRS project focuses on Modern Railway Systems (MRS) within the CNI domain. Here IoT solutions are used to resolve some of the complexities of managing a variety of emerging functionalities, performance aspects, and productivity needs of operators and users. The presence of these new solutions means greater potential attack surfaces in a sector where cyber attacks can mean danger to life. 

Moreover, the new global payments ecosystem, including cashless payment systems, is the result of converging telecommunications, banking and retail industries. Cashless systems reduce some of the costs and risks associated with retail transactions, and they offer some societal benefits such as the potential to thwart tax evasion and the financing of certain illicit activities.  At the same time, existing cashless payment systems can also undermine privacy, expose both ‘banked’ and ‘unbanked’ individuals to unwelcome discrimination, introduce new vectors for cyber attacks, and shift the balance of control from asset owners to asset custodians.   

The FIRE project looks at tackling these areas of concern with a focus on digital payment systems that possess cash-like features such as accessibility, non-discrimination, privacy, and custodianship on the part of owners.  The solutions that have been proposed so far for central bank digital currency generally lack these features, but alternatives are possible.

FIRE project lead Dr Geoff Goodell at UCL said:

‘Modern retail payment technology creates honeypots of data that can be easily breached and emboldens criminals through its reliance upon asset custodians and high-stakes identity credentials. Through our partnership with the Bank of England, BSI, and everis UK, we seek to explore options that offer verifiable privacy, not just empty promises of data protection, and literally put control in the hands of users in the form of secure devices.’ 

See the full list of 18 research projects funded through PETRAS’s 2nd SRF Funding Call below:

  • Adversarial Machine Learning on the Edge (AMLoE), Prof. Emil Lupu, Imperial College London 
  • Cognitive and Socio-Technical Cybersecurity in Modern Railway System (CoSTCMoRS), Dr Hongmei He, De Montfort University 
  • Cyber Security and Privacy in Fertility Technologies (CyFer), Dr Maryam Mehrnezhad, Newcastle University 
  • Formal methods for Agritech Resilience Modelling (FARM), Dr Michele Sevegnani, University of Glasgow 
  • Future Infrastructure for Retail Remittances (FIRE), Prof. Tomaso Aste, University College London 
  • Physical Graph Based Wireless IoT Security with No Key Exchange (GraphSec), Prof. Weisi Guo, Cranfield University 
  • Health IoT Privacy and Security Transferred to Engineering Requirements (HIPSTER), Dr Daniel Prince, Lancaster University 
  • Multimodal AI-based Security at the Edge (MAISE), Dr José Cano Reyes, University of Glasgow  
  • Power Grid IoT System Protection and Resilience using Intelligent Edge (Power-SPRINT), Dr Subhash Lakshminarayana, University of Warwick 
  • Privacy-preserving Data Sharing and Trading Ecosystem for Distributed Wireless IoT Networks (PRISTINE), Dr Lei Zhang, University of Glasgow 
  • Understanding and Mitigating Privacy risks of IoT Homes with Demand-Side Management (PrivIoT), Dr James Nicholson, Northumbria University 
  • Processes for Securing for Water Resource Management Systems (PSWaRMS), Prof. Stephen Hailes, University College London 
  • Preventing THErmal ATtacks (PT.HEAT), Dr Mohamed Khamis, University of Glasgow 
  • Regulatory and Standardization Challenges for Connected and Intelligent Medical Devices (REG-MEDTECH), Dr Irina Brass, University College London  
  • Robustness-as-Traceability: Secure and Legal Calibration Workflows in IoT (RoasT – IoT), Dr Shishir Nagaraja, University of Strathclyde 
  • Secure Payments in Smart Environments (SPiSE), Prof. Ivan Martinovic, University of Oxford  
  • Trustworthy, Software-Defined Cyberattack Detection and Mitigation at the Network Edge (TruSDEd), Prof. Dimitrios Pezaros, University of Glasgow 
  • Increasing User trust in Mobility-as-a-Service IoT ecoSystem (UMIS), Dr Gary Wills, University of Southampton

If you are an organisation in public or private sectors and are interested in collaborating with PETRAS, you can contact our Business Development Team at petras@ucl.ac.uk

Notes to Editors

About PETRAS and the 2nd SRF Funding Call

  • PETRAS is part of the Securing Digital Technologies at the Periphery (SDTaP) programme funded by UKRI’s Strategic Priorities Fund.  
  • The 18 projects will be awarded over £3.6 M through PETRAS’s 2nd SRF Funding Call  
  • PETRAS expands its consortium by bringing on new Research Institutes through its open national funding calls.  
  • New Research Institutes brought on through the 2nd SRF call (subject to completion of contract execution) are: Cranfield University, De Montfort University, Durham University, University of Manchester, Royal Holloway, University of London, University of Strathclyde. 
  • PETRAS exists to ensure that technological advances in the IoT and associated systems at the edge of the internet are safely and securely developed and applied in private and public sector contexts. We do this by considering social and technical issues relating to the cybersecurity of IoT devices, systems and networks.  
  • PETRAS is a consortium that connects twenty-two research institutions with outstanding expertise in securing the connected world. They are University College London, Imperial College London, University of Oxford, Lancaster University, University of Warwick, University of Southampton, Newcastle University, University of Nottingham, University of Bristol, Cardiff University, University of Edinburgh, University of Surrey, Coventry University, Northumbria University, Tate, University of Glasgow, Cranfield University, De Montfort University, Durham University, University of Manchester, Royal Holloway, University of London, and University of Strathclyde. 

About UK Research and Innovation (UKRI) and Securing Digital Technologies at the Periphery’ (SDTaP)

  • UKRI is a non-departmental government body which works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish. They aim to maximise the contribution of each of their component parts, working individually and collectively. They work with their many partners to benefit everyone through knowledge, talent and ideas.  
  • The £30.55m SDTaP programme is funded by UKRI’s Strategic Priorities Fund and lead by the Engineering and Physical Sciences Research Council. The programme aims to ensure that the IoT systems are safe and secure, particularly as more critical applications emerge meaning there is increased vulnerability to broader, more sophisticated cyber-threats.