We are currently working on a number of different research areas including:
With the continued drive for efficiency to increase competitiveness through automation and manufacturing processes, many industrial systems established in the industrial age have been thrown into today’s data-driven digital world. Industrial systems, historically, have not been planned or executed with digital security as a priority and although these systems are programmed to fail safe, the concern is how they might function when being operated by a malicious actor. We live in a complex interconnected ecosystem consisting of technology, data, people, processes and infrastructure all communicating together interdependently. Whilst this evolution brings many advantages to industry and society, there is a growing threat to the cyber-security of traditional safety-critical systems, whether aggressive attacks or unintended mistakes.
The interconnection of critical infrastructure leads to hidden interdependencies. The potential impact of a cybersecurity incident on an organisation may affect the health and safety of individuals, the environment and the broader economy and society. The intent of this research is to explore existing Operational Technology systems and provide automated processes built around captured expertise. Such a system would help an organisation address resilience by better understanding their systems using tools developed from knowledge automation principles and associated technology.
This research addresses the problem of risks in Industrial Control Systems. There are several major factors that affect risks in Industrial control systems. The first is the risk and vulnerability caused by the interdependencies of system of systems. A major factor is the use of legacy technology which is unable to supply the security from cyber threats. A factor is the lack of representation in risk of the social technical aspect of these systems of systems. Another factor is the lack of importance placed on the proper management of risk through a continuous process. This projects aim is to address these factors through a comprehensive review on all issues surrounding risk in Industrial control systems. This research makes use of research methods of observation and interviews to gather data from experts in the risk management and assessment areas. Data gathering forms a basis for a solution prototype following an action research method. Expertise from Thales and their customers are a core source of knowledge for the project.
It involves a consortium of partners, working in collaboration to create an end-to-end mobile forensic investigation chain, striving to improve digital safety, and security in the EU while respecting fundamental rights.
A result of the project will be a standardised European process for the forensic investigation of mobile phones.
It is also an aim for the new FORMOBILE standard to become a European Committee for Standardisation (CEN), Workshop Agreement (CWA).
CWAs are frequently the forerunner of ENs and ISO standards. The objective is to collect the best practices and common working methods - combining them to an agreed standard, which is to be adopted by the relevant stakeholders across Europe.
The standard will also consider fundamental frights, contributing to EU efforts in protecting and promoting human rights, democracy and the rule of law.
Utilisation of a common, pan-European standard will allow LEAs and other related associations to increase efficiency and efficacy when dealing with mobile device-related crime.
The wider espousal of smart vehicle technology around the globe is becoming a reality.
Smart vehicles, powered through smart grids, offer key benefits such as reduction in carbon footprint, data monitoring, low noise and potentially many others. These smart vehicles have several embedded sensors and actuators.
The data, generated by these sensors, are shared, subject to appropriate authorization, with several entities such as vehicle owners, vehicle-related service providers, vehicle manufacturers, government organisations and marketing agencies. Similarly, the relevant data by all involved bodies and entities are shared with related stakeholders for operational and efficiency reasons.
The accuracy of the decision making of all involved bodies heavily relies on the trustworthiness of the involved entities and their generated data.
This project intends to explore the possibility of designing and developing a novel reputation management framework for smart vehicles and other involved entities of the whole ‘smart vehicle ecosystem’.
Gareth Davies is working on the Incident Response and Digital Forensics aspects of ResiCAV, a pioneering project to ensure that connected and autonomous vehicles (CAVs) and their infrastructure are protected against rising cybersecurity threats.
Combining cross-sector expertise, it is delivered by a consortium led by HORIBA MIRA, Thales and BT, with support from the University of South Wales, University of Warwick, Coventry University, Bristol University, the Centre for Modelling & Simulation, Oxfordshire County Council, AESIN Techworks, plus the National Digital Exploitation Centre (NDEC).
Despite the rapid developments in multiscale cyber-physical systems such as smart home, smart grid, smart vehicular network, smart transportation, avionics and maritime systems, the data transmitted by the contributing sensing devices are vulnerable to anomalies due to attacks, node faults and transmission errors. This may affect the consistency of the received data and may lead to the incorrect decision making at both ‘local’ and ‘global contexts’.
This project aims to introduce novel anomaly detection schemes which consider stochastic variability and other underlying characteristics of data. This interdisciplinary study draws knowledge from several theoretical fields such as fuzzy logic, fuzzy random variables, decision theory, optimization theory and others.
The designed and developed schemes empower anomaly detection system to detect multifaceted anomalies with higher accuracy and efficiency.
Energy Internet (EI)-based vehicle-to-grid (V2G) technology facilitates the vehicles to not only inject additional electricity into smart grids, but also enable them to receive electricity.
The secure key establishment is imperative in order to securely initiate the process of bidirectional electricity power delivery. To effectively realize EI-based V2G communication, the authentication protocol must be robust against cyber-attacks. This study aims to not only explore the drawbacks of several smart grid-based authentication protocols, but also presents innovative key agreement schemes to overcome those limitations.
We particularly work on removing drawbacks which may disrupt proper functioning of the protocols and cause de-synchronisation issues. Our designed schemes intend to be both robust and efficient.
The results are typically compared with several contemporary schemes, and security characteristics of our schemes are typically validated through both formal and informal analyses.
Are Digital Forensic Investigators under-estimating the importance of Steganography within criminal investigations?
This research explores the use of the anti-forensic technique of Steganography, the method of hiding data within data.
There are a range of freely available software tools online for computer users to utilise which enables the hiding of potentially incriminating data.
We conducted research into the active digital forensic investigators to determine if this potentially powerful technique is under-estimated in the current age.
Sensing-as-a-Service paradigm has advanced several Industrial Internet of Things (IIoT) applications in different real-world settings. The aim of this study is to consider smart factory.
The selection of an appropriate set of services, among discovered services which are result of
the discovery process, remains a vital challenge by keeping intact the service data privacy.
Unlike existing Quality-of-Service (QoS) information, this study has aimed at exploiting topological and other such underlying information to rank industrial sensing services.
Our approach considers both local (node level) and global (topological) information to compute ranking scores.
Furthermore, some additional features, such as degree (drawing knowledge from network theory), are also studied and then incorporated in the process of the ranking of industrial sensing services.
The suitability of onion routing is studied to offer anonymous communication in order to prevent unauthorized entities from accessing ranking results in the whole process.
Modern learning systems are integration of learning resources with human interactions in IT infrastructure-enabled face-to-face and online (virtual) environments.
The utility of learning objectives needs to be measured in these feedback-driven learning environments. This study intends to design and develop comprehensive trust evaluation models to support decision making.
The models employ key parameters such as previous course result percentage, active participation and reputation of learners. The weighted models are dynamic in nature and capable to compute user-specified trust values of learning objectives.
The preliminary work of this study received the best paper award in IEEE ComTech 2017.