Month: July 2019

UCL’s Centre for Doctoral Training in Cybersecurity

It has become increasingly apparent that the world’s cybersecurity challenges will not be resolved by specialists working in isolation.

Indeed, it has become clear that the challenges that arise from the integration of emerging technologies into existing social, commercial, legal and political systems will not be resolved by specialists working in isolation. Rather, these complex problems require the efforts of people who can cross disciplinary boundaries, communicate beyond their own fields, and comprehend the context in which others operate. Computer science, information security, encryption, criminology, psychology, international relations, public policy, philosophy of science, legal studies, and economics combine to form the ecosystem within which cybersecurity problems and solutions are found but training people to think and work across these boundaries has proven difficult.

UCL is delighted to have been awarded funding by the UK’s Engineering and Physical Sciences Research Council (EPSRC) to establish a Centre for Doctoral Training (CDT) in Cybersecurity that will help to establish a cadre of leaders in security with the breadth of perspective and depth of skills required to handle the complex challenges in security faced by our society. The CDT is led by Prof Madeline Carr (Co-Director; UCL Science, Technology, and Public Policy), Prof Shane Johnson (Co-Director; UCL Security and Crime Science), and Prof David Pym (Director; UCL Programming Principles, Logic, and Verification (PPLV) and Information Security).

The CDT is an exciting collaboration that brings together research teams in three of UCL’s departments – Computer Science, Security and Crime Science, and Science, Technology, Engineering, and Public Policy – in order to increase the capacity of the UK to respond to future information and cybersecurity challenges. Through an interdisciplinary approach, the CDT will train cohorts of highly skilled experts drawn from across the spectrum of the engineering and social sciences, able to become the next generation of UK leaders in industry and government, public policy, and scientific research. The CDT will equip them with a broad understanding of all sub-fields of cybersecurity, as well as specialized knowledge and transferable skills to be able to operate professionally in business, academic, and policy circles.

The CDT will admit candidates with a strong background in STEM (CS, Mathematics, Engineering, Physics) or Social Sciences (Psychology, Sociology, International Relations, Public Policy, Crime Science, Economics, and Management), either recent graduates or mid-career. Each will be trained in research and innovation skills in the multidisciplinary facets of cybersecurity, (computing, crime science, management and public policy) and then specialise within a discipline, with industrial experience through joint industrial projects and internships.

For more information, including directions for applications, please visit the cybersecurity CDT website.

Hiring Research Assistants and PhD students

We’re happy to announce that we have several open positions!

Privacy & machine learning

Emiliano De Cristofaro has at least one post-doc position in privacy and machine learning. The researcher will work with him and others in UCL’s InfoSec group. For a sample of our recent work in the field, please see Emiliano’s publications on this topic.

Please email jobs@emilianodc.com with questions or apply directly before 25 July 2019.

Note that we would be keen to hear from both PhD students looking for part-time research work, as well as people looking for longer-term full-time post-doctoral positions.

Web measurements

Multiple positions are available in the context of a project based at the Alan Turing Institute on cyberbullying and cyberhate, led by Emiliano De Cristofaro and Gareth Tyson. The project will primarily focus on measurements research, i.e., gathering and analysing various types of social datasets.

For a sample of our recent work in this space, please see Emiliano’s publications on this topic.

Again, we would be keen to hear from both PhD students looking for part-time research work, as well as people looking for longer-term full-time post-doctoral positions.

Please email edecristofaro@turing.ac.uk if you have questions.

PhD positions with Philipp Jovanovic

Members of the InfoSec group are always looking for talented PhD students to join their team. If you would like to investigate opportunities, please do check their website for details of their research interests and contact instructions. We are particularly happy to announce that Philipp Jovanovic will join our group as an Associate Professor starting in January 2020, and he is inviting applications for PhD students.

Philipp’s research interests broadly cover applied cryptography, privacy, and decentralised systems. His current work focuses on building scalable, privacy-preserving, decentralised protocols (such as ByzCoin, RandHound, OmniLedger, or Calypso). He has also worked on a wide variety of other security-related topics in the past, including design and analysis of symmetric cryptographic primitives, side-channel attacks and countermeasures, and the security analysis of systems deployed in the real world such as the Transport Layer Security (TLS) protocol or the Open Smart Grid Protocol (OSGP).

For an overview of his work, please visit Philipp’s website.

If you’re interested in working with Philipp as a PhD student, please email philipp@jovanovic.io.

New CDT in cybersecurity

We have several PhD positions funded through the new Centre for Doctoral Training in Cybersecurity (CDT). Please see the article about the CDT for more details and instructions to apply.

Will dispute resolution be Libra’s Achilles’ heel?

Facebook’s new cryptocurrency, Libra, has the ambitious goal of being the “financial infrastructure that empowers billions of people”. This aspiration will only be achievable if the user-experience (UX) of Libra and associated technologies is competitive with existing payment channels. Now, Facebook has an excellent track record of building high-quality websites and mobile applications, but good UX goes further than just having an aesthetically pleasing and fast user interface. We can already see aspects of Libra’s design that will have consequences on the experience of its users making payments.

For example, the basket of assets that underly the Libra currency should ensure that its value should not be too volatile in terms of the currencies represented within the reserve, so easing international payments. However, Libra’s value will fluctuate against every other currency, creating a challenge for domestic payments. People won’t be paid their salary in Libra any time soon, nor will rents be denominated in Libra. If the public is expected to hold significant value in Libra, fluctuations in the currency markets could make the difference between someone being able to pay their rent or not – a certainly unwelcome user experience.

Whether the public will consider the advantages of Libra are worth the exposure to the foibles of market fluctuations is an open question, but in this post, I’m mostly going to discuss the consequences another design decision baked into the design of Libra: that transactions are irrevocable. Once a transaction is accepted by the validator network, the user may proceed “knowing that the transaction can never be changed or reversed“. This is a common design decision within cryptocurrencies because it ensures that companies, governments and regulators should be unable to revoke payments they dislike. When coupled with anonymity or decentralisation, to prevent blacklisted transactions being blocked beforehand, irrevocability creates a censorship-resistant payment system.

Mitigating the cost of irrevocable transactions

Libra isn’t decentralised, nor is it anonymous, so it is unlikely to be particularly resistant to censorship over matters when there is an international consensus. Irrevocability does, however, make fraud easier because once stolen funds are gone, they cannot be reinstated, even if the fraud is identified. Other cryptocurrencies share Libra’s irrevocability (at least in theory), but they are designed for technically sophisticated users, and their risk of theft can be balanced against the potentially substantial gains (and losses) that can be made from volatile cryptocurrencies. While irrevocability is common within cryptocurrencies, it is not within the broader payments industry. Exposing billions of people to the risk of their Libra holdings being stolen, without the potential for recourse, isn’t good UX. I’ve argued that irrevocable transactions protect the interests of financial institutions over those of the public, and are the wrong default for payments. Eventually, public pressure and regulatory intervention forced UK banks to revoke fraudulent transactions, and they take on the risk that they are unable to do so, rather than pass it onto the victims. The same argument applies to Libra, and if fraud becomes common, they will see the same pressures as UK banks.

Continue reading Will dispute resolution be Libra’s Achilles’ heel?