Academic Centre of Excellence in Cyber Security

Blog

The 2nd Southampton Cybercrime Symposium

March 18, 2015
by Vladimiro Sassone

banner

Following the success of last year’s South East Cybercrime workshop, which saw the bringing together of academia and authorities around the topic of cybercrime, we are pleased to announce the Second Southampton Cybercrime Symposium, to be held on Tuesday 24th March 2015 at the Winchester School of Art.

This year’s event will include speakers from across academia, as well as the Director of the NCA’s NCCU, Dr Jamie Saunders, speakers from the College of Policing, Nominet, Regional Organised Crime Units and more:

Time talk profile
8:30 – 9:00 Arrival, registration & coffee
9:00 – 9:05 Mark Spearing: “Welcome” Southampton, Provost of the University
9:05 – 9:15 Vladimiro Sassone: “Cyber security & academia” Southampton Cyber Security Centre, Director
9:15 – 9:45 Craig Jones: “Policing cyber crime in the south east region: one year on…” SEROCU, Head of Forensics and Cybercrime Units
9:45 – 10:15 Roy Arends: “Cybercrime footprints in DNS” Nominet, Research Fellow
10:15 – 10:45 Tony Noble: “Overview of College cyber training” College of Policing Cyber Crime Coordinator
10:45 – 11:15 Coffee Break
11:15 – 11:45 Ben Snuggs: “Cybercrime – A local response” Hampshire Constabulary Cyber Crime Lead, DCS
11:45 – 12:15 Michael Levi: “Fraud and the role of the public and private sectors” University of Cardiff, Professor of Criminology
12:15 – 12:30 Morning wrap up
12:30 – 13:30 Lunch
13:30 – 14:00 Jamie Saunders: “Building partnerships nationally and internationally” NCA, Director of National Cyber Crime Unit
14:00 – 16:30(break and change session at 15:00) Parallel breakout sessions
  1. Police Knowledge Fund: opportunities for cyber training.
  2. Cooperation police/academia: how & when?
  3. Continued professional development and training essentials for cyber officers.
  4. Topic to be selected by the symposium participants during the event
16:30 – 17:00 Regroup and Share
17:00 – 17:15 Closing

After a morning of presentations, the afternoon will see participants split off into breakout groups which aim to capitalise on the broad range of backgrounds and skillsets attending in an attempt to approach some of the broader issues surrounding cybercrime and policing.

2ndCybCrimeSympPoster
Attendance is free but by invite only, however, if you are key player dealing with cybercrime in the forces, academia or public sector, please contact Professor Vladimiro Sassone for more information.

A 2-tiered legal framework to protect cryptocurrency users and innovation

December 11, 2014
by Dominic Hobson

A Call for Information relating to cryptocurrencies was put out by the UK government, available here. Naturally, we sent a response.

One idea I’ve been thinking of lately which I dropped in this response was that of a 2-tiered legal framework for cryptocurrencies. In summary, it involves a tier of “accredited” services, which require costly audits, surety bonds or capital holdings and other things required to protect the consumer and an implicit “unacceredited” set of services which would be cheaper, more innovative but higher risk.

Here are a few paragraphs from our response to the CfI relating to this:

“Many people have been the victim of accidental and intentional fraud with cryptocurrencies. The instances of fraud being referenced are those which involve a service provider which holds cryptocurrencies on behalf of users, be it an ewallet or an exchange, which has either intentionally run away with users funds or accidentally lost funds as part of a security breach. Such fraud has made up a large amount of media coverage relating to cryptocurrencies.

At current, many of these services are required to comply with anti-money laundering regulations, such as requiring formal identification documents from users to verify identities. However, these serve as barriers to entry, being costly to implement properly, making them unsuitable for a bedroom-programmer/entrepreneur such as those types who have lead early innovation with cryptocurrencies. These regulations may prevent a few cases of service providers running away with money and also make laundering more traceable, they do not present any protection in cases where the service has been breached and money has been stolen.

However, any measures put in place to insure against or prevent loss through breaches are going to be costly for the service provider and hinder innovation, typically pushing up the price of the service for the consumer.

For this reason, we suggest a 2 tiered regulator approach, in the form of an accreditation scheme. Merchants could opt in to become accredited. This would be a relatively costly endeavour, requiring external security audits, capital reserves or surety bonds and other measures to ensure that a breach is less likely and should one occur, ensure that the business has the funds available to fully reimburse customers. Due to the burden of accreditation, accredited services would likely be slightly more expensive and renewal of the accreditation in light of changes to the service may slow innovation. However, they would be able to market themselves as accredited and protected, attracting business and other customers who otherwise may not use cryptocurrency services due to security concerns or risks.

This would also create a tier of unaccredited services. Such services would be very loosely regulated. These services must explicitly warn users they are not heavily protected and that the user faces increased risks. However, an unaccredited business would be far quicker, cheaper and easier to legally establish, providing a faster and more dynamic service, typically at a cheaper price to represent the increased risks and lower overhead costs.

We believe this particular approach would present a balanced solution to the issue of consumer protection vs innovation. However, at current, unaccredited services would still be required to implement AML/KYC measures with the intention of reducing economic crimes such as laundering – these measures still serve as a barrier for entry.”

Whilst not a perfect solution, perhaps it could be a start point for some regulations which allows those who want to shoulder their own risk to do so, whilst protecting those less confident users.

Spanish smart metering programme in trouble

October 16, 2014
by Vladimiro Sassone

share crypto-keys, allow device ID-spoofing, accept unsigned firmware, any surprise you get in trouble?  

Google's transparency report

October 12, 2014
by Vladimiro Sassone

: 58% of requests to be forgotten upheld. would be nice to see what criteria are applied

on the mystery of the mobile devices wiped out

October 9, 2014
by Vladimiro Sassone

on the surprising mystery of the mobile devices seized as evidence by police wiped out remotely…

#JPMorgan suffers #cybersecurity attack

October 3, 2014
by Vladimiro Sassone

suffers attack, leaks name/address from 83m accounts, but says no critical info was taken..

UK Preferred Cyber security standards

December 8, 2013
by Vladimiro Sassone

uk govmnt’s preferred standard in #cybersecurity a step towards the “basic cyber hygiene” document bit.ly/J4taKp

 

cybersecurity annual conference

December 3, 2013
by Vladimiro Sassone

participanting in academic centres if excellence in #CyberSecurity research annual conference.

Photo on 2013-12-03 at 12:33.jpg

LG collects user data with smart tv

November 22, 2013
by Vladimiro Sassone

beware your #smarttv: a spy in he house: #LG admits to have collected user data by stealth #cybersecurity ow.ly/r540V

NSA taps clouds

November 3, 2013
by Vladimiro Sassone

how #nsa taps clouds & how #google belatedly dashes to encrypt datacentres comms #muscular http://wapo.st/1al1fLG  pic.twitter.com/xeQVHk9RlL