Cybersecurity Research Students and the Digital Economy

At the last DE lunch on 29 October 2012 Maire Evans, Dominic Hobson and Mu Yang spoke about their respective research activities in the area of Cybersecurity, co-ordinated via the Academic Centre of Excellence in Cybersecurity Research. I thought that this offered a perfect example of multidisciplinary research in the Digital Economy and so I asked them to provide some collective thoughts on their research and working.

Mu Yang is a fourth year Ph.D. student from Web and Internet Science research group in ECS. Her research was partially funded by an ECS scholarship. Mu Yang has been investigating the security, privacy properties in anonymity networks. In particular, she has looked at various attacks which compromise the security of anonymity networks, modelled these attacks analysing the security loss, developed a game-theoretic model for studying users’ cooperation and selfish behaviours, and proposed a mechanism encouraging exit traffic in Tor under mechanism design theory.

Dominic Hobson just started the PhD phase of a 4 year integrated PhD (1 + 3) in Web Science  having come fresh from an undergraduate degree in Computing Science. His funding was provided through the Web Science DTC which is in turn funded by the RCUK Digital Economy Theme. At the moment, his research is focused on how people pay for illegal things online. He is particularly interested in what, at the moment, seems to be a common payment method called Bitcoin which has many features that make life extremely challenging for authorities but at the same time has many legitimate uses. This is a technically and socially fascinating system.

Maire Evans has also just started the PhD phase of the iPhD, along with Dominic. Maire has a first degree in Philosophy and Linguistics and a taught conversion MSc in Computer Science. She has since worked in corporate reporting, information and knowledge management, communications and editorial, as well as having taught for a brief period. Her research centres around Crime and Cybercrime, with a focus on Open Crime Data and Social Machines.

What most interests you about Cybersecurity?

Dominic: “Cybersecurity really interests me as it requires everyone involved to be thinking outside the box. Criminals will always try and stay one step ahead, and with technology evolving so quickly, there’s always new avenues to be pursued. The ‘good guys’ have to in turn stay one step ahead but with added pressures and issues such as international law, politics, human rights, public opinion and more.”

Mu: “Cybersecurity is of paramount and growing importance, and anonymity in cybersecurity has become an essential requirement of today’s society. Its importance is increasingly recognised as crucial in many fields of computer-supported human activities, such as e-commerce, web surfing, consumer profiling, personalised advertising. Anonymity is needed both by individuals and organisations who want to keep their identities, interests and activities confidential.”

Maire: “I love the way Cybersecurity as a conceptualised issue picks up on several layers running through society, to do with technology and our relationship with it, and then also to do with issues to do with crime, safety and our feelings of vulnerability. There are many ethical issues arising from the marriage of technology and individuals or societies that possibly call for a re-framing of some of the old ways of making judgements about good and evil, right and wrong and how to explore these. So it is an instantly compelling Web Science topic.”

How is your work multidisciplinary?

Dominic: “My work is joint between criminology and computing science. Computing science has already a large body of literature on security, focusing on things like finding, exploiting and patching up vulnerabilities in technology. Criminology has a large body of literature on the behaviour, motivation, policing and generally the human side to the problem of crime, some of which also relates to cybercrime. My work falls between the two with the aim of understanding how and why criminals choose and use technology. The two disciplines at present typically have little intersection: computing science aims to understand how, but may lack some of the human-oriented methodologies or concern to explain why. On the other hand criminology aims to understand the why but doesn’t always have the technical understanding of how. Without a multidisciplinary approach, we end up with policies that are not technically practical, viable or feasible and creating technologies with little consideration of the human implications or societal impact.”

Mu: “Besides the techniques in Computer Science, my work involves some theories from Economics, such as game theory. By assuming the users in networks rational, we use game theory studying users’ behaviours and strategies, and then design mechanisms to improve the security and reliability of anonymity networks.”

Maire: “I found that this topic allowed me to call upon my background which encompasses Philosophy and Computer Science, along with more recent work I’ve been doing on Policy, Privacy (and the ethics of the Web), discourse analysis, network theory and actor network theory.”

How do you manage the difficulties of multidisciplinary research?

Dominic: “With multidisciplinary research, you typically have more varied people involved – for example, my PhD supervisors are based in Criminology and Computing Science. The difficulty I find is ensuring that everyone involved fully understands the big picture and sees their role within it, how their discipline is important and why integrating with others is beneficial. To do this requires extensive practice at explaining concepts and ideas in a way that is both understandable and appealing to those involved.”

Mu: “Besides reading books of these theories in Economics, the existing centres, and in particular the Academic Centre of Excellence in Cybersecurity Research and the Digital Economy USRG, provide me with opportunities to learn how other researchers undertake their multidisciplinary research and to communicate with new researchers.”

Maire: “I found it absolutely illuminating to have supervisors from Politics and Computer Science. Part of what I’m trying to explore is how to intelligently create policy that is web-mediated, while recognising that the Web is a living, breathing, Protean space. Part of the story of Proteus is that he will answer questions only to those who are capable of capturing him. This to me is the Web – a place of sea-change- (and a problem with Cybersecurity policy – it doesn’t seem to capture the essence of the Web – Proteus has escaped the policy-makers again). So as I went around talking to my supervisors, advisers and interviewees, I found there was a sort of chaos of ideas and ontologies emerging. This is frightening to try to capture, but it is exciting to feel all these powerful ideas emerging and in competition with each other. I think that the way of coping with the attendant difficulties is to be patient with oneself and not to try to capture all of them at once!”

How does your work fit with that of the other two?

Dominic: “My work encourages a strong interdisciplinary approach, citing issues with taking just a ‘technical’ or just a ‘social’ approach to the problem of cybercrime. Maire’s work on policy highlights some of the flaws in the process of policy creation, showing how lack of communication and information sharing between fields is a real issue in the real world. Mu’s work on encouraging participation on Tor shows how tools associated with nefarious uses still have legitimate applications and that the technology needs to be developed with human use in mind. We are all involved with the Academic Centre of Excellence in Cybersecurity Research at Southampton which is encouraging and supporting interdisciplinary approach to cybersecurity research, as recognised by the GCHQ and EPSRC under the Global Uncertainties Agenda.”

Mu: “Dominic talked about the criminal use of online payment systems and how people adapt to avoid being caught. This involves the techniques of anonymity systems which aim to provide people with a ‘hidden’ service for their online activities. Maire’s work includes a focus on creating effective and responsive policy for cybersecurity, and a proposed alternative framework for studying our research problems.”

Maire: “I think our work interleaves, as we all seem to be trying to understand some of the nuances that the incredible architectural construct that is the Web throws up, and how ethical perspectives change as you move through its layers.  I like the quote from Marina Warner:

The material of terror focusses only blurringly on understanding harm; instead it mostly confuses calamity with malignant agency-or rather makes the damage more bearable by perceiving it as intentional rather than random
One of the chief moral problems revealed by the fantasies of fear is that they search for a guilty party.” (Warner, 2000)

We all seem to be looking at definitions of criminality as they intersect with tools that are associated with “dodgy purposes” or used by “dodgy people”, so there is much searching for guilty parties, perhaps without stepping back and looking for definitions of agency and intention and how these might change as we move through the bits of our world that are web-mediated.”

Links