SCONE meeting, 25/02/2010
The final programme is here, and we thank everyone who attended, and especially those who presented.
Room H.18, Merchiston Campus, Edinburgh Napier University.
This SCONE event aims to showcase the excellence in the research built around the SICSA Next Generation Internet theme. The programme covers a wide range of research tops, but with a special focus on presentations on the areas of security and trust. For this the SICSA Next Generation Internet theme outlines the development of the Internet towards a ubiquitous infrastructure, of which key research targets are related to security and trust. Without these the Internet will not truly scale to encapsulate every aspect of our lives, and leave threats to the future economy and to our own personal integration with the Internet.
The following were approximate timings from the meeting.
1pm Introduction, Bill.
1:10pm Social Network Security and Privacy: The Good, the Bad and the Ugly, Mike Just (University of Edinburgh)
1:35pm SecureAngle: Improving Wireless Security with Angle-of-Arrival, Kyle Jamieson (UCL)
2:00pm Knowledge sharing for systems engineering and the Internet of Things, Paola Di Maio (University of Strathclyde)
2:25pm Social Roles for Opportunistic forwarding, Greg Bigwood (University of St. Andrews)
2:50pm Novel Information Sharing Architecture between the Police and their Community Partners, Omair Uthmani (Edinburgh Napier University)
- 3:15pm Coffee
3:40pm Privacy-Preserving Data Retrieval Framework, Zbigniew Kwecka (Edinburgh Napier University)
4:05pm Profiling Normal Network Behaviour for Robust Anomaly Diagnosis, Angelos Marnerides (Lancaster University)
4:30pm Understanding Tidal Fading on Rural Long Distance Over-Water Wireless Links, Alex Macmillan (University of Edinburgh)
4:55pm Virtual Worlds, Real Traffic: Interaction and Adaptation, Iain Oliver (University of St Andrews)
5:20pm Security Challenges for Learning in 3D MUVE – Our Experiences, Indika Perera (University of St Andrews)
5:45pm Cross Layer Neighbourhood Load Routing for Wireless Mesh Networks, Liang Zhao (Edinburgh Napier University)
6:10pm Intrusion Detection and Response in Open Multi-agent Systems, Shahriar Bijani (University of Edinburgh)
- Special thanks go to Richard Mcfarlane, Mathew Miehling and Ahmed Al-Dubai for helping to organise the event.
1) Title: Social Network Security and Privacy: The Good, the Bad and the Ugly
- Abstract: While creating new opportunities for users to communicate, collaborate and share information, social networks (e.g., Facebook) also introduce some interesting challenges for both security and privacy. In this talk, I will review recent work in this area and discuss some of the outstanding research challenges.
2) Title: SecureAngle: Improving Wireless Security with Angle-of-Arrival
Abstract: Wireless networks play a key role in our business and personal lives, but make the network vulnerable to attack from a comfortable distance. Attackers circumvent security protocols such as WEP and WPA with impunity, allowing them to break into the network and resulting in disastrous consequences for organisations. The result is an ongoing competition between new exploits and better wireless security protocols. To fundamentally change this status quo, we propose SecureAngle, an approach to wireless security designed to operate alongside and strengthen existing wireless security protocols. SecureAngle uses cutting-edge multiple antenna signal processing to profile the directions at which a client's signal arrives at the access point and thereby construct signatures that uniquely characterise each client. In this talk, I will explore some potential uses of SecureAngle's signatures: virtual fences, to disallow wireless connections from outside a building or conference hall; address spoofing protection, to prevent malicious clients from masquerading as trusted clients; and a number of more speculative future applications.
3) Title: Knowledge sharing for systems engineering and the Internet of Things
- Abstract: Systems Engineering as it is taught and practiced today, often does not account for the strategic importance of knowledge sharing and knowledge exchange. This can contribute to some poor understanding and consequent sub optimal systems architectures and configuration. Security and trust are a key inhibitors or promoters of knowledge sharing and exchange. In my research I look at future scenarios, which I refer to broadly as 'networks of things. I will share with the audience some of the underlying research questions, and speculate what will knowledge exchange look like in the age of embedded intelligence.
4) Title: Social Roles for Opportunistic forwarding
Opportunistic networks exploit human encounters to enable new mobile networked applications. Efficient routing for these types of networks relies on utilising encounters between nodes so that messages are moved closer to their destination. Previous work has looked at using encounter-based social network data for routing, including schemes using social network analysis to identify communities or to find metrics that can be used to identify favourable routes. In this work we look at the potential of classifying nodes using social roles to find nodes with equivalent connections that can be used for forwarding.
5) Title: Novel Information Sharing Architecture between the Police and their Community Partners
Presenter: Omair Uthmani (Edinburgh Napier University) Presentation
- The exchange of information between the police and community partners forms a central aspect of effective community service provision. In the context of policing, a robust and timely communications mechanism is required between police agencies and community partner domains, including: Primary healthcare (such as a Family Physician or a General Practitioner); Secondary healthcare (such as hospitals); Social Services; Education; and Fire and Rescue services. Investigations into high-profile cases such as the Victoria Climbié murder in 2000, the murders of Holly Wells and Jessica Chapman in 2002, and, more recently, the death of baby Peter Connelly through child abuse in 2007, highlight the requirement for a robust information-sharing framework. This presentation presents a novel syntax that supports information-sharing requests, within strict data-sharing policy definitions. Such requests may form the basis for any information-sharing agreement that can exist between the police and their community partners. It defines a role-based architecture, with partner domains, with a syntax for the effective and efficient information sharing, using SPoC (Single Point-of-Contact) agents to control information exchange. The application of policy definitions using rules within these SPoCs is inspired by network firewall rules and thus define information exchange permissions. These rules can be implemented by software filtering agents that act as information gateways between partner domains. Roles are exposed from each domain to give the rights to exchange information as defined within the policy definition. This work involves collaboration with the Scottish Police, as part of the Scottish Institute for Policing Research (SIPR), and aims to improve the safety of individuals by reducing risks to the community using enhanced information-sharing mechanisms.
6) Title: Privacy-Preserving Data Retrieval Framework
- Surveys show that the invasion of privacy is among the things people fear the most from the coming years. These fears seem to be justified, in the light of a number of cases where user data has leaked or has stolen from large databases of public institutions, retail network and social networking sites. New technologies allowed for fast digitalisation of operational procedures used by many organisations. These also affected the way public authorities conduce their investigations. Organisations such as Police, HMRC, and Home Office need to request information from third-parties on regular basis. Depending on the way these are performed human and natural rights of the researched data-subject can be neglected and/or investigation can be jeopardised. This presentation gives an insight on how the Privacy Enhancing Technologies (PETs) can be used to enhance investigative data retrieval to protect against possible negative outcomes for data-subjects or for investigations. Techniques discussed will include use cases for private matching and private equijoin algorithms, as well as novel technique for retrieval of data based on privacy protected database queries.
7) Title: Network Anomaly Detection
Presenter: Angelos Marnerides (Lancaster University) Presentation
- In recent years, network anomaly detection has become an important area for both commercial and academic interests. The diverse and dynamic characteristics of the Internet which consists of heterogeneous networked systems pose a great challenge in identifying and classifying abnormal traffic patterns. An initial objective for efficient anomaly detection is to set a stable statistical metric known as the normal behaviour model, which subsequently acts as a reference scheme for observing deviations referred to as anomalies. In this talk we will discuss the current trends in anomaly detection and elaborate on our findings from employing a particular timeseries model (ARIMA) that enables forecasting with the usage of certain network flow features. We will show and compare the different outputs that certain features produce on real pre-captured network traces.
8) Title: Understanding Tidal Fading on Rural Long Distance Over-Water Wireless Links
9) Title: Intrusion Detection and Response in Open Multi-agent Systems
- Intrusion detection is a popular issue in the network security domain, but in open Multi-agent systems, which share knowledge amongst (unknown) peers, is quite a forgotten subject. In there systems because of the very openness and the dynamic interaction protocols, traditional security mechanisms are not suitable, so we should interpret conventional security concepts into this new domain.
10) Title: Cross Layer Neighbourhood Load Routing for Wireless Mesh Networks
Presenter: Liang Zhao (Edinburgh Napier University) Presentation
- Wireless Mesh Network (WMN) has been considered as a key emerging technology to construct next generation wireless communication networks. It combines the advantages of both mobile ad-hoc network (MANET) and traditional fixed network, attracting significant industrial and academic attentions. In WMN, the load balancing becomes a hot topic in enhancing the QoS provision as a load balanced WMN exhibits low delay and high quality communications. Although there are a number of proposals on using load-aware routing metrics in WMN, the neighbourhood load has not been considered within the context of load balancing and QoS aware WMNs. In this paper, we propose a Neighbourhood Load Routing scheme to further improve the performance of the existing Routing protocol such as AODV in WMN. We have conducted extensive simulation experiments. Our results confirm the superiority of our proposed scheme over its well-known counterparts, especially in grid topologies.
11) Title: "Virtual Worlds, Real Traffic: Interaction and Adaptation"
Presenter: Iain Oliver (University of St Andrews) Presentation
- Metaverses such as Second Life (SL) are a relatively new type of Internet application. Their functionality is similar to that of online 3D games but differs in that users are able to construct the environment their avatars inhabit and are not constrained by predefined goals. From the network perspective metaverses are similar to games in that timeliness is important but differ in that their traffic is much less regular and requires more bandwidth. The relationships between application functionality, SL's traffic control system and the wider network environment has been investigated. Two sets of studies have been carried out: one of the traffic generated by a hands-on workshop which used SL; and a follow up set of controlled experiments to clarify some of the findings from the first study. The interplay between network latency, SL's traffic throttle settings, avatar density, and the errors in the client's estimation of avatar positions are demonstrated. These insights are of particular interest to those designing traffic management schemes for metaverses and help explain some of the oddities in the current user experience.
12) Title: "Security Challenges for Learning in 3D MUVE – Our Experiences"
Presenter: Indika Perera (University of St Andrews) Presentation
3-Dimensional Multi User Virtual Environments (MUVE) are becoming a mainstream education methodology. They are particularly appropriate for educational use due to their alignment with the concept of experiential learning within a collaborative environment. We have used the MUVEs SecondLife® and OpenSim in teaching modules. Being a proprietary system, SecondLife® does not allow required freedom that educationalists look for, whilst the open source counterpart – The Open Simulator project, has yet to prove it is a reliable and trustworthy learning platform. Moreover, none of these systems have been developed with the prime motive to facilitate learning processes, resulting in difficulties when customizing them for learning requirements. This talk is about security challenges that we have experienced with two case studies of 3D MUVE based HCI assignments. Our experiences indicate the need for research focus on security challenges within 3D MUVEs, such as we do with social networks and Web 2.0, at present. However, the solutions to these security issues should not hinder user collaboration and system usability, to sustain the benefits of MUVE.
13) Title: "Centre for Excellence in Security and Cybercrime"
Presenter: Bill Buchanan (Edinburgh Napier University) - not presented due to lack of time.
- The Centre for Excellence in Security and Cybercrime is a BCS-backed initiative, and brings together academia, industry (especially Scottish SMEs, the financial sector, and so on), and key domain players (including a wide range of public bodies, including the Scottish Police, the NHS, and so on). The objectives are to:
- Become a World-leading Centre for expertise in security and cybercrime, which uses the existing strengths within Scotland.
- Tackle the key issues related to security and cybercrime, and provide a vision for the future exploitation of expertise within Scotland.
- Provide a link between academia, industry and domain experts, in order to provide measurable outputs in terms of wealth creation, improvements to society, and so on.
- Bring together experts from a wide range of areas, in order to cross-collaborate and exploit existing expertise.
- Bid for national and international funding by pooling experience in security and cybercrime.
- Direct interface into the UK infrastructure and the 2Centre European network, which gives links to institutions and domain experts around Europe.
- Share resources for teaching and knowledge transfer.
- Identify key training and KT opportunities, especially in providing measureable skill levels around Scotland for professionals in security and cybercrime related work.
- Identify key focus areas which aim to improve the well-being of individuals within Scotland, and provides evidence of impact.
- There is a major EU bid coming up in the Autumn time and we are keen for every relevant academic area to be part of the setup, so please, if you think that it could help with your work, contact us. There are also many EU funding opportunities, where pooling of academia, industry and domain experts will considerably help our chances of gaining funding.
- There are already a wide range of industrial partners, academic institutions and domain partners already committed to be part of the new setup, so please consider, even if you work has only small elements of security, to be part of this, especially as it may help to focus the application of your research. A key overall aim is to provide measurable impacts on the society within Scotland in the short, medium and long-term.
- In June 2010 there will be a symposium which will gather together experts and domain partners around Scotland, at which there is an excellent opportunity to network with key experts within Scotland. Overall we are trying to build up a network of skills in not just computing, but in domain areas such as for financial fraud, information sharing, and so, so it’s an excellent opportunity to interface with professionals who might want to help develop ideas into the next generation of products or in improving working practices within Scotland, and thus to showcase Scotland as a world-leading in these areas. The access to real case data and for expert evaluation can often considerably help in justifying new models and methodologies.
- Abdesslem, Fehmi Ben (University of St Andrews)
- Al-Dubai, Ahmed (Edinburgh Napier University)
- Allison, Colin (University of St Andrews)
- Bani Khalaf, Mustafa (Edinburgh Napier University)
- Bernardi, Mino (University of Edinburgh)
- Bhatti, Saleem (University of St Andrews)
- Bigwood, Greg (University of St Andrews)
- Bijani, Shahriar (University of Edinburgh)
- Buchanan, Bill (Edinburgh Napier University)
- Calder, Matt (University of Edinburgh)
- Cruickshank, Peter (Edinburgh Napier University)
- Strowes, Stephen(University of Glasgow)
- Di-Maio, Paola (University of Strathclyde)
- Dimatteo, Savio (University of St Andrews)
- Ellis, Martin (University of Glasgow)
- Espi, Jorge (University of Strathclyde)
- Fan, Lu (Edinburgh Napier University)
- Farshad, Arsham (University of Edinburgh)
- Fayed, Marwan (University of Stirling)
- Graves, Jamie (Edinburgh Napier University)
- Harvey, Paul (University of Glasgow)
- Henderson, Tristan (University of St Andrews)
- Jamieson, Kyle (UCL)
- Johnston, Stuart (Inmon)
- Just, Mike (University of Edinburgh)
- Koliousis, Alexandros (University of Glasgow)
- Kriara, Lito (University of Edinburgh)
- Kwecka, Andrew (Edinburgh Napier University)
- Kwecka, Zbigniew (Edinburgh Napier University)
- Lawson, Alistair (Edinburgh Napier University)
- Macfarlane, Richard (Edinburgh Napier University)
- Macmillan, Alex (University of Edinburgh)
- Magill, Evan (University of Stirling)
- Marina, Mahesh (University of Edinburgh)
- Marnerides, Angelos (Lancaster University)
- Mata, Luz (Edinburgh Napier University)
- Miehling, Mathew (Edinburgh Napier University)
- Mooney, Graham (University of Glasgow)
- Musolesi, Mirco (University of St Andrews)
- Oliver, Iain (University of St Andrews)
- Pallis, Georgios (Edinburgh Napier University)
- Panchen, Sonia (Inmon)
- Parris, Iain (University of St Andrews)
- Pathivada, Sandeep (University of St Andrews)
- Pediaditaki, Sofia (University of Edinburgh)
- Perera, Indika (University of St Andrews)
- Perkins, Colin (University of Glasgow)
- Pezaros, Dimitrios (University of Glasgow)
- Rehunathan, Devan (University of St Andrews)
- Richardson, Chris (Lancaster University)
- Romdhani, Imed (Edinburgh Napier University)
- Schnetler, Hermine (UK Science and Technology)
- Sinclair Neil (University of Strathclyde)
- Tauber, Markus (University of St Andrews)
- Ul-Amin, Riaz (University of Glasgow)
- Uthmani, Omair (Edinburgh Napier University)
- Wiegel, Valeri (Edinburgh Napier University)
- Yu, Yi (University of St Andrews)
- Zhao, Liang (Edinburgh Napier University)
- and a few others.