About us

AREAS

Cryptography

Cryptography is an essential component of security and privacy. It safeguards the confidentiality and integrity of data at rest and in transit, and also enables secure and private computation on sensitive information.

The group has a wide range of experience in the area of cryptography including encryption, digital signatures, blockchain protocols, succinct and zero-knowledge proof systems, secure computation, obfuscation and advanced cryptographic primitives such as functional encryption, e-voting, digital content distribution, verification of protocols, and quantum cryptography.

(Aggelos Kiayias, Markulf Kohlweiss, Michele Ciampi, David Aspinall,)

Quantum Cyber Security

Future information and communication networks will certainly consist of both classical and quantum devices, some of which are expected to be compromised, with various degrees of functionality, ranging from simple routers to servers executing quantum algorithms. Our group has pioneered protocols for quantum cloud platforms that ensure the correctness, resilience, and trustworthiness of quantum computing by providing users with a secure, verifiable, and private environment for handling their data. Such protocols can be deployed on currently available quantum cloud hardware platforms with multiple users using both quantum links as well as hardware secure modules.

The group is also active in quantum cryptanalysis: exploring the capabilities that attackers using quantum algorithms have in compromising the security of cryptosystems. Our team also follows a hybrid approach, which integrates quantum and classical elements, exploring various scenarios that span from near-term post-quantum cryptography to the distant future of the quantum internet era.

(Elham Kashefi, Petros Wallden, Myrto Arapinis, Alexandru Cojocaru)

Protocol and Program Verification

Informatics has a long history of basic research on programming language design and semantics which has been applied to verify that designs and code provide mathematically rigorous security guarantees. This theme covers cryptographic protocol verification, with work on checking both protocol design and security of protocol implementations, as well as formal foundations needed to express and check protocol properties.

The work includes building tools for automatic property checking, verification and testing on deployed systems.

(Myrto Arapinis, David Aspinall, Markulf Kohlweiss)

Economics of Security & Privacy 

Too often, real-world security and privacy failures are caused by not implementing known solutions. The incentives to create risky and dependable systems have been studied for over 15 years in UoE Informatics and Social Sciences. In the field of security economics, we explore how to quantify cyber risk, how to better respond to cyber incidents, and the role of insurance. We also use game theory to model incentives in computer systems.

(Daniel Woods, Aggelos Kiayias, Aris Filos-Ratsikas)  

Privacy Enhancing Technologies 

Our online and connected world enables governments, businesses, and common users to communicate, transact, and organise across the globe. However, threats such as pervasive surveillance and censorship, online profiling and tracking, and device and traffic fingerprinting have chilling effects and often catastrophic security and privacy impacts. Privacy Enhancing Technologies (PETS) are a suite of technologies, based on cryptography, distributed systems, and operational defences, to defend against all manner of adversaries, from dictatorial governments to organised online criminals to opportunistic network observers.

(Tariq Elahi, Aggelos Kiayias, Marc Juarez Miro, Markulf Kohlweiss) 

Distributed Systems Security

Distributed systems aim to realise various functionalities of interest in a way that avoids single points of failure. Various different models of failure have been considered, ranging from network communication errors, fail-stop and crash failures all the way to Byzantine / malicious behaviour. A distributed system aims to offer fundamental correctness and security properties, including liveness and safety despite the occurrence of such errors or adverse behaviours. With the advent of blockchain systems, the problem of incorporating incentives for distributed system operation has also been highlighted. Distributed system design and analysis is a highly active area within our group, drawing also from areas such as cryptography, economics of security and privacy, privacy enhancing technologies and device and systems security.

(Yuvraj Patel, Markulf Kohlweiss, Aggelos Kiayias)

Usable Security & Privacy

Human factors are perhaps the largest cause of security failure. This research strand focuses on applying human-centred research methods. We study user perceptions of security and privacy risks, as well as processes used by experts in tasks like reverse engineering. Daniel Woods studies security experts and their incentives to implement security and privacy.

(Jingjie Li, Daniel Woods, Nadin Kokciyan)

Device & System Security

Computing-equipped devices are ubiquitous. Resource-limited devices such as ARM microcontrollers that underpin the Internet of Things and modern mobile platforms such as Android are used extensively in systems. Our group uses verification logics, type systems, and program analysis to protect devices, for instance, by expressing and enforcing resource constraints that attackers would have to violate to exploit them. Proof-carrying code (in general, digital evidence) is applied to certify security to provide efficient independent checking of third-party code.

(David Aspinall, Yuvraj Patel, Paul Patras)

Security and Privacy of AI/ML

The rapid adoption of machine learning and AI technologies and their new applications is raising serious privacy and security concerns. Our research in this area includes investigating improved differential privacy techniques for training neural networks and data valuation (Sarkar) and studying how these techniques influence and interact with algorithmic fairness in the resulting models. Other topics of interest include developing lightweight techniques for increasing the robustness of AI classifiers against adversarial input manipulation and deriving structured and interpretable interpretations of how different parts of neural models influence their decisions. We are also studying watermarking techniques to mitigate some of the risks of the deployment of generative AI models, as well as decentralized and federated learning.

(Marc Juarez, Paul Patras, Aggelos Kiayias)