Each year, a number of students who submitted outstanding project dissertations are invited to write short white papers for the general IT public. These articles are those which best present research in an area of information security of interest to information security managers and professionals.These projects are re-written as short articles for a general audience and published online by Computer Weekly.
The articles are listed below, and the full projects are published as technical reports
20 years of Bleichenbacher’s attack, by Gage Boyle (supervised by Kenny Paterson).
In this article, Gage Boyle investigates how even the most reputable websites may be exposed to a 20-year-old attack if HTTPS is not properly implemented, and describes some recommendations of steps to prevent this.
The Computer Weekly publication can be found at: https://www.computerweekly.com/ehandbook/The-exploitation-of-flaws-in-the-HTTPS-protocol
Rethinking the cybersecurity of consumer Internet of Things (IoT) by Joo-Huat Ng (supervised by Robert Coles).Here, Joo-Huat Ng describes how innate psychological factors can influence the thinking process of consumers when assessing the cybersecurity risk of IoT, and how this perception eventually leads consumers and enterprises to make economic decisions that harm the security of the internet. The computer weekly publication can be found at
How long does it take to get owned? by David Wardle (supervised by Jorge Blasco Alis).
In this article, David Wardle uses fake "honey identities" and a monitoring infrastructure to study how quickly a stolen credential is used by an unauthorised person, and what activities this person might be interested in.
The Computer Weekly publication can be found at https://www.computerweekly.com/ehandbook/How-long-does-it-take-to-get-owned.
Can I trust my neighbours?: Proving ownership of IPv6 addresses by Colin Putman (supervised by Chris Mitchell)
In this article, Colin Putman describes one of the key weaknesses in the Neighbour Discovery Protocol of IPv6. This protocol is vulnerable to address-spoofing attacks within the same network, and Colin explains the deficiencies in the cryptographic methods which were introduced to prevent these attacks, and gives examples of how they can be improved, justifying the need for a new, unified improvement of the protocol.
The Computer Weekly publication can be found at https://www.computerweekly.com/ehandbook/Proving-ownership-of-IPv6-addresses