Automotive Cyber Resilience: Operationalizing, Standards and Research

Presenting the work of AESIN and the UK Automotive Council and Zenzic, supported by Queens University Belfast, University of South Wales, University of Edinburgh and the Turing Institute and with further support from BSI, this series of workshops is designed to:

  • Present and discuss the limitations with existing standards in meeting the requirements of the Automotive and other mobility industries worldwide
  • Present the methodology proposed by AESIN, UK Automotive Council and Zenzic to achieve operationalizable and legally sustainable cyber resilience
  • In the context of that methodology set out the research agenda and give examples of applying the outcomes of existing and potential research in support of the methodology

There are 4 workshops which are each limited to 50 attendees. At each site a different academic partner will highlight examples of applying the outcomes of existing and potential research in different areas in support of the methodology.

The workshops will be held at:

4th Dec 2019 – ECIT, Queen’s University of Belfast, Queen’s Road, Queen’s Island, Belfast, BT3 9DT. QUB are the academic partner and will use research examples from hardware. Click here for tickets

11th Dec 2019 – University of South Wales Conference Centre, CF37 1DL UoSW are the academic partner and will use research examples from Forensics. Click here for tickets

8th Jan 2020 – NXP, Colvilles Road, Glasgow G75 0TG. University of Edinburgh are the academic partner and will use research examples from Modelling. Click here for tickets

15th Jan 2020 – Plexal, 14 East Bay Lane, Here East, Queen Elizabeth Olympic Park, London, E20 3BS. The Turing Institute are the academic partner and will use research examples from mathematics and probability. Click here for tickets

Who should attend?

This event is designed specifically for researchers with an interest in automotive cyber resilience and the application of security and other research outcomes, including PhD and other research students and their supervisors, early career researchers, representatives from industry, government and other defence and security-relevant NGOs.

For further information please refer to the below guide.

IEEE Computer Symposium – Miami, July 2019

Wolfe Centre

We are delighted to welcome another new guest blogger to contribute to the RISE blog for August 2019. Shichao Yu is a PhD student at Queen’s University Belfast, working in the world class research centre – The Centre for Secure Information Technology (CSIT). Thank you Shichao!

Welcome to Miami – Summer is coming!

Hi, I am Shichao, I am typing this blog shortly after the closing remarks of IEEE Computer Society Annual Symposium on VLSI in Miami, which is excellent and provided me an amazing conference experience. This was my first time in Miami, and this is the first conference I have attend with a poster paper. I travelled from Belfast to Miami, from north to south, feeling like I flew into the summer from winter when I just arrived there. If I choose rainy day as the mark of the climate in Belfast, then Miami’s symbol must be sunshine.

ISVLSI 2019 @ Miami

ISVLSI is an IEEE computer society annual symposium with a history over three decades. It explores emerging trends, novel ideas and basic concepts covering a broad range of VLSI-related topics, which also include new technologies and burgeoning application areas, such as hardware security, and artificial intelligence.

This year’s ISVLSI was held at Florida International University in Wolfe University Center.

What impressed me is that more than 25% of submissions this year related to system design and security (SDS), and the submission number occupies the first in all categories. I can see that the security direction is receiving increasing attention from researchers all over the world.

“Can you trust your machine learning system?”

For Hardware Security, the papers presented in this year’s security session mainly focused on logic obfuscation, side channel susceptibility mitigation, secure zone design on NoC (Network on Chip) and Hardware Trojan. The System Design and Security group covers four sub-sessions in three days and two related special session: “Botnet of Things: Hardware Insecurity in the IoT Era” and “Secure, Smart, Connected Devices for Emergent Applications”, which talk about IoT devices and it’s security problems.

In addition, an enlightening keynote “Can you trust your machine learning system?” presented by Professor Sandip Kundu on the second day really attracted me. This presentation showed the potential security issues of machine learning (ML) and deep learning (DL) at this stage and details the possible attack methods. As the Chinese idiom goes, virtue is one foot tall, the devil ten. It always takes constant vigilance to secure new technologies. (That scares me too Shichao!)

Poster Session

The poster session was held in the afternoon of the first day. We had a big ballroom to hang all 30 posters and 4 research demonstrations. The session last nearly two hours, which is much more than the scheduled time, with continuous technical discussions and social communication.

The paper I presented on my poster was “An Improved Automatic Hardware Trojan Generation Platform”, which is a new method to generate Hardware Trojans (HTs) using a highly configurable generation platform based on transition probability. (WOW :O – great stuff Shichao! \0/)

I always enjoy the discussion with other researchers. But, as I work in hardware security, I really hope that I had explained my poster clearly to some researchers who work in software side.

Until Next Time Miami 🙂

Three days ISVLSI went by too quickly and it was super busy. My record is slightly broken, but the great keynotes and presentations are unforgettable. Miami Beach is also beautiful and relaxing.

In the evening of the last day, I took a photo when blue hour made Miami Beach a little tranquil, and said goodbye to this beautiful city. (Good you got to check out the sandy beaches 🙂 BTW where is our present?? 😀 )

Miami Beach front @ dusk

RISE @ ETSI Security Week 2019

Nice Promenade

Nice to be in Nice

That is an obvious and cheap play on words for the popular South of France destination and a joke I made back in 2016 during the European Championships, but one worth re-cycling for a new audience…

RISE was invited to speak at ETSI Security week, (last week) and we gave an update on hardware security, including the latest R&D from the RISE researchers.

I have to honest with you readers, I can think of worse places to be sent away on business in late June than Nice. If there is any consolation for the readers, we were cooped up in a conference room that was just about underground, with questionable Air-Con and far away from the beaches of the French resort.

ETSI HQ


EDSI @ ETSI Security Week

ETSI stands for the European Telecommunications Standards Institute and is a not-for-profit, and one of only three bodies officially recognized by the EU as a European Standards Organization. Essentially, the Standards people. The ETSI HQ is a short drive from Nice, in Sophia Antipolis.

Tucked away in some very picturesque French hills, Sophia Antipolis, the ‘French Silicon Valley’, is celebrating its fiftieth anniversary this year.

ETSI host multiple events each year and Security Week hosts a couple of hundred people across 5 days, each year in late June. ETSI was established in 1992 and this Security Week was number 13. The great and the good from all over the globe were on site to debate and discuss all things policy related, AI, 5G, IoT and cryptography. To give you an idea of the calibre of people there, two introductions were, “The 3GPP Godfather” and “the Godfather of 3G”; both experts in their field.

RISE gave an update on each of the 8 projects that are now in-life, focusing on hardware security, more specifically on the threat of hardware Trojans and Side-channel attacks and I am delighted to report than we had interest from some major global brands about collaboration moving forward. This can only be good news for UK (and wider afield) consumers.

Les Standards > Les Algorithms (ETSI & IoT)

Earlier this year, ETIS announced a new Technical Specification (TS) for Cyber Security in Consumer IoT – TS 103 645 to be precise, the first globally applicable industry standard for consumer IoT security. This industry standard builds on the Code of Practice from DCMS, but has been designed to work for European and wider global needs. The standard is set to inform, at home and abroad, the development of regulation and industry-led certification schemes. For businesses with an international supply chain and customer base, the standard provides an avenue to pursue a harmonised approach to implementing good security practice for their products. This TS will move to become a European Standard, telecommunications series (EN) and legislation is also looming on the horizon in the UK.

Days 4 & 5 (RISE spoke on Day 5)

What does the ‘S’ stand for in IoT?

This is a good idea. I remember being at CES in 2014 & 2015. In 2014, IoT had just become mainstream, one of the new hype technologies at CES that year, but nobody was talking about security. Thankfully, 12 months later, industry was more aware of the threat landscape about ‘everything being connected’, therefore vulnerable to a range of cyber-attacks, not least botnets. However, industry wanted to promote self-regulation, which still made me concerned for the future of IoT and consumer adoption.

As consumers, we still have the choice to buy a smart gadget, or not. My preference is to avoid smart gadgets where possible. And it isn’t just the security aspects that concern me, privacy is another major aspect around the IoT, not to mention technological obsolescence. 

Fast forward to 2019, here we are with international standards and legislation imminent in the UK around basic consumer IoT security measures. The community is working together to bring more secure IoT products and services to market, meaning the things we use and need, will be secure by design.

Good job ETSI and et al (DCMS, NCSC and the State of California).

Regards from the RISE (EDSI) Rookie

RISE Spring School

RISE hosted a Spring School at  WYNG Gardens, Trinity Hall, University of Cambridge, on 28-29 March 2018.

The final programme of speakers and videos of their presentations are now available here.