BT's Mobius, our tool for simulating malware epidemiology in vehicles has been shortlisted for the IET's innovation annual awards.

Mobius is designed for use in security operations centres for local authorities, manufacturers and security services to identify anomalies in vehicle behaviour and model the impact malware might have in the real world.

Traffic simulation is a valuable tool in understanding the impact of increasingly autonomous levels of road use. For local authorities, fleet management and other organisations deploying vehicle security operations there will be major challenges in dealing with CAVs as they interact with the real world.

Application of compartmental models for epidemiology were implemented, allowing for propagation of malware between vehicles and infrastructure to be modelled. With a larger population, malware can persist for longer and potentially cause reinfections and have a larger impact, even with a relatively low rate of infection. Simulations will allow for an assessment of effectiveness that technological diversity presents as a barrier to malware transmission and the spread of its effect, directly through the spread of malware from vehicle to vehicle.

Geospatial analytics will play a crucial role in analysing the behaviour of vehicles and detecting anomalous behaviour when intelligence from intra-vehicle IDS may not be sufficient. As new standards that necessitate establish security operation centres, there is an increasing need for robust technology to understand vehicle behaviour.

Continue Reading...

Two new patents published today that work together to support the configuration and discovery of distributed sequential transactional databases (aka distributed ledger technology, or blockchain).


Distributed ledgers are living breathing ecosystems, subject to change based on behaviour of participants. The first invention provides a mechanism for DLT users to specificy a minimum acceptable configuration, almost like a service level agreement. Intelligent mechanisms help maintain blockchain homeostasis by managing the provisioning of resources to adjust performance. It's not suitable for public or proof-of-work based ledgers, but ideal for private ones where minimum levels of performance must be guaranteed.

A computer implemented method of configuring a distributed sequential transactional database for a software application operating with the database, the method comprising: receiving a descriptor for the application specifying characteristics of the database required for the application; accessing the databases to determine an extent to which each the database complies with the characteristics in the descriptor; responsive to the determination, identifying one or more attributes of the database for adjustment based on the characteristics in the descriptor so as to improve the extent of compliance of the database with the characteristics in the descriptor, the one or more attributes being determined by a machine learning algorithm trained to categorise database characteristics in terms of suitable adjustments; adjusting the database in accordance with the determined attributes.


The second invention aims to simplify and promote DLT usage through the use of an intelligent discovery system. Rather than tying an application to a single blockchain, you specify the requrements for your application and a suitable one is found. You can even have trade offs, for example, an IoT application may favour guarantuee of delivery rather than security, whilst the opposite might be true of a financial application. This also means an application can make use of muiltiple blockchains over its lifetime.

A computer implemented method of provisioning a distributed sequential transactional database for a software application comprising: receiving a descriptor for the application specifying characteristics of the database required for the application; accessing a registry of distributed sequential transactional databases and filtering the registry based on the descriptor to define a subset of databases; accessing each of at least some of the databases in the subset to verify an extent to which each accessed database complies with the characteristics in the descriptor, and associating a degree of compliance with each accessed database, such that databases in a subset of accessed databases having a degree of compliance meeting a threshold degree of compliance are determined to be compliant databases; ranking the compliant databases in terms of the degree of compliance to select a database for access by the application.

Continue Reading...

Probabilistic shared secret validation

September 8, 2020, 9:57 am

A computer implemented method of shared secret validation for a transaction to transfer an association of a digital asset represented in a distributed transactional database from an incumbent entity to a requesting entity, the asset having associated a probabilistic data structure encoding at least one digital hash of each of a plurality of secrets including the shared secret, and the transaction including a hash of the shared secret, the method comprising: validating the transaction by comparing the hash of the shared secret in the transaction with the probabilistic data structure; and responsive to the validation, committing the transaction in the database to effect the transfer of association of the digital asset to the requesting entity.

One of the major challenges of blockchain technology is in ensuring privacy whilst allowing information to be independently verified. Zero knowledge proofs (wonderfully explained with the story of Ali Baba) is a great mechanism for a prover to demonstrate knowledge of a secret to a verifier, without giving away the secret itself.

But what about a scenario where two parties supposedly share a common secret and wish to prove that, whilst enabling a third-party to verify. For example, a blockchain-based central numbering database might use subscriber information as a form of authentication (i.e. replacing PAC - portable authentication code). Obviously, subscriber information is extremely sensitive and must be protected.

We developed an approach using bloom filters, a form of probabilistic data store. This allows the two parties to demonstrate that they both possess secret information (i.e. matching subscriber details) and allow a third-party to confirm that the same source information is being used, by comparing the two bloom filters.

In contrast, Figure 5b illustrates a Bloom filter generated to represent a hashed secret that is not consistent with those secrets encoded in the Bloom filter of Figure 4. The data item of Figure 5b nonetheless indicates bit positions having bits set that are set in the Bloom filter of Figure 4. Thus, validators 210 can conclude that the hashed secret of Figure 5b is consistent with data encoded in the Bloom filter of Figure 4 and a transaction including such hashed secret would be committed to the database 200. While inspection and comparison of the Bloom filter of Figure 4 and the hashed data item of Figure 5b leads to such a conclusion, the incumbent entity 202 itself is able to determine that the representation of the hashed secret of Figure 5b cannot be based on a real secret 222 of the consumer 206 because each bit set in the representation of Figure 5b corresponds to a different secret in the Bloom filter of Figure 4. Thus, while the validators commit a transaction on the basis of hashed data of Figure 5b, the incumbent entity 202 identifies a failure of validation and determines that the transaction 208 of the requesting entity 204 is invalid. In this case, the incumbent entity 202 can issue a new transaction specifically reversing the committed transaction 208 of the requesting entity 204 to reverse the transfer of association of the digital asset 216 such that the digital asset is re-associated with the incumbent entity 202.

The published patent can be seen on patentscope.

Continue Reading...

Blockchain Expo 2020

August 26, 2020, 7:55 am

I'll be presenting at Blockchain Expo in November, which will be syndicated with IoT Tech and Artificial Intelligence expos:

Blockchain and Enterprise Cyber Security

We explore some of the challenges present in the secure application of blockchain technology. With examples from the cryptocurrency Bitcoin, we present the pairing of new visualisation tools with machine learning in performing both forensic investigation and continuous monitoring of blockchain infrastructure.

This work is based upon practical application of prototype technology to real-world incidents. Initially supporting cybercrime investigators with new forensic tools, BT looks to apply its research to the increasing use of enterprise blockchains.

I’ll explore some of the challenges present in the secure application of blockchain technology. With examples from Bitcoin, I’ll present the pairing of new visualisation tools with machine learning in performing both forensic investigation and day-to-day health monitoring.

The bitcoin analytics work BT has carried out can be applied to many forms of blockchain technology and will be valuable with the rise in enterprise blockchains being deployed across industries for financial, access control and data management tasks. BT is continually developing its visual analytics and machine learning capabilities, applying the latest research to real cases.

Find more information on the event website.

Continue Reading...

Today I'll be presenting a paper on the use of compartmental epedmiological models for connected and autonomous vehicles at the IEEE International Conference on Computing, Electronics & Communications Engineering.

The most well-known SIR model assumes immunity following infection and transmission decreases as the pool of susceptible individuals is reduced.

It's a short pilot study as part of the ResiCAV project. Our main takeaway is that technological diversity will be crucial in preventing pervasive malware attacks in a population of vehicles. This sounds obvious, but it's an issue previously seen in other areas such as cash machine (ATM), where the reuse of standard components and design patterns eases deployment but means that a handful of attacks are applicable to a broad variety of machines (see ATM logic attacks).


Connected and autonomous vehicles (CAVs) are an emerging technology that will introduce new threats to the general public. Impending standards (such as ISO21434) demonstrate that there is a real cyber security risk and a need for supporting infrastructure in the form of vehicle security operations centre.

In this concept paper we discuss some of the issues facing vehicle security as the technology matures over the next few years and look at how epidemiological models for malware might be developed to address concerns over vehicle cyber threats.

We detail our development of Mobius, a bespoke tool for simulating and analysing malware events in CAVs and explore how the technology might be applied to support real-world decision making.

As a part of the need for cyber resilience, we suggest there is a key role for vehicle simulation software capable of modelling cyber threats to assist with threat analysis and decision making for highway authorities, OEMs and fleet operators, amongst others. We present a summary of compartmental epidemiological models and the role they can play in understanding malware propagation for CAVs.

View on researchgate

Continue Reading...

New patent publication that seeks to cover techniques we developed for categorising different actors on a blockchain using vectors built from neighbourhood characteristics.

A computer implemented method of anomalous behaviour detection of an entity transacting in a distributed transactional database, the method comprising: selecting a subset of features of at least a first subset of transactions in the database as a feature set; generating a statistical model of the first subset of transactions in terms of the selected features; identifying a second subset of transactions in the database comprising transactions related to the entity; generating an encoded representation of each transaction in the second subset based on a comparison of the selected features of the transaction with the statistical model, such that the encoded representation of at least some of the transactions in the second subset identify behaviour of the entity as anomalous.

The table below defines, by way of example only, an ordered feature set in which earlier features are prioritised as more significant. An exemplary description of each feature and a suggestion of what each feature might indicate is also provided:

Full publication on WIPO: WO2020144021

Continue Reading...

New publication: Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks

In this paper, we show that analysis of acoustic emanations recorded from haptic feedback during gesture-typing sessions is a viable side-channel for carrying out eavesdropping attacks against mobile devices. The proposed approach relies on acoustic emanation resulting from haptic events, namely the buzz of a small vibration motor as the finger initiates the gesture-typing of a work in a sentence. By analysing time between haptic feedback events, it is possible to identify the text that a user enters via the soft keyboard on their device. The attack requires no prior interaction or need to install software on the target device (unlike similar works); only the ability to record audio within the vicinity. We present an experimental framework to illustrate the feasibility of the attack. In the experiments we show that sentences can be detected with an accuracy of 70% with some sentences identified with up to 95% accuracy. The attack can be conducted with minimal computation and on non-specialist consumer equipment. The paper concludes by proposing a number of countermeasures that mitigate the ability of an attacker to successfully intercept keyboard input.

Continue Reading...

Mobius is a malware simulation and propagation tool for connected and autonomous vehicles has been shortlisted for Best AI Product in Cyber Security at CogX 2020.

We developed Mobius at BT as part of the ResiCAV project to explore cyber security needs for future vehicles.

Continue Reading...

3D Printed face shields

May 22, 2020, 3:21 pm

Shortly after the spread of coronavirus in the UK, Adastral Park became the headquarters for coimmunity face shield product, serving the East Suffolk & North Essex (ESNE) NHS trust and beyond.

I decided to get involved after hearing about rural healthcare workers lacking PPE. At first I was distributing shields in small quantity across the country through facebook using the two hobbyist 3D printers I have for building drones and cosplay props. But when I learned about the project at Adastral and the significant shortages going on locally I worked on increasing output and producing hundreds each week.

Continue Reading...


May 12, 2020, 2:00 pm

I was pleased to lead BT's work package for the recent ResiCAV project. The project highlights the need for the UK to establish key cyber security facilities as connected and autonomous vehicles (CAVs) TRLs continue to come closer.

ResiCAV – delivered by a consortium comprising HORIBA MIRA, Thales, BT, WMG at the University of Warwick, the Centre for Modelling & Simulation (CFMS), Oxfordshire County Council, AESIN Techworks, plus the University of South Wales, the University of Bristol, Coventry University and the National Digital Exploitation Centre (NDEC) – explored the feasibility of creating a UK Cybersecurity ‘Centre of Excellence’ to detect, understand and respond to emerging cybersecurity threats in real time across the mobility eco-system. The three-month programme was supported by funding from The Centre for Connected and Autonomous Vehicles (CCAV) and was run by Zenzic and Innovate UK.

“Ultimately, ResiCAV’s findings have highlighted the absolute and urgent need for a collaborative, industry-led, government-backed cybersecurity programme, hence our next steps will be to secure funding for the development of the ‘UK Centre of Excellence for Road Transport Cybersecurity Resilience’. Developing a world-class cybersecurity capability of this nature will be critical in building trust in CAV technologies as they are deployed, supporting the integration of CAV technologies across the UK’s future transport network.

Read the Horiba Mira news article

Read the AESIN news article

As part of the work, BT explored the threats and risks within intra- and inter-vehicular vehicle networks. We developed a bespoke traffic simulation tool incorporating compartmental models of epidemiology to observe the impact that malware can have on a population of vehicles.

Continue Reading...

IET Seminar: Blockchain Analytics

November 8, 2019, 2:55 pm

Blockchains have received a lot of media hype recently. But what are they? Do I want one? This presentation will provide a basic understanding of the technology and its implementation challenges. We discuss the huge potential blockchains offer for more secure and reliable systems, but also consider the new threats that may emerge.

Cryptocurrencies saw an unprecedented surge in 2017 and the use of Bitcoin in cybercrime is an unaddressed and ongoing issue. Using real-world scenarios, we demonstrate the new tools being developed to help fight new threats.

Continue Reading...

This webinar will focus on the significance of blockchain from an enterprise perspective.

Firstly, we will explore ongoing research within the telecoms industry to build a blockchain for number management. This will demonstrate some of the key characteristics of good blockchain applications and the challenges faced in implementing.

Secondly, we will explore the security concerns around blockchain including homeostasis of private ecosystems as well as the impact of cryptocurrencies for business. We demonstrate the use of novel techniques in the forensic investigation of dark web sales.

We conclude with a look at the future opportunities for distributed ledger technology for enterprise and the steps needed to ensure the reliability of future systems.

This webinar is intended for everyone with an interest in blockchain technology. An understanding of blockchain would be useful but is not required.

Continue Reading...

Safety v Security

January 14, 2019, 1:11 am

Interview from NCSC workshop on safety v security at Southampton University.

Continue Reading...

Amid golden fields and disused military sites on the outskirts of the quiet town of Ipswich lies BT's version of the Google campus: Adastral Park.

It’s a grittier version of Silicon Valley, with fewer glass buildings and far more character. The telecoms giant has owned this 100-acre site for more than 40 years, when it was still called the Post Office Research Centre.

Telegraph article looking at our security research.

Continue Reading...

Principal researcher Jonathan Roscoe and his team at BT Applied Research are, among other things, using BT’s AI technology to monitor the bitcoin transactions which are available on the internet after a ransomware attack. “It’s about using AI to find suspicious activities in a number of wallets, and then we use that with the law enforcement agencies to link it to individuals who are behind these attacks,” he explains.

Article in the local paper on the work we're doing at Adastral Park.

Although, slight error, in the following paragraph they mix me up with my colleague Tiago Andrade, an expert in extended reality:

Mr Roscoe is a gamer, and was recruited because of his skills in that area.

Continue Reading...


October 9, 2018, 5:09 pm

Presenting the virtual security operation centre (VSOC) athe WREDSmarter today.

Continue Reading...

ITP Innovator of the Year

October 4, 2018, 9:09 am

For my work in cryptocurrency analysis I was awarded ITP Innovator of the Year Winner 2018, sponsored by Nokia.

Continue Reading...

TEISS Information Security Award

June 21, 2018, 1:23 am

This was awarded for our work on forensic analysis of cryptoassets.

Continue Reading...

Data Science for Cyber Security

September 30, 2017, 1:28 am

Enjoyed chatting about my research at #DSCS2017. Some great speakers and demos.

Continue Reading...

Innovation 2017

June 16, 2017, 3:02 pm

At BT's Innovation 2017, presenting some analytics research monitoring the bitcoin network for WannaCry ransomware payments.

Continue Reading...