Papers

Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations

Extended reality technologies such as virtual reality are becoming increasingly common for enterprise applications. They have the potential to create secure multi-user environment in previously less-secure spaces, without the need for privacy filters or secure rooms. In this pilot paper we explore how malicious actors may be able to eavesdrop on a virtual reality session, by tracking the physical movements of a user. This is carried out using a third-party accelerometer, attached to the user. Through initial experimentation, we observe that specific actions and session types can be identified through visual analysis of the accelerometer. We posit there is substantial potential for sophisticated and automatic classification of user activity in VR. We discuss how this may enable eavesdropping by malicious actors, or could serve as a mechanism for improved security.

T. Andrade, M. Smith-Creasey and J. F. Roscoe, "Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations", 18th International Conference on Intelligence and Security Informatics (ISI), IEEE, 2020 (Best Presentation Award)

Unconventional Mechanisms for Biometric Data Acquisition via Side-Channels

In this paper, we discuss the proliferation of household smart devices and review the literature to explore whether the implementation characteristics of such systems may provide avenues of attack to obtain private biometric data. Examples include the use of mechanical hard drives as audio microphones and interception of soft-keyboard input through audio analysis of haptic feedback. As the use of biometric data increases in casual environments, the opportunity for it to be stolen in unexpected ways is also increasing. There are many examples of the technology being utilised by hackers to enable unexpected use such as spoofing. We examine the importance and sanctity of biometric data in the modern world and posit that manufacturers must avoid complacency and advocate secure design, to ensure security and privacy of users.

J. F. Roscoe and M. Smith-Creasey, "Unconventional Mechanisms for Biometric Data Acquisition via Side-Channels", SIN '20: 13th International Conference on Security of Information and Networks, ACM, 2020

Cryptocurrency Analytics

Bitcoin, a decentralised, tamper-resistant and cryptographic digital currency based on blockchain was introduced over a decade ago in response to the role of banks in the financial crisis. There are now thousands of competing cryptocurrencies with different technical characteristics that offer different efficiency, security, anonymity and capability though only a handful are used in any scale. Although usage has remained modest, Bitcoin spawned a whole ecosystem of cryptocurrencies with a peak market value of 800 billion USD.

One of the biggest misconceptions around blockchain is that it is an anonymous means of conducting financial transactions. Blockchain is a form of distributed database that resists tampering and enables trustless transactions between multiple participants through cryptographic signatures to securely and verifiably record exchanges. Not all blockchains are the same and not all of them are intended to replace currency.

Cryptocurrencies are easily purchased through mainstream exchanges with credit card and mobile apps and they are now of major significance to cyber security. For the operators of ransomware, Bitcoin is a desirable payment option due to the ease of access for victims. Dark net markets often utilise cryptocurrencies as unlike other payment methods, the censor-resistance of the technology means it is not possible for law enforcement to shut down payments.

Whilst Bitcoin lacks anonymity, it is relatively easy and cheap to obfuscate the source and destination of funds by making a series of convoluted transactions. The presence of unregulated exchanges also enables easy conversion to traditional currencies without appropriate checks. However, despite negative media perceptions, there are many legitimate businesses utilising cryptocurrencies. For these organisations, ensuring they perform due diligence with regards to anti-money laundering and related regulation is a significant challenge.

J. F. Roscoe, "Cryptocurrency Analytics", ITP Journal, Volume 14 Part 3, 2020

Simulation of Malware Propagation and Effects in Connected and Autonomous Vehicles

Connected and autonomous vehicles (CAVs) are an emerging technology that will introduce new threats to the general public. Impending standards (such as ISO21434) demonstrate that there is a real cyber security risk and a need for supporting infrastructure in the form of vehicle security operations centre. In this concept paper we discuss some of the issues facing vehicle security as the technology matures over the next few years and look at how epidemiological models for malware might be developed to address concerns over vehicle cyber threats. We detail our development of Mobius, a bespoke tool for simulating and analysing malware events in CAVs and explore how the technology might be applied to support real-world decision making. As a part of the need for cyber resilience, we suggest there is a key role for vehicle simulation software capable of modelling cyber threats to assist with threat analysis and decision making for highway authorities, OEMs and fleet operators, amongst others. We present a summary of compartmental epidemiological models and the role they can play in understanding malware propagation for CAVs.

J. F. Roscoe, O. Baxandall and R. Hercock, "Simulation of Malware Propagation and Effects in Connected and Autonomous Vehicles", International Conference on Computing, Electronics & Communications Engineering (iCCECE), IEEE, 2020

Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks

In this paper, we show that analysis of acoustic emanations recorded from haptic feedback during gesture-typing sessions is a viable side-channel for carrying out eavesdropping attacks against mobile devices. The proposed approach relies on acoustic emanation resulting from haptic events, namely the buzz of a small vibration motor as the finger initiates the gesture-typing of a work in a sentence. By analysing time between haptic feedback events, it is possible to identify the text that a user enters via the soft keyboard on their device. The attack requires no prior interaction or need to install software on the target device (unlike similar works); only the ability to record audio within the vicinity. We present an experimental framework to illustrate the feasibility of the attack. In the experiments we show that sentences can be detected with an accuracy of 70% with some sentences identified with up to 95% accuracy. The attack can be conducted with minimal computation and on non-specialist consumer equipment. The paper concludes by proposing a number of countermeasures that mitigate the ability of an attacker to successfully intercept keyboard input.

J. F. Roscoe and M. Smith-Creasey, "Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks", International Conference on Cyber Security and Protection of Digital Services (Cyber Security), IEEE, 2020

Automated diagnosis of prostate cancer with statistical models

Prostate cancer (PCa) is the most common cancer affecting men and though it is often treatable, late detection and/or incorrect classification of cancer can lead to inadequate treatment. The most common imaging modalities used in PCa detection are ultrasound (US) and magnetic resonance (MR) imaging and PCa classification relies on biopsy of cancer. Biopsy procedures are invasive and notorious for poor detection rates and associated risks. The automatic analysis of prostate US and MR data towards PCa classification is expected to improve patient outcomes and is at the foundation of this thesis.

This is an investigation into the use of multiscale intensity features and tissue distribution maps for improve prostate cancer diagnosis and staging. Early PCa diagnosis is problematic and requires invasive procedures that can carry risk without a high degree of sensitivity. With the help of enhanced imaging and the application of computer aided methods we can aim to improve diagnostic accuracy. In our efforts towards improved PCa diagnosis we have presented three major pieces of work, covering image pre-processing, classification and disease modelling.

Firstly, we have investigated denoising of US images and compared four different approaches on simulated and real data, which indicated the advantage that Speckle Reducing Anisotropic Diffusion has over the other methods investigated. We examine work presented in existing publications and hypothesise that there exists potential for further analysis of speckle noise as an indicative feature of images.

Secondly, for MR images we present a novel texture-based segmentation of PCa within the prostate. We investigated a number of texture features (e.g. local binary patterns and co-occurrence matrices) and their use in combination, which were effective at detecting PCa, but at the cost of a high number of false positive regions. This also indicated poor performance due to having the peripheral and central zone combined. We suggest that the use of multi-scale features, making use of local statistics, co-occurrence and micro-structures (through LBPs) provides a robust means of differentiating tissue types within the prostate.

Thirdly, we propose a data driven approach for modelling prostate cancer. Using prostate and disease boundary information from experts, we performed registration of multiple patient cases to generate a model of tumour tissue distribution. The model serves as an \textit{a priori} data source to enhance prostate tissue classification and is in line with expectations (majority projection within the peripheral zone) when compared to standard medical knowledge. We refer to this as a prostate cancer distribution map.

We combine our PCa distribution map with our previous method for tissue detection within the prostate and demonstrate that it provides enhance classification results. The distribution map aligns with the peripheral zone in the majority of test cases, which helps to minimise bias from features in other regions of the prostate.

We analyse the results of our research and propose several modifications. The investigated techniques could form the basis for a PCa computer aided diagnosis system, which is discussed.

J. F. Roscoe, "Automated diagnosis of prostate cancer with statistical models", PhD Thesis, Adran Cyfrifiadureg, Prifysgol Aberystwyth - Department of Computer Science, Aberystwyth University, 2018

Bitcoin Transaction Analysis with Machine Learning

Although the blockchain does not provide a link to real-world entities, it contains detailed information of all transactions. We employ state-of-the-art machine learning and visualisation to help analysts identify connected wallets.

J. F. Roscoe, J. Page and A. Healing, "Bitcoin Transaction Analysis with Machine Learning", Data Science for Cyber Security (DSCS), UCL, 2017

Teaching Computational Thinking by Playing Games and Building Robots

Computing in schools has gained momentum in the last two years resulting in GCSEs in Computing and teachers looking to up skill from Digital Literacy (ICT). For many students the subject of computer science concerns software code but writing code can be challenging, due to specific requirements on syntax and spelling with new ways of thinking required. Not only do many undergraduate students lack these ways of thinking, but there is a general misrepresentation of computing in education. Were computing taught as a more serious subject like science and mathematics, public understanding of the complexities of computer systems would increase, enabling those not directly involved with IT make better informed decisions and avoid incidents such as over budget and underperforming systems. We present our exploration into teaching a variety of computing skills, most significantly "computational thinking", to secondary-school age children through three very different engagements. First, we discuss Print craft, in which participants learn about computer-aided design and additive manufacturing by designing and building a miniature world from scratch using the popular open-world game Mine craft and 3D printers. Second, we look at how students can get a new perspective on familiar technology with a workshop using App Inventor, a graphical Android programming environment. Finally, we look at an ongoing after school robotics club where participants face a number of challenges of their own making as they design and create a variety of robots using a number of common tools such as Scratch and Arduino.

J. F. Roscoe, S. Fearn and E. Posey, "Teaching Computational Thinking by Playing Games and Building Robots", International Conference on Interactive Technologies and Games (iTAG), IEEE, 2014

Creative Computing with Minecraft

Computer Science in schools has gained momentum in the last two years resulting in GCSEs in the discipline and teachers looking to up-skill from Digital Literacy (ICT). This paper explores using the popular online 3D environment Minecraft as a tool for understanding computational thinking, computer aided design (CAD) and manufacturing.

E. Posey, S. Jones, P. Harter and J. F. Roscoe, "Creative Computing with Minecraft", A Child's World, AU, 2014

MR/TRUS data fusion for improved diagnosis and staging

Prostate cancer diagnosis is typically achieved through a series of PSA, DRE and TRUS biopsy procedures. As the cost, ease and availability of imaging changes, MR becomes a candidate for casual prostate cancer screening.

Current approaches to the fusion of MRI and US information tend to rely on manual intervention or bespoke technology.

Our research concerns automatic segmentation and matching of the prostate across modalities; including registration between common 2D TRUS and 3D MR. The outcome of this fusion will form the basis for clinical evaluation with respect to diagnosis and localisation of prostate cancer.

Ultrasound is a notoriously difficult imaging modality; by introducing information from MR we can provide urologists with a means of performing highly targeted biopsies where this is not typically possible. Not only could this work improve the accuracy of biopsy, but also provide further information for staging, thus enhancing clinical decision making ,leading to the most effective therapy

J. F. Roscoe, H. Dee and R. Zwiggelaar, "MR/TRUS data fusion for improved diagnosis and staging", International Conference on Prostate Cancer Prevention (ICPCP), EAU ISCaP, 2013

Acquisition of a priori Information from Groupwise Registration of Inter-Patient Prostate Boundaries in MR

Registration is a complex computer vision issue that can be simplified with the aid of prior knowledge. In this paper we present the application of the groupwise method known as congealing with prostate boundaries to derive a series of transforms that can be applied to other foci for registration. Congealing provides us with transformation vectors for each image that we apply to known tumour boundaries in order to obtain a probability distribution for use as prior knowledge in future work. In this way we are able to visualise tumour locations on an mean prostate representation and provide a ‘cancer prior’ for future prostate work. The results of our initial experiment demonstrate a reliable set of affine transforms for use with prostate MR.

J. F. Roscoe, H. Dee, P. Malcolm and R. Zwiggelaar, "Acquisition of a priori Information from Groupwise Registration of Inter-Patient Prostate Boundaries in MR", Medical Image Understanding and Analysis (MIUA), 2013

Coping with Noise in Ultrasound Images: A review

Ultrasound is notorious for having significant noise with a low signal-to-noise ratio. This inhibits the performance of segmentation and causes difficulty for clinical evaluation, thus noise reduction is paramount to achieving adequate segmentation in ultrasound images. Consequently, the modeling and handling of noise is a significant area of research. In this review paper we introduce the typical characteristics of noise in B-mode ultrasound and analyse th performance of multiple state-of-the-art methodologies for dealing with such noise. A similar paper was written by by Coupé et al. when they introduced OBNLM; though we provide an independent review and generalised description of the problem area. We also discuss the issue of typical image quality assessment methods and consider the impact speckle noise could have on ultrasound image analysis. Three state-of-the-art denoising algorithms (SRAD, SBF, and OBNLM) are evaluated using three different image quality assessment methods (SSIM, MSE and USDSAI) in comparison with traditional filters such as Lee’s. We worked with simulated phantom images, as well as prostate ultrasound images to assess these methods. SRAD and OBNLM seem to be the most effective algorithms and in our discussion we contemplate ways in which they might be further expanded.

J. F. Roscoe, H. Dee and R. Zwiggelaar, "Coping with Noise in Ultrasound Images: A review", Medical Image Understanding and Analysis (MIUA), 2012

Patents

J. F. Roscoe and R. Hercock, "Identifying Derivatives of Data Items", GB2015403.5, 2020

J. F. Roscoe and G. Gelardi, "Evolutionary network re-configuration", GB2008756.5, 2020

J. F. Roscoe and G. Gelardi, "Performance-based network fault localisation", GB2008755.7, 2020

J. F. Roscoe and M. Smith-Creasey, "Data interception protection". GB202003349D0, 2020

J. F. Roscoe, "Distributed transactional database consensus", GB202000129D0, 2020

C. White and J. F. Roscoe, "Improvements to digital transactions using quantum technology", GB202004695D0, 2020

J. F. Roscoe, "Compound transaction processing in a distributed sequential transactional database", GB201902807D0, 2019

J. F. Roscoe, "Proof of work adjustment for blockchain", GB201904021D0, 2019

J. F. Roscoe, J. Daniel and A. Healing, "CONFIGURING DISTRIBUTED SEQUENTIAL TRANSACTIONAL DATABASES", PCT/EP2020/057537, 2019

J. F. Roscoe, J. Daniel and A. Healing, "DISTRIBUTED SEQUENTIAL TRANSACTIONAL DATABASE SELECTION", PCT/EP2020/057538, 2019

J. F. Roscoe, "PROBABILISTIC SHARED SECRET VALIDATION", PCT/EP2019/085914, 2019

J. F. Roscoe, "ANOMALOUS BEHAVIOUR DETECTION IN A DISTRIBUTED TRANSACTIONAL DATABASE", PCT/EP2019/085913, 2019

J. F. Roscoe, "ACCESS CONTROL", PCT/EP2019/056065, 2018

Talks

"Blockchain Security and Analytics", Blockchain Expo Europe, 2020

"Simulation of Malware Propagation and Effects in Connected and Autonomous Vehicles", IEEE iCCECE, 2020

"Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks", IEEE Cyber Security, 2020

"Blockchain Analytics", IET Anglian Coastal Local Network, 2019

"Blockchain Security for Enterprise", IEEE UK & Ireland, 2019

"The role of AI and visual analytics", NCSC Workshop on Safety v Security: Challenges and Applications in the Cyber Security Era, UoS, 2019

"MR/TRUS data fusion for prostate cancer staging and diagnosis", Vision Group Journal Club, UoL, 2013

Awards

2020 E&T Excellence In Cyber Security

Connected and autonomous vehicles (CAVs) will see the spread of malware between vehicles. BT has developed Mobius, a cutting-edge geo analytics and malware simulation framework. Mobius enables anomaly detection and simulation for cyber physical traffic incidents. This will help detect, assess and prevent attacks on future vehicles.

2020 E&T Excellence In Cyber Security

2020 IEEE ISI Best Presentation Award

The "2020 IEEE ISI Best Presentation Award" will recognize an outstanding exhibition of research.

T. Andrade, M. Smith-Creasey and J. F. Roscoe, "Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations", International Conference on Intelligence and Security Informatics (ISI), IEEE, 2020 (Best Presentation Award)

2020 IEEE ISI Best Presentation Award

TEISS Information Security Award 2018

We won the overall Information Security award for our submission, "Visualisation and Automated Detection of Cryptocurrency Transactions for Cyber Investigations".

2018 TEISS Information Security Award

ITP Innovator of the Year 2018

Innovator of the Year, sponsored by Nokia

https://www.theitp.org/annual_dinner_2018/itp_awards_2018

This was awarded for work supporting analysts with new research tools relating to cryptocurrency forensics.

2018 ITP Innovator of the Year

2012 Aberystwyth University Outstanding Graduate Teaching Award

2011 BCS The Graduate (Second place)

Media

"This is Engineering: Meet Jonathan", BT Newsdesk / thisisengineering.org.uk, January 2019

"Inside BT's Suffolk campus where experts are waging cyber warfare" (print title: "BT's front line holding firm against threat of cyber attack"), The Telegraph, January 2019

"The new ‘virtual universe’ in Suffolk that’s on the frontline in Britain’s war against cybercrime", East Anglian Daily Times, January 2019

"ITP awards market high flyers", Comms Business, October 2018

"Building an image of the prostate slice by slice: PhD student's three years in the lab", Prostate Cancer UK, 2014

"Funding the future", Progress Issue 1 - Prostate Cancer UK, 2013

"Smart way to become an entrepreneur", Cambrian News, 2012

"Teaching Excellence", Aber News Issue 9, 2012

"Calling all bands for music CD", Carmarthen Journal, 2006