Is this the end of usernames and passwords?

At the recent World Cyber Security Technology Research Summit hosted by CSIT I had the pleasure of scribing one of the breakout sessions titled “Is it the end of the road for username and password? If so what are the alternatives?”.

The answer, given recent high profile breaches, might surprise. It’s not as clear cut as you might think. One thing is for sure however. There is a huge amount of opportunity in this area.

Continue reading


So the last shall be first, and the first last: for many be called, but few chosen. #MWC13

This year Mobile World Congress has moved from Fira Monjuïc to Fira Gran Via. As csitphilip has already pointed out the site is MASSIVE.

As with last year we are exhibiting on the Invest Northern Ireland stand so we have been restricted in terms of stand location. Last year the stand was located in Hall 1. As a result we experienced phenomenal levels of walk up traffic from day one as congress attendees worked their way through the halls sequentially.

This year the traffic flow to the stand has been somewhat different.  Located in Hall 7 on the new site we have seen walk up traffic a little slower in the early part of the week and slowly improving as people work through the the 6 halls before us. Notwithstanding, while the footfall past the stand has been somewhat reduced the quality of visitors who have sought us out have been excellent meaning we have had more time to engage with them in a meaningful way.

Marketing activities in the run up to the show have been very targeted towards establishing links with a number of Tier 1 prospects as well as re-enforcing relationships with existing contacts, using MWC as an opportunity for some in-depth discussions around future partnerships and enhanced collaborations over the coming months.

Once again we have taken up the opportunity to speak at the UKTI Cyber Security in the Mobile World session. In his presentation Philip Mills talked about the Cyber Security from a UK perspective highlighting the approaches that the Cabinet Office, GCHQ, Research Councils UK, BIS and the Foreign Office are taking as well as the engagements that CSIT have with those organisations.

He then flagged up our work on machine learning approaches to mobile malware detection, particularly on Android, a particularly insidious problem. Our work on speaker verification was covered as well as how we are working on new mobile speaker verification applications and APIs through our Project Liopa.Liopa Logo

Device authentication using Physical Unclonable Functions (PUFs) developed at CSIT generated a lot of interest. We are involved with LG-CNS and ETRI in the design of the security architecture for an electric vehicle Infrastructure system for identification, authentication, secure access and secure communications for recharging. Our main focus in this phase is on secure authentication schemes used to manage the connection and interaction of devices to prevent unwanted illicit or unintentional activity (i.e., to protect financial transactions, user data queries or updates, price signals, energy distribution signals and other sensitive data flow).

As most recharging and service devices will be in physically exposed locations they need to be hardened against tampering, it is our aim to show that CSIT’s PUF technology integrated with an EV Infrastructure can provide this. We further want to show how PUF can be used to reduce the complexity and cost, whilst improving on existing authentication schemes.

Finally what technology talk would be complete without reference to Big Data! Philip outlined how our researchers on our ARIES Project (ARIES: Accelerated Real-time Information Extraction System) are using hardware acceleration to create intelligence and understanding from massive, complex data sets such as the Twitter fire-hose and our plans to extend this into attached images and video files.

Social and networking events such as the Network Intelligence Alliance party and Belfast Beers on the Northern Ireland stand provided by the excellent Hilden Brewing Company have provided an excellent way for us to chat with potential partner companies in a less formal environment but still tee up a couple of prospective projects with them – hopefully we will be in a position to announce those soon.

As csitphilip mentioned in his earlier post, beware party networking event serving staff bearing gifts of shellfish on silver platters.  I’ll be sticking to less risky canapés in future.


Mobile World Congress Day 3

Day 3 at MWC. Still decent crowds, but a little quieter than Tuesday.

I spent the first part of the day on booth duty, as csitdavid was feeling a bit under the weather after reacting badly to some shellfish at the Network Intelligence Alliance party networking event on Tuesday Night. One or two interesting visitors, including InvestNI Chief Executive Alastair Hamilton. He was here to do a quick check on the stand to see how companies were getting on, as well as a few FDI meetings, and trying to get a quick taste of the show. We had a decent chat with him, and he seemed impressed by what we’re doing. Another good visitor was the Head of Innovation from Telefonica in Spain. They are working with some university groups in Spain and are very interested in extending their reach. The area of cyber security is very interesting for them, so they are keen to collaborate. We plan to have a session in a few weeks time to share some of our work, and for them to describe some of their real world challenges.

In the middle of the day, I took a short walk to see what else is going on. I had a good chat at the Samsung stand where they have announced their new Bring Your Own Device (BYOD) offering, which is based on a secure element in the operating system kernel, which effectively splits the phone into two domains, one for business and one for personal. It’s an interesting offering, but I’m not sure it solves the BYOD problem of people bringing their own consumer devices into the workplace. It’s more of an enterprise offering that allows the user to do some personal stuff in a segregated way. Also took a look at the Nokia stand to see what their enterprise offerings were, but their stand was crowded, so the only thing I was able to get a quick look at was some 3D printing of cases for the new Lumia. Cool stuff!! Need to get back there tomorrow and hopefully the stand will be quieter.

Late in the afternoon it was time for Belfast Beers again, as we had somehow failed to drink it all the day before! We had arranged for the guys from Napatech to come and have a beer as they had missed out on Tuesday. They turned up en masse, and we had a great chat about cyber security, lawful interception, innovation culture and how they could collaborate more with both CSIT and TitanIC. We also had a few laughs and shared some great stories. A great bunch of guys and I’m really looking forward to trying to work with them.

The evening was a quiet one, as fatigue is starting to set in, so a beer and some fantastic tapas at a great place called Cachitos was enough for us. One more day to go!!!!

Mobile World Congress Day 2

This promises to be the busiest day for me. First up, I presented at the UKTI session on Cyber Security in the Mobile World. Other speakers included James Moran (GSMA), Mike Slinn (Rockshore – vendor of BYOD solutions), Charles Brookson (ETSI Security) Geoff Anderson (PixelPin – authentication solutions) and Anu Puhakainen (Ericsson).

As the only person presenting from a cyber security perspective, my slides covered a general overview of the UK cyber security strategy, some of the initiatives falling out of it, and then a quick look at some of our own technologies that are relevant to the mobile space, including mobile malware classification, Physical Unclonable Function (PUF), lip biometrics and big data analysis.

There seems to be some genuine interest in the technology areas, and people seem impressed with what we are doing!! After the presentations, there was an open discussion, which was lively and interesting, covering topics like malware, biometrics, privacy, cyber insurance and cyber crime. I had some good follow on discussions with the panellists and representatives from CESG, NEC and Telcordia.

Stand duty followed for the next couple of hours, and then at 4.30 it was Belfast Beer time on the InvestNI stand. Hilden Breweries were the suppliers of the drinks, which included Belfast Blonde, Molly’s Chocolate Stout, Titanic Quarter Beer and more. Lots of visitors to the stand (can’t imagine why!) including our friends from BIS, CESG, NTAC, Napatech, Telcordia and Ulticom.

At 7pm, it was time to leave and head over to the Network Intelligence Alliance party for beers and tapas. Hats off to Erik Larsson and Madeleine Renouard from Qosmos who run this event, they seem to draw a great crowd, lots of banter, and some great chat about DPI, lawful interception, traffic analysis, and what people think of e new venue!!!

Finished off the evening in a little bar near the hotel, watching the second half of El Classico. Unfortunately Barca were duffed by Real Madrid, so the atmosphere wasn’t great!!!

Mobile World Congress Day 1

Mobile World Congress 2013. Back in Barcelona, but with a new location, and new layout promising to be bigger and better than ever. First impression is that this place is vast!!! 8 halls in total, spread over a huge conference centre, with a walk of around three quarters of a mile from one end to the other. Big crowds around halls 1 and 2, but progressing thought the halls, the crowds start to diminish slightly. In Hall 7, where our stand is, traffic is a little slow, but a few interesting visitors nonetheless.

It’s hard to see a single dominant theme with so many disparate companies including handset manufacturers (Samsung stand is huge), equipment vendors (Huawei the biggest), apps vendors (mostly in the appropriately named App Planet), operators (in the Operators Village, surprisingly), integrators (Amdocs, Fujitsu), and a host of small companies selling everything from pico cell masts to handset covers, satellite dishes to graphics chips, fraud solutions to cyber security (that would be us). I’m looking forward to walking the floors for a bit over the next couple of days to see what’s out there.