Skip to navigation Skip to content

Oxford University – Cyber Security Oxford


Driving major developments in the theory and practice of cyber security


Countering Online Hate Speech (UNESCO)

Hate speech online is situated at the intersection of multiple tensions: it is the expression of conflicts between different groups within and across societies; it is a vivid example of how technologies with a transformative potential such as the Internet bring with them both
opportunities and challenges; and it implies complex balancing between fundamental rights and principles, including freedom of expression and the defence of human dignity.
As the UN agency with a specific mandate to foster freedom of expression, and its corollaries, press freedom and freedom of information, UNESCO is actively working to promote mutual
knowledge and understanding of peoples, through all means of mass communication, including the Internet in general, and social networking platforms in particular. Read the rest.
(Oxford co-author Danit Gal).


Investigating the leakage of sensitive personal and organisational information in email headers

Email is undoubtedly the most used communications mechanism in society today. Within business alone, it is estimated that 100 billion emails are sent and received daily across the world. While the security and privacy of email has been of concern to enterprises and individuals for decades, this has predominately been focused on protecting against malicious content in incoming emails and explicit data exfiltration, rather than inadvertent leaks in outgoing emails. In this paper, we consider this topic of outgoing emails and unintentional information leakage to better appreciate the security and privacy concerns related to the simple activity of sending an email. Specifically, our research seeks to investigate the extent to which potentially sensitive information could be leaked, in even blank emails, by considering the metadata that is a natural part of email headers. Through findings from a user-based experiment, we demonstrate that there is a noteworthy level of exposure of organisational and personal identity information, much of which can be further used by an attacker for reconnaissance or develop a more targeted and sophisticated attack. Read the rest

Responsible Research and Innovation in ICT: Summary of key issues, recommendations, challenges and enablers

This report describes the current perception of ‘ethics in ICT’ through preliminary findings from a landscape study. This study included sixty-seven interviews with a broad range of stakeholders including HE ICT researchers at various stages in their careers, as well as portfolio managers and senior managers at the EPSRC who maintain and influence the ICT portfolio within the organisation. We also interviewed potential beneficiaries of ICT research including charities, professional organisations, and industry. We provide a summary of key issues, recommendations, barriers and enablers to the implementation of Responsible Research and Innovation in ICT. Read the rest

Realities and Challenges of NextGen Air Traffic Management: The Case of ADS-B

Air traffic is continuously increasing worldwide, with both manned and unmanned aircraft looking to coexist in the same airspace in the future. Next generation air traffic management
systems are crucial in successfully handling this growth and improving the safety of billions of future passengers. The Automatic Dependent Surveillance Broadcast (ADS-B) system is a core part of this future. Unlike traditional radar systems, this technology empowers aircraft to automatically broadcast their locations and intents, providing enhanced situational awareness. This article discusses important issues with the current state of ADS-B as it is being rolled out. We report from our OpenSky sensor network in Central Europe, which is able to capture about 30 percent of the European commercial air traffic. We analyze the 1090 MHz communication channel to understand the current state and its behavior under the increasing traffic load. Furthermore, the article considers important security challenges faced by ADS-B. Our insights are ntended to help identify open research issues, furthering new interest and developments in this field. Read the rest

Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication

We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard. Read the rest