Written Evidence - Cyber resilience of the UK's critical national infrastructure

This written evidence focuses on the cyber threats to OpenRAN architecture and functions. OpenRAN will be the foundation of the next-generation of communication networks, which are essential for the UK digital economy and interconnecting the national critical infrastructure-based services. While the focus on OpenRAN might seem very narrow, it is of paramount importance to address the security challenges posed by its openness, softwareisation, virtualisation, and disaggregation of networking devices/functions, which will be at the core of the UK’s future mobile networks. Note that this written evidence will address fully or partially three of the six topics in the call for evidence

Secure and Privacy-Aware Cloud-Assisted Video Reporting Service in 5G Enabled Vehicular Networks

Vehicular networks are one of the main technologies that will be leveraged by the arrival of the future fifth generation (5G) mobile cellular networks. While scalability and latency are the major drawbacks of IEEE 802.11p and 4G LTE enabled vehicular communications, respectively, the 5G technology is a promising solution to empower the real-time services offered by vehicular networks. However, the security and privacy of such services in 5G enabled vehicular networks need to be addressed first. In this paper, we propose a novel system model for a 5G enabled vehicular network that facilitates a reliable, secure and privacy-aware real-time video reporting service. This service is designed for the participating vehicles to instantly report the videos of traffic accidents to guarantee a timely response from official and/or ambulance vehicles toward accidents. While it provides strong security and privacy guarantees for the participating vehicle’s identity and the video contents, the proposed service ensures traceability of misbehaving participants through a cooperation scheme among different authorities. We show the feasibility and the fulfilment of the proposed reporting service in 5G enabled vehicular networks in terms of security, privacy and efficiency

DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications

Situation-Aware QoS Routing Algorithm for Vehicular Ad hoc Networks

A wide range of services has been developed for Vehicular Ad hoc Networks (VANETs) ranging from safety to infotainment applications. An essential requirement for such services is that they are offered with Quality of Service (QoS) guarantees in terms of service reliability and availability. Searching for feasible routes subject to multiple QoS constraints is in general an NP-hard problem. Besides, routing reliability needs to be paid special attention as communication links frequently break in VANETs. In this paper, we propose employing the Situational Awareness (SA) concept and an Ant Colony System (ACS) based algorithm to develop a Situation-Aware Multi-constrained QoS (SAMQ) routing algorithm for VANETs. SAMQ aims to compute feasible routes between the communicating vehicles subject to multiple QoS constraints and pick the best computed route, if such a route exists. To mitigate the risks inherited from selecting the best computed route that may turn out to fail at any moment, SAMQ utilises the SA levels and ACS mechanisms to prepare certain countermeasures with the aim of assuring a reliable data transmission. Simulation results demonstrate that SAMQ is capable of achieving a reliable data transmission as compared to the existing QoS routing algorithms even when the network topology is highly dynamic

Secure and Privacy-Aware Proxy Mobile IPv6 Protocol for Vehicle-to-Grid Networks

Vehicle-to-Grid (V2G) networks have emerged as a new communication paradigm between Electric Vehicles (EVs) and the Smart Grid (SG). In order to ensure seamless communications between mobile EVs and the electric vehicle supply equipment, the support of ubiquitous and transparent mobile IP communications is essential in V2G networks. However, enabling mobile IP communications raises real concerns about the possibility of tracking the locations of connected EVs through their mobile IP addresses. In this paper, we employ certificate-less public key cryptography in synergy with the restrictive partially blind signature technique to construct a secure and privacy-aware proxy mobile IPv6 (SP-PMIPv6) protocol for V2G networks. SP-PMIPv6 achieves low authentication latency while protecting the identity and location privacy of the mobile EV. We evaluate the SP-PMIPv6 protocol in terms of its authentication overhead and the information-theoretic uncertainty derived by the mutual information metric to show the high level of achieved anonymity

Secure Proximity-Based Identity Pairing using an Untrusted Signalling Service

New protocols such as WebRTC promise seamless in-browser peer-to-peer communications that in theory remove the need for third-party services. In practice, widespread use of Firewalls, NATS and dynamic IP addresses mean that overlay addressing or use of some fixed rendezvous point is still needed. In this paper we describe a proximity-based pairing scheme that uses a signalling service to minimise the trust requirements on the third party, achieving anonymity and avoiding the need for PKI, while still requiring only a simple asymmetric pairing protocol

Rail Internet of Things: An Architectural Platform and Assured Requirements Model

Given the plethora of individual preferences and requirements of public transport passengers for travel, seating, catering, etc., it becomes very challenging to tailor generic services to individuals’ requirements using the existing service platforms. As tens of thousands of sensors have been already deployed along roadsides and rail tracks, and on buses and trains in many countries, it is expected that the introduction of IP networking will revolutionise the functionality of public transport in general and rail services in particular. In this paper, we propose a new communication paradigm to improve rail services and address the requirement of rail service users: the Rail Internet of Things (RIoT). To the best of our knowledge, it is the first work to define the RIoT and design an architectural platform that includes its components and the data communication channels. Moreover, we develop an assured requirements model using the situation calculus modelling to represent the fundamental requirements for adjustable, decentralised feedback control mechanisms necessary for the RIoT-ready software systems. The developed formal model is applied to demonstrate the design of passenger assistance software that interacts with the RIoT ecosystem and provides passengers with real-time information that is tailored to their requirements with runtime adaptability. Keywords—Assistance; Assured model; Inclusive; IoT; Rail Internet of Things (RIoT); Situation Calculu

A Trust-based Cooperative System for Efficient Wi-Fi Radio Access Networks

This paper proposes a novel trust-based cooperative system to facilitate efficient Wi-Fi network access trading to solve the network congestion problem in a beneficial manner for both service providers and customers. The proposed system enables service providers to improve their users’ application performance through a novel cooperative Access Point (AP) association solution. The system is based on a Software-Defined Wireless Network (SDWN) controller, which has a global view of users’ devices, requirements, and APs. The SDWN controller is supported by Smart Contracts (SCs) as code of law, to liaise control among service providers according to the terms of their mutual agreements. Evaluation results in dense Wi-Fi network environments show how the system can significantly improve the overall performance for the cooperating network. Specifically, the results have been compared against the standard AP association approach and other centralised algorithms dealing with the same problem, in terms of the data bit rate provided to the users’ stations (STAs), Quality of Experience (QoE), bandwidth and energy consumed by the APs

Secure Semi-Automated GDPR Compliance Service with Restrictive Fine-grained Access Control

Sharing personal data with service providers is a contentious issue that led to the birth of data regulations such as the EU General Data Protection Regulation (GDPR) and similar laws in the US. Complying with these regulations is a must for service providers. For users, this compliance assures them that their data is handled the way the service provider says it will be via their privacy policy. Auditing service providers’ compliance is usually carried out by specific authorities when there is a need to do so (e.g., data breach). Nonetheless, these irregular compliance checks could lead to non-compliant actions being undetected for long periods. Users need an improved way to make sure their data is managed properly, giving them the ability to control and enforce detailed, restricted access to their data, in line with the policies set by the service provider. This work addresses these issues by providing a secure semi-automated GDPR compliance service for both users and service providers using smart contracts and attribute-based encryption with accountability. Privacy policies will be automatically checked for compliance before a service commences. Users can then upload their personal data with restrictive access controls extracted from the approved privacy policy. Operations’ logs on the personal data during its full lifecycle will be immutably recorded and regularly checked for compliance to ensure the privacy policy is adhered to at all times. Evaluation results, using a real-world organisation policy and example logs, show that the proposed service achieves these goals with low time overhead and high throughput

Heterogeneous Signcryption Scheme with Group Equality Test for Satellite-enabled IoVs

With the growing popularization of the Internet of Vehicles (IoVs), the combination of satellite navigation system and IoVs is also in a state of continuous improvement. In this paper, we present a heterogeneous signcryption scheme with group equality test for IoVs (HSC-GET), which avoids the adversaries existing in the insecure channels to intercept, alter or delete messages from satellite to vehicles. The satellite is arranged in an identity-based cryptographic (IBC) system to ensure safe and fast transmission of instruction, while the vehicles are arranged in certificateless cryptosystem (CLC) to concern the security of the equipment. In addition, the group granularity authorization is integrated to ensure the cloud server can only execute the equality test on ciphertext generated by the same group of vehicles. Through rigorous performance and security analyses, we observe that our proposed construction reduces the equality test overhead by about 63:96%, 81:23%, 80:84%, and 54:98% in comparison to other competitive protocols. Furthermore, the confidentiality, integrity and authenticity of messages are guaranteed