alphaspirit - Fotolia

HP sponsors cyber security research chair at Birmingham University

Five-year research collaboration agreement will support government efforts to address cyber security challenges

HP is sponsoring a cyber security research chair at the University of Birmingham for five years in support of government efforts to address the world’s most pressing cyber security challenges.

The role will be occupied by Mark Ryan, professor of cyber security at the university and an internationally recognised expert in the field.

Ryan will continue to manage the security and privacy group in the university’s school of computer science, but will scale back his teaching duties to focus on research with HP Labs in Bristol.

The security and privacy group is one of the GCHQ/Engineering and Physical Sciences Research Council (EPSRC) centres of excellence in cyber security research.

“This research chair is an incredibly exciting opportunity to work with a company that can complement the skills of academics and help bring theoretical ideas into practical realities,” Ryan told Computer Weekly.

“Academics are always looking for an opportunity to make an impact with their work, and this is a great opportunity to work with a company that is of a scale that it can change the world through new products and services.”

The valuation framework used by government for universities has a specific section on impact, and one of Birmingham University’s previous impact case studies was the work done by Ryan in 2008 in collaboration with HP.

The research identified design issues with version 1.2 of trusted platform module (TPM) chips that hold encryption keys specific to the host system for hardware authentication as a root trust for security systems, and Ryan hopes research through the new partnership will produce further impact case studies.

CyberInvest initiative

HP is among the first companies to sign up to the CyberInvest initiative by GCHQ and the Department for Culture, Media and Sport which is aimed at getting businesses more involved in cyber security research.

CyberInvest was announced in November 2015, and initially attracted 18 companies that pledged a total contribution of £6.5m to the scheme.  

HP’s investment in the research chair and its partnership with the university is also part of the company’s global commitment to cyber security research.

“Increasing pervasiveness of technology means cyber security will become even more important and challenging, making it a top priority to invest now in research and partnerships to address this issue,” said Simon Shiu, director of HP’s Security Lab.

“Academia, business and government each have different contexts, experiences and skillsets. It is critical for us to work together to successfully address our shared future cyber security challenges.

“Industrial research labs at HP and other companies have the perspective of being suppliers and some of the constraints in bringing a product to market as well as having some very talented architects, while academia has some of the freer thinkers who bring a different perspective, and the government is looking at the problem in terms of nation state interests and the broader economy.”

Different perspectives

Shiu said the new research chair is a critical step in bringing different perspectives together to make better progress by enabling deeper conversations over a longer period of time, which makes it quite different from other, shorter-term interactions with academics.

Academics are also independent and used to thinking about things from the point of view of society, rather than a specific shareholder or government perspective, said Ryan.

“I am not saying that academics will come up with all the answers, but their independence will be valuable in the complex debate that needs to take place about security and privacy,” he said.

HP Labs has a long-term research function that operates across all HP business units, but is separate and is primarily focused on security, Shiu told Computer Weekly.

“We typically look at things in the next three to 15-year timeframe at any technology that is relevant to the company that we could be de-risking,” he said.

Read more about cyber security

Security is a key topic, said Shiu, not just in terms of research and development for HP’s printers and PCs, but also as an area of potential innovation and an area that will be relevant to any future HP business.

“But we come at it from an industrial research lab’s perspective, and so the new partnership with Birmingham University is part of our goal to complement that with as many other research perspectives that we can, which typically involves working with universities,” he said.  

But Shiu said the research chair at Birmingham is different in that it is not directed at a single project, but is expected to explore several projects over the five-year term.

“It is more about collaboration around cyber security with someone who brings in a different set of skills and network of skills within the university, while sharing a long-term commitment to the cyber security journey,” he said.

Shiu said HP Labs’ current security research agenda is based around HP’s current and anticipated future business as an endpoint device infrastructure company.

“Our main agenda is around doing device architecture innovation for security and doing IoT [internet of things] security or some of the interconnecting and communications security for PCs and printers today and future cyber-physical systems and 3D printing,” he said.

Broader expertise

It is this research agenda that HP wants to complement with broader expertise through collaboration with Birmingham University, said Shiu.

“In working to transform technology in areas such as 3D printing using immersive computing and blended reality, the endpoint devices we are making are much richer in terms of cyber-physical interaction, and while we see so many new opportunities with that, there are also new risks and design challenges to make people feel safe, and so we recognise we need different kinds of thinkers on the team,” he said.

With HP’s focus on endpoint devices, Ryan said his research topics are likely to include working out how to support privacy and security for users in the context of the IoT.  

“In the coming years, we will see devices handling more data, and what happens to this data is the big concern from a security and privacy point of view,” he said.

Always a trade-off

Although Ryan believes privacy is important, he said there will always be a trade-off because providers of services need data to provide good services.

However, he said that as devices become increasingly intrusive and everything is mediated by computers, there will be a need to find ways to navigate the trade-offs and drawing the line.

“We will probably be looking for technologies that will be able to give us functionality that uses data, but without losing privacy as a result,” he said.

“Government also wants data for all sorts of reasons, including fighting crime and terrorism, but again we need to consider ways of knowing where to draw the line and of providing access to the data that they want in a way that most people’s privacy is maintained most of the time.”

Ryan concluded: “It is an interesting challenge for society, but also for computer scientists of coming up with ways of maximising the benefits of these trade-offs.”

Read more on Hackers and cybercrime prevention