Tuesday, 29 November 2011

Clarification required - two types of Open Innovation

There seems to be two types of open innovation being discussed and it is not always clear what is being referred to. One is the sort described and promoted by Henry Chesborough in his book ‘Open Innovation’. This refers to the concept that corporate technology research should be far more open to external sources and destinations for innovations. The second type, not covered here, is the use of customer feedback, crowd sourcing, social media etc. to provide open inputs into the commercial innovation process. This latter form is much closer to marketing, new product development and consumer issues, whereas the first type has the potential to radically improve the flow of knowledge and research between industry and universities. This is what particularly interests me.

Sunday, 20 November 2011

The 5 Aims of Information Security Research

The aim of information security research, it seems to me, is to understand, and thereby directly or indirectly improve security. There are five main objectives of security research:

1) To improve security in an organisational context;
2) To improve security at a particular point, or component, of technology;
3) To quantify, assess or manage security;
4) To integrate security into an otherwise insecure system, process or architecture;
and finally...
5)       To break security.

Monday, 14 November 2011

Information Security Research Resources

This link provides a great list of academic, industry and government sector resources on information security research.

Monday, 7 November 2011

Replacing passwords - easier tech than done

Replacing passwords has become a bit of a holy grail for cyber security startups. About 5 years ago I first came across a company proposing typing characteristics as a biometric login, and there seem to be a number of companies attempting something like that still. At VentureFest Bristol I came across PixelPIN who use images to replace passwords, and earlier this year I became aware of GridSure who use a pattern embedded in a varying grid of characters, as a one time password. I am not sure why technologies like these latter two have not taken off. They would seem to be potentially more secure than passwords and have lower maintenance costs - the costs of helping users who forget their passwords.

Saturday, 17 September 2011

Attacks Against Process Control Systems: Risk Assessment, Detection and Response

The sophistication of new malware attacking control systems includes targeted zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities. This paper shows how to incorporate knowledge of the physical system under control to detect attacks that change the behavior of the targeted control system.

Monday, 11 April 2011

Clouds for a Clear View of Security

Security issues for cloud computing are rightly high on the cyber security agenda. How can you be sure your cloud provider is doing enough about security?  A number of new technologies are also emerging which claim to focus on the risks of cloud computing. In the long term, the market for cloud computing could be a great boon for security. Cloud providers will have to compete on their security status, which means they will have to be transparent and judged on their security merits. This will lead to stronger security all round. There is still too much confusion, obscurity and obfuscation in the security market at the moment.

Thursday, 13 January 2011

Robotics - from Science Fiction to Fact?

I have been fascinated to see the developments in robotics technologies over the last few years. It seems to me that their is a tipping point approaching, where advances in areas such as video analytics, autonomy and intelligence, robotic dexterity, and manouevrability will lead to highly useful robots with the potential for wide ubiquity in society. A trend definitely worth tracking. Science fiction could become fact faster than we think! I have linked to some interesting companies and research, to whet your appetite.

Tuesday, 4 January 2011

Mobile phone call privacy under threat

The gradual improvement in the effectiveness of attacks on the GSM network has progressed ever since the encryption algorithm used became open, and weaknesses were identified. Improvements in processing power have allowed faster key searches, and now new research breaks further aspects of the GSM architecture to crack the encryption using simple hardware. It wont be long before commercial eavesdroppers will be available cheaply. My guess is that new security and encryption will have to be added to GSM, somehow, and soon.