In 2015, InternetNZ provided a research grant of $9000 to CROW’s Dr Ryan Ko and Dr Sivadon Chaisiri to conduct a statistical survey of New Zealanders’ mobile security awareness. The researchers conducted the survey of New Zealand citizens and long-term visa holders’ awareness of and knowledge about cyber security threats when they use mobile devices connected to the Internet.
In 2015, the Office of the Privacy Commissioner provided a grant of $21,799 from its Privacy Good Research Fund to CROW to research ways of enabling parents to control their children’s privacy online. The project, Parent-centric Privacy Framework for a Safe Cyber Environment for Children, will be released publicly on completion.
Led by the University of Waikato’s Dr Ryan Ko, STRATUS is a six-year, $12.2 million cyber security project, funded by the New Zealand Government’s Ministry of Business, Innovation, and Employment (MBIE). This ground-breaking project will create a range of security tools, techniques and capabilities which return the control of data to Cloud computing users. The overall aim of the project is to empower users to be able to control the security of their data in the Cloud without the need of third parties. The project also aims to develop tools and services which can be commercialised.
Work on STRATUS began in 2014 and is being carried out by a team of leading Cloud security researchers and practitioners from the University of Waikato, the University of Auckland, Unitec Institute of Technology and the Cloud Security Alliance.
For more information on the project, visit the STRATUS website here https://stratus.org.nz
Completed Summer Scholar Research
Matthew Law – Who has attacked my Cloud? Analysing Large Provenance Datasets
Adam Fleming – Military-grade Android
Campbell Lockley – Building a Cyber Range in OpenStack
Completed Honours Research
Thye Way Ng – Practical Partially Homomorphic Encryption
Cameron Brown – Provenance Log Visualisation with WebGL
Matthew Law – Quick Identification of Vulnerabilities and Attribution of Attackers in Very Large Cloud Environments
Craig Scoon – Project RifleRange
Cameron Rodgers – Windows Progger
Marc Tiehuis - Partially Homomorphic Encryption Cloud Service
Daniel Manning - Training Cyber Security Concepts with Project RifleRange (Part 1)
Rosjier Lammers - Training Cyber Security Concepts with Project RifleRange (Part 2)
Josh Hollinshead - Am I being spied on my phone? (FCMS Honours Research Conference Best Presentation Award 2014)
Rafael Shuker - Developing a de facto Benchmark Data Set for Provenance Research
Thomas Wallace - Surveying the Realities of Data Security and Privacy Perceptions
Mickey Law - Improving Security of Facebook Sharing
Caine Jameson - Cloud Security for Personal Data Using a Tamper/Attack Resistant Smart Personal Device
Julian Melchert - Security and Privacy for Skype Communication
Mathew Andela - Mobile communication security for personal data using tamper/attack resistant smart personal device.
Andrew Mackintosh - Disaster Resilient, Secure, and Privacy-Preserving Crowd based Mobile Network (FCMS Honours Research Conference Best Presentation Award Runner-Up 2014)
Brandon Nicholson - Mobile Voting (M-Voting) for Democracies of the Future (FCMS Honours Research Conference Best Project Award Runner-Up 2014)
Sjoerd de Feijter - Simulation and Study of the impact of Relay Attack on the Contactless Smart Cards
Sam Shute - Mobile Handset based EFTPOS
Shayne Kiekebosch – Ransomware – Process, Mitigation and Prevention
Ben Pickett – Social Media Footprinting – Process, Mitigation and Prevention
Ting Gao (COMP520) - Detection of Data Leakage Caused by Malware
Grace Ng (COMP 520) – Building a Cloud Computing Testbed Environment -
Matt Hunter (COMP 520) – Discovery of Security Vulnerabilities in Cloud Services -
Robbie Litchfield (COMP 520) – Development of a Cyber Security Game - (Co-supervised with Bill Rogers)
Gavin Downes (COMP 520) – Film Recommendation Algorithm - (Co-supervised by David White, IndieReign)
Current Honours Research
Anthony Meehan – Merging the Homomorphic encryption and Deep Learning paradigms, to create powerful machine learning models that can operate on encrypted information.
Current Masters Research
Jeffrey Yeh (MCS Thesis) – Topic TBD
Milton Markose (MSc Thesis) – Monitoring and Reducing Cloud Computing Vulnerabilities, Failures and Outages
Akshay Nehate (MSc Thesis) – Research areas: Rapid Disaster Recovery, Network and Server Monitoring
Completed Masters Research
Shaun Stricot-Tarboton (Submitted MCS Thesis) – HTTPS Man-In-The-Middle Attack Counter-Measures
Sjoerd de Feijter (Submitted MCS Thesis) – Requirements for Secure Storage of Credentials for Smart Devices
Saurabh Naik (MCS Thesis) – Intrusion Detection System for Vehicle CAN Bus – with Dr Sivadon Chaisiri
Mickey Law Tsz Fung - Mapping cloud data governance
Jeffrey Garae (MCS Thesis) - User-centric visualisation of data provenance
Baden Delamore (MSc Thesis) – Web Vulnerability Analysis with Enhanced Risk Realisation
Mohammad BaniTaha (MEng Thesis) – Tamper-Evident Provenance
Current PhD Research
Mark Will - Practical Fully Homomorphic Encryption with Prof. Ian Witten (Winner of the University of Waikato Outstanding PhD Scholar Award 2014)
Alan Tan - Data Provenance from Data – with Prof. Geoff Holmes
Jeff Garae - Effective visualisation for security over mobile devices – with Prof. Mark Apperley
Sam Shute - Attribution of Threats Based on Provenance Data – with Dr Richard Nelson
Stephen Eichler - Implementing Internet black hole and topology analysis with large numbers of vantage points - with Dr. Richard Nelson
Completed PhD Research
Michael Rinck - completed July 2015 - Connecting Information: Detecting and Tracing Object Evolution - with Dr. Annika Hinze, Assoc. Prof. Steve Jones and Assoc. Prof. David Bainbridge
University of Waikato - NZ Police Security and Crime Science Research Priorities Workshop.
Dr Ryan Ko co-chaired this workshop, which included 31 representatives from the University of Waikato, New Zealand Police, Corrections, Waikato District Health Board, Transport Design Group and security software design company Auror. It formulated 15 cross-disciplinary research priorities to be explored for future research opportunities.
Vodafone survey results – Cyber Security New Zealand SME landscape 2014
Colmar Brunton and the University of Waikato were commissioned by Vodafone New Zealand to conduct quantitative primary research with 500 IT decision makers across New Zealand to capture an accurate snapshot of how aware and prepared New Zealand Companies are for potential cyber security threats. The survey showed “there is room for improvement in terms of business’ awareness of IT security policy guidelines and education on modern cyber security threats and how to prevent them.
ISO security guidelines for design and implementation of virtualised servers
Server virtualisation technologies are becoming increasingly utilized in IT server infrastructures to provide cost advantages such as multi-tenancy, adaptation to unforeseen server loads, data center consolidation and physical server usage maximisation. This trend is expected to continue as is the widespread growth of cloud computing adoption. However, internationally-aligned security guidelines for the effective identification and management of newly-introduced server virtualisation complexities and risks are lacking.
There is an urgent need to address the newly introduced complexities and security risks, while complementing existing traditional security standards. These new security risks in server virtualization technologies are broadly classified into three types:
Architectural vulnerabilities, hypervisor vulnerabilities and configuration and provisioning risks.
The resulting international standard will benefit any organisation using and/or providing virtualised servers.
The data privacy matrix
There is a need for clarification around data privacy legislation from various jurisdictions around where and how data may be stored or processed. To do that, we need to visit the legislation governing data privacy, and explore their current gaps and the possibility of aligning them towards a common matrix, much like a ‘rosetta stone’ for prominent data privacy laws around the world.
This project aims to create an easy-to-follow matrix for users and vendors to use as a guide for basic data privacy laws which protect themselves and their data. Cloud services are often spread over multiple jurisdictions or countries. We need to know if a certain aspect of data privacy means the same thing across the regions around the world.
Progger (Provenance Logger) is a kernel-space logger designed to track data activity in cloud systems. It has the potential to empower cloud stakeholders (users) by allowing them to trace what has happened to their data in the cloud. It can also be used by security analysts to collect provenance data from the lowest possible atomic data actions, and enables several higher-level tools to be built for effective end-to-end tracking of data provenance. Progger has been implemented to be tamper-evident, accurately synchronise timestamps across several machines, efficiently log the root usage of the system and reduce clutter in the log files.