Information leakage via side channels is a widely recognised threat to cyber security: in particular small devices are known to leak information via physical channels (power consumption, electromagnetic radiation, and timing behaviour). Side channel leakage provides skilled adversaries with information about otherwise secret internal variables, which can ultimately lead to complete security breaches in the form of secret key (or data) recovery. For small embedded devices, which feature architectures of limited complexity (i.e. a small number of pipeline stages, few data and/or address buses), the nature of the leakages can be appropriately modelled using statistical tools such as regression analysis or by estimating (multivariate) normal distributions. Our research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such devices by utilising a priori derived (instruction level) leakage models. Aiming to allow engineers with limited domain-specific knowledge to do just this, and hence improve the quality of software they develop, our overarching goal is: based on the development of a suitable instruction-level leakage model (for a device) plus specification of cryptographic primitives, we will explore techniques that allow sound assessment of leakage-related attacks on associated implementations without the need for a fully equipped side channel lab.

Within the next few years the number of devices connected to each other and the Internet will outnumber humans by almost 5:1. These connected devices will underpin everything from healthcare to transport to energy and manufacturing. At the same time, this growth is not just in the number or variety of devices, but also in the ways they communicate and share information with each other, building hyper-connected cyber-physical infrastructures that span most aspects of people's lives. For the UK to maximise the socio-economic benefits from this revolutionary change we need to address the myriad trust, identity, privacy and security issues raised by such large, interconnected infrastructures. Solutions to many of these issues have previously only been developed and tested on systems orders of magnitude less complex in the hope they would 'scale up'. However, the rapid development and implementation of hyper-connected infrastructures means that we need to address these challenges at scale since the issues and the complexity only become apparent when all the different elements are in place. There is already a shortage of highly skilled people to tackle these challenges in today's systems with latest estimates noting a shortfall of 1.8M by 2022. With an estimated 80Bn malicious scans and 780K records lost daily due to security and privacy breaches, there is an urgent need for future leaders capable of developing innovative solutions that will keep society one step ahead of malicious actors intent on compromising security, privacy and identity and hence eroding trust in infrastructures. The Centre for Doctoral Training (CDT) 'Trust, Identity, Privacy and Security - at scale' (TIPS-at-Scale) will tackle this by training a new generation of interdisciplinary research leaders. We will do this by educating PhD students in both the technical skills needed to study and analyse TIPS-at-scale, while simultaneously studying how to understand the challenges as fundamentally human too. The training involves close involvement with industry and practitioners who have played a key role in co-creating the programme and, uniquely, responsible innovation. The implementation of the training is novel due to its 'at scale' focus on TIPS that contextualises students' learning using relevant real-world, global problems revealed through project work, external speakers, industry/international internships/placements and masterclasses. The CDT will enrol ten students per year for a 4-year programme. The first year will involve a series of taught modules on the technical and human aspects of TIPS-at-scale. There will also be an introductory Induction Residential Week, and regular masterclasses by leading academics and industry figures, including delivery at industrial facilities. The students will also undertake placements in industry and research groups to gain hands-on understanding of TIPS-at-scale research problems. They will then continue working with stakeholders in industry, academia and government to develop a research proposal for their final three years, as well as undertake internships each year in industry and international research centres. Their interdisciplinary knowledge will continue to expand through masterclasses and they will develop a deep appreciation of real-world TIPS-at-scale issues through experimentation on state-of-the-art testbed facilities and labs at the universities of Bristol and Bath, industry and a city-wide testbed: Bristol-is-Open. Students will also work with innovation centres in Bath and Bristol to develop novel, interdisciplinary solutions to challenging TIPS-at-scale problems as part of Responsible Innovation Challenges. These and other mechanisms will ensure that TIPS-at-Scale graduates will lead the way in tackling the trust, identity, privacy and security challenges in future large, massively connected infrastructures and will do so in a way that considers wider sosocial responsibility.