PROJECT HONEYCOMB
The UK Government announced their new National Cyber Strategy 2022 to ensure that the country remains confident, capable, and resilient in the digital world. Innovate UK, part of UK Research and Innovation, a government funded research programme, is spearheading new and practical developments in cyber security, offering tangible benefits across industry sectors including the energy, automotive and medical fields.
The University of Oxford (Engineering Science Department) and UK cyber security company CyberHive have been selected to be part of one of the four funded projects sponsored by Innovate UK and the National Cyber Security Centre, to drive an understanding of how the Digital Security by Design (DSbD) approach, can reduce risk from cyber attacks.
Our project is currently developing a next generation digital communication technology combining the latest cyber security hardware, specially enhanced software development tools and advanced quantum-safe communications technology. This will enable greater resilience to near-term and future cyber threats – making it harder to infiltrate network infrastructure or endpoints, and remotely take control or extract sensitive information.
Innovate UK
Innovate UK is the UK’s innovation agency. They help UK businesses to grow through the development and commercialisation of new products, processes and services, supported by an outstanding innovation ecosystem that is agile, inclusive and easy to navigate.
Innovate UK helps companies, through three strands of activity:
· inspire: to make the opportunity visible and compelling
· involve: to bring relevant organisations and people together
· invest: to convene the resources needed, including our own.
They help companies access the expertise and equipment they need, build the partnerships that will help them go faster, and fund the innovation work through grants or loans.
Innovate UK supports the best ideas from business, as determined through free and fair competition.
Launched in April 2018, UK Research and Innovation (UKRI) is a non-departmental public body sponsored by the Department for Science, Innovation and Technology (DSIT).
Project partners
University of Oxford - Department of Engineering Science
Engineering teaching and research takes place at Oxford in a unified Department of Engineering Science. Our academic staff are committed to a common engineering foundation as well as to advanced work in their own specialities, which include most branches of the subject. We have especially strong links with computing, materials science and medicine.
This broad view of engineering, based on a scientific approach to the fundamentals, is part of the tradition that started with our foundation in 1908 – one hundred years of educating great engineers, and researching at the cutting edge!
CyberHive
With over 20 years’ expertise, CyberHive brings you a new standard in cyber security.
Helping to protect your data not only from external threats, but also from any security lapses by employees, which could damage your business reputation and even result in a loss in revenue.
CyberHive offer innovative, scalable and secure solutions from the Trusted VPN, Gatekeeper for Microsoft Office 365Office, the award winning Trusted Cloud, and CyberHive Connect.
Industry participation
UK industry views are of great interest to us for shaping this project. It is a multi-year practical project, with significant backing from Innovate UK and is directed at seeding tangible benefits into UK industry. One thread of the project will be to establish an ongoing forum of domain experts and leaders who can provide insightful council to our work to make sure it stays laser focused on real issues in the target sectors. Ultimately, we will be seeking industry partners with the vision and ability to host trial integrations of our hardware and software product stack into their environment (such as a test or proving environment) to gain real insight into the achievable benefits specific to the target sector or wider.
Why? Why? Why? Our key technologies
The project is working with four key technologies. Here, project team member Dr. Martin Higgins from University of Oxford, considers the relevance of these to meeting future cyber security challenges.
It’s hard to write perfect code. The constraints of time, money, head count and the ability of coders limits how often perfectly safe code can be produced. Also, often code needs to be imperfect by design in order to do the more interesting operations that novel businesses perform. CHERI aims to solve the issues with code made unsafe by memory allocation issues. Many zero day vulnerabilities exploit issues in memory buffers. One of the most popular and easiest way to do this is via a buffer overflow attack which simply puts more data into a buffer than it is capable of holding. The consequences of this can be severe, for example we’ve seen password protect code bypassed outright with poorly written C code which runs the password comparison. What CHERI does is provide an environment where these kind of memory allocation issues cannot occur by design. Allocation options are effectively limited ensuring that code can only be run which is memory consistent and doesn’t violate the precepts of the CHERI framework. This framework effectively removes a whole host of potential zero day vulnerabilities from the underlying code base. It also acts a tacit form of a trusted cloud environment as only code which has been compiled on a CHERI compatible compiler will be able to run on a CHERI enabled chipset reducing the attacks abilities to install attack vectors on a device. This will be particular useful for distributed tech which maybe otherwise easy to install code onto such as energy infrastructure.
Rust is a general-purpose coding language that provides enhanced memory security. Rust runs in direct competition to languages like C/C++ by being an incredibly efficient with excellent performance for most applications. However, unlike these languages Rust comes insured against a number of memory management safety issues and provides allowing intrinsic protection against several attack types. For example, in native C buffer overflows can easily be coded however with Rust these attack types are almost possible to code (even intentionally). Coding with Rust can remove a whole host of zero-day vulnerabilities and by pair Rust with CHERI developers can be secured against almost all memory faults.
RSA-2048 has been the standard in encryption for the last 30 years. With conventional computers, cracking the standard RSA-2048 key would take about 300 trillion years. However, a new type of computing threatens to undermine the security of RSA encryption methodologies. Quantum computers can perform a new infinite number of operations which would make solving RSA-2048 mostly trivial. The technology is also advancing quickly, with IBM likely to achieve a 1000 qubit machine within the next year. For context, a 10,000 qubit machine (which is likely achievable within the next decade) could break a RSA-2048 encrypted message within about 100 days. We can’t wait for a viable quantum computer before we introduce viable quantum security. Encrypt and decrypt means that everything we send via RSA-2048 now can simply be saved down and decrypted later potentially exposing everything from personal details, to financial transactions to government secrets. Connect offers a solution to this issue. The post-quantum secure mesh VPN allows for encryption which is secure against quantum computing and Shor’s algorithm. It will allow customers to have confidence that their data cannot be saved down for later encryption. It also provides a VPN service providing additional protect against attacks such as denial-of-service and other vectors.
The Arm Morello Program aims to radically increase chip security for the latest generation of CPU hardware. The Morello board aims to create chipsets secure by design to mitigate several memory safety vulnerabilities. In the past memory architectures of boards have been exploited by hackers to attack a system. However, unlike conventional CPUs the Arm Morello boards are compartmentalized to ensure any data breach have limited access to surrounding memory blocks. They also come with Secure-by-Design operating systems built from the ground up with security in mind.
Get in touch
Get in touch
Get in touch with the project team via our email (hosted by CyberHive for the project)
