Wireless access is an essential to the networks that underpin modern life, providing communications for people, vehicles, machines, infrastructure, and the wide variety of devices that will make up the Internet of Things (IoT). They will become increasingly important to support safe transportation and future healthcare. Society is increasingly vulnerable to network cyber attack, for motivations ranging from financial extortion through terrorist disruption to subversion. Cyber attacks can be mounted remotely through networks, making them attractive to malefactors who can operate safely and anonymously from anywhere in the world. Cyber defence and associated research has become critical, mainly directed at developing and rolling out technical encryption and authentication measures in the network protocols and embedding the essential processes in organisations. Nevertheless exploits continue as attackers discover new vulnerabilities that were not considered in the system design or arise through imperfect implementations. Fixing these requires updating both functionality and credentials of the network elements as threats emerge. By contrast cyber-attack via the wireless interface, exploiting vulnerabilities in the physical layer and lower layers of the protocol stack, has received much less attention. As network originated exploits become more difficult it can be expected that more attacks will be mounted through the "air interface". The means to develop and mount such attacks are increasingly available with the proliferation of low cost software-defined radio (SDR) platforms and open-source software, and the ubiquity of potentially hackable wireless terminals. More research on this problem is needed to find solutions to be retrospectively applied to existing systems, influence the next generation of wireless standards, raise awareness of the potential problems, and train engineers to develop and embed defensive capability in radio standards and products. Crucial will be the ability to change the physical layer functionality, right to the antenna, by changing system software. This is not possible with current equipment or indeed envisaged in the 5G. Apart from countering the security threat, such technology will be needed to enable the future adoption of Dynamic Spectrum Access (DSA), in which, rather than frequency bands being administratively licensed to specific users, spectrum will be allocated dynamically according to evolving demand in space and time. The project partners, Toshiba Research, Roke, University of Bristol, and GCHQ, share a vision of Secure Wireless Agile Networks (SWAN) to be developed in this research partnership. The project scope will include technical deliverables; the shaping of policy and standards; and the training and career development of the SWAN teams. The co-created 5-year programme will integrate academic and industrial teams in activities that address the following Research Challenges (RCs). 1. Threat Synthesis & Assessment: how can RF interfaces be attacked, beyond the threats envisaged in their design? 2. RF Cyber Detection & Defence: techniques to detect RF cyber attack and mitigate their effects. 3. Cyber Secure Radio Design: designing radios whose RF characteristics can be updated in the field to deal with new threats, which also enable DSA. 4. Secure Dynamic Spectrum Access: enabling technology for securely sharing spectrum for most efficient usage. The consequences of not addressing the above will potentially make the wireless channel an Open Attack Surface for cyber attack. SWAN's technological solutions will place the UK at the forefront of enabling the fundamental parameters and architectures of wireless systems to be adaptable to new spectrum and interface specifications; resilient to accidental or induced failures (such as jamming); and resistant to cyber-attack.

The security of many cryptographic protocols in use today relies on the computational hardness of mathematical problems such as integer factorization. These problems can be solved using quantum computers, and therefore most of our security infrastructures will become completely insecure once quantum computers are built. Post-quantum cryptography aims at developing security protocols that will remain secure even after quantum computers are built. The biggest security agencies in the world including GCHQ and the NSA (the American National Security Agency) have recommended a move towards post-quantum protocols, and the new generation of cryptographic standards will aim at post-quantum security. Driven by the need to upgrade our cybersecurity infrastructures, many cryptographic algorithms have recently been developed which are claimed to offer post-quantum security. These proposals are based on a few distinct mathematical problems which are hoped to remain difficult for quantum computers, including lattice problems, multivariate polynomial system solving, coding theory problems, isogeny problems, and the security of cryptographic hash functions. Unfortunately, many of these problems, and more importantly the cryptographic algorithms that are built on top of them, have not been subject to a thorough security analysis yet, therefore leaving us with a risk to oversee major weaknesses in algorithms to be deployed in security applications. In this fellowship, we will develop breakthrough cryptanalysis techniques to analyse the security of post-quantum cryptography candidate algorithms, and determine which algorithms may or may not be further considered for digital security applications. Using the insight gained through cryptanalysis, we will then develop new post-quantum cryptographic algorithms offering better security, efficiency and functionality properties in applications.

As the world becomes ever more connected, the vast number of Internet of things (IoT) devices necessitates the use of smart, autonomous machine-to-machine communications; however, this poses serious security and privacy issues as we will no longer have direct control over with what or whom our devices communicate. Counterfeit, hacked, or cloned devices acting on a network can have significant consequences: for individuals through the leakage of confidential and personal information, in terms of monetary costs (for e.g. the loss of access to web services - Mirai attack on Dyn took down Twitter, Spotify, Reddit); or for critical national infrastructure, through the loss of control of safety-critical industrial and cyber-physical IoT systems. In addition, IoT devices are often low-cost, low power devices that are restricted in both memory and computing power. A major challenge is how to address the need for security in such resource-constrained devices. As companies race to get IoT devices to market, many do not consider security or, all too often, security is an afterthought. As such, a common theme in all realms of IoT is the need for dependability and security. The SIPP project aims to rethink how security is built into IoT processor platforms. Firstly, the architectural fundamentals of a processor design need to be re-engineered to assure the security of individual on-chip components. This has become increasingly evident with the recent Spectre and Meltdown attacks. On the upper layer of systems-on-chip (SoCs), hardware authentication of chip sub-systems and the entire chip is crucial to detect malicious hardware modification. Then, at the systems layer (i.e., multiple chips on a common printed circuit board), innovative approaches for remote attestation will be investigated to determine the integrity at board level. Finally, the security achieved at all hierarchical layers will be assessed by investigating physical-level vulnerabilities to ensure there is no physical leakage of the secrets on which each layer relies. The proposed project brings together the core partners of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE), that is, Queen's University Belfast and the Universities of Cambridge, Bristol and Birmingham, with the leading academics in the field of hardware security and security architecture design from the National University of Singapore and Nanyang Technological University, to develop a novel secure IoT processor platform with remote attestation implemented on the RISC-V architecture.

Digital technologies, devices and data are now woven into the fabric of contemporary societies. To describe this, we can say that we live in a 'sociodigital' world. This has become especially visible during the COVID-19 pandemic, during which we have seen rapid shifts to online education, healthcare and work, the extension of algorithmic decision making by government (e.g. A' Level results), and changes to shopping habits that may transform the high street for ever. Social Science provides excellent resources for understanding the changes that have taken place to date. The question remains: what will our sociodigital futures look like? What kinds of futures are in the making? Who or what is shaping possible futures and what will this mean for currently widening social and economic inequalities and for the climate change crisis? These are challenging questions. We know, from the past, that we cannot make deterministic assumptions about new technologies or predict sociodigital futures with any certainty. However, this does not mean that we should abandon attention to the future. To the contrary, the stakes have never been higher. With a global recession looming, widening socio-economic inequalities and an underlying climate crisis, it is essential that we establish a new approach, one that will create actionable knowledge for reflexive, inclusive and sustainable sociodigital futures. The ESRC Centre for Sociodigital Futures begins from the premise that while the future is unknowable, how the future is enacted in the present - discursively, materially and by whom - matters enormously. This shifts the focus of attention towards the social relations of future making in the present: what claims are made about sociodigital futures, how do these drive investments, policies and expectations? What futures do these open up, and close down? And which of these start to shape 'actual futures', through the changing practices of communities, businesses, policy makers and others? Answering these questions presents an ambitious agenda, and a unique proposition for UK and international Social Science. To address this agenda we will deliver a distinctive programme of high impact empirical research and capacity building, by drawing together four distinct forms of expertise: (i) expertise in specific domains of everyday life - caring, consuming, learning, moving and organizing; (ii) expertise in the theories, methodologies and practices of future making; (iii) technical expertise in Artificial Intelligence, Virtual/Alternative Realities, Robotics and High Performance Networks; and (iv) co-production expertise to drive participatory, inclusive and sustainable future-making. The Centre has been designed and will be implemented with strategic partners well-placed to deliver on the creation of inclusive and sustainable sociodigital futures. Our partners have a significant influence on the environment (UK Department for Farming, Environment and Rural Affairs), digital service delivery (British Telecom -serving 170 countries), security (the National Cybersecurity Centre), community (Locality - 1300 members support 307,000+ people/week), education and culture (the United Nations Education, Scientific and Cultural Organization - supporting peace through international cooperation, and leaders of the UN Foresight Network). Working with these partners, we will build the capacity to engage with sociodigital futures-in-the-making, to anticipate possible risks and opportunities, and tip the balance towards more positive futures.

Recent reports from the Royal Society, the government Cybersecurity strategy, as well as the National Cyber Security Center highlight the importance of cybersecurity, in ensuring a safe information society. They highlight the challenges faced by the UK in this domain, and in particular the challenges this field poses: from a need for multi-disciplinary expertise and work to address complex challenges, that span from high-level policy to detailed engineering; to the need for an integrated approach between government initiatives, private industry initiatives and wider civil society to tackle both cybercrime and nation state interference into national infrastructures, from power grids to election systems. They conclude that expertise is lacking, particularly when it comes to multi-disciplinary experts with good understanding of effective work both in government and industry. The EPSRC Doctoral Training Center in Cybersecurity addresses this challenge, and aims to train multidisciplinary experts in engineering secure IT systems, tacking and interdicting cybercrime and formulating effective public policy interventions in this domain. The training provided provides expertise in all those areas through a combination of taught modules, and training in conducting original world-class research in those fields. Graduates will be domain experts in more than one of the subfields of cybersecurity, namely Human, Organizational and Regulatory aspects; Attacks, Defences and Cybercrime; Systems security and Cryptography; Program, Software and Platform Security and Infrastructure Security. They will receive training in using techniques from computing, social sciences, crime science and public policy to find appropriate solutions to problems within those domains. Further, they will be trained in responsible research and innovation to ensure both research, but also technology transfer and policy interventions are protective of people's rights, are compatible with democratic institutions, and improve the welfare of the public. Through a program of industrial internships all doctoral students will familiarize themselves with the technologies, polices and also challenges faced by real-world organizations, large and small, trying to tackle cybersecurity challenges. Therefore they will be equipped to assume leadership positions to solve those problems upon graduation.