BTs Security Research
by Theo Dimitrakos
BTs Security Research Centre was formed in April 2004 under the BT Group Chief Technology Office as part of the ongoing expansion of security research within BT. The goal of the centre is to deliver world-class security research to support BTs growing business in mobility, broadband and ICT (Information and Communications Technology). The new research centre, led by Bryan Littlefair, plans to grow to 25-30 staff, many PhD-qualified. This team is in addition to the many engineers working on development projects as part of the BT security programme.
The Research Challenge
Many emerging security challenges are the result of disappearing boundaries:
- innovations in mobile technology and the convergence of personal communications and computing devices mean that the ability to access corporate data is no longer limited to making a physical connection to the corporate network
- flexible working practices and networked personal electronics are blurring the boundary between work and leisure time, making work an activity rather than a place
- converged multi-service IP networks are removing the distinction between voice/video and data, and computation and communication
- service-oriented technology such as Web services, Grid computing and utility computing are being used to interconnect computing resources and databases, and to connect business processes across enterprise boundaries, heralding the era of the virtual organization.
Such changes and advances are not insecure in themselves, but security has traditionally been about defining and defending boundaries. In a world without clear boundaries, new approaches will be needed.
The research programme at BT is addressing these challenges by conducting research in three broad areas:
- securing the converged network
- securing the virtual organization
- security management frameworks.
The results of this research will be critical to BTs ability to secure its own business against attack, and will help the company develop its position in the market for security and compliance services.
Securing the Converged Network
To improve the security of BTs networks, the company is researching ways of identifying the true source of any packet of data sent across the Internet. Attackers often spoof IP addresses to obscure their identity and location, so a reliable means of working out exactly where messages came from, regardless of the claimed IP address, would be a strong deterrent.
BT is also researching ways of structuring networks that could enhance security and performance, and improved ways of monitoring the data generated by Internet intrusion detection systems. Simulations are used to help researchers improve their understanding of the security issues and protection needs of IP and MPLS networks.
Research is also being conducted into improved ways of validating the identities of employees and customers. Among other options, BT is exploring the use of speaker verification technologies to recognize people based on the characteristic acoustic features of their voice that is, recognizing not what is said but who is saying it.
In the context of the EU-funded project Ambient Networks (http://www.ambient-networks.org), the team is working towards creating next generation of network solutions for mobile and wireless systems beyond 3G. It will enable scalable and affordable wireless networking while providing rich and easy-to-use communication services for all. It is geared towards increasing competition and cooperation in an environment populated by a multitude of user devices, wireless technologies, network operators and business players.
A collaboration between BT and Imperial College London is exploring the issue of providing overall dynamic protection against cyber-based attacks.
Securing the Virtual Organization
Trust is essential in any form of communication and especially in securing relationships between enterprises. BTs researchers are exploring the development of systems that can enable the appropriate sharing of information assets while protecting them from external software attacks and physical theft. It is also exploring how new technology might make intranets more flexible something closer to a secure online shared workspace than a physically separate network.
The team is also working as a partner in the EU-funded project TrustCoM (http://www.eu-trustcom.com), which is working to establish a way of representing trust and contractual relationships that enables the creation of collaborative business processes between organizations. The ideas are being tested against the needs of collaborative engineering projects, and those of small and medium-sized enterprises that could work together to deliver services to clients as a virtual supplier.
The team is also conducting research in the context of the EU-funded project GUIDE (http://www.guide-project.org/), which aims at creating an architecture for secure and interoperable e-government electronic identity services and transactions for Europe. The projects approach is multi-disciplinary and includes technology, and procedural and policy development across Europe.
In addition, the twin topics of Web services and Grid security are being researched to develop secure ways of integrating services and resources across enterprise and organizational boundaries.
Security Management Framework
BTs researchers are developing a long-term roadmap that outlines how governance and engineering issues will need to be addressed in the future.
Partners
BTs research programme includes both projects undertaken entirely by the companys own researchers and those undertaken together with research partners from leading universities and research institutes, corporate research centres, and end-user organizations. Some projects are sponsored by strategic EU and UK government programmes, while BTs corporate research partners include Microsoft, IBM, SAP and BAE Systems. The company also has a growing number of links with HP Laboratories, Bristol, complementing the commercial alliance between BT and HP in the ICT marketplace. Finally, BTs Security Research Centre has appointed Dr Theo Dimitrakos as a representative on the industrial advisory board of the newly established ERCIM technical working group on Trust & Security.
Acknowledgement
The following BT colleagues have contributed to this security research overview: Theo Dimitrakos, Mark Drew, Andy Jones, Paul Kearney, Bryan Littlefair, Mark Pawlewski.
Please contact:
Bryan Littlefair, Head of Security Research Security Research Centre, BT Group CTO, UK
Tel: +44 (0) 1473 649 427
E-mail: bryan.littlefairbt.com
Theo Dimitrakos, ERCIM Trust & Security Working Group representative, Security Research Centre, BT Group CTO, UK
Tel: +44 (0) 1473 646706
E-mail: theo.dimitrakosbt.com