You are now in the main content area

Research

Cybersecurity Research Lab (CRL) team meeting

The Cybersecurity Research Lab (CRL) at Ted Rogers School of Management conducts information security research on a wide variety of topics. The CRL is recognized for its strong partnerships and linkages to industry. Its mission is to find innovative and cost effective cyber risk mitigation strategies and solutions.  

We welcome proposals for research collaborations and consultations from fellow researchers, graduate students, private, public and non-profit organizations. Below are some examples of our areas of research. If you have any questions or comments, please contact us via crl@ryerson.ca

Our Expertise

  • Information Security and Privacy
  • Cryptography
  • Blockchain Technology
  • Quantum-resistant solutions
  • Machine Learning and its applications in cybersecurity
  • Enterprise Security Architecture
  • Security of Internet-of-Things (IoT)
  • Security of Smart Cities

Current Projects

The problem: Blockchain technology allows business process owners to rethink or entirely revolutionize their processes. There may be opportunities for a blockchain implementation, but do they make business sense? 

The solution: To address the question above, it is important to first understand the type of problems that blockchains can solve.  Blockchain is not a panacea. There needs to be a structured way of assessing the net benefit of this technology. Our approach to answering this question is to examine some process attributes necessary for a successful blockchain implementation. More precisely, we address the following question: What characteristics make a given process a viable (not just merely potential) candidate for blockchain technology transformation?

As part of our work at the CRL, we propose a framework through which enterprises can determine if and how they can viably and cost-effectively transform their business processes to be supported by blockchain technology. Our Blockchain Technology Transformation Framework (BTTF) informs decision-makers on how a blockchain fits in their processes, what data will be in the transactions, and who the participants will be. It builds a design map by which process owners can analyze the suitability and cost-effectiveness of blockchain technology.

We propose a structured solution (transformation) framework for organizations to redesign their processes or identify opportunities for using smart contracts. Several trust-based processes that were not possible before will become possible with the use of a blockchain. The introduction of a new trust model influences the number of collaborators. Most current business processes are simplified and designed to communicate with a minimum number of external systems or partners. With the help of our framework these processes can be redesigned to have many more collaboration partners.

Please contact us for more information about this project.

The problem: Blockchain technology (BT) is a universal and decentralized database that forms a peer to peer network to which, parties can access without a pre-existing trust relationship. The benefits of BT depend on a company’s specific use but include; decentralization, anonymity, near real time settlement, data transparency, data immutability, value tokenization, automation and more. With the number of possible benefits, the market should be much larger and growing faster. This points to the need for an investigation into what is driving the adoption and what barriers are impeding the adoption.

The solution: This project is one of the first examples of such an investigation. It aims to provide: (i) a large scale analysis of which industries are using BT and how they are using it; (ii) the identification and prioritization of blockchain technology’s adoption barriers; (iii) the identification and prioritization of blockchain technology’s adoption drivers (iv) the expected future results; (v) and a discussion on the central advantages and disadvantages stemming from BT adoption and implementation. In addition, this project will perform a patent analysis for BT to understand the trends, major organizations creating the patents, the strategies employed by these organizations, and the current and future directions for BT patents. This project provides a holistic perspective on the barriers and drivers for BT and outlines some of the opportunities and challenges researchers, system designers and managers deal with when implementing the use of blockchain technology. This work will contribute to the success of blockchain technology and the realization of its many benefits.

Please contact us for more information about this project.

The problem: Quantum computers pose a serious threat to current cryptographic schemes as they are able to completely solve the problems they are built on. There has been much work done to develop quantum-resistant cryptographic schemes based on problems thought to be difficult to solve even with access to a quantum computer. However, while such schemes exist, adoption of these schemes for new protocols and applications have been slow. Part of this slow transition has been due to the cost of transitioning current cryptographic infrastructure to be post quantum.

The solution: As such there is a need in the intervening time for algorithms and solutions which addresses these issues of slow adoption, quantum resistance, and efficiency. Hybrid cryptography offers a setting to address these issues. By considering classical/ quantum hybrid attacks we are able to develop cryptographically agile techniques that can be implemented efficiently in the present while protecting against quantum attacks and maintain current security guarantees.

Please contact us for more information about this project.

The problem: Internet-of-Things (IoT), dubbed as Industry 4.0, is poised to revolutionize our lives. In an IoT setting, everyday objects autonomously communicate with one another without a human user’s intervention; while they handle private-sensitive data, (e.g., personal healthcare devices) or safety-critical data (e.g., sensors in manufacturing industry), giving rise to serious cybersecurity concerns. The devices, in an all-encompassing IoT system, come with varying ranges of hardware/software capabilities, and handle data with varying levels of sensitivity. Smartphones, for instance, can handle much heavier computations and store much more data compared to most wireless sensors deployed in thermostats. The data communicated to a sensor deployed in a heart defibrillator is orders of magnitude more sensitive than the data stored in an arbitrary light fixture.

Moreover, IoT devices are getting smarter and contain more safety-critical and private-sensitive data about us making them a very appealing target for attackers. While providing a great opportunity for ubiquitous computing, the miniaturization of smart devices brings many security and privacy concerns, as the traditional mechanisms for safeguarding digital information cannot typically be handled by constrained IoT devices.

Given their varying security and privacy requirements, it is not effective to treat these devices equally. 

  • Hence, one needs to define a contextual security measure for different IoT scenarios. The contextual security requirements evidently depends on how a specific device is being used in a specific context or solution relative to other devices. This gives rise to our need to understand the behaviour of the users of these devices. It is ultimately the end-users’ data that is being handled by these devices and it is important to learn what level of security and privacy they expect from them in different contexts.
  • Further, authentication is typically achieved by secure management of cryptographic keys and credentials. A typical approach is to employ a Public-Key Infrastructure (PKI). However, PKIs are highly reliant on computationally expensive operations and are not scalable for many IoT settings. Hence, we need to pursue more efficient and scalable authentication mechanisms that do not rely on PKIs.

The solution: In this line of research, we are examining ways to design more effective solutions that meet the required security and privacy specifications, not more and not less. Otherwise, we either do not provide sufficient security measures, putting end-users’ security and privacy at risk, or overwhelm the IoT device with the burden of unnecessary security measures which increases the costs and reduces efficiency and applicability. This type of understanding requires empirical investigation. 

Please contact us for more information about this project.

The problem: Blockchain technologies have provided a new open, public, and distributed ledger that a wide range of products and services can be built upon. However with the dawn of quantum computers much of the current foundation of blockchains are left susceptible to quantum attacks. Quantum attacks are a threat that must be considered now for any implementation of blockchain technology going forward.

The solution: The Cybersecurity Research Lab is focused on finding and developing new provably secure results to build post quantum blockchains. These results will ensure that post quantum blockchains will ensure the long term security against both classical and quantum attacks.

Please contact us for more information about this project.

The problem: The Internet of Things (IoT) presents an opportunity to change the global economy. Tens of millions of devices connected and communicating with one another performing an innumerable number of tasks. As an IoT world becomes closer to becoming a reality the necessity of ensuring the security of its communication and data becomes increasingly more important.

The solution: Generations of devices will have been made and be in used while quantum computers become more sophisticated and powerful. As such the protecting IoT devices against quantum attacks in the future in the present is a necessity.

Please contact us for more information about this project.

The problem: Quantum computing is an emerging technology that will present significant challenges for information security; specifically, cryptography. Unfortunately, our understanding surrounding this new technology can be foreign and complex for those who are not experts in computer science, engineering, and/or quantum physics. 

The solution: This project is a knowledge translation project. The objective is to provide a practical introduction to the quantum threat in a clear and understandable manner. The project has three parts: the situation, analysis, and security roadmap. Part one explains what quantum computing is, the quantum threat, the impact on security, some quantum definitions and where quantum development is situated. Part two includes of an analysis of attack scenarios and mitigations and an examination of quantum key distribution, one of many positive impacts quantum computing. Part two also includes some cryptographic basics, to enhance a reader’s understanding of the problem. Part three is a roadmap that outlines important considerations for information security personnel when dealing with pending quantum threat. 

Please contact us for more information about this project.