You are now in the main content area


Cybersecurity Research Lab (CRL) team meeting

The Cybersecurity Research Lab (CRL) at Ted Rogers School of Management conducts information security research on a wide variety of topics. The CRL is recognized for its strong partnerships and linkages to industry. Its mission is to find innovative and cost effective cyber risk mitigation strategies and solutions.  

We welcome proposals for research collaborations and consultations from fellow researchers, graduate students, private, public and non-profit organizations. Below are some examples of our areas of research. If you have any questions or comments, please contact us via

Our Expertise

  • Information Security and Privacy
  • Cryptography
  • Blockchain Technology
  • Quantum-resistant solutions
  • Machine Learning and its applications in cybersecurity
  • Enterprise Security Architecture
  • Security of Internet-of-Things (IoT)
  • Security of Smart Cities

Current Projects

The problem: Over the past 10 years, we have collectively been moving the global economy online. However, many transactions require proof of who we are, preventing them from making the transition (e.g., purchasing real estate, voting, and the purchasing restricted goods). To successfully interact in a digital world, we need reliable digital identities that map the online identity to the real person.

There have been several decentralized identity projects using distributed ledger technology and blockchain. Blockchain solutions are interesting since they depend on reliable digital identities. To use them, users need a digital identity that is managed by a ‘digital wallet’ which enables secure transactions, workflows, and identity management services. Currently, there are no wallets that provide a complete set of capabilities. Additionally, while blockchain identities are reliable, many wallets (especially cryptocurrency wallets) support anonymity and do not map the digital person to the real-life person.

The solution: The Cybersecurity Research Lab is developing Mosaïque: a digital wallet for the real estate industry that uses self-sovereign identities (SSIs). The wallet can be applied to a broad range of business applications including payments, transactions, digital signatures, asset management, due diligence, and general identity management services. We are starting in the real estate industry because of the success and momentum of existing blockchain solutions that require digital wallets to use them.

We see the future of digital identities and digital wallets as being interoperable as opposed to the current ecosystem of siloed solutions. As such, we are developing Mosaïque to support crossplatform processes as well as communication between wallets- just like their real-life counterparts.

For more information, please visit the following link here.

The problem: Over the recent years, there has been a growing interest in the implementation of blockchain solutions to support supply chain operations and inter-organizational transactions. Applications include supply chain provenance, supply chain visibility and traceability, freight logistics, retail operations, supply chain 4.0, etc. The blockchain supply chain market is projected to grow at a rate even higher than that of the whole blockchain market. Despite this, still little is known about prerequisites of successful implementation of blockchain in supply chain as well as other technical and non-technical requirements that need to be met to fully capture benefits of the technology in this context. Also, there is a lack of knowledge on the ‘real’ post-adoption outcomes of the technology in terms of supply chain capabilities and performance attributes.

The solution: In this project, we carry out a series of studies, relying on a mixed-methods approach with a range of qualitative and quantitative methods that are employed complementarily. The studies involve applying different theoretical lenses, interviewing supply chain and blockchain experts and practitioners, cross-sectional survey, and analysis of the state-of-the-art and -practice in blockchain-enabled supply chain management. Through these studies, we create theoretical and practical insights into different technical and managerial considerations that contribute to blockchain success in supply chain applications as well as the mechanisms by which different aspects of post-adoption consequences of blockchain can be best realized in the inter-organizational supply chain settings.

The problem: Personal health record (PHR) has emerged as a transformative model for consumer-centred care, providing significant benefits in terms of customized healthcare delivery. However, the rate of PHR adoption is still low due to various barriers such as data fragmentation, lack of interoperability, confidentiality, privacy, and security risks. Blockchain has remarkable potentials to resolve many of these concerns and enrich the benefits derived from PHR systems. It has motivated an increasing interest in developing blockchain-based PHR solutions. In this regard, understanding attitudinal drivers and influential factors behind user adoption and different facets of their usage behaviour is of particular importance. Also, there is a need to understand the extent to which blockchain may facilitate higher acceptance and use of digital health services among the public as well as perceptions towards blockchain-based solutions at the individual level.


The solution: This project mainly involves the development of descriptive frameworks for adoption determinants as well as drivers of different usage behaviour types, built upon existing theories and qualitative data. The proposed frameworks are then tested using survey data. The frameworks are further used to conduct experimental analysis and construct predictive models. The project also investigates drivers of cybersecurity behaviour, privacy decision-making, and information sharing behaviour of individuals within the blockchain-based PHR environment. The perspectives of different stakeholders in the PHR ecosystem, including end-consumers, clinicians, etc., are considered. The findings of this project have policy-making and practical implications for developers of blockchain-based healthcare services as well as digital health regulators and solution providers.


The problem: Blockchain technology allows business process owners to rethink or entirely revolutionize their processes. There may be opportunities for a blockchain implementation, but do they make business sense? 

The solution: To address the question above, it is important to first understand the type of problems that blockchains can solve.  Blockchain is not a panacea. There needs to be a structured way of assessing the net benefit of this technology. Our approach to answering this question is to examine some process attributes necessary for a successful blockchain implementation. More precisely, we address the following question: What characteristics make a given process a viable (not just merely potential) candidate for blockchain technology transformation?

As part of our work at the CRL, we propose a framework through which enterprises can determine if and how they can viably and cost-effectively transform their business processes to be supported by blockchain technology. Our Blockchain Technology Transformation Framework (BTTF) informs decision-makers on how a blockchain fits in their processes, what data will be in the transactions, and who the participants will be. It builds a design map by which process owners can analyze the suitability and cost-effectiveness of blockchain technology.

We propose a structured solution (transformation) framework for organizations to redesign their processes or identify opportunities for using smart contracts. Several trust-based processes that were not possible before will become possible with the use of a blockchain. The introduction of a new trust model influences the number of collaborators. Most current business processes are simplified and designed to communicate with a minimum number of external systems or partners. With the help of our framework these processes can be redesigned to have many more collaboration partners.

Please contact us for more information about this project.

The problem: Blockchain technology (BT) is a universal and decentralized database that forms a peer to peer network to which, parties can access without a pre-existing trust relationship. The benefits of BT depend on a company’s specific use but include; decentralization, anonymity, near real time settlement, data transparency, data immutability, value tokenization, automation and more. With the number of possible benefits, the market should be much larger and growing faster. This points to the need for an investigation into what is driving the adoption and what barriers are impeding the adoption.

The solution: This project is one of the first examples of such an investigation. It aims to provide: (i) a large scale analysis of which industries are using BT and how they are using it; (ii) the identification and prioritization of blockchain technology’s adoption barriers; (iii) the identification and prioritization of blockchain technology’s adoption drivers (iv) the expected future results; (v) and a discussion on the central advantages and disadvantages stemming from BT adoption and implementation. In addition, this project will perform a patent analysis for BT to understand the trends, major organizations creating the patents, the strategies employed by these organizations, and the current and future directions for BT patents. This project provides a holistic perspective on the barriers and drivers for BT and outlines some of the opportunities and challenges researchers, system designers and managers deal with when implementing the use of blockchain technology. This work will contribute to the success of blockchain technology and the realization of its many benefits.

For more information, please visit the following link here.

The problem: Quantum computers pose a serious threat to current cryptographic schemes as they are able to completely solve the problems they are built on. There has been much work done to develop quantum-resistant cryptographic schemes based on problems thought to be difficult to solve even with access to a quantum computer. However, while such schemes exist, adoption of these schemes for new protocols and applications have been slow. Part of this slow transition has been due to the cost of transitioning current cryptographic infrastructure to be post quantum.

The solution: As such there is a need in the intervening time for algorithms and solutions which addresses these issues of slow adoption, quantum resistance, and efficiency. Hybrid cryptography offers a setting to address these issues. By considering classical/ quantum hybrid attacks we are able to develop cryptographically agile techniques that can be implemented efficiently in the present while protecting against quantum attacks and maintain current security guarantees.

Please contact us for more information about this project.

The problem: Internet-of-Things (IoT), dubbed as Industry 4.0, is poised to revolutionize our lives. In an IoT setting, everyday objects autonomously communicate with one another without a human user’s intervention; while they handle private-sensitive data, (e.g., personal healthcare devices) or safety-critical data (e.g., sensors in manufacturing industry), giving rise to serious cybersecurity concerns. The devices, in an all-encompassing IoT system, come with varying ranges of hardware/software capabilities, and handle data with varying levels of sensitivity. Smartphones, for instance, can handle much heavier computations and store much more data compared to most wireless sensors deployed in thermostats. The data communicated to a sensor deployed in a heart defibrillator is orders of magnitude more sensitive than the data stored in an arbitrary light fixture.

Moreover, IoT devices are getting smarter and contain more safety-critical and private-sensitive data about us making them a very appealing target for attackers. While providing a great opportunity for ubiquitous computing, the miniaturization of smart devices brings many security and privacy concerns, as the traditional mechanisms for safeguarding digital information cannot typically be handled by constrained IoT devices.

Given their varying security and privacy requirements, it is not effective to treat these devices equally. 

  • Hence, one needs to define a contextual security measure for different IoT scenarios. The contextual security requirements evidently depends on how a specific device is being used in a specific context or solution relative to other devices. This gives rise to our need to understand the behaviour of the users of these devices. It is ultimately the end-users’ data that is being handled by these devices and it is important to learn what level of security and privacy they expect from them in different contexts.
  • Further, authentication is typically achieved by secure management of cryptographic keys and credentials. A typical approach is to employ a Public-Key Infrastructure (PKI). However, PKIs are highly reliant on computationally expensive operations and are not scalable for many IoT settings. Hence, we need to pursue more efficient and scalable authentication mechanisms that do not rely on PKIs.

The solution: In this line of research, we are examining ways to design more effective solutions that meet the required security and privacy specifications, not more and not less. Otherwise, we either do not provide sufficient security measures, putting end-users’ security and privacy at risk, or overwhelm the IoT device with the burden of unnecessary security measures which increases the costs and reduces efficiency and applicability. This type of understanding requires empirical investigation. 

Please contact us for more information about this project.

The problem: Blockchain technologies have provided a new open, public, and distributed ledger that a wide range of products and services can be built upon. However with the dawn of quantum computers much of the current foundation of blockchains are left susceptible to quantum attacks. Quantum attacks are a threat that must be considered now for any implementation of blockchain technology going forward.

The solution: The Cybersecurity Research Lab is focused on finding and developing new provably secure results to build post quantum blockchains. These results will ensure that post quantum blockchains will ensure the long term security against both classical and quantum attacks.

Please contact us for more information about this project.

The problem: The Internet of Things (IoT) presents an opportunity to change the global economy. Tens of millions of devices connected and communicating with one another performing an innumerable number of tasks. As an IoT world becomes closer to becoming a reality the necessity of ensuring the security of its communication and data becomes increasingly more important.

The solution: Generations of devices will have been made and be in used while quantum computers become more sophisticated and powerful. As such the protecting IoT devices against quantum attacks in the future in the present is a necessity.

Please contact us for more information about this project.

The problem: Quantum computing is an emerging technology that will present significant challenges for information security; specifically, cryptography. Unfortunately, our understanding surrounding this new technology can be foreign and complex for those who are not experts in computer science, engineering, and/or quantum physics. 

The solution: This project is a knowledge translation project. The objective is to provide a practical introduction to the quantum threat in a clear and understandable manner. The project has three parts: the situation, analysis, and security roadmap. Part one explains what quantum computing is, the quantum threat, the impact on security, some quantum definitions and where quantum development is situated. Part two includes of an analysis of attack scenarios and mitigations and an examination of quantum key distribution, one of many positive impacts quantum computing. Part two also includes some cryptographic basics, to enhance a reader’s understanding of the problem. Part three is a roadmap that outlines important considerations for information security personnel when dealing with pending quantum threat. 

Please contact us for more information about this project.