Trust< Team

"trustless team"

We're not very optimistic people:
  • Most organisations, from businesses to factories to hospitals, have already someone inside modifying data, stealing money or simply disrupting the service and they do not know it.
  • There is little we can do today about Privacy when all our lives are digital. Worse: if nothing is done, sooner than later, your Identity will be stolen along with your personal email or photos.
  • The easiest way of harming someone is by tampering with a medical device or a car; if a city, perhaps the water supply.
  • There's stories of people who bought something online that never arrived. The seller insists you received it because there's a signature from the post office. How can you ever prove you never received it?
We live in a world where Cyber Trust has become as basic a need as physical safety; poor Cyber Security can dramatically change lives, bring down a business, break apart a community and disrupt awhole nation. We are also moving towards a world where there is no Privacy by default and everyone's Identity and Data will eventually be stolen.

The mission of the Trust< Research group, part of the Cybersecurity Research Group at Birmingham City University, School of Computing and Digital Media, is to bring control back to users by looking at technologies and solutions. We use Cryptography, Blockchains, Secure Networks and Artificial Intelligence for this while covering multiple domains such as Cars, the Internet, Medical devices, Enterprises, Factories or Cities. We aim to live in a world where we do not need to trust because the technology is what guarantees a safe world.

We do believe in the kindess of humans and Rousseau's noble savage. It's just that social contracts are better with cryptography.

Current Projects

Contextually-Appropriate Selective Sharing IoT Open-standard PErmIssioning Architectures (CASSIOPEIA)

with Instituto de Telecomunicacoes (Portugal), and Gilad Rosner (Spain) - EU H2020 funded

The CASSIOPEIA project investigates how open-standard/open-source technologies can be used to create usable and transparent architectures enabling device owners to selectively collect, share and retain data from users, while delegating control of device features to the users from whom data is being obtained. Selective sharing is a critical dimension of privacy: enhancing user choice, autonomy, participation, and trust. It is the technical embodiment of respect for social contexts in information sharing. Moreover, “privacy-by-default and -design” is the law of the land, but there are few examples of what that actually means aside from basic ideas of confidentiality and limited conceptions of transparency. The CASSIOPEIA project will provide a proof-of-concept for policymakers, technologists and the public showing how privacy-by-design can mean enhanced informational control - focusing on sharing rather than hiding data.

Privacy-as-Expected: Consent Gateway (PaECG)

with Trinity College Dublin (Ireland), and Open Consent (UK) - EU H2020 funded

Whenever a User accepts a Privacy Notice and starts sharing personal data, they will receive a cryptographic Consent Receipt (based on a secure architecture and open standards) which, with non-repudiation and unforgeability proves, at any time, who-what-how any conditions were accepted. Considering the dynamic nature of the Web, a User will not have to extensively review or re-accept the same Privacy Terms. While creating an infrastructure to manage transparent, usable and accountable Consent, the User will further have access to crowd-reviewed Privacy Notices. As long as the Notice does not change, the User will not have to repeatedly re-accept. This will dramatically improve usability, while improving Transparency.

Digital Technologies, Power and Control

with Open University, University of Sheffield, and University of Newcastle - EPSRC/SPRITE+ funded

The SPRITE+ network approaches the new challenges in the TIPS agenda: Trust, Identity, Privacy and Security. This particular project brings together a diverse, cross-disciplinary group of academics, stakeholders and non-academic communities to address pressing needs in security, privacy, identity and trust. The work employs an action research model to solicit wide participation in societal decisions around Digital Technologies, Power and Control relying on theory, research and current practice from multiple academic and non-academic perspectives.

BASIEM - Building Automation Security Information and Events Manager (SIEM).

SIEMs are a common and indispensable tool in any organisation as it greatly facilitates monitoring of security of both real-time and when reporting is needed (e.g., for compliance). SIEMs are the eyes of the Securtiy Operations. Whereas there is an abundance of tools in the IT world, the OT counterpart sees a gap. In particular, the Building Automation sector, with its different stakeholders (owners, facilities managers, integrators, manufacturers, etc) have virtually no (integrated) tools available except, perhaps, those coming from a particular brand typically associated to the particular devices in use by the Building. We are developing an open-source and module tool, supporting different communication protocols (BACnet, Modbus, KNX, etc.), Artificial Intelligence, Threat Intelligence, etc.. A particular focus is on legacy buildings as it is expected that a mix of Smart- and Legacy buildings will continue to coexist for decades to come.


We accept and sign up for any T&Cs every day and online businesses take all our personal data. At present, and even with GDPR, we do not know what we accepted and what we shared and when. In recent cases, people complained about having accepted certain conditions while the online business denies. How can we prove and control what we shared? This work is being done in cooperation with external parties such as Open Consent and Kantara Initiative.

BRUE - Secure Exchange of Healthcare Records Across Jurisdictions

We are developing a new approach to the practically unsolved problem of exchnanging Healthcare records. If a person is outside their country and needs medical care, it is practically impossible to request access to healthcare records from the home country, or any other visited. The problem is essentially administrative: countries (or even medical practices) do not share, normally, such information in order to protect the person as this is highly sensitive personal information. We term our approach BRUE as we are looking at combining Blockchains, digital consent Receipts and UMA (User-Managed Access). This work is in partnership with external organisations.

Distributed Ledger Technologies (Blockchains) for the Supply Chain

This project will review and propose new technologies to use Blockchains to bring Trust to a Supply chain, particularly those involving (effectively) anonymous and long supply chains. This project will leverage, along with new technologies to develop, the project on auditing distributed workflows. This work is multidisciplinary between the Business School and the Computing School.

Past Projects

Secure collaboration and workflows (2018-2020)

As the old Russian saying goes, "Trust but verify". The recent series Chernobyl has the best explanation of this - the circle of accountability. This project looks at the problem of Trust when multiple participants working together can become accountable when each, individually,is unaccountable. For example, when multiple organisations or government departments collaborate or share data in order to deliver a single service, if something goes wrong, how do we identify what and who made a mistake, either by negligence or deliberately? A good example is when businesses operate over the Cloud. Another aspect is sensitive data sharing such as medical data being shared between hospitals, insurance companies, doctors, etc.. Another example is large projects such as Construction ones. How can we share data and work together in a secure, accountable and traceable way? One of the technologies we are looking into is Blockchains and Smart-Contracts.