Trust< Team

"trustless team"

We're not very optimistic people:
  • Most organisations, from businesses to factories to hospitals, have already someone inside modifying data, stealing money or simply disrupting the service and they do not know it.
  • There is little we can do today about Privacy when all our lives are digital. Worse: if nothing is done, sooner than later, your Identity will be stolen along with your personal email or photos.
  • The easiest way of harming someone is by tampering with a medical device or a car; if a city, perhaps the water supply.
  • There's stories of people who bought something online that never arrived. The seller insists you received it because there's a signature from the post office. How can you ever prove you never received it?
We live in a world where Cyber Trust has become as basic a need as physical safety; poor Cyber Security can dramatically change lives, bring down a business, break apart a community and disrupt awhole nation. We are also moving towards a world where there is no Privacy by default and everyone's Identity and Data will eventually be stolen.

The mission of the Trust< Research group, part of the Cybersecurity Research Group at Birmingham City University, School of Computing and Digital Media, is to bring control back to users by looking at technologies and solutions. We use Cryptography, Blockchains, Secure Networks and Artificial Intelligence for this while covering multiple domains such as Cars, the Internet, Medical devices, Enterprises, Factories or Cities. We aim to live in a world where we do not need to trust because the technology is what guarantees a safe world.

We do believe in the kindess of humans and Rousseau's noble savage. It's just that social contracts are better with cryptography.

Current Projects

Secure collaboration

As the old Russian saying goes, "Trust but verify". The recent series Chernobyl has the best explanation of this - the circle of accountability. This project looks at the classical problem of auditing: when multiple organisations or government departments collaborate or share data in order to deliver a single service, if something goes wrong, how do we identify what and who made a mistake, either by negligence or deliberately? A good example is when businesses operate over the Cloud. Another aspect is sensitive data sharing such as medical data being shared between hospitals, insurance companies, doctors, etc.. How can share such data in a secure, accountable and traceable way? One of the technologies we are looking into is Blockchains and Smart-Contracts.

Threat Detection in Building Management Systems.

We are taking a close look at Smart Buildings and developing new technologies, based on Artificial Intelligence, to detect attacks as early as possible. Typical protocols in use, such as BACnet, do not provide the necessary protection; often, they are used in legacy configurations with no security at all. Not only the security of Smart-Buildings (often part of national Critical Infrastructure and under the EU NIS Directive) needs to be revisited, but legacy buildings need to be considered when designing a secure approach.


We accept and sign up for any T&Cs every day and online businesses take all our personal data. At present, and even with GDPR, we do not know what we accepted and what we shared and when. In recent cases, people complained about having accepted certain conditions while the online business denies. How can we prove and control what we shared?