Briefing note: GCHQ Internships

Transcription

1 Briefing note: GCHQ Internships GCHQ 1 is developing new capabilities in partnership with Industry and Academic Researchers to pursue their cyber security. GCHQ is partnering with the Smith Institute 2 to sponsor internships for mathematical PhD students in selected areas applicable to GCHQ work. There are currently opportunities to become an intern in the following areas: 1. Network analysis; 2. Security proofs; 3. PQ cryptography. Interns are typically current or recently graduated PhD students, or early stage researchers in the mathematical sciences who spend 4-6 months working on site on a project of real importance and value to the sponsoring organisation. They are supported by an academic supervisor and the staff of the Smith Institute. Funding is available for the stipend of the Intern and for their supervision. GCHQ reserves the right to restrict what an Intern is allowed to publish from the work undertaken during the project, but work can still contribute to the host University s submission to the REF. Further information on each project and details for applicants are provided below. Applications are welcome by 21 st July Please request an application form for the project you wish to apply for, from judy.reynolds@smithinst.co.uk

2 1. Network analysis Do you have a conceptual framework for handling big data? Are you motivated by the chance to have access to real world data and apply your proposed approach? This project is to develop models for very large, complex heterogeneous networks conveying behaviour of people and systems to develop statistical tests for anomalous behaviour and novel streaming algorithms for analytical detection. The relevant disciplines would be mathematics, computer science and statistics. Interns will work as part of an in-house data science team and with subject matter experts in several specific areas of application. Network data for each application area would typically be hundreds of peta-bytes and may contain only tiny signals of anomalous behaviour. With only one data set and very little idea of the underlying process, the challenge for each application-specific problem is to use a combination of data science and subject matter expertise to model a random system. The overall aim is to identify an approach suited to multiple areas of application: to apply and refine a conceptual framework for handling big data in order to develop application-specific models of network behaviour more efficiently. Successful candidates will have a background in large scale data science and a genuine interest in working with very large-scale real-world data. They should be confident in the use of approaches for the study of behaviour in networks and the identification of anomalous behaviour. Moreover they should be ready to adapt their conceptual approach as the realities of dealing with real world data are encountered. 2

3 2. Security proof Do you have a background in provable security research? Are you motivated by the challenge of bridging the gap between mathematical theory and engineering practice? This project is to take standard security proof models in cryptography and systems security and relate them to CESG evaluation techniques to improve GCHQ evaluation process and understand the practical limitations of security models. Interns will work closely with in-house experts to gain a working knowledge of security risk assessment in practice. In-house approaches in this area may have diverged in recent years from the approaches published from academic research, at least in terms of the use of language. This project attempts to transfer knowledge into GCHQ regarding current academic research on provable security. Overall the aim is to identify areas of agreement and difference by reviewing current practice in product evaluation in comparison with academic research in provable security. Successful candidates will have a thorough understanding of the research landscape in provable security and an interest in exploring the similarities and differences between provable security in theory and practice. They will need to have the ability to reach consensus on an issue, even when already biased to be on one side of the debate. 3

4 3. PQ cryptography Do you have expertise in classical cryptography? Are you motivated by the challenge of developing a framework for the assurance of proposed classical cryptographic methods in a post-quantum world? Interns will work with in-house experts in quantum algorithms and experts in the classical evaluation of cryptographic systems. Given the possibility that quantum based technology may be developed in future that can crack current public key encryption protocols, the development of post-quantum encryption algorithms is an active area of research. In parallel, it is necessary to develop standards for certification of cryptographic systems as robust against both quantum attack and classical attack. The aim of this project will be to evolve the criteria for the evaluation of currently proposed postquantum cryptographic systems to enable assurance in a post-quantum world. Successful candidates will have expertise in classical cryptography, including methods based on lattices and learning with errors and an interest in their evaluation for a post-quantum world. This project is not about research into quantum cryptography, nor is it about the development of new ideas for post-quantum cryptographic systems. 4

5 Further information for applicants Applications should be submitted by 21 st July 2014, and candidates chosen by end October ready for projects to start in March To be considered you must meet the following criteria: a) You must be a British Citizen b) One of your parents must also be a British citizen or have substantial ties with the United Kingdom or if deceased have had such citizenship or ties before their death. c) You must normally have been a resident in the UK for 10 years prior to the date of your application. To ensure suitability you must undergo a thorough security process. As part of this a criminal records check and a drugs test will be conducted. You will be asked to complete a medical and several Developed Vetting (DV) Questionnaires. If you do not meet the DV requirement or fail to disclose security related issues or concerns you will not be considered for the sponsorship. Further details on GCHQ acceptance criteria can be found at 5