Collaborative Research: SaTC: TTP: Medium: Intrusion-Tolerant Outsourced Storage for Cyber-Infrastructure

协作研究：SaTC：TTP：中：网络基础设施的耐入侵外包存储

• 批准号: 2201465
• 负责人: Nitesh Saxena
• 金额: $ 58.5万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2201465&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; TTP; Medium

This project addresses the general problem of protecting a user's private, potentially sensitive data, such as confidential documents, images, files and folders, in the event of the compromise of an online outsourced storage service on which the data is stored. Today, users typically authenticate to such services using a password and the service stores a one-way hash of this password. Given the weaknesses of passwords, storing password hashes allows for an offline password dictionary attack once the storage service is compromised, which exposes user's password and consequently also all her private data. To improve the secrecy of the outsourced private data, the project's main novelty lies in designing and developing an Intrusion-Tolerant Outsourced Storage (ITOS) system, which enables the user to distribute her data, and/or the cryptographic tokens which protect this data, among a set of trustees so that the password and private data remain protected even when a certain subset of the trustees have been compromised.Building upon our previous foundational work, this project investigates: (1) the design of provably secure and highly efficient protocols for ITOS, and (2) implementation, pilot deployment, evaluation and technology transfer of an ITOS system which builds upon these protocols, in line with its “transitioning to practice” theme. The proposed system can be transparently integrated with different storage systems including popular services like Google Drive, OneDrive or Dropbox. Moreover, ITOS can improve the authentication security for general web services. The resilient storage system architecture will offer an improved level of protection and accessibility to the data belonging to research scientists, students and staff at Universities as well as everyday computer users employing commercial storage services. The open-source library developed as part of the project will be of immense value in future research on building fault-tolerant systems. Further, the project’s research activities will be integrated with educational activities in the form of advanced curriculum development and student mentoring in the broad domains of Trustworthy Storage Systems, Secure Data Architectures and Data Assurance. Proactive involvement of high school and K-12 students and minority populations will help broaden the reach of the project. Regarding general application of strengthening web authentication security, the project team is also pursuing standardization activities by closely collaborating with Internet Research Task Force (IRTF) stakeholders with interest in these protocols.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目解决了保护用户的私人敏感数据，例如机密文档，图像，文件和文件夹等总体问题，如果妥协数据存储在线外包存储服务。今天，用户通常使用密码对此类服务进行身份验证，并且服务存储此密码的单向哈希。鉴于密码的弱点，一旦存储服务被损害，存储密码哈希允许脱机密码词典攻击，从而揭示了用户的密码，从而揭示了她的所有私人数据。为了改善外包私人数据的保密性，该项目的主要新颖性在于设计和开发一个侵入耐受性的外包存储（ITOS）系统，使用户能够分配她的数据，而/或保护该数据的加密代价，在某些受托人中，在某些受托人中仍然受到了某些工作的保护。调查：（1）ITOS适当安全且高效的协议的设计，以及（2）实施，试点部署，评估和技术传输的ITOS系统，该系统基于这些协议，符合其“过渡到实践”主题。提出的系统可以与不同的存储系统透明地集成，包括流行的服务，例如Google Drive，OneDrive或Dropbox。此外，ITO可以改善通用Web服务的身份验证安全性。依赖的存储系统体系结构将为属于大学科学家，学生和大学工作人员以及使用商业存储服务的计算机用户提供改进的保护和可访问性。作为该项目的一部分开发的开源库将在未来的耐故障系统的研究中具有巨大的价值。此外，该项目的研究活动将以高级课程开发和学生心态的形式与可信赖的存储系统，安全数据架构和数据保证的广泛领域的形式相结合。高中和K-12学生和少数民族的积极参与将有助于扩大该项目的影响力。关于加强Web身份验证安全性的一般应用，项目团队还通过与互联网研究工作组（IRTF）的利益相关者密切合作，从事对这些协议感兴趣的利益相关者的合作。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的影响审查标准来通过评估来获得的支持。

项目成果

SoK: A Comprehensive Evaluation of 2FA-based Schemes in the Face of Active Concurrent Attacks from User Terminal

• DOI: 10.1145/3558482.3590183
• 发表时间: 2023-05
• 期刊: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
• 作者: Ahmed Tanvir Mahdad;Nitesh Saxena