Collaborative Research: SaTC: CORE: Medium: RUI: Applied Cryptographic Protocols with Provably-Secure Foundations

协作研究：SaTC：核心：中：RUI：具有可证明安全基础的应用密码协议

• 批准号: 2149766
• 负责人: Ewa Syta
• 金额: $ 31.79万
• 依托单位: Trinity College
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2149766&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Cryptographic protocols have become an essential facilitator for the Internet and its many applications, supporting the needs of modern society. It is hard to imagine the Internet without the extensive use of applied cryptographic protocols, e.g., protocols used to secure web and email. Such protocols use and depend on the Public Key Infrastructure (PKI), which is also key to the security of other open systems such as mobile networks, Internet of Things, and blockchains. PKI provides a critical security infrastructure to achieve confidentiality, authentication, integrity and non-repudiation. However, there have been many attacks exploiting vulnerabilities of the PKI itself; PKI, in contrast to other well-known cryptographic protocols, has no security proofs or even precise definitions of security goals. As a result, systems utilizing PKI may be vulnerable. The proposed research will define security goals for PKI schemes, present PKI schemes which provably meet these goals, and present practical and efficient implementations of PKI schemes. This research will also develop the necessary theoretical tools to define security goals of cryptographic protocols and to analyze their security. The outcomes of this research will have broad benefits. Developers will benefit from the availability of open-source, provably secure PKI systems, enabling security for real-world applications. End-users will benefit from improved security guarantees and privacy. Given the global role of the Internet, society at large will benefit from a strengthened, advanced security infrastructure and PKI ecosystem and from educational efforts which will raise awareness of the importance of these topics. Furthermore, this research will support the development of a diverse cohort of graduate and undergraduate students at the University of Connecticut and Trinity College through increased research opportunities, education, and mentoring and outreach efforts. Research efforts of this project, the results of which will significantly impact the theoretical and practical aspects of developing and deploying cryptographic protocols, are organized in three main areas: 1) Advancement of PKI theory: to define a comprehensive set of formal PKI requirements, and to design and analyze schemes to produce provably secure PKI schemes; 2) Development of PKI systems with improved security guarantees: to design, develop, and standardize provably secure PKI designs that are practical and appropriate for real-world applications; 3) Development of a framework and tools to facilitate provable security for applied cryptographic protocols under realistic models: to build a comprehensive framework that supports composability and formal verification tools for rigorous specification and analysis.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

加密协议已成为互联网及其许多应用程序的重要推动者，支持现代社会的需求。很难想象互联网如果没有广泛使用应用的加密协议，例如用于保护网络和电子邮件的协议。此类协议使用并依赖于公钥基础设施 (PKI)，这也是移动网络、物联网和区块链等其他开放系统安全的关键。 PKI 提供了关键的安全基础设施来实现机密性、身份验证、完整性和不可否认性。然而，已经有很多利用PKI本身漏洞的攻击；与其他众所周知的密码协议相比，PKI 没有安全证明，甚至没有安全目标的精确定义。因此，使用 PKI 的系统可能容易受到攻击。拟议的研究将定义 PKI 方案的安全目标，提出可证明满足这些目标的 PKI 方案，并提出 PKI 方案的实用且有效的实现。这项研究还将开发必要的理论工具来定义密码协议的安全目标并分析其安全性。这项研究的成果将带来广泛的好处。开发人员将受益于开源、可证明安全的 PKI 系统的可用性，从而确保实际应用程序的安全性。最终用户将受益于改进的安全保证和隐私。鉴于互联网的全球作用，整个社会将受益于强化、先进的安全基础设施和 PKI 生态系统，以及提高人们对这些主题重要性的认识的教育工作。此外，这项研究还将通过增加研究机会、教育、指导和推广工作，支持康涅狄格大学和三一学院多元化研究生和本科生的发展。该项目的研究工作主要分为三个主要领域，其结果将对开发和部署加密协议的理论和实践方面产生重大影响：1）PKI 理论的进步：定义一套全面的正式 PKI 要求，以及设计和分析方案以产生可证明安全的 PKI 方案； 2) 开发具有改进安全保障的 PKI 系统：设计、开发和标准化可证明安全的 PKI 设计，这些设计实用且适合实际应用； 3) 开发一个框架和工具，以促进在现实模型下应用密码协议的可证明安全性：构建一个支持可组合性和形式验证工具的综合框架，以进行严格的规范和分析。该奖项反映了 NSF 的法定使命，并被认为是值得的通过使用基金会的智力优势和更广泛的影响审查标准进行评估来提供支持。