Foundations and Real-World Aspects of Secure Cryptographic Connections

安全加密连接的基础和现实世界

基本信息

批准号：
406593006
负责人：
Dr. Felix Günther
金额：
--
依托单位：
Departement Informatik
依托单位国家：
德国
项目类别：
Research Fellowships
财政年份：
2018
资助国家：
德国
起止时间：
2017-12-31 至 2019-12-31
项目状态：
已结题

来源：
https://gepris.dfg.de/gepris/projekt/406593006?language=en
关键词：
Foundations Real World Aspects Secure

项目摘要

Secure connections are at the heart of today's Internet infrastructure, protecting confidentiality, integrity, and authenticity of data in transit, e.g., when doing online banking, accessing emails, or chatting with friends. The underlying cryptographic protocols (e.g., the prominent Transport Layer Security (TLS) protocol) are composed of two core components: A key exchange protocol first establishes a shared secret key between the two communication partners over a potentially insecure network. This key is then used in the follow-up secure channel protocol to protect the actual data to be communicated.The study of key exchange and secure channels is a foundational research topic in cryptography, with a substantial body of work underpinning classical designs for such protocols. Nevertheless, novel designs of secure connection protocols in practice go beyond what the current state of understanding in cryptographic theory can comprise in terms of techniques and security goals. Prime examples are the upcoming TLS version 1.3 currently developed by the Internet Engineering Task Force or the novel secure messaging protocol Signal (also underlying, e.g., WhatsApp, Facebook Messenger, or Google Allo), which are in daily use by millions to billions of users and devices. As these protocols underpin the security of our day-to-day interactions, it is however crucial to understand the security of these novel designs and to examine their strengths and weaknesses based on scientifically solid theoretical foundations.The proposed project will provide such solid foundations in terms of extended cryptographic security models, as well as assess the practical security of proposed and deployed real-world protocols based on the newly established understanding. To this end, we will devise novel formalisms capturing advanced aspects put forward in recent protocol designs. One major focus will be on an important and strong security guarantee protecting against compromises of secrets (so-called "forward secrecy"). We will study how forward secrecy can be achieved in a secure channel as well as when establishing the communication key with low latency. Novel designs of secure connections also have implications on how these connections are used by application programs and what properties they demand from the components they employ. Therefore, we will study how recent connection protocol designs integrate with application programs as well as with the underlying cryptographic building blocks the designs rely upon. This allows us to interpret the effects of novel designs both on the security they provide to applications and on the requirements they introduce to their components. Through these steps, the proposed project will improve the cryptographic understanding of novel secure connection protocols deployed in practice and their theoretical foundations.

安全连接是当今互联网基础设施的核心，可保护传输中数据的机密性、完整性和真实性，例如在进行网上银行、访问电子邮件或与朋友聊天时。底层加密协议（例如，著名的传输层安全 (TLS) 协议）由两个核心组件组成：密钥交换协议首先通过潜在不安全的网络在两个通信伙伴之间建立共享密钥。然后，该密钥将在后续的安全通道协议中使用，以保护要通信的实际数据。密钥交换和安全通道的研究是密码学的基础研究课题，有大量工作支撑此类协议的经典设计。然而，实践中安全连接协议的新颖设计超出了当前对密码理论的理解在技术和安全目标方面的范围。主要的例子是互联网工程任务组目前正在开发的即将推出的 TLS 1.3 版本或新颖的安全消息传递协议 Signal（也是底层的，例如 WhatsApp、Facebook Messenger 或 Google Allo），这些协议每天都有数百万至数十亿用户使用和设备。由于这些协议支撑着我们日常交互的安全，因此了解这些新颖设计的安全性并根据科学可靠的理论基础检查其优点和缺点至关重要。拟议的项目将为以下方面提供坚实的基础：扩展密码安全模型的术语，以及根据新建立的理解评估提议和部署的现实世界协议的实际安全性。为此，我们将设计新颖的形式主义，捕捉最近协议设计中提出的先进方面。一个主要焦点将是提供重要且强大的安全保证，以防止机密泄露（所谓的“前向保密”）。我们将研究如何在安全通道中以及如何建立低延迟的通信密钥时实现前向保密。安全连接的新颖设计还对应用程序如何使用这些连接以及它们要求所使用的组件具有哪些属性产生影响。因此，我们将研究最新的连接协议设计如何与应用程序以及设计所依赖的底层加密构建块集成。这使我们能够解释新颖设计对它们为应用程序提供的安全性以及它们对其组件提出的要求的影响。通过这些步骤，所提出的项目将提高对实践中部署的新型安全连接协议及其理论基础的密码学理解。