NeTS-FIND: Enabling Defense and Deterrence through Private Attribution

NetS-FIND：通过私人归属实现防御和威慑

• 批准号: 0627157
• 负责人: Alex Snoeren
• 金额: $ 40万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-15 至 2007-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627157&HistoricalAwards=false
• 关键词: NeTS; FIND; Enabling; Defense; Deterrence

Research in network security to date focuses largely on defenses---mechanisms that impede the activities of an adversary. Practical security, however, requires a balance between defense and deterrence. While defenses may block current attacks, without a meaningful risk of being caught adversaries are free to continue their attacks with impunity. Deterrence is usually predicated on effective means of attribution---tying an individual to an action. In the physical world attribution is achieved through forensic evidence, but constructing such evidence is uniquely challenging on the Internet.This project is developing a novel architectural primitive---private attribution, based on group signatures--that allows any network element to verify that a packet was sent by a member of a given group. Importantly, however, actually attributing the packet to a particular group member requires the participation of a set of trusted authorities, thereby ensuring the privacy of individual senders. In addition, this work explores content-based inverse firewalls that can inspect the content of traffic leaving a secured network, ensuring that sensitive information is kept within an enterprise. Approved data can then be labeled by the inspecting firewall, providing an audit trail should concerns arise.Broader Impacts: This research is developing a key architectural component to improve the level of security and assurance available to network services. In addition, the PIs are initiating a dialogue among both researchers and network operators about critical policy aspects of network security. In particular, information about the sources of both normal and attack traffic that must be safeguarded according to some policy.

迄今为止，对网络安全的研究主要集中在防御上，即阻止对手活动的机制。然而，实际安全需要在防御和威慑之间取得平衡。虽然防御可以阻止当前的攻击，但没有被抓住的风险，对手可以自由地继续攻击而不受惩罚。威慑通常基于有效的归因手段——将个人与行为联系起来。在现实世界中，归因是通过法医证据来实现的，但在互联网上构建这样的证据是一个独特的挑战。该项目正在开发一种新颖的体系结构原语——基于组签名的私有属性——允许任何网络元素验证数据包是由给定组的成员发送的。然而，重要的是，实际将数据包归属于特定的组成员需要一组受信任的权威机构的参与，从而确保单个发送者的隐私。此外，本工作还探讨了基于内容的反向防火墙，它可以检查离开安全网络的流量的内容，确保敏感信息保留在企业内。然后，检查防火墙可以对批准的数据进行标记，在出现问题时提供审计跟踪。更广泛的影响：这项研究正在开发一个关键的体系结构组件，以提高网络服务可用的安全性和保证级别。此外，pi正在研究人员和网络运营商之间发起关于网络安全关键政策方面的对话。特别是关于正常流量和攻击流量的来源信息，这些信息必须根据某些策略进行保护。