TWC: Small: Understanding the Complexity of Concurrent Security

TWC：小：了解并发安全的复杂性

• 批准号: 1526377
• 负责人: Muthuramakrishn Venkitasubramaniam
• 金额: $ 46.39万
• 依托单位: University of Rochester
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526377&HistoricalAwards=false
• 关键词: TWC; Small; Understanding; Complexity; Concurrent

A key property of modern day network environments such as the Internet is the possibility of multiple processes running simultaneously, concurrently and unaware of each other. However, the same property also allows an attacker for a coordinated attack in which an adversary controls many parties, interleaving the executions of the various protocol instances and creating rogue interactions between protocols. With changing network environments and new-emerging paradigms such as cloud computing, we need to assess the threat model in order to capture a broader class of attacks. This research project identifies strong notions of security to capture previously unforeseen threats and the intrinsic cryptographic complexity of constructing protocols that are secure against such threats. This project focuses on a strong form of corruption model referred to as adaptive corruption, which considers an adversary that can hijack a host anytime during the course of computation. This models hacking attacks where an external attacker breaks into parties' machines in the midst of a protocol execution, and captures additional threats. This research identifies the minimal cryptographic assumptions to design protocols that are secure against adaptive corruption in the concurrent setting with and without setup. The research focuses on black-box construction wherever possible and relies on non-black-box constructions as a stepping stone towards establishing feasibility. The project bridges the gap between theory and practice, by creating a wiki that will enable a web-based interaction to retrieve relevant information regarding current techniques for cryptographic constructions and security notions associated with these constructions.

现代网络环境(如Internet)的一个关键特性是多个进程可以同时、并发地运行，并且彼此不知道。然而，同样的属性也允许攻击者进行协同攻击，在这种攻击中，对手控制多方，交错执行各种协议实例，并在协议之间创建恶意交互。随着不断变化的网络环境和云计算等新兴模式的出现，我们需要评估威胁模型，以捕获更广泛的攻击类别。这项研究项目确定了强大的安全概念，以捕获以前无法预见的威胁，以及构建针对此类威胁的安全协议所固有的密码复杂性。这个项目专注于一种被称为自适应腐败的强形式的腐败模型，它考虑了在计算过程中随时可以劫持主机的对手。它模拟了黑客攻击，即外部攻击者在协议执行过程中闯入各方的计算机，并捕获其他威胁。这项研究确定了设计协议的最小密码假设，这些协议在有设置和没有设置的并发设置中是安全的，不会受到适应性破坏。本研究尽可能地将重点放在黑箱结构上，并依赖非黑箱结构作为建立可行性的垫脚石。该项目通过创建一个维基来弥合理论和实践之间的鸿沟，该维基将使基于网络的互动能够检索有关当前密码构造技术和与这些构造相关的安全概念的相关信息。