TWC: Small: Middleware for Certificate-Based Authentication

TWC：小型：用于基于证书的身份验证的中间件

• 批准号: 1528022
• 负责人: Kent Seamons
• 金额: $ 49.69万
• 依托单位: Brigham Young University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528022&HistoricalAwards=false
• 关键词: TWC; Small; Middleware; Certificate; Based

Every time someone uses a phone or computer to connect to an Internet site, software determines whether the connection is safe or being intercepted by attackers. Unfortunately, this software is error-prone, leaving users vulnerable to having their privacy violated or their personal information stolen due to phishing attacks, identity theft, and unauthorized inspection of their encrypted traffic. A number of solutions are being proposed, but the software is fragmented across many platforms and redundantly or incorrectly implemented. The goal of this research is to develop a trust platform that consolidates the decision-making process into a single location to provide a correct, consistent, and usable service for all existing and future applications. The platform is designed to make it easier for researchers to test and deploy alternative methods for detecting trustworthy Internet sites. The research emphasizes usability, so that users are not faced with error messages that are difficult for them to understand or act on.The project designs and analyzes middleware that consolidates certificate-based authentication in the operating system. It is designed for both Linux and Android, and automatically overrides the broken decision-making process currently found in many existing applications. Developers are no longer required to provide their own certificate validation function when building applications. The platform supports a variety of plugins for certificate authentication, such as dynamic certificate pinning, crowd-sourced notary services, and a curated root store. Policy configuration enables users or organizations to define how responses from multiple plugins are combined to make a final trust decision. Usability studies are focused on all aspects that require user interaction with the system: installing the system, configuring security and privacy preferences, choosing authentication providers, and receiving actionable notifications and warnings. This research benefits national security by addressing numerous weaknesses in the current trust system with new authentication services. The project contributes to the security community by providing an open source platform for easily extending the current trust system.

每次有人使用手机或电脑连接到互联网站点时，软件都会确定连接是安全的还是被攻击者拦截。不幸的是，该软件容易出错，使用户的隐私容易受到侵犯，或者由于网络钓鱼攻击、身份盗窃和对其加密流量的未经授权检查而导致其个人信息被盗。提出了许多解决方案，但该软件在许多平台上支离破碎，并冗余或不正确地实施。这项研究的目标是开发一个信任平台，将决策过程整合到一个位置，为所有现有和未来的应用程序提供正确、一致和可用的服务。该平台旨在使研究人员更容易测试和部署检测可信网站的替代方法。该研究强调可用性，使用户不会面临难以理解或操作的错误消息。该项目设计并分析了在操作系统中整合基于证书的认证的中间件。它是为Linux和Android设计的，并自动覆盖目前在许多现有应用程序中发现的支离破碎的决策过程。开发人员在构建应用程序时不再需要提供自己的证书验证功能。该平台支持各种用于证书身份验证的插件，如动态证书固定、众包公证服务和管理的根存储。策略配置使用户或组织能够定义如何组合来自多个插件的响应以做出最终信任决策。可用性研究侧重于需要用户与系统交互的所有方面：安装系统、配置安全和隐私首选项、选择身份验证提供商以及接收可操作的通知和警告。这项研究通过使用新的身份验证服务解决了当前信托制度中的许多弱点，从而有利于国家安全。该项目为安全社区做出了贡献，提供了一个开放源码平台，可轻松扩展目前的信任系统。

项目成果

Let's Revoke: Scalable Global Certificate Revocation

• DOI: 10.14722/ndss.2020.24084
• 发表时间: 2020
• 期刊: Proceedings 2020 Network and Distributed System Security Symposium
• 作者: Trevor Smith;Luke Dickenson;K. Seamons

“Something isn’t secure, but I’m not sure how that translates into a problem”: Promoting autonomy by designing for understanding in Signal

“有些东西不安全，但我不确定这如何转化为问题”：通过 Signal 中的理解设计来促进自主性

• 发表时间: 2019
• 期刊: Proceedings of the Fifteenth Symposium on Usable Privacy and Security
• 作者: Wu, J.;Gattrell, C.;Howard, D.;Tyler, J.;Vaziripour, E.;Seamons, K.;Zappala, D.
• 通讯作者: Zappala, D.

Leveraging locality of reference for certificate revocation

利用引用位置进行证书吊销

• DOI: 10.1145/3359789.3359819
• 发表时间: 2019
• 期刊: ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference
• 作者: Dickinson, Luke;Smith, Trevor;Seamons, Kent
• 通讯作者: Seamons, Kent