SaTC: CORE: Medium: Collaborative: Theory and Practice of Cryptosystems Secure Against Subversion

SaTC：核心：媒介：协作：密码系统安全防范颠覆的理论与实践

• 批准号: 1801492
• 负责人: Chase Wu
• 金额: $ 30万
• 依托单位: New Jersey Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801492&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Theory

The discipline of cryptography provides the basic digital tools used across the globe to ensure data privacy and authenticity. With the broad deployment of these tools--often invisibly embedded in commercial software or hardware--an unconventional but devastating type of cyberattacks have emerged. These attacks involve deploying a cleverly subverted version of a cryptographic tool that appears to function normally, but in fact deliberately reduces security in a covert way that is known only to the subverting party. Such an attack can be carried out by the author of a software package, the manufacturer of a hardware device, or a third party who has contrived to interfere with the deployed product. Recent high-profile incidents of this kind have highlighted the threat associated with these attacks. This project is a comprehensive study of security in this setting, including development of formal models that permit rigorous reasoning about security, design and analysis of new cryptographic tools that resist subversion, and explicit recommendations for hardening the existing cryptographic tools in widespread use.The project is organized into three main threads. The first focuses on establishing cryptographic security models that expand on classical cryptographic models to adequately reflect malicious subversion attacks: in general, these models call for the design of cryptographic tools to be explicitly coupled with specification of black-box testing procedures so that the combination can guarantee security despite subversion attacks. The second effort pursues development of fundamental cryptographic primitives that achieve security in these new models and application of these primitives as building blocks to construct larger systems and protocols that retain security despite subversion. Finally, to transition these theoretical tools to practice, the project undertakes a practical effort to re-architect existing infrastructural tools, such as the IPSec, SSH and TLS protocols, to harden them against subversion.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

密码学学科提供了在地球仪上使用的基本数字化工具，以确保数据隐私和真实性。随着这些工具的广泛部署--通常无形地嵌入商业软件或硬件中--一种非常规但破坏性的网络攻击类型已经出现。这些攻击涉及部署一个看似正常运行的加密工具的巧妙颠覆版本，但实际上以一种只有颠覆方才知道的隐蔽方式故意降低安全性。这种攻击可以由软件包的作者、硬件设备的制造商或设法干扰已部署产品的第三方执行。最近这类引人注目的事件突出表明了与这些攻击有关的威胁。这个项目是一个全面的研究在此设置，包括形式模型的发展，允许严格推理的安全性，设计和分析新的密码工具，抵制颠覆，并明确建议加强现有的加密工具在广泛使用。该项目被组织成三个主线。第一个重点是建立加密安全模型，扩展经典的加密模型，以充分反映恶意的颠覆攻击：在一般情况下，这些模型要求加密工具的设计明确耦合规范的黑盒测试程序，使组合可以保证安全，尽管颠覆攻击。第二个努力追求基本的密码原语，实现这些新的模型和应用程序的安全性，这些原语作为构建块，以构建更大的系统和协议，保持安全性，尽管颠覆的发展。最后，为了将这些理论工具转化为实践，该项目致力于重新构建现有的基础设施工具，如IPSec，SSH和TLS协议，以加强它们的抗颠覆性。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Fair Peer-to-Peer Content Delivery via Blockchain

• DOI: 10.1007/978-3-030-88418-5_17
• 发表时间: 2021-02
• 作者: Songlin He;Yuan Lu;Qiang Tang;Guiling Wang;C. Wu

Computational Robust (Fuzzy) Extractors for CRS-dependent Sources with Minimal Min-entropy

• DOI: 10.1007/978-3-030-90453-1_24
• 发表时间: 2021
• 作者: Hanwen Feng;Qiang Tang

Anonymous Traceback for End-to-End Encryption

端到端加密的匿名回溯

• 发表时间: 2022
• 期刊: European Symposium on Research in Computer Security
• 作者: Kenney, E.;Tang, Q.;Wu, C.
• 通讯作者: Wu, C.

Decentralizing IoT Management Systems Using Blockchain for Censorship Resistance

• DOI: 10.1109/tii.2019.2939797
• 发表时间: 2020-01
• 期刊: IEEE Transactions on Industrial Informatics
• 影响因子: 12.3
• 作者: Songlin He;Qiang Tang;C. Wu;Xuewen Shen

CCA Updatable Encryption Against Malicious Re-encryption Attacks

针对恶意重新加密攻击的 CCA 可更新加密

• DOI: 10.1007/978-3-030-64840-4_20
• 发表时间: 2020
• 期刊: International Conference on the Theory and Application of Cryptology and Information Security
• 作者: Chen, Long;Li, Yanan;Tang, Qiang
• 通讯作者: Tang, Qiang