Collaborative Research: SaTC: CORE: Medium: Rethinking the Fundamentals of Tunneling Technologies for Security, Privacy, and Usability

协作研究：SaTC：核心：中：重新思考隧道技术的安全性、隐私性和可用性的基础知识

• 批准号: 2141512
• 负责人: Roya Ensafi
• 金额: $ 73.34万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-08-01 至 2025-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2141512&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Virtual Private Networks, or VPNs, are an important and integral part of the security and privacy practices of tens of millions of Americans, and of activists, journalists, and NGOs around the world that protect U.S. interests and help to carry out U.S. foreign policy. Despite the fact that the VPN ecosystem has expanded into a multi-billion dollar industry, there are many aspects of VPN security and privacy in practice that remain severely understudied and unvetted. How well does a VPN protect users against an attacker who can make educated guesses about what traffic is hidden behind the VPN? How feasible is it to hide VPN traffic so that it is not blocked? Do VPNs meet users' privacy and security expectations? How often do VPN providers follow security and privacy best practices? What are the other security and privacy best practices that should be put in place? This project is answering these questions through technical assessments, carefully designed measurements, and detailed quantitative and qualitative research.Virtual Private Networks, or VPNs, effectively form an encrypted tunnel to protect user traffic. This project aims to develop both intellectual understanding and technical and practical solutions for VPN security and privacy through four concurrent efforts: (1) building methods to ethically measure what is contained in users’ metadata and unencrypted data that needs protection; (2) analyzing how the layers of a tunnel technology interact in vulnerable ways, akin to the much better-studied theoretical limitations of network intrusion detection systems; (3) mapping out the evolving tunneling ecosystem by automating methodical exploration of different tunneling tools; (4) using quantitative and qualitative research to understand the stakeholders’ (users, providers, recommenders) needs to find the best ways to facilitate desired outcomes. These efforts combined will improve the security and privacy of tunnel technologies in all layers of the OSI network stack, from physical, link, and routing all the way through application into the human layer.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

虚拟专用网络或VPN是数千万美国人的安全和隐私惯例的重要组成部分，以及世界各地的激进主义者，新闻记者和非政府组织的保护者，保护美国利益并有助于执行美国外交政策。尽管VPN生态系统已经扩展到了一个数十亿美元的行业，但实际上，VPN安全性和隐私的许多方面仍然非常了解和不参考。 VPN用户如何保护攻击者可以对VPN背后隐藏的流量进行有根据的猜测？隐藏VPN流量以使其不被阻止有多可行？ VPN是否满足用户的隐私和安全期望？ VPN提供商多久遵循安全性和隐私最佳实践？其他应有的安全和隐私最佳实践是什么？该项目通过技术评估，精心设计的测量以及详细的定量和定性研究来回答这些问题。虚拟的专用网络或VPN有效地形成了一个加密的隧道，以保护用户流量。该项目旨在通过四个并发努力来开发VPN安全和隐私的智力理解，技术和实用解决方案：（1）建立构建方法，以道德衡量用户元数据中包含的内容以及需要保护的未加密数据； （2）分析隧道技术的层如何以脆弱的方式相互作用，类似于网络入侵检测系统的理论上限制； （3）通过自动探索​​不同的隧道工具来绘制不断发展的隧道生态系统； （4）使用定量和定性研究来了解利益相关者（用户，提供者，建议）需要找到最佳方法来促进预期的结果。这些努力结合在一起，将在OSI网络堆栈的各个层中提高隧道技术的安全性和隐私性，从物理，链接和路线一直从应用到人类层的应用。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的影响审查标准来通过评估来获得的支持。