Collaborative Research: SaTC: CORE: Medium: RUI: Applied Cryptographic Protocols with Provably-Secure Foundations

协作研究：SaTC：核心：中：RUI：具有可证明安全基础的应用密码协议

• 批准号: 2149766
• 负责人: Ewa Syta
• 金额: $ 31.79万
• 依托单位: Trinity College
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2149766&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Cryptographic protocols have become an essential facilitator for the Internet and its many applications, supporting the needs of modern society. It is hard to imagine the Internet without the extensive use of applied cryptographic protocols, e.g., protocols used to secure web and email. Such protocols use and depend on the Public Key Infrastructure (PKI), which is also key to the security of other open systems such as mobile networks, Internet of Things, and blockchains. PKI provides a critical security infrastructure to achieve confidentiality, authentication, integrity and non-repudiation. However, there have been many attacks exploiting vulnerabilities of the PKI itself; PKI, in contrast to other well-known cryptographic protocols, has no security proofs or even precise definitions of security goals. As a result, systems utilizing PKI may be vulnerable. The proposed research will define security goals for PKI schemes, present PKI schemes which provably meet these goals, and present practical and efficient implementations of PKI schemes. This research will also develop the necessary theoretical tools to define security goals of cryptographic protocols and to analyze their security. The outcomes of this research will have broad benefits. Developers will benefit from the availability of open-source, provably secure PKI systems, enabling security for real-world applications. End-users will benefit from improved security guarantees and privacy. Given the global role of the Internet, society at large will benefit from a strengthened, advanced security infrastructure and PKI ecosystem and from educational efforts which will raise awareness of the importance of these topics. Furthermore, this research will support the development of a diverse cohort of graduate and undergraduate students at the University of Connecticut and Trinity College through increased research opportunities, education, and mentoring and outreach efforts. Research efforts of this project, the results of which will significantly impact the theoretical and practical aspects of developing and deploying cryptographic protocols, are organized in three main areas: 1) Advancement of PKI theory: to define a comprehensive set of formal PKI requirements, and to design and analyze schemes to produce provably secure PKI schemes; 2) Development of PKI systems with improved security guarantees: to design, develop, and standardize provably secure PKI designs that are practical and appropriate for real-world applications; 3) Development of a framework and tools to facilitate provable security for applied cryptographic protocols under realistic models: to build a comprehensive framework that supports composability and formal verification tools for rigorous specification and analysis.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

密码协议已经成为互联网及其许多应用的重要促进器，支持现代社会的需求。很难想象没有广泛使用应用密码协议的互联网，例如用于保护网络和电子邮件安全的协议。这些协议使用并依赖于公钥基础设施(PKI)，公钥基础设施也是其他开放系统(如移动网络、物联网和区块链)安全的关键。PKI提供了一个关键的安全基础设施，以实现机密性、身份验证、完整性和不可否认性。然而，已经有许多攻击利用了PKI本身的漏洞；与其他著名的密码协议相比，PKI没有安全证明，甚至没有安全目标的准确定义。因此，使用PKI的系统可能容易受到攻击。建议的研究将定义PKI方案的安全目标，提出可证明满足这些目标的PKI方案，并提供实用和高效的PKI方案的实现。这项研究还将开发必要的理论工具来定义密码协议的安全目标并分析其安全性。这项研究的结果将带来广泛的好处。开发人员将受益于开源的、可证明安全的PKI系统的可用性，从而为现实世界的应用程序提供安全保障。最终用户将从改进的安全保障和隐私中受益。鉴于互联网的全球作用，整个社会将受益于加强、先进的安全基础设施和公钥基础设施生态系统，以及将提高对这些主题重要性的认识的教育努力。此外，这项研究将通过增加研究机会、教育以及指导和外联努力，支持康涅狄格大学和三一学院培养多样化的研究生和本科生。该项目的研究工作主要集中在三个方面，其结果将对开发和部署密码协议的理论和实践方面产生重大影响：1)PKI理论的发展：定义一套全面的正式PKI要求，并设计和分析方案以产生可证明安全的PKI方案；2)开发具有改进的安全保证的PKI系统：设计、开发和标准化可证明安全的、实用且适合现实世界应用的PKI设计；3)开发框架和工具，以促进现实模型下应用加密协议的可证明安全性：构建一个全面的框架，支持可组合性和正式验证工具，以进行严格的规范和分析。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。