NSF Converence Accelerator Track G: 5G Hidden Operations through Securing Traffic (GHOST) Phase 2

NSF Converence Accelerator Track G：通过保护流量 (GHOST) 实现 5G 隐藏操作第 2 阶段

• 批准号: 2326835
• 负责人: Keith Gremban
• 金额: $ 498.32万
• 依托单位: University of Colorado at Boulder
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-09-01 至 2025-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326835&HistoricalAwards=false
• 关键词: NSF; Converence; Accelerator; Track; 5G

The proliferation of 5G networks around the world presents an attractive opportunity for U.S. government organizations, nongovernmental humanitarian aid organizations, and private sector enterprises to eliminate the costs of installing and maintaining an alternate communications infrastructure by making use of indigenous 5G networks. However, in many areas of the world, 5G networks are deployed and operated by organizations that are untrusted and potentially hostile to the U.S. In these environments, new security technologies are needed to secure operations. While 5G encrypts data packets and subscriber IDs, analysis of network activity can reveal detailed information about individuals and groups. For example, pattern-of-life analysis can be used to identify and track users. Similarly, traffic analysis can reveal details of an organization’s structure and operations. The 5G Hidden Operations through Securing Traffic (GHOST) project provides four additional layers of security to protect against these threats. First, GHOST protects individuals by swapping subscriber and device IDs, along with usage patterns, or personas. Second, GHOST prevents traffic analysis by introducing ghost users and ghost traffic into the network to obscure real activity. Third, the GHOST project further frustrates traffic analysis by injecting “false flag” traffic that models real events and operations. Finally, GHOST secures devices at the hardware level by locating GHOST software inside Trusted Execution Environments (TEEs). The GHOST technology will enable organizations to securely operate over foreign 5G networks, regardless of the politics of the network operators.GHOST addresses threats that cannot be countered by traditional cyber security solutions. The GHOST project will demonstrate an integrated solution on a real 5G network and evaluate GHOST effectiveness in multiple operational scenarios. The GHOST project will yield four major intellectual benefits to the research and operational communities. • First, the GHOST project will deliver technology to anonymize or disguise end-user identities and their association with locations, and communications endpoints. End-user identities will be protected by dynamically allocating software defined credentials and associated software defined personas. Association with locations are protected by correlating movement history with compromising patterns of movement. Communications connections are protected by peer-to-peer anonymization.• Second, the GHOST project will deliver technology to overlay normal network activity with ghost activity to obfuscate traffic analysis and hide regular patterns of activity or changes in activity. • Third, the GHOST project will deliver technology to model, generate, and inject “false flag” traffic into the network to make it appear to a network analyst that a real event is occurring at a particular location. • Fourth, the GHOST project will deliver technology that will protect end-user devices and non-indigenous networking equipment from penetration and compromise through the use of TEEs. The idea behind a TEE is that no software, privileged or not, should be able to access or modify protected data. TEEs enable the process of attestation of both the hardware and the software. The GHOST software will run inside the TEE to be able to attest to the security of the protocol and protect it in case of capture. GHOST technology will benefit end-users of any untrusted network, not just untrusted 5G networks. The primary criteria for success of the GHOST project will be:• Prevention of identification and tracking of individuals by a network operator.• Inability of a network analyst to determine regular activity patterns, or significant changes in activity.• Mis-leading a network analyst by injection of “false flag” activity.• GHOST software deployment in TEEs with no observable degradation in device performance.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

5G 网络在全球范围内的扩散为美国政府组织、非政府人道主义援助组织和私营部门企业提供了一个有吸引力的机会，可以通过利用本土 5G 网络来消除安装和维护备用通信基础设施的成本。然而，在世界许多地区，5G 网络是由不受信任且可能对美国怀有敌意的组织部署和运营的。在这些环境中，需要新的安全技术来确保运营安全。 虽然 5G 对数据包和用户 ID 进行加密，但对网络活动的分析可以揭示有关个人和团体的详细信息。例如，生活模式分析可用于识别和跟踪用户。同样，流量分析可以揭示组织结构和运营的详细信息。 5G 通过保护流量进行隐藏操作 (GHOST) 项目提供了四个额外的安全层来防范这些威胁。 首先，GHOST 通过交换订户和设备 ID 以及使用模式或角色来保护个人。 其次，GHOST 通过将幽灵用户和幽灵流量引入网络来掩盖真实活动，从而防止流量分析。 第三，GHOST 项目通过注入模拟真实事件和操作的“假标志”流量，进一步阻碍流量分析。最后，GHOST 通过将 GHOST 软件放置在可信执行环境 (TEE) 内来在硬件级别保护设备。 GHOST 技术将使组织能够在外国 5G 网络上安全地运行，而不管网络运营商的政治立场如何。GHOST 可以解决传统网络安全解决方案无法应对的威胁。 GHOST项目将在真实的5G网络上展示集成解决方案，并评估GHOST在多个操作场景中的有效性。 GHOST 项目将为研究和运营界带来四大智力优势。 • 首先，GHOST 项目将提供匿名或伪装最终用户身份及其与位置和通信端点的关联的技术。 最终用户身份将通过动态分配软件定义的凭据和相关的软件定义的角色来保护。 通过将运动历史与妥协的运动模式相关联来保护与位置的关联。通信连接受到点对点匿名化的保护。• 其次，GHOST 项目将提供用幽灵活动覆盖正常网络活动的技术，以混淆流量分析并隐藏活动的常规模式或活动变化。 • 第三，GHOST 项目将提供技术来建模、生成并向网络中注入“假旗”流量，使网络分析师感觉特定位置正在发生真实事件。 • 第四，GHOST 项目将提供可保护最终用户设备和非本土网络设备免遭 TEE 渗透和损害的技术。 TEE 背后的想法是，任何软件，无论是否有特权，都不应能够访问或修改受保护的数据。 TEE 支持硬件和软件的认证过程。 GHOST 软件将在 TEE 内部运行，以便能够证明协议的安全性并在被捕获时保护协议。 GHOST 技术将使任何不可信网络的最终用户受益，而不仅仅是不可信的 5G 网络。 GHOST 项目成功的主要标准是：• 防止网络运营商识别和跟踪个人。• 网络分析师无法确定常规活动模式或活动的重大变化。• 通过注入“虚假标志”活动误导网络分析师。• 在 TEE 中部署 GHOST 软件，设备性能没有明显下降。该奖项反映了 NSF 的法定使命，并被认为值得通过以下方式获得支持： 使用基金会的智力价值和更广泛的影响审查标准进行评估。