权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

Foundations and Real-World Aspects of Secure Cryptographic Connections

安全加密连接的基础和现实世界

基本信息

批准号：
406593006
负责人：
Dr. Felix Günther
金额：
--
依托单位：
Departement Informatik
依托单位国家：
德国
项目类别：
Research Fellowships
财政年份：
2018
资助国家：
德国
起止时间：
2017-12-31 至 2019-12-31
项目状态：
已结题

来源：
https://gepris.dfg.de/gepris/projekt/406593006?language=en
关键词：
Foundations Real World Aspects Secure

项目摘要

Secure connections are at the heart of today's Internet infrastructure, protecting confidentiality, integrity, and authenticity of data in transit, e.g., when doing online banking, accessing emails, or chatting with friends. The underlying cryptographic protocols (e.g., the prominent Transport Layer Security (TLS) protocol) are composed of two core components: A key exchange protocol first establishes a shared secret key between the two communication partners over a potentially insecure network. This key is then used in the follow-up secure channel protocol to protect the actual data to be communicated.The study of key exchange and secure channels is a foundational research topic in cryptography, with a substantial body of work underpinning classical designs for such protocols. Nevertheless, novel designs of secure connection protocols in practice go beyond what the current state of understanding in cryptographic theory can comprise in terms of techniques and security goals. Prime examples are the upcoming TLS version 1.3 currently developed by the Internet Engineering Task Force or the novel secure messaging protocol Signal (also underlying, e.g., WhatsApp, Facebook Messenger, or Google Allo), which are in daily use by millions to billions of users and devices. As these protocols underpin the security of our day-to-day interactions, it is however crucial to understand the security of these novel designs and to examine their strengths and weaknesses based on scientifically solid theoretical foundations.The proposed project will provide such solid foundations in terms of extended cryptographic security models, as well as assess the practical security of proposed and deployed real-world protocols based on the newly established understanding. To this end, we will devise novel formalisms capturing advanced aspects put forward in recent protocol designs. One major focus will be on an important and strong security guarantee protecting against compromises of secrets (so-called "forward secrecy"). We will study how forward secrecy can be achieved in a secure channel as well as when establishing the communication key with low latency. Novel designs of secure connections also have implications on how these connections are used by application programs and what properties they demand from the components they employ. Therefore, we will study how recent connection protocol designs integrate with application programs as well as with the underlying cryptographic building blocks the designs rely upon. This allows us to interpret the effects of novel designs both on the security they provide to applications and on the requirements they introduce to their components. Through these steps, the proposed project will improve the cryptographic understanding of novel secure connection protocols deployed in practice and their theoretical foundations.

安全连接是当今互联网基础设施的核心，可保护传输中数据的机密性、完整性和真实性，例如，在进行网上银行、访问电子邮件或与朋友聊天时。底层加密协议（例如，主要的传输层安全（TLS）协议）由两个核心组件组成：密钥交换协议首先通过潜在不安全的网络在两个通信伙伴之间建立共享密钥。密钥交换和安全信道的研究是密码学的一个基础性研究课题，大量的工作支撑着这类协议的经典设计。然而，安全连接协议的新设计在实践中超越了密码学理论的当前理解状态，可以包括在技术和安全目标方面。最好的例子是即将到来的TLS版本1.3，目前由互联网工程任务组开发，或新的安全消息传递协议信号（也是底层的，例如，WhatsApp，Facebook Messenger或Google Allo），每天有数百万到数十亿用户和设备使用。由于这些协议支撑着我们日常互动的安全性，因此了解这些新颖设计的安全性并基于科学坚实的理论基础来检查它们的优点和缺点是至关重要的。拟议的项目将在扩展密码安全模型方面提供坚实的基础，以及基于新建立的理解评估提议和部署的真实世界协议的实际安全性。为此，我们将设计新的形式主义捕捉先进的方面提出了最近的协议设计。一个主要的重点将是一个重要的和强大的安全保障，防止泄密（所谓的“前向保密”）。我们将研究如何在安全信道中实现前向保密，以及在建立低延迟的通信密钥时。安全连接的新设计也对应用程序如何使用这些连接以及它们对所使用的组件的要求有影响。因此，我们将研究最近的连接协议设计如何与应用程序集成，以及与设计所依赖的底层密码构建块集成。这使我们能够解释新设计对它们为应用程序提供的安全性以及它们对其组件引入的要求的影响。通过这些步骤，拟议的项目将提高在实践中部署的新的安全连接协议及其理论基础的密码学理解。