Topics in Authentication Technology and Computer Security

身份验证技术和计算机安全主题

• 批准号: 262068-2013
• 负责人: VanOorschot, Paul
• 金额: $ 3.21万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2014
• 资助国家: 加拿大
• 起止时间: 2014-01-01 至 2015-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=547971
• 关键词: Topics; Authentication; Technology; Computer; Security

The program explores open security problems involving Internet authentication, including authentication of users and websites, secure software installation, and security of mobile devices; and aims to design new mechanisms improving Internet security. A first thrust seeks to address known security issues and design flaws in the Secure Sockets Layer mechanism (the Internet's core security infrastructure used by web browsers), and its underlying certificate authority infrastructure and trust model. We explore root causes of security issues, and design and test tools addressing current threats through evolutionary and revolutionary approaches including redesign of trust model infrastructure. A second thrust pursues design of a foundational methodology and comprehensive framework for systematic evaluation of user authentication mechanisms, with broad emphasis across usability, deployability, and security criteria; its use to accurately identify requirements matching authentication mechanisms with specific application environments; and design and evaluation of new mechanisms with identifiable advantages. A third thrust explores authentication aspects of mobile device security--web site and user authentication, and secure software installation--including design and evaluation of novel mechanisms specifically suiting mobile device limitations (e.g., size, input modalities). To avoid security threats related to non-expert users installing malicious application software, redesign is explored including operating system mechanisms balancing security (software isolation) and functionality (cross-application sharing). The problems explored are among society's most important cyber-security challenges, impacting all Internet users from private citizens, to business and government, to technology providers, and solutions increase trustworthiness of critical Internet infrastructure. We expect fundamental research results that contribute to stronger real-world Internet security through the design of better authentication and more secure, resilient software installation methods; and to see them deployed, including on mobile devices and in major browsers, through coordinating stakeholders to improve the Internet infrastructure.

该计划探讨涉及互联网认证的开放安全问题，包括用户和网站的认证，安全软件安装和移动设备的安全；旨在设计提高网络安全的新机制。第一个重点是解决安全套接字层机制（web浏览器使用的互联网核心安全基础设施）及其底层证书颁发机构基础设施和信任模型中已知的安全问题和设计缺陷。我们探索安全问题的根本原因，并设计和测试工具，通过进化和革命性的方法解决当前的威胁，包括重新设计信任模型基础设施。第二个重点是为用户身份验证机制的系统评估设计基本方法和综合框架，广泛强调可用性、可部署性和安全标准；它用于准确识别与特定应用程序环境相匹配的身份验证机制的需求；并设计和评估具有明显优势的新机制。第三个重点探讨了移动设备安全的认证方面——网站和用户认证，以及安全的软件安装——包括设计和评估专门适合移动设备限制的新机制（例如，大小，输入方式）。为了避免与非专业用户安装恶意应用软件相关的安全威胁，我们探索了重新设计，包括平衡安全性（软件隔离）和功能（跨应用程序共享）的操作系统机制。所探讨的问题是社会上最重要的网络安全挑战之一，影响到所有互联网用户，从私人公民到企业和政府，再到技术提供商，解决方案增加了关键互联网基础设施的可信度。我们期待通过设计更好的身份验证和更安全、更有弹性的软件安装方法，基础研究成果有助于增强现实世界的互联网安全性；并通过协调利益相关者改善互联网基础设施，看到它们得到部署，包括在移动设备和主要浏览器上。