Topics in Authentication Technology and Computer Security

身份验证技术和计算机安全主题

• 批准号: 262068-2013
• 负责人: VanOorschot, Paul
• 金额: $ 3.21万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2016
• 资助国家: 加拿大
• 起止时间: 2016-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=594717
• 关键词: Topics; Authentication; Technology; Computer; Security

The program explores open security problems involving Internet authentication, including authentication of users and websites, secure software installation, and security of mobile devices; and aims to design new mechanisms improving Internet security. A first thrust seeks to address known security issues and design flaws in the Secure Sockets Layer mechanism (the Internet's core security infrastructure used by web browsers), and its underlying certificate authority infrastructure and trust model. We explore root causes of security issues, and design and test tools addressing current threats through evolutionary and revolutionary approaches including redesign of trust model infrastructure. A second thrust pursues design of a foundational methodology and comprehensive framework for systematic evaluation of user authentication mechanisms, with broad emphasis across usability, deployability, and security criteria; its use to accurately identify requirements matching authentication mechanisms with specific application environments; and design and evaluation of new mechanisms with identifiable advantages. A third thrust explores authentication aspects of mobile device security--web site and user authentication, and secure software installation--including design and evaluation of novel mechanisms specifically suiting mobile device limitations (e.g., size, input modalities). To avoid security threats related to non-expert users installing malicious application software, redesign is explored including operating system mechanisms balancing security (software isolation) and functionality (cross-application sharing). The problems explored are among society's most important cyber-security challenges, impacting all Internet users from private citizens, to business and government, to technology providers, and solutions increase trustworthiness of critical Internet infrastructure. We expect fundamental research results that contribute to stronger real-world Internet security through the design of better authentication and more secure, resilient software installation methods; and to see them deployed, including on mobile devices and in major browsers, through coordinating stakeholders to improve the Internet infrastructure.

该项目探讨了涉及互联网身份验证的开放安全问题，包括用户和网站的身份验证、安全软件安装以及移动设备的安全；旨在设计提高互联网安全的新机制。第一个目标是解决安全套接字层机制（Web 浏览器使用的互联网核心安全基础设施）及其底层证书颁发机构基础设施和信任模型中的已知安全问题和设计缺陷。我们探索安全问题的根本原因，并通过进化和革命性方法（包括重新设计信任模型基础设施）设计和测试解决当前威胁的工具。第二个重点是设计用于系统评估用户身份验证机制的基础方法和综合框架，广泛强调可用性、可部署性和安全标准；它用于准确识别与特定应用环境相匹配的认证机制的需求；设计和评估具有明显优势的新机制。第三个重点探讨了移动设备安全的身份验证方面——网站和用户身份验证以及安全软件安装——包括专门适合移动设备限制（例如大小、输入方式）的新颖机制的设计和评估。为了避免与非专家用户安装恶意应用软件相关的安全威胁，我们探索了重新设计，包括平衡安全性（软件隔离）和功能（跨应用程序共享）的操作系统机制。所探讨的问题是社会最重要的网络安全挑战之一，影响着从普通公民到企业和政府，再到技术提供商的所有互联网用户，而解决方案提高了关键互联网基础设施的可信度。我们期望基础研究成果能够通过设计更好的身份验证和更安全、更有弹性的软件安装方法，为增强现实世界的互联网安全做出贡献；并通过协调利益相关者以改善互联网基础设施来看到它们的部署，包括在移动设备和主要浏览器上的部署。