Delegation and Revocation for Internet Security

互联网安全的委托和撤销

• 批准号: RGPIN-2019-06155
• 负责人: Abdou, Abdelrahman
• 金额: $ 2.04万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=682216
• 关键词: Delegation; Revocation; Internet; Security

This research program focuses on designing and developing systems and protocols to enable secure delegation of services and trust to third parties. For example, when a website relies on third party services, the user (and their browser) need to be confident that this third party is securely delegated to act on behalf of that website, and to only perform the actions it is delegated to do. Additionally, if such delegation expires, or if the website wishes to discontinue such delegation, the browser needs to be aware of this to detect and prevent suspicious activities.******Secure delegation and revocation is becoming increasingly important for Internet services and operations. Many academic proposals face deployability challenges in practice due to the lack of secure delegation standards. For example, a geolocation service provider can protect users from man-in-the-middle attacks by providing users with an assurance of the geographic location where the physical server they are contacting resides. Users can then have the option to terminate a connection, or refrain from proceeding with a transaction, if they do not trust the location of that server. Another example is when an authentication server (e.g., the user's email provider) relies on users' geographic locations (given their consent) to protect their accounts from impersonation by attackers. Because robust Internet geolocation techniques often require a verification infrastructure, it does not make financial sense to many websites to deploy and maintain such an infrastructure on their own. It will thus be of high value to securely delegate third parties for reliable geolocation. Other benefits of secure delegation and revocation also exist for other applications, such as securing DNS delegation (e.g., to address DNS-based Internet censorship), mail server delegation (e.g., to prevent email impersonation by attackers), CDN delegation (e.g., to prevent malicious CDNs from distributing content on behalf of websites which they are not supposed to distribute), and the delegation of third party certification authorities to issue certificates to websites ensuring their identities.**

此研究计划侧重于设计和开发系统和协议，以实现将服务和信任安全地委托给第三方。例如，当网站依赖第三方服务时，用户(和他们的浏览器)需要确信该第三方被安全地委托代表该网站行事，并且只执行它被委托执行的动作。此外，如果这种授权到期，或者如果网站希望停止这种授权，浏览器需要意识到这一点，以检测和防止可疑活动。*安全授权和撤销对互联网服务和运营变得越来越重要。由于缺乏安全的授权标准，许多学术提案在实践中面临可部署性挑战。例如，地理位置服务提供商可以通过向用户提供他们正在联系的物理服务器所在的地理位置的保证，来保护用户免受中间人攻击。然后，如果用户不信任该服务器的位置，他们可以选择终止连接或不继续进行事务。另一个例子是当认证服务器(例如，用户的电子邮件提供商)依赖于用户的地理位置(给定他们的同意)来保护他们的帐户免受攻击者的冒充时。由于强大的互联网地理定位技术通常需要验证基础设施，因此对许多网站来说，单独部署和维护这样的基础设施在财务上没有意义。因此，安全地委托第三方进行可靠的地理位置定位将具有很高的价值。安全委派和撤销的其他好处也存在于其他应用程序，例如安全的DNS委派(例如，为了解决基于DNS的互联网审查)、邮件服务器委派(例如，防止攻击者的电子邮件模拟)、CDN委派(例如，防止恶意CDN代表它们不应该分发的网站分发内容)，以及委托第三方认证机构向确保其身份的网站颁发证书。**