SaTC: CORE: Small: Authentication on the Web: Provable Security for Emerging Protocols
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
Some important communication and authentication protocols on the Web still lack the provable-security treatment and hence lack the security guarantees as well. The project's impact is in bridging this gap. The project’s novelty is coupling the provable-security approach of modern cryptography with protocol design to yield novel security frameworks and analyses of the following protocols of emerging importance:(1) single sign-on (SSO) services, such as OpenID Connect, that allow service providers to delegate authentication of clients to designated identity providers,(2) FIDO2, a very ambitious project of the FIDO Alliance that helps the world to move away from bothersome use of passwords for authentication, relying instead on second-factor devices or biometrics, as well as secure PINs, (3) HTTPS protocol over TLS or QUIC, which encrypts and authenticates nearly half of Internet traffic nowadays. However, its security is not clear when used in combination with active proxies, middleboxes, or edge servers, all of which inspect, cache, or transform traffic in order to apply security rules, improve performance, etc. For each part of the project, the investigators design formal security definitions that take into account practical adversarial capabilities and various security threats. They then attempt to prove that the cryptographic cores of the aforementioned protocols satisfy the definitions under some reasonable computational assumptions on the protocol's components. When weaknesses are found and such proofs are not possible, then the investigators propose fixes. The novelty in applying such an approach is in modeling parties of more than two types, which may include a human party. The investigators put a serious effort to make the results accessible to a wide audience, including practitioners. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →