CAREER: End-to-End Encryption for Managed Networks
Regents Of The University Of Michigan - Ann Arbor, Ann Arbor MI
Investigators
Abstract
Every day, billions of people use encryption to ensure the traffic they send across the public internet remains secure and private. Encryption is rarely used within managed networks administered by a single organization, like a business, a hospital, or a school. This is because current approaches to network management don't work if traffic is encrypted. The project’s novelties are applications of cryptography that enable network management directly on encrypted traffic. The project’s broader significance is that it will allow creating more secure and privacy-respecting managed networks. The project focuses on three critical areas of incompatibility between encryption and network management: policy enforcement, analytics, and network services. In the policy enforcement thrust, the project team uses zero-knowledge proofs to build network middleware that can enforce network policies, such as content filtering, without directly seeing traffic. In the analytics thrust, the project team is designing network analytics systems that do not rely on databases of plaintext traffic logs but verifiably outsource log storage and queries to endpoints. Finally, in the network services thrust, the project team uses cryptography to limit the metadata network services can learn about network traffic. The project’s broader impact will be improving the security of managed networks. Since management infrastructure will no longer need to see plaintext traffic, compromising this infrastructure will give an attacker less information about activity on the network. At the same time, user privacy in the network will also be improved since by using encryption, users can limit what is disclosed to administrators. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →