The discipline of cryptography provides the basic digital tools used across the globe to ensure data privacy and authenticity. With the broad deployment of these tools--often invisibly embedded in commercial software or hardware--an unconventional but devastating type of cyberattacks have emerged. These attacks involve deploying a cleverly subverted version of a cryptographic tool that appears to function normally, but in fact deliberately reduces security in a covert way that is known only to the subverting party. Such an attack can be carried out by the author of a software package, the manufacturer of a hardware device, or a third party who has contrived to interfere with the deployed product. Recent high-profile incidents of this kind have highlighted the threat associated with these attacks. This project is a comprehensive study of security in this setting, including development of formal models that permit rigorous reasoning about security, design and analysis of new cryptographic tools that resist subversion, and explicit recommendations for hardening the existing cryptographic tools in widespread use.
The project is organized into three main threads. The first focuses on establishing cryptographic security models that expand on classical cryptographic models to adequately reflect malicious subversion attacks: in general, these models call for the design of cryptographic tools to be explicitly coupled with specification of black-box testing procedures so that the combination can guarantee security despite subversion attacks. The second effort pursues development of fundamental cryptographic primitives that achieve security in these new models and application of these primitives as building blocks to construct larger systems and protocols that retain security despite subversion. Finally, to transition these theoretical tools to practice, the project undertakes a practical effort to re-architect existing infrastructural tools, such as the IPSec, SSH and TLS protocols, to harden them against subversion.
|