| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | February 26, 2021 |
| Latest Amendment Date: | August 8, 2023 |
| Award Number: | 2047991 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Sol Greenspan
sgreensp@nsf.gov (703)292-7841 CNS Division Of Computer and Network Systems CSE Direct For Computer & Info Scie & Enginr |
| Start Date: | May 15, 2021 |
| End Date: | April 30, 2026 (Estimated) |
| Total Intended Award Amount: | $499,342.00 |
| Total Awarded Amount to Date: | $296,485.00 |
| Funds Obligated to Date: |
FY 2022 = $97,149.00 FY 2023 = $98,786.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2550 NORTHWESTERN AVE # 1100 WEST LAFAYETTE IN US 47906-1332 (765)494-1055 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
West Lafayette IN US 47907-2114 |
| Primary Place of Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01002122DB NSF RESEARCH & RELATED ACTIVIT 01002324DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Cryptography has shown itself to be invaluable in everyday life, especially as more and more devices and interactions are moving to the online world. Whether it is browsing the web, making a purchase, or sending a message to a friend, cryptography is everywhere. Despite the fact that users (often unknowingly) rely on the security of systems that use cryptography, recent years have seen a number of serious vulnerabilities in the cryptographic pieces of systems, some with large consequences. These have been caused by various problems, including poor designs, difficulty of implementation, and use (or misuse) of (in)secure primitives. There is a common denominator in all of these problems: the human element. Many of the errors that are found when analyzing these insecure systems could have been prevented if both designers and software engineers had better tools to help them navigate the complex cryptographic space. Cryptographic automation is a relatively new and promising area that is designed to help solve many of these issues and make developing secure systems far easier and less error-prone, even for a non-expert. This project focuses on removing the human element from the deployment and analysis of cryptographic systems. Through the use of cryptographic automation and the development of tools, the project's aim is to make it easier to design and securely deploy new and complex cryptographic systems while preventing insecurities from occurring in such systems. Additionally, the project contains an education plan designed to help make cryptography more accessible to a broader audience. The creation of the Midwest Women in Computer Security Workshop, as well as the project's goal to not just develop but also disseminate tools, will allow more students of all ages, and more software engineers, to explore cryptography and computer security, instead of being intimidated or afraid of it.
The project has three main thrusts. The core of the project centers around the first thrust of building tools to aid in the deployment of complex cryptography. This will principally focus on automating the end-to-end development of zero-knowledge proof code, from expressing the proof statement to realizing the implementation, with additional applications to anonymous credentials. The second thrust focuses on automating the discovery of cryptographic vulnerabilities in applications that use zkSNARKs, a popular zero-knowledge proof instantiation. This thrust will leverage fuzzing to help both programmers and end users detect inconsistencies and errors in existing, already deployed zkSNARK circuits and applications. The third thrust works to automate the discovery and identification of modern cryptographic algorithms and techniques in both traditional as well as heavily obfuscated binaries, through a novel combination of various dynamic analysis and machine-learning based approaches. If successful, the combination of these three thrusts will, for expert and non-expert developers alike, make it both easier to discover the use of cryptography and potentially vulnerable algorithms in existing systems as well as design and securely deploy new and complex cryptographic systems while preventing these insecurities from happening.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
