PI: John Mitchell, Andre Scedrov, Vitaly Shmatikov, Daniele Micciancio
The design and security analysis of protocols that use cryptographic primitives is one of the most fundamental and challenging areas of computer security research. This project focuses on three topics: foundations of protocol analysis, automated tools, and application of tools and methods to selected protocols. Foundational work centers on relating and combining two previously separate approaches: logical methods based on symbolic execution of protocols, and computational methods involving probability and polynomial-time. The symbolic approach uses a highly idealized representation of cryptographic primitives and has been a successful basis for automated tools. Conversely, the computational approach yields more insight into the strength and vulnerabilities of protocols, but is difficult to apply and only accessible to a small number of true experts in the field. Building on past success using several automated tools, the project will devise tool-based methods that leverage new scientific foundations. Three likely application areas are secure group communication and key agreement protocols, schemes for privacy-preserving computations, and wireless networking and applications. In each of these areas, there is current demand for new secure protocols from user communities, there is ongoing activity in the research and standardization communities, and the value of combining symbolic and computational analysis concepts is evident.