Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis. Even though key derivation plays a central role in the security landscape, it has received surprisingly little formal study within the cryptographic community, leading to a large disconnect between the theory and practice.

In this project, several important scenarios for key derivation are examined for their capability to improve security with provable guarantees, including the use of random number generators (RNGs), passwords, and biometrics. In particular:

- How RNGs are designed to properly combine the entropy gathering, randomness extraction and pseudorandom generation modules, while achieving the best possible subset of clearly defined security properties against a variety of adversarial scenarios.

- How to reduce the effectiveness of ?offline dictionary attacks? when generating keys from passwords.

- How biometrics can be safely reused to generate many secret keys across many applications raises several interesting questions, combining cryptographic security properties with those of error-correcting codes.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1314722
Program Officer
Shannon Beck
Project Start
Project End
Budget Start
2013-08-01
Budget End
2018-07-31
Support Year
Fiscal Year
2013
Total Cost
$531,235
Indirect Cost
Name
Northeastern University
Department
Type
DUNS #
City
Boston
State
MA
Country
United States
Zip Code
02115