Award Abstract # 2236784
CAREER: End-to-End Encryption for Managed Networks

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: REGENTS OF THE UNIVERSITY OF MICHIGAN
Initial Amendment Date: February 9, 2023
Latest Amendment Date: August 30, 2024
Award Number: 2236784
Award Instrument: Continuing Grant
Program Manager: Anna Squicciarini
asquicci@nsf.gov
 (703)292-5177
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: March 1, 2023
End Date: February 29, 2028 (Estimated)
Total Intended Award Amount: $727,464.00
Total Awarded Amount to Date: $423,002.00
Funds Obligated to Date: FY 2023 = $136,721.00
FY 2024 = $286,281.00
History of Investigator:
  • Paul Grubbs (Principal Investigator)
    paulgrub@umich.edu
Recipient Sponsored Research Office: Regents of the University of Michigan - Ann Arbor
1109 GEDDES AVE STE 3300
ANN ARBOR
MI  US  48109-1015
(734)763-6438
Sponsor Congressional District: 06
Primary Place of Performance: Regents of the University of Michigan - Ann Arbor
503 THOMPSON ST
ANN ARBOR
MI  US  48109-1340
Primary Place of Performance
Congressional District:
06
Unique Entity Identifier (UEI): GNJ7BBP73WE9
Parent UEI:
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01002526DB NSF RESEARCH & RELATED ACTIVIT
01002627DB NSF RESEARCH & RELATED ACTIVIT

01002728DB NSF RESEARCH & RELATED ACTIVIT

01002425DB NSF RESEARCH & RELATED ACTIVIT

01002324DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 1045
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Every day, billions of people use encryption to ensure the traffic they send across the public internet remains secure and private. Encryption is rarely used within managed networks administered by a single organization, like a business, a hospital, or a school. This is because current approaches to network management don't work if traffic is encrypted. The project?s novelties are applications of cryptography that enable network management directly on encrypted traffic. The project?s broader significance is that it will allow creating more secure and privacy-respecting managed networks.


The project focuses on three critical areas of incompatibility between encryption and network management: policy enforcement, analytics, and network services. In the policy enforcement thrust, the project team uses zero-knowledge proofs to build network middleware that can enforce network policies, such as content filtering, without directly seeing traffic. In the analytics thrust, the project team is designing network analytics systems that do not rely on databases of plaintext traffic logs but verifiably outsource log storage and queries to endpoints. Finally, in the network services thrust, the project team uses cryptography to limit the metadata network services can learn about network traffic.


The project?s broader impact will be improving the security of managed networks. Since management infrastructure will no longer need to see plaintext traffic, compromising this infrastructure will give an attacker less information about activity on the network. At the same time, user privacy in the network will also be improved since by using encryption, users can limit what is disclosed to administrators.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Collin Zhang, Zachary DeStefano "Zombie: Middleboxes that Dont Snoop" design and implementation of networked systems (NSDI) , 2024 Citation Details

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page