
NSF Org: |
CNS Division Of Computer and Network Systems |
Recipient: |
|
Initial Amendment Date: | February 9, 2023 |
Latest Amendment Date: | August 30, 2024 |
Award Number: | 2236784 |
Award Instrument: | Continuing Grant |
Program Manager: |
Anna Squicciarini
asquicci@nsf.gov (703)292-5177 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
Start Date: | March 1, 2023 |
End Date: | February 29, 2028 (Estimated) |
Total Intended Award Amount: | $727,464.00 |
Total Awarded Amount to Date: | $423,002.00 |
Funds Obligated to Date: |
FY 2024 = $286,281.00 |
History of Investigator: |
|
Recipient Sponsored Research Office: |
1109 GEDDES AVE STE 3300 ANN ARBOR MI US 48109-1015 (734)763-6438 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
503 THOMPSON ST ANN ARBOR MI US 48109-1340 |
Primary Place of
Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
01002627DB NSF RESEARCH & RELATED ACTIVIT 01002728DB NSF RESEARCH & RELATED ACTIVIT 01002425DB NSF RESEARCH & RELATED ACTIVIT 01002324DB NSF RESEARCH & RELATED ACTIVIT |
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
Every day, billions of people use encryption to ensure the traffic they send across the public internet remains secure and private. Encryption is rarely used within managed networks administered by a single organization, like a business, a hospital, or a school. This is because current approaches to network management don't work if traffic is encrypted. The project?s novelties are applications of cryptography that enable network management directly on encrypted traffic. The project?s broader significance is that it will allow creating more secure and privacy-respecting managed networks.
The project focuses on three critical areas of incompatibility between encryption and network management: policy enforcement, analytics, and network services. In the policy enforcement thrust, the project team uses zero-knowledge proofs to build network middleware that can enforce network policies, such as content filtering, without directly seeing traffic. In the analytics thrust, the project team is designing network analytics systems that do not rely on databases of plaintext traffic logs but verifiably outsource log storage and queries to endpoints. Finally, in the network services thrust, the project team uses cryptography to limit the metadata network services can learn about network traffic.
The project?s broader impact will be improving the security of managed networks. Since management infrastructure will no longer need to see plaintext traffic, compromising this infrastructure will give an attacker less information about activity on the network. At the same time, user privacy in the network will also be improved since by using encryption, users can limit what is disclosed to administrators.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.