Project
Information Summary for:
Authentic—Authentication Attacks and Controls
Leszek T. Lilien
Department of Computer Science
Also affiliated with:
Center for Education and Research in
Information Assurance and Security (CERIAS)
at
Project
Name: Authentic—Authentication Attacks and
Controls
Purpose: Privacy protocol
development, prevention of privacy disclosures
Brief Project Description
In
Project Authentic, we are
investigating authorization attacks and controls. We are also developing a
protocol that provides an efficient way of giving control of private data back
to their “owners” or their trusted “guardians.” We plan to experiment with a
mechanism based on trust and context-awareness, which provides privacy
solutions for data access. It is based
on the ideas of bundling metadata with data, blocking access when vulnerable to
disclosure, and controlled abstraction of protected data for general use (cf.
references below).
Extensive
experimentation in a distributed environment of a realistic size is essential
to improving design and evaluating it.
Experimentation in Authentic: The DETER Environment
We use the DETER testbed (www.isi.deterlab.net)
due to security risks that the project would pose if pursued on the Internet.
In particular, we need to trigger many kinds of authentication and privacy
attacks on the nodes implementing our mechanism. This would violate privacy and
security of users if run on the Internet.
Project Funding
Funded by grants:
1) NSF IIS-0242840: Vulnerability Analysis and
Threat Assessment/Avoidance
(PI: B. Bhargava, co-PI: L. Lilien)
2) NSF IIS-0209059: Formalizing Evidence and
Trust for User Authorization (PI: B. Bhargava)
References:
L. Lilien and B. Bhargava, ”A Scheme for Privacy-preserving Data Dissemination,” IEEE
Transactions on Systems, Man and Cybernetics (to appear).
B. Bhargava and L. Lilien, “Private and
Trusted Collaborations,” Proc. Secure Knowledge Management (SKM 2004): A
Workshop,