A Transition of Dialect Computing in Network Protocol - DialectKey Management

Abstract

With the support from the previous ONR grant N000141812661, we have researched dialect computing in the context of network and system protocols and further investigated the dialect-based security mechanism based on the most popular network protocols such as TLS and IKE. We used two primitives to implement protocol dialect: nonce encoding and order shuffling based on a crypto key. This secret key, namely DialectKey, distributed among the dialect group is the very foundation of protocol dialect. Thus, the management of the key is essential for the protocol dialect to be fully utilized in the real world. To fulfill the secure key management, we propose to conduct transition efforts for network protocol dialect.Specifically, we use Trusted Execution Environment (TEE) technology for the secure management of keys. Using such strong hardware-level security that TEE provides, we can securely encrypt DialectKey with CPU keys and perform crypto operations, including encryption and generating signatures. Also, we run the core functions of the DialectFilter server inside TEE, which verifies if the payload contains a valid protocol dialect, so that we can trust the result returned by the DialectFilter server.The key objective of this transition work can be summarized as follows. (1) We assist and support the ONR-determined Transition Partner to further the technological readiness of the network protocol dialect method, and other task items deemed necessary for the transition. (2) We will also assist and support the Transition Partner s effort in implementing our previous technology in different network environments, which ONR can determine as the project progresses. (3) We will also cooperate with ONR-determined Technical Partners to fulfill other requirements. Since this transition aims to assess and demonstrate our prior research s deployability in a real-world network server environment, we can support a ready adaptation of dialect filtering functionality in various network server configurations. These optional tasks would include providing application programming interfaces (API) that developers can readily utilize for DialectKey Management (Import, Derivation, and Sealing/Unsealing), Dialect Verification, and Remote Attestation to ensure the integrity of the DialectFilter server.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 05, 2021

Source ID

N000142112572

Entities

Tags