Visible to the public TWC: Small: Middleware for Certificate-Based AuthenticationConflict Detection Enabled

Project Details

Lead PI

Performance Period

Sep 01, 2015 - Aug 31, 2018


Brigham Young University

Award Number

Every time someone uses a phone or computer to connect to an Internet site, software determines whether the connection is safe or being intercepted by attackers. Unfortunately, this software is error-prone, leaving users vulnerable to having their privacy violated or their personal information stolen due to phishing attacks, identity theft, and unauthorized inspection of their encrypted traffic. A number of solutions are being proposed, but the software is fragmented across many platforms and redundantly or incorrectly implemented. The goal of this research is to develop a trust platform that consolidates the decision-making process into a single location to provide a correct, consistent, and usable service for all existing and future applications. The platform is designed to make it easier for researchers to test and deploy alternative methods for detecting trustworthy Internet sites. The research emphasizes usability, so that users are not faced with error messages that are difficult for them to understand or act on.

The project designs and analyzes middleware that consolidates certificate-based authentication in the operating system. It is designed for both Linux and Android, and automatically overrides the broken decision-making process currently found in many existing applications. Developers are no longer required to provide their own certificate validation function when building applications. The platform supports a variety of plugins for certificate authentication, such as dynamic certificate pinning, crowd-sourced notary services, and a curated root store. Policy configuration enables users or organizations to define how responses from multiple plugins are combined to make a final trust decision. Usability studies are focused on all aspects that require user interaction with the system: installing the system, configuring security and privacy preferences, choosing authentication providers, and receiving actionable notifications and warnings. This research benefits national security by addressing numerous weaknesses in the current trust system with new authentication services. The project contributes to the security community by providing an open source platform for easily extending the current trust system.