For Immediate Release
DHS Science & Technology Press Office
Contact: John Verrico, (202) 254-2385
Washington, DC—The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded $527,112 to Brigham Young University (BYU) in Provo, Utah, to develop a web authentication middleware tool that would significantly upgrade the current Internet website authentication process and improve online security.
The award is part of the Homeland Security Advanced Research Projects Agency Cyber Security Division’s (CSD) Internet Measurement and Attack Modeling (IMAM) project that works with researchers in academia and the cybersecurity community to develop solutions in the areas of resilient systems, modeling of Internet attacks and network mapping and measurement.
Recent studies have documented many problem areas within the current certificate-based authentication system such as errors and issues with server certificates, invalid chains and subjects, self-signed certificates, and popular websites not properly using them. This situation means users often encounter website certificate warnings they may not know how to handle safely or which they may ignore at the risk of exposing their computers and mobile devices to malware, botnets, phishing scams and an array of other cyber threats.
“We need a better solution to web authentication that will increase Internet security and decrease the vulnerability of individuals and businesses to cyberattacks,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. The BYU authentication middleware tool will create a new and enhanced Internet certification authentication system that will jumpstart movement toward this important objective.”
To address the weaknesses of the certificate-based authentication system, the BYU team is developing TrustBase, an open-source middleware that will support mobile and desktop operating systems including Windows and Linux and authenticate websites using local and cloud-based services. TrustBase would be used to subscribe to authentication services through an app store interface, which may include ratings of services by trusted security and privacy organizations. The user interface will be seamless; a computer or device’s operating system will enable TrustBase to notify the user of untrustworthy sites independent of the application in use, providing enhanced online security. DHS S&T is funding development of TrustBase in coordination with the National Science Foundation.
“Too frequently Internet users are exposed to significant online security flaws because they do not know which websites to trust,” said Dr. Ann Cox, IMAM program manager. “TrustBase will empower individual users to decide what websites to trust by authenticating certificates from reliable, trusted sources. Users also will be able to customize TrustBase authentication to their typical browsing habits.”
The IMAM project is aligned with the 2016 Federal Cyber Security Research and Development Strategic Plan to develop realistic experimental data that emulates external adversarial activities and defensive behavior. It also is aligned with the S&T Strategic Plan’s goals for CSD to develop new tools and techniques for mapping several layers of the Internet to detect and mitigate malicious behavior.
CSD’s mission is to enhance the security and resilience of the nation’s critical information infrastructure and the Internet by developing and delivering new technologies, tools and techniques to defend, mitigate and secure current and future systems, networks and infrastructure against cyberattacks. To this end, the division conducts and supports technology transitions and leads and coordinates R&D among department customers, government agencies, the private sector, academia and international partners. For more information about CSD, visit http://www.dhs.gov/cyber-research or email SandT-Cyber-Liaison@hq.dhs.gov.