New study to improve internet security and prevent cyber-attacks
QUT cyber-security experts have been awarded federal funding to develop new systems to improve internet security and prevent cyber attacks.
Theme Leader for Secure and Resilient Infrastructure at QUT's new Institute for Future Environments Professor Colin Boyd said he and Dr Douglas Stebila would develop a better online security system, looking particularly at identity authentication.
Professor Boyd said the pair aimed to develop better theoretical models and real-world systems of online security, which would ultimately help to protect individuals, businesses and governments from all kinds of security breaches - from identity theft to cyber-terrorism.
Their research will focus on Internet authentication protocols, which are the processes of how users login to websites, and users verify they're using the right website.
Professor Boyd said authentication was the foundation of secure electronic communication.
"Authentication is the first step in many everyday online processes, such as electronic banking, online shopping and remote login to computer systems," he said.
"The security of our online society depends on having secure authentication protocols."
The project will develop a model of authentication that is more realistic and more complete than previous models.
"Researchers have generally analysed simplified or idealised versions of protocols, so their guarantees of the theoretical security of protocols have been of limited value," said Professor Boyd.
"Our project will develop new models that incorporate major elements missing from today's protocol models, such as negotiation of security parameters, re-authentication of users, dealing with extraneous data such as error messages, and certificate management.
"There have been several major vulnerabilities identified in Internet authentication protocols in recent years, all of which resulted from not including these missing elements in the analysis. For example, in 2009 researchers discovered a vulnerability in how web servers used TLS renegotiation which left servers open to man-in-the-middle attacks; fixing this required major software updates from web server vendors and administrators around the world.
"The new models will be used to analyse prominent authentication protocols being used today and to guide the design of improved protocols."
The end results of the research will be:
•new models and techniques that can be used by others for practical and meaningful analysis of authentication protocols
•original security analysis of a wide range of real-world protocols, providing formal assurances of security and identifying weaknesses
•new and enhanced protocol designs suitable for real-world application.
Professor Boyd said QUT's research into internet security was helping to make Australia a leader in the field.
"Current research in this area is concentrated in the US and Europe. Our project will enhance Australian expertise in real-world security technologies and help to better position Australia as a leader in this critical area," he said.
The researchers have been awarded $315,000 from the Australian Research Council for the three-year project.
Media contact: Rose Trapnell, QUT media team leader, 07 3138 2361 or 0407 585 901 email@example.com