Defense Advanced Research Projects AgencyTagged Content List


Relating to digital systems and information

Showing 33 results for Cyber + Trust RSS
The goal of the Safer Warfighter Communications (SAFER) program is to develop technology that will enable safe, resilient communications over the Internet, particularly in situations in which a third-party is attempting to discover the identity or location of the end users, or block the communication. The technology developed through the program will also provide the quality of service (QoS) required to support applications such as instant messaging, electronic mail, social networking, streaming video, voice over Internet protocol (VoIP), video conferencing and other media that promote effective communication.
It is easy to reverse engineer software today. An attacker generally requires no more than a basic debugger, a compiler and about a day's effort to de-obfuscate code that has been obfuscated with the best current methods. The reason for the relative ease is that program obfuscation is primarily based on "security through obscurity" strategies, typified by inserting passive junk code into a program’s source code. Existing program obfuscation methods also do not have quantifiable security models, and so it is difficult even to measure how much security is gained by a given obfuscation effort.
A zero-knowledge (ZK) proof is an interactive protocol between a prover and a verifier. The prover creates a statement that they want the verifier to accept, using knowledge that will remain hidden from the verifier. Recent research has substantially increased the efficiency of ZK proofs, enabling real-world use, primarily by cryptocurrencies. While useful for cryptocurrencies, the ZK proofs created are specialized for this task and do not necessarily scale for transactions that are more complex. For highly complex proof statements like those that the Department of Defense (DoD) may wish to employ, novel and more efficient approaches are needed.
As new defensive technologies make old classes of vulnerability difficult to exploit successfully, adversaries move to new classes of vulnerability. Vulnerabilities based on flawed implementations of algorithms have been popular targets for many years. However, once new defensive technologies make vulnerabilities based on flawed implementations less common and more difficult to exploit, adversaries will turn their attention to vulnerabilities inherent in the algorithms themselves.
Modern computing systems act as black boxes in that they accept inputs and generate outputs but provide little to no visibility of their internal workings. This greatly limits the potential to understand cyber behaviors at the level of detail necessary to detect and counter some of the most important types of cyber threats, particularly advanced persistent threats (APTs). APT adversaries act slowly and deliberately over a long period of time to expand their presence in an enterprise network and achieve their mission goals (e.g., information exfiltration, interference with decision making and denial of capability).