Participating Lab: Air Force Research Laboratory Information Directorate (AFRL RI)

Assurance and Resilience through Zero-Trust Security

Research Opportunity Location:
Rome, NY

Research Opportunity Description:
Zero-trust cybersecurity is a security model that rigorously verifies every user and device before granting access to computing or network resources. Within cloud environments, this principle dictates that no entity, whether internal or external to commercial and public cloud systems (including the Cloud Service Provider), is trusted by default. While offering robust security, the practical implementation of zero-trust often relies on complex and resource-intensive technologies, such as public-key infrastructure and zero-knowledge proofs. This makes designing truly efficient and scalable solutions based on zero-trust a significant challenge. This research topic seeks novel approaches to: 1) enabling warfighters to efficiently and securely outsource private data and computation with mission assurance and verifiable correctness of results to untrusted commercial clouds without relying on a Trusted Third Party (TTP); 2) improving the resilience and robustness of the Air Force’s mission-critical applications by effectively distributing them across multiple heterogeneous CSPs to prevent a single point of failure, avoid technology/vendor lock-ins, and to enhance availability and survivability; 3) optimize the trade-off between strict zero-trust security and rigid performance requirements for time-sensitive mission applications. Research topics of interest include, but are not limited to: - Decentralized identity and access control mechanisms and protocols, including those that support anonymity. - Novel cryptographic primitives and protocols with application to zero-trust computing paradigms. - Design cross-cloud, CSP-independent, privacy-aware protocols and frameworks that operate in the presence of emerging zero-trust security mechanisms. - End-to-end data protection, concurrency, and consistency for multi-user multi-cloud environments. - Access patterns and volume leakage prevention for oblivious data stores under malicious security. - Verification and authentication schemes for query evaluation over encrypted and unencrypted data.

Discovery and Retrieval of Publicly Available Internet Information (PAI)

Research Opportunity Location:
Rome, NY

Research Opportunity Description:
This research topic seeks novel methodologies for conducting comprehensive and secure searches across the vast and continuously evolving landscape of Publicly Available Information (PAI) on the Internet. PAI is inherently multilingual and takes varied forms, including online publications, news, blogs, social media, AI-generated content (e.g., from platforms like ChatGPT), and emerging data types. The central challenge is to develop technologies that enable analysts to perform secure, efficient, and scalable PAI retrieval while rigorously protecting their identity and intent, and simultaneously preventing website owners and operators from tracking collection activities or linking them back to users or their agency. We are particularly interested in novel technologies and approaches that address: • Confidential and Scalable PAI Collection: Methods for confidential and scalable PAI gathering that do not rely on trusted third parties, modify source data, or require collaboration with PAI website operators. • Robust Attribution Management and Anonymization: Advanced approaches for managing attribution and ensuring comprehensive web browsing anonymization. • Private Information Retrieval (PIR): Innovative Private Information Retrieval (PIR) protocols, including computational, information-theoretic, and differentially private methods, to facilitate secure and private data access.

Novel Protocols for Robust Communication Anonymization and Covertness

Research Opportunity Location:
Rome, NY

Research Opportunity Description:
In an increasingly interconnected and surveilled digital landscape, the need for robust communication anonymization and covertness is paramount. This is critical for protecting sensitive operations, safeguarding individual and organizational privacy, enabling secure exchange information in hostile or censored environments, and resisting pervasive surveillance. While existing protocols offer some level of protection, they often face challenges related to scalability, performance overhead, resilience against advanced traffic analysis, metadata leakage, and strong deniability properties. This research topic seeks novel protocols and methodologies to achieve unprecedented levels of communication anonymization and covertness. We are particularly interested in interdisciplinary approaches that can overcome current limitations and provide practical, deployable solutions. Specific areas of interest include, but are not limited to: • Next-Generation Anonymity Networks: Designing and evaluating novel architectures for low-latency, high-throughput, and resilient anonymity networks that can withstand sophisticated traffic analysis, timing attacks, and deanonymization attempts. • Advanced Steganography and Covert Channels: Developing new techniques for embedding hidden information within seemingly innocuous data streams or establishing truly undetectable communication channels, with a focus on high capacity, robustness against detection, and deniability. • Deniable Communication Protocols: Creating protocols that allow parties to plausibly deny having engaged in communication or revealing its content, even under duress or in the face of sophisticated forensic analysis. • Metadata Protection and Obfuscation: Innovative methods to prevent the leakage of sensitive metadata (e.g., sender/receiver identities, timing, volume, patterns) that can often bypass content encryption. • Cross-Layer Anonymity and Covertness: Solutions that integrate anonymization and covertness mechanisms across multiple layers of the communication stack (e.g., network, transport, application) to provide end-to-end protection. • Formal Verification of Anonymity Properties: Methodologies for formally proving the anonymity and covertness properties of new and existing protocols.

Beyond Surface Artifacts: Designing and Developing Novel Cross-Modal Forensic Methodologies for the Attribution and Explainable Detection of Sophisticated AI-Generated Synthetic Media

Research Opportunity Location:
Rome, NY

Research Opportunity Description:
This topic emphasizes the need for a comprehensive, cross-modal approach that can adapt to the rapid evolution of generative AI models. It calls for new frameworks that don't just detect individual modalities but understand the inconsistencies and fingerprints across different types of AI-generated media. Proposed projects should zero in on the challenge of detecting highly sophisticated AI-generated content that leaves fewer obvious "fingerprints." They should also highlight the critical need for explainability (understanding why something is flagged as AI-generated) and attribution (potentially tracing it back to a specific generation model or family). Developed methodologies not only need to be effective but also must be robust against adversarial attacks and designed to evade detection. The emphasis is on building future-proof systems for combating misinformation. Successful research projects would involve: • Novelty: Moving beyond incremental improvements to existing forensic techniques, cross-modal consistency analysis, and continuous learning systems. • Multimodality: Addressing images, video, audio, text, and crucially, their combinations (e.g., a deepfake video with spoofed audio). • Robustness/Adaptability: Methods that are resilient to evolving AI generation techniques, compression, and adversarial attacks. • Explainability: The ability to provide reasons or confidence scores for why content is flagged as AI-generated, fostering trust and aiding human review. • Scalability & Real-time Capability: Solutions that can process vast amounts of data efficiently and in near real-time. • Data Challenges: The need for new, innovative, and dynamic datasets of both real and AI-generated content for training and evaluation. • Ethical Considerations: Acknowledging the implications of such detection technologies, including privacy and potential misuse.