Making the World a Better Place with Cryptography

Talk
Muhammad Naveed
University of Illinois @ Urbana-Campaign
Talk Series: 
Time: 
02.16.2016 13:00 to 14:00
Location: 

AVW 4172

The U.S. Department of Health and Human Services reports that the health records of up to 86% of the U.S. population have been hacked. The Ashley Madison breach revealed the private information of 37 million individuals and led to suicides and shattered families. The Apple iCloud breach led to the public release of nude photos of several celebrities. Data breaches like these abound.
In this talk, I will first describe my research toward understanding the security of existing data breach prevention systems. To thwart data breaches, property-preserving encryption has been adopted in many encrypted database systems such as CryptDB, Microsoft Cipherbase, Google Encrypted BigQuery, SAP SEEED, and the soon-to-be-shipped Microsoft SQL Always Encrypted system. To simultaneously attain practicality and functionality, property-preserving encryption schemes permit the leakage of certain information such as the relative order of encrypted messages. I will explain the practical implications of permitting such leakage, and show in real-world contexts that property-preserving encryption often does not offer strong enough security.

Next, I will describe an application-driven approach to developing practical cryptography to secure sensitive data. The approach involves collaborating with application domain experts to formulate the requirements; investigating whether a practical solution meeting the requirements is possible; and, if not, exploring the reasons behind it to relax the requirements so as to find a useful solution for the application. I will describe how I developed a cryptographic model called Controlled Functional Encryption, and how we can adopt it to address the privacy concerns in emerging applications such as personalized medicine.