Aggelos Kiayias, assistant professor of computer science & engineering in the School of Engineering, has received three new grants from the National Science Foundation for research aimed at improving the security of data transmitted and stored electronically. The grants, which total more than $400,000, build upon Kiayias’ ongoing cyber-security research.
One project focuses on wireless networks. These networks, commonly found in Internet cafes, hotels and meeting facilities, offices, universities, and homes, permit the use of laptop computers, BlackBerry units, and the like, without the need for plug-ins.
The system relies on interface cards housed within the computing devices that permit data transmission via radio waves. While these systems feature some degree of security, they are far from immune to the dangers of data breaching.
Together with Bülent Yener of Rensselaer Polytechnic Institute, Kiayias is seeking to develop better encryption methods to combat the widespread problem of data breaching, which carries significant risks of identity theft and costs businesses and individuals billions of dollars each year.
Their work will focus on the relationship between the channel characteristics and the cryptographic protocols that use them, and will consider the economic trade-offs between the costs of adding greater cryptographic security to a network and the costs of communications. They expect to develop methods that rely less on computational encryption and require less energy, thus extending the life of the battery or alternative power source.
UConn’s Center for Science and Technology Commercialization has applied for a patent on this technology and is taking the lead in its commercialization.
A related project, on which Kiayias is collaborating with Tal Malkin of Columbia University, will focus on better understanding how algorithmically-based encryption methods can be improved so that they are easier to implement, offer better rates of data transfer, and are more effective in combating common cyber attacks.
Kiayias says many cryptographic methods are analyzed in isolation, without taking into account real-world attack scenarios, and that this leads many security-conscious companies to install external tamper-resistance methods that are typically costly or unreliable.
To build effective security measures, Kiayias and Malkin will extend existing models of cryptographic attacks to include various forms of private data tampering and access, thereby allowing them to construct encryption methods that permit easy data sharing while offering affordable security.
Kiayias is also co-principal investigator, with RPI’s Yener, on a third NSF-funded project involving secure and auditable privacy contracts. The grant was awarded under NSF’s Small Grants for Exploratory Research program.
“Millions of users pass their personal information daily over the Internet to their health-care providers, banks, insurance companies, and other service providers,” Kiayias says.
“Once this information is transferred, in many cases it is outsourced to other parties, some of whom may even reside in foreign countries, for storage and processing. The data may then be sold or resold for data mining.”
Data producers – customers and patients – have no control over access to and use of such private and sensitive data.
To enhance the security and transparency of these operations, Kiayias and Yener will introduce a mechanism known as secure and auditable privacy contracting, a method that can be used to define a tradeoff between privacy and data mining.
Kiayias says this type of tradeoff can be negotiated and customized between data sources and data miners, by allowing the company to set permissions and define the specific functions that can be performed with personal records.
“It aims to bridge the need for privacy with the need for data collection, transfer, marketing, and processing, thus enabling sensitive private data to be treated as a commodity,” he says.
Kiayias heads the School of Engineering’s Crypto-DRM laboratory, which is dedicated to studying the cryptographic aspects of copyright technologies and digital rights management systems.
He joined UConn as a visiting assistant professor in 2002 after receiving his Ph.D. from the Graduate Center, City University of New York, and took up a tenure track position here in 2003. In addition to the three new NSF grants, he also currently holds an NSF CAREER award.