Dr. Aggelos Kiayias, assistant professor of Computer Science & Engineering, recently received three new grants from the National Science Foundation that will support research aimed at improving the security of data transmitted and stored electronically. The grants, which total more than $400,000, build upon Dr. Kiayias’ ongoing cyber-security research.
One project focuses specifically on wireless networks, commonly found in Internet cafes, hotels and meeting facilities, offices and universities as well as homes. These networks permit us to use laptop computers, BlackBerry units and the like freely, without the need for plug-ins. The system relies on interface cards housed within the computing devices, which permit data transmissions via radio waves. While these systems feature some degree of security, they are far from immune to the dangers of data breaching. Ironically, countless hacking “how to’s” for WiFi are detailed on the Internet.
With his collaborator, Dr. Bülent Yener of Rensselaer Polytechnic Institute (RPI), Dr. Kiayias seeks to develop better encryption methods to combat this pervasive problem, which carries significant identity theft risks and costs billions of dollars in losses yearly to businesses and individuals. Their work, he explains, will focus particularly on the relationship between the “channel characteristics and the cryptographic protocols that use them” and will consider the economic trade-offs between the costs of adding greater cryptographic security to a network versus the costs of communications. He expects to develop methods that rely less on computational encryption and which require less energy, thus extending the life of the battery or alternative power source. UConn’s Center for Science and Technology Commercialization has applied for a patent on this technology and is taking the lead in its commercialization.
A related project, on which he is collaborating with Dr. Tal Malkin of Columbia University, will focus on better understanding how algorithmically-based encryption methods can be improved so they are easier to implement, afford greater data transfer rates, and are more effective in combating common cyber attacks. He remarks that many cryptographic methods are analyzed in isolation without taking into account many real-world attack scenarios, which forces many security-conscious companies to install external tamper-resistance methods that are typically costly or unreliable. To build effective security measures, Drs. Kiayias and Malkin will extend existing models of cryptographic attacks to include various forms of private data tampering and access, thereby allowing them to construct encryption methods that permit easy data sharing while affordably protecting security. Their work will focus particularly on techniques that protect digital signatures, public key encryption, secure function evaluation, as well as arbitrary cryptographic functions.
Dr. Kiayias is co-principal investigator, with Dr. Yener, on a third NSF grant, under the Small Grants for Exploratory Research (SGER) program, involving secure and auditable privacy contracts.
“Millions of users pass their personal information daily over the Internet to their health-care providers, banks, insurance companies and other service providers. Once this information is transferred, in many cases it is outsourced to other parties – some of which may even reside in foreign countries – for storage and processing. The data may be sold or resold for data mining,” he explains.
Data producers – customers and patients like you and me – have no control over who has access, or how and precisely what is done with such private and sensitive data. To enhance the security and transparency of these operations, Drs. Kiayias and Yener will introduce a mechanism called secure and auditable privacy contracting (SAP-Contracting), a method that can be used to define a tradeoff between level of privacy and amount of data mining.
“Such a tradeoff can be negotiated and customized between data sources and data miners,” explains Dr. Kiayias, by allowing the company to set the specific functions and permissions that can be performed in personal records. “It aims to bridge the need for privacy with the need for data collection, transfer, marketing and processing, thus enabling sensitive private data to be treated as a commodity.” The team will design, implement and test a prototype of this SAP-Contract to establish so-called “proof of concept” and demonstrate provable security properties, including confidentiality, integrity, and auditability.
Dr. Kiayias heads up the Crypto-DRM laboratory, which is dedicated to the study of the cryptographic aspects of copyright technologies and digital rights management (DRM) systems. He joined UConn in 2002 after receiving his Ph.D. from the Graduate Center, City University of New York.