The U.S. Department of Health and Human Services reports that the health records of up to 86% of the U.S. population have been hacked. The Ashley Madison breach revealed the private information of 37 million individuals and led to suicides and shattered families. The Apple iCloud breach led to the public release of nude photos of several celebrities. Data breaches like these abound.
In this talk, I will first describe my research toward understanding the security of existing data breach prevention systems. To thwart data breaches, property-preserving encryption has been adopted in many encrypted database systems such as CryptDB, Microsoft Cipherbase, Google Encrypted BigQuery, SAP SEEED, and the soon-to-be-shipped Microsoft SQL Always Encrypted system. To simultaneously attain practicality and functionality, property-preserving encryption schemes permit the leakage of certain information such as the relative order of encrypted messages. I will explain the practical implications of permitting such leakage, and show in real-world contexts that property-preserving encryption often does not offer strong enough security.
Next, I will describe an application-driven approach to developing practical cryptography to secure sensitive data. The approach involves collaborating with application domain experts to formulate the requirements; investigating whether a practical solution meeting the requirements is possible; and, if not, exploring the reasons behind it to relax the requirements so as to find a useful solution for the application. I will describe how I developed a cryptographic model called Controlled Functional Encryption, and how we can adopt it to address the privacy concerns in emerging applications such as personalized medicine.
Speaker Biography
Muhammad Naveed is a PhD candidate at UIUC studying applied cryptography and systems security. In applied cryptography, he develops practical-yet-provably-secure cryptographic systems for real applications. In systems security, he explores the fundamental security flaws in popular systems and builds defense systems. His work has had a significant impact on Android security and has helped companies such as Google, Samsung, Facebook, and Amazon secure their products and services, improving security for millions of Android users. He is the recipient of the Google PhD Fellowship in Security, the Sohaib and Sara Abbasi Fellowship, the CS@Illinois C.W. Gear Outstanding Graduate Student Award, and the best paper award at the NYU CSAW Security Research Competition. He was also a finalist in the NYU CSAW Cybersecurity Policy Competition.