Encrypting Data in the Cloud Brings Win for Texas
For his work on the foundations of a new way of encrypting data, Brent Waters from the University of Texas in Austin has been elected as one of this year's Microsoft Research Faculty Fellows.
Waters' main research interests are in cryptography and computer security. His work addresses the increasing trend toward cloud computing, and he is looking to lay the foundations for a new model to secure data stored in the cloud.
Third-party data centers where companies store their data have been high-value targets for attackers, Waters said. To prevent customer data from being leaked it should be stored in encrypted form only. "The problem is that traditional encryption systems do not work with many cloud applications," he said. They were designed only for sharing and exchanging data between single known users.
That traditional approach does not meet the needs of an enterprise storing data in the cloud that should be shared by huge groups of users, particularly if some users do not even exist in the system at the time the data is encrypted. For instance, a sales person could be hired after data he or she needs for work is being encrypted and saved in a cloud data center.
Waters wants to solve problems like this with so-called functional encryption. "It is a totally different vision for encryption," he said. Unlike traditional encryption where data is encrypted to individual users, with functional encryption one would embed certain access predicates directly into the ciphertext, Waters said.
These predicates would also be attributed to users depending on their access rights to certain data, Waters said. A sales person, for instance, would have credentials different from those of a manager. "If someone gets a certain attribute at a later time he will also be able to get access to the data," Waters said. This means an employee being promoted to a higher position would get new attributes and then be able to gain access to data available to managers only.
Waters said the system would be secure against so-called colluding users. If two people with different credentials tried to use them in combination to access encrypted data not available for people in their position, they would not get access, he said.
Waters' vision is that this principle of functional encryption could one day work with any function. A possible application would be in image encryption, Waters said. With this it would, for example, be possible to partially decrypt a picture of a group of people. Only a user who has been identified by facial recognition software could then see exactly the part of the image that shows him. "At the moment we cannot do this, but I believe we will be able to someday," Waters said.
Waters said he was proud of the fellowship. "The interview process was very challenging and getting the grant for unrestricted use means they trust you and believe in your work," he said.
Waters said he has not decided yet how he'll spend the US$200,000 grant coming with the Microsoft fellowship. He said maybe he would use a part of it to fund a sabbatical leave. "I enjoy doing research at the University of Texas at Austin and I like teaching -- but it would be great to clear my schedule for maybe a year to have time to think and work closely with some researchers in California I have a special relationship with," he said.
Waters received his Ph.D. and Master of Arts in computer science from Princeton University in 2004 and 2002, respectively. In 2000 he finished his Bachelor of Science in computer science at the University of California, Los Angeles.