Keeping Data Secure

October 14, 2016
Computer science research lab explores issues of data security

Summer is computer science professor Doug Szajda’s favorite time of year. “It’s an opportunity for me to explore the field I enjoy and to think about hard problems, and to do that with students who are interested in that as well,” he says.

Almost every summer for the past 15 years, Szajda and his summer research students have been plugging away in Jepson Hall on projects relating to data security, his area of expertise. “The project that I’m currently working on relates to protecting databases from breaches,” he says. Databases come in a variety of sizes, and what causes break-ins differs from case to case, making the task of protecting data challenging.

In collaboration with researchers at the University of Florida, Szajda and his students are specifically focusing on protecting information that is older and accessed less. They’re developing customized encryption solutions based on where the data is stored and who it belongs to. “If you look at some of the breaches, they’re things like Target sales records from the previous week,” he says. “But we also see things like government offices that stored case records from 20 years ago in a database that was hacked. Why is 20-year-old data sitting around and why is it not encrypted?”

How do you tackle such a large and complicated problem? Szajda breaks it down into individual components for each student in his lab to focus on. One student is looking at proxy re-encryption, which makes data encrypted under one key look like it was encrypted under another key. Another is learning about secure function evaluation, allowing for computations on data without having specific knowledge of the data. A third was gathering information on tamper-evident data structures, or ways to arrange data that tell if it’s been tampered with. A fourth researched the infrastructure of cloud computing, which is playing a growing role in data storage.

Szajda will then combine their individual knowledge areas to work toward a larger comprehensive solution. “We’ve got a suite of cryptographic tools at our disposal, and it’s a matter of putting the tools together to build a protocol that will accomplish our goals for securing that data,” he says. The challenge comes with creating customized solutions — since each system is different — based on the needs of the individual or company that has the data. “We’ve come up with a theoretical class of functions that helps us solve this problem,” he says.

Rather than fixating solely on producing results, Szjada keeps his students focused on the process of doing research, which many of his students were doing for the first time. “The research really is research,” he says. “My students are finding solutions to problems we don’t know the answers to.”

His students appreciate his approach. “The best part about my experience was being able to learn at my own pace and take control of my experience,” says Joseph Mugisha, ’18, a first-time researcher. “Dr. S emphasizes that what you put in is what you get out of it; if you put in work, you’ll get results.”

While Szajda anticipates spending the next three to four years working with his collaborators on a complete solution, he’s excited to share the progress that has been made and plans to submit the project to one of the top data security conferences later this year. “The problem we’re looking at is a really good problem,” he says. “We want to be the first ones to get out there and say ‘we’ve got a practical solution to important parts of this problem.’”