New method for protecting private data
Researchers develop new method for protecting private data; called “functional encryption,” the new approach will not only help to simplify the encryption of data in servers but will also allow access to the data in an intuitive way, making it much harder for hackers to gain access to sensitive information but much easier for programmers to secure it
Companies and organizations that keep sensitive personal information on millions of Americans have become attractive targets for hackers in recent years, resulting in billions of dollars in losses for U.S. businesses and misery for countless consumers. Now Amit Sahai, an associate professor of computer science at the UCLA Henry Samueli School of Engineering and Applied Science, and his colleagues have devised a new data-protection method they hope will put Internet criminals out of business. “We want to change the rules of the game on hackers and even out the playing field,” Sahai said. Along with co-authors Brent Waters, a UCLA computer science alumnus, and Jonathan Katz of the University of Maryland, Sahai has come up with a mathematical system — known as functional encryption — which will not only help to simplify the encryption of data in servers but will also allow access to the data in an intuitive way, making it much harder for hackers to gain access to sensitive information but much easier for programmers to secure it.
While the method is not yet available for public use, it has received close attention from the data-encryption community. The authors’ study, chosen as one of the top four papers at Eurocrypt 2008 — one of two flagship international conferences in cryptography — was presented last week at the conference in Istanbul. In it, Sahai and his colleagues suggest that the biggest problem in data security today is that the world relies on “trusted servers” to store and secure data. “This ‘trusted server’ model is a simple model,” Sahai said. “It’s easy to implement. It’s easy to put into practice. Information is placed in the server at face value and the server itself is simply given the task of deciding who to give the data to. Because of the simplicity in programming, these servers have become ubiquitous and are prime targets - everyone wants to attack them.” An additional problem with trusted servers, the authors say, is the current trend toward replicating data on a wide scale. “To create robustness and availability, data is stored on several trusted servers as backups,” said Waters, currently with the nonprofit research institute SRI. “If one server goes down, another can be accessed. There is a trade-off between data availability and security. The more replicated servers there are, the more targets there are for hackers.” The results of this lack
