event

School of Computer Science Guest Lecture

Primary tabs

Special Guest

Muhammad Naveed

University of Illinois Urbana-Champaign

Muhammad Naveed is a Ph.D. candidate at UIUC working on applied cryptography and systems security. In applied cryptography, he develops practical-yet-provably-secure cryptographic systems for real applications. In systems security, he explores the fundamental security flaws in popular systems and builds defense systems. His work has had a significant impact on Android security and has helped companies such as Google, Samsung, Facebook, and Amazon secure their products and services, improving security for millions of Android users. He is the recipient of a Google Ph.D. Fellowship in Security, the Sohaib and Sara Abbasi Fellowship, the CS@Illinois C.W. Gear Outstanding Graduate Student Award, and the best paper award at the NYU CSAW Security Research Competition. He was also a finalist in the NYU School of Engineering's "Cyber Security Awareness Week" Cybersecurity Policy Competition.

 

"Making the World a Better Place with Cryptography"

Abstract: The U.S. Department of Health and Human Services reports that health records of 86% of the U.S. population have been hacked. The Ashley Madison breach revealed the private information of 37 million individuals and led to suicides and shattered families. The Apple iCloud breach led to the public release of nude photos of celebrities.  Data breaches like these abound.
In this talk, I will describe my work on understanding the security of existing data breach prevention systems.  To thwart data breaches, property-preserving encryption has been adopted in many encrypted database systems such as CryptDB, Microsoft Cipherbase, Google Encrypted BigQuery, SAP SEEED, and the soon-to-be-shipped Microsoft SQL Always Encrypted system. To simultaneously attain practicality and functionality, property-preserving encryption schemes permit the leakage of certain information such as the relative order of encrypted messages. My work is among the first to study the practical implications of permitting such leakage, and to demonstrate in real-world contexts that property-preserving encryption often does not offer strong enough security.  I will describe an application-driven approach to developing practical cryptography to secure sensitive data: collaborating with application domain experts to formulate the requirements, investigating whether a practical solution meeting the requirements is possible, and if not, exploring the reasons behind it to relax requirements so as to find a useful solution for the application. I will describe how I developed a cryptographic model called Controlled Functional Encryption (CFE), and how it can support personalized medicine.

 

Status

  • Workflow Status:Published
  • Created By:Tara La Bouff
  • Created:02/01/2016
  • Modified By:Fletcher Moore
  • Modified:04/13/2017