Year of selection 2016
Institution Singapore Management University
Risk New technologies
Data is a precious commodity. Take Facebook for instance, its financial value exceeds by far that of major airline companies who actually own expensive things like an entire fleet of commercial airplanes. Why ? Because it was built on data. "In this era of digital economy, data is undoubtedly one of the most valuable assets to any organisation and individual", observes Professor Robert Deng, renowned researcher in the field of cybersecurity. And like all valuable assets, it needs to be protected. As illustrated by recent events, data breach can result in devastating consequences such as tarnished company reputations, violations of individual's privacy or even cost human lives. With the tremendously fast growing trend of storing data in the cloud – on remote servers accessed from the Internet –, alarms are justly being raised about privacy and security.
While cloud infrastructures provide great convenience, literally unlimited storage and computing resources and significantly reduced cost, they are also intrinsically more exposed to security breaches as data is processed within heterogeneous environments, where systems are managed by different service providers and thus beyond the direct control of the data owner. Recognising the need for new and innovative security solutions for these 'untrusted' servers, The AXA Chair of Cybersecurity at Singapore Management University, which Prof. Robert Deng will permanently hold, aims at finding new security models, cryptographic algorithms, security protocols, and security analysis techniques to ensure data security and privacy protection in the cloud computing environment.
Creating an additional security level while keeping the benefits and flexibility of cloud storage
"Cloud storage exhibits a paradox as the data storage and processing servers are not trusted to keep data confidential and yet data are stored in and processed by the servers", Prof. Robert Deng explains. "Our central idea is thus to embed protection mechanisms, such as encryption and authentication techniques into data itself, so that data security and privacy remain even if data is stored and processed in cloud servers". "The challenge being that the protected data must still be useful, amenable to access control and processing by authorized users". The AXA Chair's research programme sets out to investigate cryptographic and system security solutions to enable both the sharing of encrypted data as well as the performing of computations over the encrypted data by the untrusted servers. "An end-user may request access to encrypted data or request a computational service from a server. With the method we're are working on, the server can perform the requested computation using encrypted data as input and send an encrypted output to the end-user who then uses its secret key to recover the result of the computation", explains Prof. Robert Deng. "To be efficient for real world applications, the technique developed by the AXA Chair of Cybersecurity's research programme will meet the following four requirements: data privacy, unforgeability, secure updatability and efficiency.
80% of the research programme will be dedicated to data security and privacy protection in the cloud computing environment and the other 20% will consist in studying human behaviour and how it can cause insecurity. "90 % of the security incidences are due to user's carelessness. For instance, people can inadvertently download malware by clicking on the wrong link", Prof. Robert Deng points out. "By studying the behaviour of users, we want to investigate all the major ways in which insecurity happens, and this is no small task as there are many of them".
Every day, an average of 4.5 million data records are stolen or lost and no location, organisation or industry is immune from attack. The cost of a data breach can amount to millions of euros in loss, destroying customer trust and sharply decreasing revenues and share-holder value. But so far, existing techniques for cloud data protection do not meet all four security requirements Prof. Robert Deng considers necessary for safe and flexible real world applications. The AXA Chair of Cybersecurity aims at filling this gap by providing organisations with the means to protect themselves against cyber criminality while safely enjoying the advantages of cloud storage.