CICI:UCSS: ARMOR: Secure Querying of Massive Scientific Datasets

Currently, scientific data, which is often important for ongoing research collaborations, is shared in clouds or servers with almost no protection. This effort focuses on technological solutions to address such sensitive data's security and privacy risks. The specific type of solution approach chosen is based on a class of techniques known as encrypted data querying. These methods involve a particular type of encryption that allows the (cloud) servers to answer queries asked by clients while keeping the data encrypted. Compared to other approaches, these solutions have lower overheads but a higher risk of information leakage to the server. Both the solutions and their limitations depend upon the nature of the data and the queries, and previous work has not explicitly focused on complex scientific data and associated queries. With this observation, this effort aims to establish encrypted data querying as an attractive method for protecting sensitive scientific data on clouds. A highly interdisciplinary team with expertise in system security, cryptography, scientific data management, and data science workflows supports the agenda of this work.With distinct characteristics of science data and typical queries on them, the current state-of-the-art in encrypted data querying needs to be extended in terms of the methods themselves, the design of leakage attacks, and the understanding of leakage risks. The research thrusts include: 1) New Encryption and Query Processing Techniques, where challenges with several types of queries that include equality-based selection, multi-dimensional range selection, and joining on value similarity or ranges are addressed. 2) Scale and Efficiency Oriented Designs, which includes novel representation that supports joins and encryption, and how parallelism in scientific data processing can be combined with encryption. 3) Evaluating Overheads and Leakage in Science Contexts, where the overheads and leakage are studied using several real cases. In the process, the recent literature on leakage attacks is being extended to work with science cases and the methods being developed. In terms of broader impact, the resulting work will directly result in higher security of sensitive science data in the cloud and on organizational servers. This effort also involves many contributions to curriculum and human resource development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.