Papamanthou and Visiting Postdoc Put Heads Together on Encrypted Databases Research

Jul 24, 2019

A UMD expert in computer security and applied cryptography, and a postdoctoral researcher have joined forces this month in the Maryland Cybersecurity Center (MC2) to study pressing security issues in the area of encrypted databases.

Charalampos (Babis) Papamanthou (left in photo), an associate professor of electrical and computer engineering and a member of MC2, has been working with Evgenios Kornaropoulos (right in photo), who recently received his doctorate in computer science from Brown University, on a project that involves looking at information leaks through databases.

“The area of searchable encryption, also known as encrypted databases, is conceived with both efficiency and privacy in mind,” Kornaropoulos says. “To enable much faster execution of the encrypted queries, these cryptographic constructions allow some well-defined and seemingly harmless information about the privacy-sensitive data to be revealed to attackers.”

He says their line of research shows that what was considered harmless information, i.e. so-called leakage in the past, can be utilized by sophisticated attackers to reconstruct the underlying privacy-sensitive data under a wide variety of scenarios.

“Our latest IEEE S&P ’20 [IEEE Symposium on Security and Privacy] paper demonstrates the most realistic leakage-abuse attacks that the community has seen so far and we are very excited to further investigate not only the offensive implications of our result, but also to develop techniques that can hopefully mitigate these powerful attacks,” says Kornaropoulos, who will be starting as a postdoctoral researcher at UC Berkeley in September.

He adds that he and Papamanthou are “academic siblings”—they had the same advisor while earning their doctorates—albeit it at different times—Roberto Tamassia, a professor of computer science at Brown University.

“I have always liked the flavor of research that Papamanthou has been doing—it combines deep algorithmic ideas with practical problems,” Kornaropoulos says. “We were trying to find a topic of mutual interest for several years and after a few attempts, we converged to study encrypted databases.”

He says they had to study several algorithmic tools, ranging from optimization to computational geometry, so as to address the pressing security issues in the area of encrypted databases. Over the last few years, they have generated a series of papers—with more to come—that demonstrate alarming attacks on encrypted databases.

While visiting this month, he says he gave a presentation at a security group meeting about their IEEE S&P ’20 results.

“I received some very interesting and insightful questions from the faculty, graduate students, and interns within the group,” Kornaropoulos says. “There are a lot of very exciting projects that the group is working on and I learned a lot talking with the faculty and the students here.”

Papamanthou, who also holds an appointment in the University of Maryland Institute for Advanced Computer Studies (UMIACS), says he has enjoyed collaborating with Kornaropoulos in-person.

“I am thrilled to have Evgenios visiting UMIACS,” he says. “We are breaking new ground in the area of attacking encrypted databases and I am looking forward to writing up and presenting our new results.”

—Story by Melissa Brachfeld