People of ACM - Kui Ren
May 18, 2021
What prompted you to work in wireless and smart system security?
I have always been interested in building tools and systems to tackle practical problems in real-world applications. Our society has witnessed rapid developments of diverse smart devices and systems in just the last two decades, and heterogenous hardware and software platforms will inevitably lead to much broader attack surfaces and hence to all kinds of security and privacy issues. My research over the past 15 years has covered many exciting topics, ranging from privacy threats of ubiquitous smart sensors to smart device-assisted authentication and secure communication systems. I was fascinated with building cool security systems and exploring new attack surfaces. Carrying out practice-oriented research has also promoted the wide acknowledgement and adoption of my research results across the computing industry.
As the world is now entering the era of the internet of things (IoT), it has become increasingly difficult, if not impossible, for users to protect their privacy. For instance, many of us may have received unsolicited advertisements related to the keywords that were inadvertently or stealthily captured by the on-device microphones. This is clearly an unacceptable privacy violation. In our research community, we believe it should be the users (rather than any other entity) who decide what kind of data can be collected or shared, and they should be empowered accordingly. With the increasing proliferation of smart sensing devices, the research challenges that lie ahead of us are both in theory and practice. I will keep working in this area and hope to join the efforts from the whole community in developing innovative solutions to protect user privacy.
You have many widely-cited papers that have contributed pioneering concepts and designs in cloud data security, such as searchable encryption. Could you give us some key insights that led to this series of works?
Over the past 15 years, the cloud has been transforming computing infrastructure and making an enormous impact worldwide. My colleagues and I have been working on cloud data security since the mid-to-late 2000s, when the cloud concept was starting to take off. At that time, I was attracted to this then-emerging service outsourcing model for many of its well-known advantages, like on-demand elastic service, scalability, and low entry cost. As data and computation workloads have been continuously moved to the cloud, it has raised many new security and privacy concerns that have motivated my research interests even more.
Looking back, one of the biggest challenges to kickstarting the research I was undertaking was to identify and formulate specific research directions and key problems. Therefore, I focused on the cloud computing paradigm shift as the starting point, which is now known as “data and computing outsourcing” in the field. Compared to the traditional on-premise computation, the outsourcing model's key difference is that data owners no longer have physical control over the machines hosting their data and computation workloads. Therefore, the question of how to retain data control for owners such that they can safely outsource their data and computing workloads to the cloud would be of paramount importance.
One of our key challenges has been searching over encrypted data, which enables selective retrieval of relevant data over encrypted datasets, without revealing either the query or the data content. At that time, only a few cryptographic primitives met the security design requirements, and their functionality remained quite limited. In light of this, we initiated a systematic study on versatile search over encrypted data and formalized a number of new search notions and secure constructions, such as secure ranked search, encrypted fuzzy search, multi-keyword search, graph search, and similarity search, with much broader application scenarios in mind.
It's very gratifying to see that many of our early results have been recognized by the research community and industry practitioners. At the same time, the area of encrypted search has grown tremendously on enriched functionalities, security enhancements, and faster performance. These advancements have also motivated the community to look further beyond encrypted search primitives. In particular, a difficult task we are facing today is about how to develop more complex encrypted database systems, which, as a pillar in the modern computing infrastructure, provides an indispensable means to organize, store and retrieve data at different scales. In this context, encrypted search constructions can only provide certain primitive operations for sophisticated database systems.
One possible direction forward is to leverage the recent advancements of secure hardware enclaves, which I think would potentially open up many new opportunities. Despite many challenges ahead for practically more secure, efficient and functional encrypted databases, I believe what we have learned from our past projects in this area will benefit our research journey going forward.
In what research area of cybersecurity have you been focusing on in the past year?
I have been working on new approaches to tackle the data security problem, such as applying differential privacy (DP) in crowdsourcing data collection and enabling trusted and efficient data pricing.
DP, by introducing controlled randomness to raw data, provides a rigorous mathematical tool to quantify potential data leakages and enables privacy-preserving data collection and publishing. The challenge in applying DP in the real world has to do with improving the utility of the data in various practical scenarios without losing the DP guarantee. Among other considerations, many prevalent deployments involve histogram estimation from an individual’s data. Existing solutions mostly rely on random value perturbation, requiring each user to perturb its possessed data following the predefined privacy parameters under DP. Our research group designed a new mechanism by introducing the randomness in the form of dummy data mixing with the perturbed raw data. Our mechanism is able to achieve high utility under various practical scenarios, where the state-of-the-art usually suffers significantly in this regard. Under common settings, the experimental results show a utility improvement of more than 70%. The advantage of our mechanism has been recognized by industry, and it has been integrated into applications such as Datatrust, Alibaba Group’s data security product, which helps protect the privacy of millions of users. Our ongoing efforts also include a differentially private range query, and a distance-based local differential privacy mechanism.
Aside from protection, pricing data and enabling an effective and trusted data market could be a solution towards solving the problem of data security and privacy. Recently, we also worked on excavating the value of the data in the context of constructing and trading machine learning models. We formulated the abilities and restrictions for data owners, brokers, and model buyers in a data market for the first time. And subsequently, we developed a Dealer framework, where the compensation problems between data owners and model buyers, along with the broker’s profit problem, can be resolved. At present, a sharp hypothesis for our Dealer framework is that the broker has to be trusted, which is not always true in reality. To solve this problem, we have been collaborating closely with Jian Pei from Simon Fraser University and trying to employ proper security techniques, such as federated learning and DP, to construct a trustworthy data market framework. Our preliminary result shows that such a trusted framework is achievable with efficiency.
As a member of the ACM AsiaCCS Conference Steering Committee and the Chair of ACM SIGSAC China, what do you think academic organizations like ACM can bring to the development of the research community and society in this region?
It’s my great pleasure to serve on the ACM AsiaCCS Steering Committee and witness its growth as one of the flagship security conferences of the ACM Special Interest Group on Security, Audit, and Control. Since its inception, AsiaCCS has been successfully held in many cities across Asia and Oceania. Today, it has quickly become one of the most well-respected open platforms for researchers and security practitioners across the globe to share latest results and exchange ideas. Despite the COVID-19 pandemic, the conference still drew more than 200 registrations in 2020, and the highest attendance record so far is 320, when the conference was held in Abu Dhabi in 2017.
ACM SIGSAC China is one of the ACM Special Interest Group chapters under ACM China Council, and has been very active in organizing academic events, such as seminars, tutorials, and workshops, for researchers and especially students and junior faculty members at the early stages of their careers, as well as industry practitioners. Together with other ACM SIG chapters in China, we will continue to organize more educational and academic events in order to foster a nurturing environment for young generations of computing researchers in China, and provide more opportunities for participants to connect to the research community, generating broader societal impact.
Kui Ren is Professor and Associate Dean of the College of Computer Science and Technology at Zhejiang University, where he also directs the Institute of Cyber Science and Technology. Before that, he was an Empire Innovation Professor at State University of New York (SUNY) Buffalo. Ren’s research interests include data security, IoT security, AI security, and privacy. His honors include Zhejiang University’s Guohua Distinguished Scholar Award, IEEE Communications and Information Security Technical Committee (CISTC) Technical Recognition Award, SUNY Chancellor’s Research Excellence Award, Sigma Xi Research Excellence Award, and a National Science Foundation (NSF) CAREER Award.
Ren has published extensively in peer-reviewed journals and conferences and received many Best Paper Awards from IEEE and ACM conferences, including the Test-of-time Paper Award from IEEE INFOCOM and the Best Paper Award from ACM MobiSys. He also serves on the editorial boards of many IEEE and ACM journals. Ren was recently named an ACM Fellow for contributions to wireless system security and cloud data security. He also serves as Chair of Special Interest Group on Security, Audit and Control (SIGSAC) of ACM's China Council, as a member of the ACM Asia Conference on Computer and Communications Security (ASIACCS) steering committee, and as a member of the Science and Technology Committee of the Chinese Ministry of Education.