In This Story
Evgenios Kornaropoulos, an assistant professor in George Mason University’s Computer Science Department, focuses on computer security and applied cryptography, where he stays ahead of changes in the field. "The needs of everyday users have grown, and our technology's privacy expectations must advance accordingly,” he said. “We've moved beyond simply communicating sensitive data securely; now, we need technology capable of performing computations on sensitive data without compromising privacy.”
He recently received a National Science Foundation (NSF) CAREER award for $648,811 for his work on privacy and data security under the title “Encrypted Systems with Fine-Grained Leakage.”
The tension between the privacy of sensitive data and the functionality that users demand from their data is the focus of the NSF CAREER funding, and it has been among Kornaropoulos’ research areas for several years. He said, “The new technology that we are developing allows the user to never expose any information in the clear to the cloud while maintaining functionality. You want the cloud to do interesting computations for you without decrypting your information. If you don't decrypt, the cloud never gets to see what you are processing.”
When users store sensitive information, such as health records or financial data, with common cloud-based providers, the provider gains full access to the document's contents—essentially exposing the data in plain text to the cloud. A potential remedy is to encrypt the data before uploading it. However, this approach comes with a drawback: whenever users need to access or compute something from the encrypted data, they must download all the scrambled files locally and perform the computations on their own devices.
So how can the user still process the information but know that the cloud didn’t learn anything? “We believe that the answer is the notion of ‘cryptographic leakage’, he said. “The cloud provider still sees some accesses on encrypted data, that is, the leakage, but these observations are confusing. Our designs scale to today’s needs and come with provable guarantees that these observations cannot be meaningfully stitched together by the cloud provider to infer the sensitive data.”
Kornaropoulos said, “Searching on encrypted data is one of the biggest functionalities and we have a research thrust in which we will collaborate with industry leaders and local organizations on this problem. Specifically, we have an active collaboration with the Mason and Partners Clinics (interprofessional clinics which serve the uninsured and refugee community within Prince William and Fairfax counties in Northern Virginia) to explore the application scenarios of our technology to that setting.”
"Privacy-preserving data storage and data use is an important problem in computer security that is of critical interest to organizations that must trust their sensitive data to third-party data storage facilities," said Computer Science department chair David Rosenblum. "Evgenios is an internationally renowned leader in addressing this problem, and his NSF CAREER award will afford him the opportunity to explore novel solutions that balance strong security guarantees against practical needs for efficiency."
The NSF CAREER award is reserved for the nation’s most talented up-and-coming researchers. From the NSF website: “The Faculty Early Career Development (CAREER) Program offers NSF’s most prestigious award in support of early-career faculty who have the potential to serve as academic role models in research and education and to lead advances in the mission of their department or organization.”
The award is the most-recent of several distinctions Kornaropoulos has earned. He was elevated to IEEE Senior Member in 2024, his paper was among the finalists for the “Best Cryptographic Attack” category at Pwnie Awards 2024, and his latest work at the intersection of AI and security has gained significant media attention.