By Maayan Jaffe/JNS.org
You want to send a PDF to your colleague, but the information is sensitive. You password-protect the document (encryption) and store it on your flash drive. To read the PDF, you share that password with your colleague, who uses it to gain access to the file (decryption). The goal is to ensure that someone who does not know the password cannot decrypt the PDF.
“This is harder than it seems,” says Israeli-born computer scientist and electrical engineer Dan Boneh, who works at Stanford University.
On June 20, Boneh received the 2014 ACM-Infosys Foundation Award in Computing Sciences for technical contributions that have made cryptography easier to use, including developing algorithms that have helped establish the field of pairings-based cryptography. The award, which was presented at a San Francisco banquet, came with a $175,000 prize from the Infosys Foundation.
“Boneh has produced new directions and given the field a fresh start,” says ACM President Alexander L. Wolf.
One approach that shows how Boneh’s pairings can be applied is called identity-based encryption. Encrypting a document involves software that uses one key to encode text and a second key to ensure that only the designated recipient can decode it. Identity-based encryption simplifies the creation of coding keys by treating the recipient’s email address as a coding key. Anyone can use the software to encode a document and send it to that email address knowing that only the recipient, in possession of the decoding key, can decrypt the document.
“There is a public key and a private key,” explains David Kravitz, a research staff member at IBM and a cryptography and information security expert. “The idea is that even if you have the public key, you cannot verify my private key. You can send me a secret message using the public key, because I, as the holder of the private key, am the only one who can read the message.”
Kravitz says that these new security methods are already having a “huge impact on electronic commerce” and other related transactions. The remaining challenges including ensuring secure distribution of keys and protecting devices from malware, which is malicious software specifically designed to gain access to or damage a computer without knowledge of the owner.
According to Kravitz, with the rise of social media, passwords have become weaker and easier to crack. As such, security experts are moving away from manually entered passwords and toward cryptographic keys.
Boneh has also developed cryptography systems with novel properties, including mechanisms for enhancing Web security and security for mobile devices.
“Mobile devices are equipped with an array of sensors—GPS, accelerometer, gyroscope, compass, etc.,” Boneh tells JNS.org. “We recently worked on protecting access to these sensors and ensuring that data collected from the sensors do not reveal sensitive user data.”
In other words, if you have an Android® phone, Boneh’s work helps ensure that applications you installed on your phone cannot surreptitiously track your location or listen to what you are saying.
“This work helps ensure privacy for mobile phone user. It applies to the entire population,” notes Boneh, who explains that it could have additional relevance to modern-day soldiers, such as those in the Israel Defense Forces, who want to communicate with loved ones from the field.
Boneh further developed new privacy tools, contributed to the study of cryptographic watermarking, and runs a popular massive open online course (MOOC) on cryptography. Boneh holds nine patents and co-founded Voltage Security, Inc., which was acquired by Hewlett-Packard. The Voltage solution is licensed to more than a thousand corporations worldwide, with 50 million users sending more 1 billion encrypted emails.
“Boneh has helped forge connections between academic and commercial cryptography, helping improve commercial products while increasing the relevance of academic research,” says Dr. Vishai Sikka, CEO and managing director of the Infosys Foundation.
Still, Boneh says he is not yet done innovating.
“Cryptography is an active area of research with lots of fascinating, open problems,” says Boneh, who is currently working on developing new methods to hide secrets in open source software.
“It’s going to continue to be a game of cat-and-mouse,” says IMB’s Kravitz. “As hackers get more sophisticated, we’ll need to keep developing better cryptographic techniques.”
Download this story in Microsoft Word format here.