Kui Ren, IIT assistant professor of electrical and computer engineering, spends a lot of time with his head in a cloud. However, unlike a naïve daydreamer out of touch with reality, Ren has both feet firmly planted on the ground, especially when it comes to the evolving concept of cloud computing. A network security researcher, Ren received a 2011 Faculty Early Career Development (CAREER) Award from the National Science Foundation for his proposal “Secure and Privacy-Assured Data Service Outsourcing in Cloud Computing” and will receive $498,679 for five years, slated to begin this summer.
Cloud computing is envisioned as a centralized network resource functioning as a public utility, much like gas or water. Service is provided on demand with clients paying only for what they use. Using the metaphor of a cloud for the Internet, this form of computing draws upon the knowledge that any computer connected online can store and access personal files, play games, and perform word processing on a remote cloud server instead of an individualized drive or corporate server. The popular Web-based Google Gmail is an example of a cloud-computing service.
Ren says that the convenience and elastic nature of cloud computing are very attractive, not to mention the reduction in capital cost commitments for hardware and software. The cloud has also captured national executive-level attention. This February, the United States Chief Information Office issued a report estimating that $20 billion of the federal government’s $80 billion budget for information technology is targeted for potential cloud computing solutions. As promising as this form of computing can be, there is a dark cloud on the horizon, which Ren hopes he can help to dissipate.
“Suddenly, the cloud is a third party,” he says. “Data is physically located in the cloud and service is physically provided by the cloud. This brings a lot of unique privacy and security challenges, particularly in data service outsourcing—storage issues, search issues, and access-control issues. Because the actual data owner is not the physical data controller, it creates problems.”
Ren says that even established firms like Google lose cloud-computing data, citing an incident this March where around 150,000 Gmail accounts disappeared. He and his team of graduate students plan a three-pronged approach to minimize risks in the commercial public cloud through the creation of an encrypted cloud data service, a scalable and owner-controlled cloud data-sharing service, and a privacy-preserving secure cloud-storage system. They will conduct their research at the Ubiquitous Security and Privacy Research Laboratory Ren directs at IIT and on the Amazon Web Services cloud platform.
“I have always been fascinated by how the Internet could affect people’s lives,” says Ren. “Cloud computing could enable services that have never before been utilized. Our work will help to identify some best security practices and outline the direction we all should go.”