News

A more secure cloud for mobile users

doctor holding iPad and medicine bottle

Credit: iStock

A new data privacy method improves security for sensitive data — such as medical histories — on mobile devices.

A UC Merced researcher has come up with a new, super-efficient encryption system for smartphones that lets users secure data being sent to and retrieved from the cloud.

Encrypting data on your phone or tablet — including pictures, documents and videos — protects against the kinds of leaks and hacks that seem to be in the news almost every week. But those devices have energy and storage limits, and encryption systems can be costly.

In the Cloud Lab at UC Merced, graduate student Mehdi Bahrami, who works with Chancellor’s Professor Mukesh Singhal in the School of Engineering, devised a new lightweight data privacy method for mobile clients to store data in one or multiple clouds without using a lot of a mobile device’s resources.

“Data privacy can be violated by the cloud vendor, the vendor’s authorized users, other cloud users, unauthorized users or external, malicious entities,” Bahrami said. “Encryption is one way to protect and maintain the data privacy of cloud-stored data, but encryption methods have been expensive for mobile devices.”

One problem is that cloud storage is mysterious to most people — they don’t know where their data goes or who can access it. Even though people sign the terms of agreement with such cloud-storage providers as Google and Apple, most people never read what they are signing, so they don’t realize how much of the data they submit is vulnerable.

Protecting data privacy is Bahrami’s motivation, he said.

“Mehdi's technique for protecting the privacy of 'data in motion' and 'data at rest' is one of the most efficient,” Singhal said. “Mehdi's method will have a significant impact on how mobile devices, such as smartphones, iPads, smart watches, etc., protect data when communicating and working with clouds.”

Bahrami, who is a senior member of the Institute of Electrical and Electronics Engineers (IEEE), received an achievement award in recognition of his contributions to the field of cloud computing at the 2014 World Congress in Computer Science, Computer Engineering and Applied Computing.

He has published several technical papers, was editor-in-chief of the Journal of Soft Computing and Software Engineering and edits and reviews for several international computer science journals, including Springer journals.

He recently presented his work at a conference at UC Berkeley, and is scheduled to give an invited talk at Stanford University’s Networking Seminar. Bahrami is scheduled to make another presentation for UC Global Health Day at UCLA this summer.

His encryption method will be of particular interest to people in the medical community who use mobile devices to receive and store patient information. They are required under the Health Insurance Portability and Accountability Act (HIPAA) to make sure all patient data is highly secure before it is sent or stored.

Bahrami is working on commercializing his method, and said it will be far less expensive and far more efficient than other systems now available. He’s also working to make the system more efficient and even more secure.