You sit in a library for a week, from open to close. You're not there to check out a book, browse the periodicals, or rent a movie. You carefully observe people. Specifically, their behavioural patterns. Eventually, you determine which books are the most popular based on how frequently they are borrowed and returned. You know the highest value spot to sit and read and the most desired muffin from the coffee shop.
Now imagine the library visitors represent users or applications accessing a server. The books, the prized sitting spots, and the sought-after muffin are files, data, or resources on a server. You, the curious observer, represent an attacker attempting an access pattern attack. This type of intrusion focuses on monitoring and analyzing data access patterns to gain insight into a server's inner workings, the data it stores, and valuable data that can be exploited. These access pattern attacks are what Sujaya Maiyya is trying to stop by building oblivious privacy-preserving databases.
Sujaya is an assistant professor at the Cheriton School of Computer Science and a member of the Cybersecurity and Privacy Institute at the University of Waterloo. But for her, it all started in Banglore, India. She credits her interest and motivation to pursue math and engineering to influential teachers in her life. "I ranked well within my state and within Karnataka on the entrance exam for college, and I had the choice of either engineering or pure science," recalls Sujaya. "My parents nudged me towards engineering, so I chose computer science partly because I'd be exposed to a lot of math," Sujaya explains just how competitive entrance examinations for college spots are. Millions of wide-eyed students take these exams each year. Only those ranked in the hundreds to thousands land spots in top-ranked engineering colleges.
Reflecting on her beginnings and how far she has come, Sujaya is reminded of the stark jump in socio-economical class made throughout her and her family's lives. Her grandparents were farmers, and her father, now working at a bank, started working at a restaurant in 6th grade. He completed his high school and college degrees by studying at night, all while working. Sujaya's mother, also working at a bank, was the first woman in her entire village to obtain a college degree. Sujaya applied and accepted an offer to attend the University of California (UC) Santa Barbara for her master's.
"I wasn't even in a thesis-based master's program at UC Santa Barbara. I was planning to do the courses, the project, and move on with my life."
Sujaya ended up interning at Google, which she initially thought was the pinnacle for a career in computer science. The internship, however, was less exciting than she had envisioned. Meanwhile, a course in distributed systems during her master's piqued her interest. Her advisors recommended she take the leap and do a doctorate. Her PhD work focused on distributed data management on servers. How do you execute transactions on distributed data? How do you ensure fault tolerance? "I researched traditional server systems where I assumed there is trust, but it was in a blockchain tutorial we did at a research conference where I was introduced to the concept of malicious servers." Intrigued by the idea of building secure systems, Sujaya took concepts from traditional databases and applied them to their secure and privacy-preserving counterparts. One of those concepts was data replication.
Data replication refers to the process of distributing and maintaining a consistent copy of a blockchain's data across multiple nodes (computers) within a network. It's a concept that has been well-studied for traditional databases for decades. There are hundreds of replication protocols, but when you add privacy, specifically a strict form of privacy that hides access patterns, well-researched replication protocols run into problems.
"The way you access data on a server can leak information. Hiding these access patterns to create what are called oblivious privacy-preserving databases makes traditional replication protocols and other features of traditional databases extremely inefficient."
She elaborates by explaining her ongoing research, which looks at adding functionality to oblivious privacy-preserving databases, understanding the challenges, and building practical solutions that would ultimately allow these databases to be deployed in the real world. At the moment, these types of databases support single object put-get requests. They can only read one object at a time. Scaling is not possible as data volume grows. They cannot support transactions and are not fault tolerant. If Google, Amazon, or Meta were asked to deploy oblivious privacy-preserving databases, all would say 'no' due to these limitations. Sujaya notes cloud vendors/providers already have enough information to infer things about the stored data, the users, and the queries via access patterns. They are curious about your data but still care about your business and are unlikely to go rogue. The encryption these companies deploy ensures that the cloud itself can't see the values and data points stored on the server. This level of security and privacy stops many attacks, but even encrypted data can be compromised.
Hiding access patterns is a growing body of work in the privacy and security community. Sujaya comments that people often ask if these attacks are prevalent, are they relevant? She confidently states, "Research needs to be forward-looking. Even though these kinds of attacks aren't commonplace today, researchers on the forefront of privacy and security need to predict what can happen, and it's my belief that I should be solving these problems." Sujaya talks about a recent research publication she submitted for approval, where she developed a 'knob' of sorts to tune the level of access pattern hiding. The knob would allow high performance/low security or reasonable performance/reasonable security, which would still enable database systems to function practically but in an increasingly secure manner, thus allowing an application to intelligently trade security to gain performance.
Sujaya is blazing her own trail in the relatively nascent area of oblivious privacy-preserving databases and access pattern attacks. She has been a faculty member at the University of Waterloo for less than a year, and is bringing on three master's and two undergraduate students this year to further her research. When asked about the yin-yang tattoo on her arm, Sujaya says, "I've always resisted change in my life, and yet a lot of things happened in my life because of random chance. It's a reminder to go with the flow, and sometimes you need to do just that in your research as well as in life."