This year, UCLA Computer Science and Mathematics professor Rafail Ostrovsky has been named a recipient of the IEEE Computer Society Technical Achievement Award “for outstanding contributions to cryptographic protocols and systems, enhancing the scope of cryptographic applications and of assured cryptographic security”.
The IEEE Computer Society is the world’s leading membership organization dedicated to computer science and technology. Every year, the organization awards roughly 3-5 accomplished scholars with a certificate and a $2,000 honorarium in order to recognize their outstanding contributions to the fields of computer science and engineering.
“I’m humbled that I was given this high honor,” Ostrovsky said. “It’s nice to be appreciated by a larger community.”
Ostrovsky’s research interests encompass a number of topics, including cryptography and computer security, routing and network algorithms, and search and classification problems on high-dimensional data; however, his primary focus is on cryptography and computer security, which he finds fascinating due to its theoretical centrality in computer science and its practical significance.
“As networks become even larger and more ubiquitous, distributed protocols begin to play a central role in both the scientific and business environments of today,” Ostrovsky stated. “Hand-in-hand with these developments come the questions of security, privacy, and fault-tolerance – how do we ensure that passwords are not broken, or that we can cope with a virus spread or overloaded network traffic? Cryptography and distributed algorithms provide some of the answers to these questions.”
Influenced by his father’s career in academia as a university professor in Russia and the U.S., Ostrovsky’s desire to pursue research started from a very young age. After receiving his B.A. in Mathematics from the State University of New York at Buffalo in 1984 and his M.S. in Computer Science from Boston University in 1987, he went on to pursue his Ph.D. in Computer Science at the Massachusetts Institute of Technology, where he was advised by Professor Silvio Micali. During his time at university, Ostrovsky also held multiple summer research internships at companies like AT&T & IBM, where he explored the areas of cryptography and algorithms. In 2003, Ostrovsky joined UCLA as a professor of computer science.
With over 30 years of experience in the field, Ostrovsky has made multiple long-lasting contributions to the realm of cryptography, starting from his Ph.D. thesis, which introduced the first poly-logarithmic solution for Oblivious RAM, an interface between a program and remote memory or cloud storage. Oblivious RAM helps ensure security by continuously shuffling memory as it’s being accessed, which hides information about which data is being accessed, even from database administrators who hold this data. Ostrovsky’s solution to Oblivious RAM had – and continues to have – enormous implications for improving cloud security protection, in spite of the fact that his paper was originally thought to be of theoretical interest only.
“As you can imagine, nobody was interested in cloud security in 1992,” Ostrovsky explained. “That changed around 2000 – nowadays, this is one of my most highly cited papers, and [because of it] there are several startups and large corporations that have deployed Oblivious RAM in their systems. It’s very satisfying to see the huge impact of my Ph.D. thesis so many years after the fact.”
Ostrovsky has written over 250 papers, including the first papers introducing definitions of searchable encryption, or how to search over encrypted data without the decryption key, a paradoxical yet powerful notion. Searchable encryption, both in the public-key and private key encryption settings that Ostrovsky defined, is incredibly important for efficiency in cybersecurity because it allows processing of data in the cloud in an encrypted form. Both his papers which defined searchable encryption in the public key and in the private key setting have over 1000 citations according to Google scholar, and have led to multiple follow-up works and startups. Ostrovsky also introduced the first solution on extracting cryptographic encryption keys from biometric data through fuzzy extractors – i.e., being able to extract a consistent cryptography key, even if biometric data like a person’s fingerprint or iris scan are not read the same way each time. This solution now plays a large role in IoT hardware authentication and other biometric security applications. Ostrovsky also worked on the highly influential notion of proactive security – i.e., the ability to continuously “refresh” secure data so that it cannot slowly be captured by adversary – that has several systems built around it, such as the RSA Inc. product of maintaining passwords in cloud servers, and Cornell’s COCA: A Secure Distributed Online Cornell On-line Certification Authority, which maintains critical system access keys in a survivable manner.
Despite his many contributions to the field of cybersecurity, Ostrovsky said his proudest accomplishment is seeing his graduate and postdoctoral students succeed, whether it be at universities such as Carnegie Mellon University, Berkeley, Johns Hopkins University or University of Pennsylvania, or in research labs such as Microsoft, Google, etc. As for his personal goals, Ostrovsky hopes to continue to push the envelope of advanced cybersecurity notions and applications which improve privacy protection tools in order to better people’s lives.
Ostrovsky’s accomplishment of winning the 2017 IEEE Computer Society Technical Achievement Award follows UCLA Computer Science professor Jason Cong’s acceptance of the same award in 2016, for “setting the algorithmic foundations for high-level synthesis of field programmable gate arrays”. In light of the news, Ostrovsky expressed his excitement in being able to help the UCLA Computer Science department maintain its great track record in winning this prestigious award. As for his plans in the near term, in addition to attending the award ceremony in June, Ostrovsky will also be attending the Google Security Summit, a prestigious invite-only event on the future of cybersecurity.