A group of researchers from the Massachusetts Institute of Technology and Meteor Development Group have created a system for building Web services that woud protect data against attackers with full access to servers – whether they are malicious insiders, criminals, or a government.
Mylar – as they’ve dubbed the system – stores the data on the server in encrypted form, and decrypts it only in users’ browsers.
“Mylar addresses three challenges in making this approach work,” they explained in the paper detailing the system. “First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys. Second, Mylar allows users to share keys and encrypted data securely in the presence of an active adversary. Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious.”
A prototype of the system, which is built on top of the Meteor framework, has already been deployed for an app used by patients at the Massachusetts General and Newton-Wellesley hospitals in Boston.
“This application is currently under IRB approval and in alpha deployment,” the researchers shared. “We also secured a chat application, a class assignment submission website, a calendar, a forum application and a photo sharing application.”
“Mylar leverages the recent shift to exchanging data, rather than HTML, between the browser and server, to encrypt all data stored on the server, and decrypt it only in users’ browsers. Mylar provides a principal abstraction to securely share data between users, and uses a browser extension to verify code downloaded from the server that runs in the browser,” they explained, and say that using Mylar requires only a few changes to an application.
What’s most important is that using Mylar doesn’t mean sacrificing much of the speed and usability.
“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” Raluca Popa, the researcher who designed Mylar, told MIT Technology Review. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.”
Whether Mylar can be successfully deployed on larger systems, and whether Web companies will be willing to use it remains to be seen. Nevertheless, it is a very good start.