MIT researchers develop Mylar – a platform for building secure web applications

March 26, 2014 by Bob Yirka weblog
System overview. Shaded components have access only to encrypted data. Thick borders indicate components introduced by Mylar. Credit: Raluca Ada Popa, et al.

(Phys.org) —A team of researchers at MIT, led by Raluca Ada Popa has developed a platform for building secure web applications that is based on ensuring data on servers is always encrypted—they call it Mylar. In announcing the new platform, the developers noted that Mylar can protect user data from snooping even if a hacker obtains full access to a server.

The traditional approach to securing user on servers, is to accept data from a user (generally from a web browser), then encrypt it before saving to a on a server. When the user requests the data, the server opens the file, decrypts it and then sends what has been requested. The weakness of this approach, Popa notes, is that if a hacker gains control over a server, they can decrypt everything on it. A better approach she says, is to have encryption and decryption occur on the user end—that's the essence of Mylar.

With the Mylar , encrypting and decrypting are performed via code in a user's browser, thus users never see it happening—it's seamless. The advantages of such an approach are obvious, hackers can't read data files, and notably, neither could government snooping programs such as PRISM.

Popa says Mylar would allow users to send passwords to others using public encryption keys, so that data could be shared with other intended users. Also there are extensions that prevent someone with server access from stealing and also for searching for information in stored files.

Of course there are reasons companies that run haven't already adopted a similar platform. One of the big ones is that if a user forgets their password, they are never going to get their data. Another is that many companies that host data make money from ads which rely on knowledge about the content of data files. Also there is the problem of the need for a standard shared by users across the Internet.

Undaunted by naysayers, the team at MIT reports that they have already lined up several users ready to try the new platform and expect more to follow. They also note that there is a precedent, CryptDB, also developed at MIT, to encrypt database information in a similar fashion, is now in use by Google, SAP and other companies. The team will be presenting a paper describing Mylar at USENIX next month.

Explore further: Distributed Credential Protection: Trying to beat the hackers and protect our passwords

More information: — Building Web Applications on Top of Encrypted Data Using Mylar, https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/popa , (PDF)

— Mylar, css.csail.mit.edu/mylar/

via TechnologyReview

Related Stories

Explaining perfect forward secrecy

December 2, 2013

Twitter has announced it is introducing perfect forward secrecy to help users protect their information from spies and cyber-criminals.

Security firm finds 300,000 home routers hacked

March 4, 2014

(Phys.org) —Nonprofit American security firm Team Cymru (Celtic world for Wales) has announced that they have uncovered a hacking scheme that has impacted at least 300,000 routers used by people in their homes. Reps for ...

Collecting digital user data without invading privacy

March 6, 2014

The statistical evaluation of digital user data is of vital importance for analyzing trends. But it can also undermine the privacy. Computer scientists from Saarbrücken have now developed a novel cryptographic method that ...

Recommended for you

Team develops targeted drug delivery to lung

September 2, 2015

Researchers from Columbia Engineering and Columbia University Medical Center (CUMC) have developed a new method that can target delivery of very small volumes of drugs into the lung. Their approach, in which micro-liters ...

Not another new phone! But Nextbit's Robin is smarter

September 2, 2015

San Francisco-based Nextbit wants you to meet Robin, which they consider as the smarter smartphone. Their premise is that no one is making a smart smartphone; when you get so big it's hard to see the forest through the trees. ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Magnetic fields provide a new way to communicate wirelessly

September 1, 2015

Electrical engineers at the University of California, San Diego demonstrated a new wireless communication technique that works by sending magnetic signals through the human body. The new technology could offer a lower power ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.