Reminders that data entrusted to online services can easily be leaked or stolen aren’t hard to find. Major companies commonly have passwords and other data taken by attackers, while governments have their own ways to get hold of user data.
Researcher Raluca Popa of MIT thinks many online services should and could be redesigned to guard against that. “Really, there’s no trusting a server,” she says. Popa has led the development of a system called Mylar for building Web services that puts that philosophy into practice. Services built using it keep data on their servers encrypted at all times and only ever decrypt it on a person’s computer.
“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” Popa says. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.” Popa developed the software with colleagues from MIT and a Web development software company, Meteor Development Group. A paper on Mylar will be presented at the Usenix Symposium on Networks Systems Design and Implementation next month.
The idea of designing Web services that always keep data encrypted while it resides on their servers has been around for years, and researchers have developed tools to demonstrate how it might be done. But Popa says Mylar is more practical than previous efforts and could even be used to build services today.
The software is designed to work with a popular Web service building tool called Meteor, to make it easy for Web developers to use. Mylar’s design has code running inside a person’s browser take on most of the processing and presenting of information—work that a conventional service would do on its servers. But Mylar also includes some new cryptographic tricks that allow a server to do useful things with user data without having to descramble it. It is possible for a service built with Mylar to search across encrypted data stored on its servers, for example, so a person could search documents they had uploaded to a file storage service.
Mylar also lets individuals share data with other users, thanks to a system that can distribute the necessary encryption key in a way that protects it from ever being disclosed either to the server or to someone monitoring communications. An optional browser extension can be used to protect against the server stealing the key needed to decrypt a person’s data, in the event it has been taken over by an attacker or malicious insider.
A small group of patients at Newton-Wellesley hospital in Boston are already using a website built using Mylar to collect medical history information. The information a patient enters is only decrypted when viewed by the patient or his doctor. If that small trial is successful, it will be rolled out more widely, says Popa. She says using Mylar for a real use case shows it can be practical. “All they had to change is 28 lines of code out of 3,659 to secure their application,” she says. Popa and colleagues have also built chat, photo sharing, and calendar Web services to test their idea.
Ariel Feldman, a researcher at the University of Pennsylvania, says that Mylar manages to combine several useful features for an encrypted Web service not packaged together before. However, he notes that the chance of many Web companies opting to embrace encryption so thoroughly look slim.
“It would be a watershed moment if any of these types of systems actually got deployed to millions of users,” he says. “The real obstacles to adoption are usability and the business case for deploying them.”
A big usability challenge is that if anyone loses their password, they can permanently lose access to their information if the server can’t decrypt it, says Feldman. Although Popa says that the design of Mylar allows for the addition of a secure system for password recovery. Business challenges range from the added expense of building a more secure system, to the fact that many online companies rely on being able to crunch user data to make money from ads, says Feldman. He says Mylar may catch on in places where protecting data is seen as critical. “Enterprises or governments may be willing to pay for extra security,” he says.
Popa remains optimistic that the Wellesley trial will be only the first real-world use case of Mylar. She points to how she previously led development of a system called CryptDB, software that allows databases to be fully encrypted, which has since been adopted by Google and the business software giant SAP. “I think Mylar will be at least as useful, if not more,” she says.