New Encryption System Prevents Server Snooping

By

MIT's innovative Mylar platform encrypts at the browser and supports keyword searches over encrypted documents.

MIT computer scientists have developed a new privacy system designed to protect data even from attackers who have full access to the server. The Mylar platform encrypts file data in the browser and then stores the data on the server in encrypted form. The data is thus protected from snooping by NSA or anyone else who might have server access. The user's browser then decrypts the data the next time the user accesses the file.
Client-side encryption is nothing new, but Mylar adds some innovations that make it especially practical for production environments. For instance, Mylar supports keyword searches over encrypted documents, even if the data is encrypted using different keys. Mylar also offers a secure means for users to share keys and encrypted data, and it provides a way of ensuring that client code is authentic -- even if the server is malicious.   
Prototype versions of Mylar are built on the Meteor web framework. The Mylar developers say the presence of the Mylar encryption layer adds an overhead of only 17% with 50 ms latency increase for sending a message in a chat application.

04/01/2014

Related content

  • Filesystem Encryption

    The revelation of wide-spread government snooping has sparked a renewed interest in data storage security via encryption. In this article, we review some options for encrypting files, directories, and filesystems on Linux.

  • Freeing your data from ransomware
    Cyber criminals don't need access to sensitive information to blackmail their victims. Simply encrypting everyday files can be enough to extort money from users, whose data is only unencrypted after they pay a ransom – and possibly not even then.
  • Linux Foundation Announces Let’s Encrypt Project
  • Windows security with public key infrastructures
    A rarely used feature for improving security in Windows environments relies on certificates issued for various applications, services, and procedures that is based on a public key infrastructure.
  • Safe Files

    Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.

comments powered by Disqus