Wednesday, March 26, 2014

New Encryption System "Mylar" Encrypts Data in Browser Before Reaching Server

8 comment(s) - last by Scootie.. on Mar 26 at 5:25 PM

This will stop websites from leaking data

An MIT researcher has created a service that keeps data encrypted on servers at all times, only decrypting the data on a person's computer for them to see.

According to MIT Technology Review, MIT researcher Roluca Popa developed the system -- called "Mylar" -- along with Meteor Development Group. It aims to stop websites from leaking data or allowing hackers to steal data.

Mylar runs code inside a user's browser, which handles most of the processing and displaying of information (in other words, it takes over what a traditional service's servers would do). A server can still perform actions the user needs, but doesn't have a way to decrypt the data, as the user is the only one with a password in their browser. This password encrypts data there before it ever makes its way to the server.

Popa said a service using Mylar could search across encrypted data stored on its servers, enabling a user to search documents they had uploaded to a file storage service. Mylar can also let users share data with other users, because a system distributes the necessary encryption key in a way that protects it from being seen by the server or anyone monitoring activities.


Raluca Popa [SOURCE:]

There's even an optional browser extension that can protect against the server stealing the key needed to decrypt a person’s data.

Popa used the Web service building tool called Meteor to create her system, which will make it more simple for developer's to use.

A big upside to this system is its ease of use. Popa said a group of patients at Newton-Wellesley hospital in Boston are currently testing Mylar for their medical information, and all the change needed in the hospital's current system was changing 28 lines of code out of 3,659 total.

“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” said Popa. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.” 

Source: MIT Technology Review

No comments:

Post a Comment