A new NSA-fighting web platform only decrypts data in the user's browser.
Image: Flickr/Ian Britton
We've seen a long list of tech that’s lauded as “PRISM-proof” or “NSA-proof,” a claim that often seems rather dubious. MIT researchers have now created a secure web platform that very quickly earned itself the same descriptor, but in this case it might not be so over-ambitious.
The basic idea behind the platform, called Mylar, is pretty simple: all data on servers is encrypted, and only decrypted when it’s in users’ browsers. That way, even if someone has full access to the server the data is stored on (like the service provider), they can’t read it.
Take the case of a cloud storage company: It would store users’ encrypted data but wouldn’t have access to the decryption key. Even if the NSA came knocking, the company literally couldn’t hand over decrypted data—or the tools needed to get at it.
And it’s not just governments; encrypting user data before it gets to the server would also prevent hackers, and even curious colleagues, from snooping in private data. It’s a solution to the fact that web applications generally have to rely on servers to store and process sensitive information, with the unfortunate side-effect that this takes the data out of users’ own security bubbles.
In a paper detailing the platform, the researchers wrote that adding Mylar into existing applications wasn’t too difficult. “Results with a prototype of Mylar built on top of the Meteor framework are promising: porting 6 applications required changing just 36 lines of code on average, and the performance overheads are modest, amounting to a 17% throughput loss and a 50ms latency increase for sending a message in a chat application,” they wrote.
That sounded pretty promising, so I reached out to lead researcher Raluca Ada Popa to find out quite how spy-proof the platform really was, and whether we might see it in widespread use anytime soon. She agreed to answer some questions over email.
MOTHERBOARD: Post-Snowden, we’ve seen a lot of things described as NSA-proof or PRISM-proof, and Mylar’s also earned itself this description. Is it really?
Raluca Ada Popa: Mylar can help against NSA forced disclosure, but saying that something is NSA-proof is a very vague term, with no precise technical meaning.
A slide showing the basic idea of Mylar. Image: Raluca Ada Popa
Mylar stores only encrypted data at the service provider, and the service provider can process and search on the encrypted data without ever getting any decryption key. If the NSA forces the service provider to give all user data, the service provider has only encrypted data, so even if it wants to comply with the NSA, it cannot, because it only has encrypted data.
In a nutshell, how does it work, and how does it differ from other encryption services?
Mylar encrypts each user's data in the user's browser using a key derived from the user's password. The service provider only receives encrypted data.
Previous schemes store encrypted data on the disks of the service provider, but the service provider has the decryption key and decrypts the data when it computes or searches on it—so data is encrypted at rest, but is not encrypted when in use (when the service computes on it). This means that if the NSA forces the service provider to disclose data, the NSA can obtain the encrypted data and the decryption key from the service provider, which means that the NSA does get access to the whole data because it can decrypt it!
With Mylar, the data is always encrypted at the service provider: at rest, in use and in motion as well. Despite this strong encryption, Mylar still allows web application to provide important functionality to users: users can share data and users can search over the data.
Who did you have in mind when you built Mylar? Who did you envisage might use it?
Almost everyone who hosts a web application and stores sensitive data is vulnerable to server attacks and should use Mylar.
A particular example is the pay-per-use cloud model: many companies host their web application on a cloud and pay the cloud for the service. Since the companies store confidential data on the cloud, Mylar can prevent curious cloud employees (or other insiders in the cloud) from looking at these companies' data.
On a practical level, how would they use it?
If someone wants to write a new web application, they need to write it in the Mylar framework. If they already wrote it, they need to convert it to the Mylar platform. If a web application is already written in Meteor (a modern web framework), it will be very easy to port to Mylar. But if it is written in a different platform than Meteor, they need to rewrite their application from the beginning in the Mylar/Meteor framework. We are working on making it much easier for such existing applications to move to Mylar.
You’re already running a small trial with Mylar. Could you ever see the tech giants—Google, Facebook, etc—using something like this?
I am very optimistic about this. At the moment, tech giants could use Mylar for some of their services but not for all. For example, Amazon and Google offer cloud services to companies in the pay-per-use model: namely, companies pay for hosting their applications in these clouds and using their resources. Companies could use Mylar to put their web applications in the cloud without Amazon or Google seeing their data.
Google could not use Mylar quite now for their email service or Facebook for their social network because these companies rely on seeing customer data to show ads or make recommendations. We are developing some techniques that allow Google and Facebook to still present ads to users without actually seeing user data. So stay tuned!