New Encryption System Prevents Server Snooping
MIT computer scientists have developed a new privacy system designed to protect data even from attackers who have full access to the server. The Mylar platform encrypts file data in the browser and then stores the data on the server in encrypted form. The data is thus protected from snooping by NSA or anyone else who might have server access. The user's browser then decrypts the data the next time the user accesses the file.
Client-side encryption is nothing new, but Mylar adds some innovations that make it especially practical for production environments. For instance, Mylar supports keyword searches over encrypted documents, even if the data is encrypted using different keys. Mylar also offers a secure means for users to share keys and encrypted data, and it provides a way of ensuring that client code is authentic -- even if the server is malicious.
Prototype versions of Mylar are built on the Meteor web framework. The Mylar developers say the presence of the Mylar encryption layer adds an overhead of only 17% with 50 ms latency increase for sending a message in a chat application.