New Platform Protects Data From Arbitrary Server Compromises

New Platform Protects Data on Compromised Servers

Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event that attackers gain full access to the servers.

Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event attackers gain full access to servers.

The platform, Mylar, is the result of a project spearheaded by students at the Massachusetts Institute of Technology (M.I.T.) set to be discussed at USENIX’s Symposium on Networked Systems Design and Implementation conference next week in Seattle.

According to a paper – “Building web applications on top of encrypted data using Mylar” (.PDF) – , the platform can encrypt data on servers and decrypt it in users’ browsers, provided they have the correct key.

As it is, there are several ways in which data can be leaked from servers: Attackers could exploit a vulnerability and break in; a prying admin could overstep their bounds; or a server operator could be forced to disclose data by law.

While Mylar’s goal is to keep confidential data safe by preventing these incidents from happening, it does so by operating under the premise that the server where the data is stored has already been hacked.

“Mylar assumes that any part of the server can be compromised, either as a result of software vulnerabilities or because the server operator is untrustworthy, and protects data confidentiality in this setting,” according to the paper.

Raluca Popa, the paper’s lead author and a Ph.D. Candidate at the school’s Department of Electrical Engineering and Computer Science, worked with six colleagues from the school’s Computer Science and Artificial Intelligence Laboratory (CSAIL) for nearly two years on the project.

The report makes light of recent privacy-minded applications such as Mega and Cryptocat, but acknowledges that while those apps allow users to decrypt information from servers via browsers with special keys, they still have their drawbacks.

Or as a description of the platform on M.I.T.’s website puts it, “simply encrypting each user’s data with a user key does not suffice.”

Mainly it’s because these apps don’t allow data sharing, they make keyword searches difficult and perhaps most concerning, they can still be tricked into letting the server extract user keys and data via malicious code.

To allow data sharing on Mylar, a special mechanism establishes the correctness of keys obtained from the server – backed up by X.509 certificate paths – to ensure that a server that has been compromised cannot trick the app into using a bogus key. This allows multiple users, with keys, to share the same item.

To verify app code, Mylar keeps application code and data separate, checking to make sure code it runs is properly signed by the website owner, something that in turn keeps HTML pages that are supplied by the server static.

While many schemes require document data be encrypted by a single key, this prevents easy keyword searches. A unique cryptographic scheme in Mylar allows clients to search through many documents with multiple encryption keys for keywords and without even learning what the word is or learning the contents of the documents, Mylar can return a list of instances of that word.

Mylar owes a lot to this specialized search scheme; something Popa claims she discovered last May and helped get the ball rolling on the platform soon after.

Popa and her team started working on the project in 2012 but it would take another year and a half to truly come to fruition. The researchers initially tried to build the framework over Django and Ruby on Rails before realizing the way the two platforms are designed made them incompatible with what they were looking for from a encryption and confidentiality standpoint.

In the summer of 2013, the group realized that the more secure Meteor, an emerging, open source web framework was their best option. Developers from Meteor helped the team test the software and it wasn’t long after until Popa came up with the multikey search scheme, pieced together from elliptic curves, and they were off.

Three months later — a few design tweaks here and there — and Mylar was complete.

According to the paper, if adopted, the platform would require little effort by developers. The researchers ported six applications over to Mylar and only needed 36 additional lines of code on average, per app, to protect sensitive data.

The six apps that researchers have tested Mylar on so far consist of a website that lets endometriosis patients record their symptoms, a website for managing homework and grades, a chat application, a forum, a calendar and a photo sharing app.

It might not be long until Mylar catches on with some of those apps in real life.

Two of those apps, the medical app, and the website that lets professors at M.I.T. manage homework and grades; actually plan on implementing Mylar in the immediate future.

Endometriosis patients at Newton-Wellesley Hospital, a medical center in Newton, Mass., tested the medical app a month ago. According to Popa, in another month or so it should be out of alpha deployment following approval from the Institutional Review Board (IRB). Since the app is transferring highly sensitive patient information, she wouldn’t be surprised if the review period took a little bit longer than usual however.

Professors in CSAIL’s Computer Systems Security classes have successfully used an app running on Mylar for managing student’s homework and grade information.

Still though, while the researchers stress that Mylar isn’t perfect, it does work providing users follow a modicum of responsibility when it comes to privacy and security.

While Mylar’s main goal is to protect data from being compromised in arbitrary server compromises, conventional wisdom assumes users are not running the framework on a compromised machine and sharing information with untrustworthy users. Mylar also assumes users are checking to make sure they use the HTTPS version of the site/app they’re using and can safely recognize phishing attacks.

While it sounds promising for PC usage, the platform could also have a future on Android systems. The researchers claim they’ve tested Mylar on phones running the Google operating system but left the results out of their paper for brevity sake.

“Mylar’s techniques for searching over encrypted data and for verifying keys are equally applicable to desktop and mobile phone applications; the primary difference is that code verification becomes simpler, since applications are explicitly installed by the user, instead of being downloaded at application start time,” according to the paper.

The team’s research was aided by a handful of firms including Google, the National Science Foundation, and DARPA’s Clean-Slate Design of Resilient, Adaptive, Secure Hosts (CRASH) program – a program dedicated to crafting cyber-attack resistant systems.

This is the latest piece of software designed by Popa, who considers Mylar the follow up to CryptDB, a piece of software she devised in 2011 that more or less did the same thing that Mylar does, but for databases.

“We started working on this project as a natural next step after the previous project, CryptDB, which did the same for databases,” Popa said, “We realized that web applications are an even more common use case for placing on a cloud or on a compromised server.”

CryptDB encrypted information and ran SQL queries without decrypting the database. Some of Popa’s CryptDB research even found its way into a system Google released later that year,Encrypted BigQuery, that can run SQL-like queries against large, multi-terabyte datasets.

Popa plans to present Mylar in USENIX’s Security and Privacy session next Wednesday and demonstrate the platform later that afternoon alongside one of the paper’s co-authors, Jonas Helfer.

Suggested articles