In this paper, the authors developed and present Mylar, a web platform that protects confidentiality against full server compromise. Most web applications currently are dependent on servers to store and process confidential information. But in case an adversary gains access to the server, they can obtain all the data present on the server. Mylar prevents this by storing data in encrypted format on the servers. It decrypts the data only on the client’s machine.
The first approach that comes to our mind to protect data confidentiality is to give each user their own encryption key and encrypt the user’s data with that user’s key in the web browser and store only encrypted data on the server. Though this approach sounds plausible, it has several challenges. First, if the server is compromised, it can send the malicious client-side code to the client which can extract the user’s key and data. Ensuring that the server did not tamper with the application code is difficult because a web application consists of many files, such as HTML pages, Javascript code, and CSS style sheets, and the HTML pages are often dynamically generated. Second, this approach does not provide data sharing between users, a crucial function of web applications. To address this problem, one might consider encrypting shared documents with separate keys and distributing each key to all users sharing a document via the server. However, distributing keys via the server is challenging because a compromised server can supply arbitrary keys to users, and thus trick a user into using incorrect keys. Third, this approach requires that all of the application logic runs in a user’s web browser because it can decrypt the user’s encrypted data. But this is often impractical: for instance, doing a keyword search would require downloading all the documents to the browser.
Mylar addresses these challenges in making this approach work. First, Mylar allows the server to perform a keyword search over encrypted documents, even if the documents are encrypted with different keys. Second, Mylar allows users to share keys and encrypted data securely in the presence of an active adversary. Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious.
The results are promising. The authors evaluated this data on two indices: the number of lines of code we need to add to port normal application to Mylar and second, the performance overhead. As per the results, on average only 36 lines of code were added to the code, which is quite excellent. But on the performance side, the application’s throughput was reduced by 17% and the latency was also increased. But overall, the results are promising and the authors have deployed Mylar in several real-life applications which are tested by the users as well.
Link to the paper: https://www.usenix.org/system/files/conference/nsdi14/nsdi14-paper-popa.pdf
Rishabh Jain's Corner 