PRISM-proof system could turn servers into spook-proof fortresses

A young MIT student has invented a new system for storing data which could offer protection against unscrupulous colleagues – and even against the hi-tech tentacles of government organizations with “back doors” into corporate servers.

The system, Mylar takes a different approach to data storage – data is stored in encrypted form on servers at all times (as opposed to the usual practice of storing such data unencrypted). The user’s browser decrypts the data, at a speed which means users, “Won’t notice a difference.”

MIT describes the system as PRISM-proof – in that, even if a system requests data from the server, it will be delivered in encrypted form, according to MIT technology review. Creator Baluca Popa says, ““You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” Popa says. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.”

Other sites made much of the idea that the system would be ‘spy proof’ – although it obviously protects against just one tactic employed by intelligence agencies, rather than providing blanket  protection. Mylar is not simply a data safe, though, as revealed by Popa’s paper– it will be possible to search for files within the encrypted data, although decryption will require the user’s unique key.

The service is already being tested in Newton-Wellesley hospital in Boston – and fits into the hospitals systems so well that the researchers had to rewrite a mere 28 lines of code to use it in the hospital. In tests, the only noticeable difference is a slight slowing of chat communication – latency of around 50ms, according to IT ProPortal.

Speaking to Boy Genius Report, University of Pennsylvania researcher Ariel Feldman believes the service can offer added protection, but says that Internet companies may not necessarily deploy such systems. “It would be a watershed moment if any of these types of systems actually got deployed to millions of users. The real obstacles to adoption are usability and the business case for deploying them.”


Author , We Live Security

  • Jammer

    my only concern would be at the time of setting the password used for the encryption. Im assuming a key-logger would be handy is this case? as you would then have the password for the encryption. I assume this is how it works or does it generate the key some other way with out typing it by hand?

  • R. Whitney

    How are the servers going to encrypt/decrypt this data to be processed by the site?

Follow us

Copyright © 2017 ESET, All Rights Reserved.