One group of MIT researchers believes the entire approach to securing online data should be overhauled. So, it has introduced Mylar, a platform for building secure Web applications, which redesigns encrypting and storing confidential user data by shoring up the weak link: servers.
The current mode of securing Web application data relies on servers for storing and processing, yet any intruder who infiltrates the server can access the unencrypted data. Applications and services built using Mylar keep information secure by never storing unencrypted data on servers. Mylar keeps server data encrypted at all times, only decrypting the data in the user’s browser.
(Related: White hat hacker breaks into HealthCare.gov)
Using the Meteor framework to simplify code porting, the researchers claimed that a Mylar prototype was able to secure six applications by changing only 35 lines of code.
Reducing server vulnerability only solves one part of the equation, though. Common forms of encryption have proved vulnerable to brute-force hacking and other decryption methods, so Mylar also builds other encryption mechanisms into applications while data is stored on the server.