Starting tomorrow – a week of papers!

If nothing goes wrong, next week will see seven posts with seven papers.  I just spent some time trawling through various conferences, and found a bunch of interesting ones to add to my meager supply.  The seven I’ll plan on doing next week are:

All of these look fairly reasonable, but I may still substitute in another one of the other Future Papers if I don’t like one of these.

Posted in meta | Tagged | Leave a comment

Building web applications on top of encrypted data using Mylar

Available from MIT; authors are Raluca Ada Popa, Emily Stark*, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M. Frans Kaashoek, and Hari Balakrishnan, mostly from MIT CSAIL, with one starred exception from the Meteor Development Group.

A lightly edited version of my comment from MIT creates a system to “PRISM-proof” websites:

They built a system that lets you store data encrypted in “the cloud”, yet share it with your friends and do searches serverside.

This is really cool. The *only* place the data exists unencrypted is on the client, yet you can share documents with other people and, in the most mind-blowing part, do *server side searches on the encrypted data*. And they also wrote a browser plugin that uses crypto to ensure that the page wasn’t tampered with.

I’m working mostly from memory, so may be a bit off, but here’s roughly how it works: the client creates a new key for each document, and sends it, encrypted with the user’s private key, to the server. Now I can request the document, and get the encrypted document, along with a decryption key that only I can decrypt using my private key.

Voila! Unless the NSA can crack public key encryption (and if they can, we’re all doomed anyway), my data is safe. But how do my teammates read the document? I just grab their public key and the encrypted document key, and locally decrypt the document with my private key, and encrypt it with my teammate’s public key, and send that to the server. Now my friend can get the document’s key, decrypt it with her private key, and read the document, but noone else can.

And how does search work? That’s complicated. I’d probably have to spend a half-hour rereading the paper to fully understand it. Briefly, I send the encrypted word to the server, along with some “deltas” that somehow let the server compute the encrypted word for each document and search the document for it. They server never knows what the word is, though there could well be some information leakage; I don’t understand this part well enough to be sure.

But when you put it all together, this is a system that lets you send documents to a server, share them, and search them serverside. In other words, you can implement e-mail or chat this way – each “message” is a document that you share with the recipient(s) so they can read them, and you can search all of your documents. But none of the data in the “cloud” (whether stored or transferred over the network) is snoopable under reasonable assumptions.

Sure, there may be vulnerabilities and network patterns still exist. But if, say, Gmail were to use this, then all the NSA would know is “I use gmail”, and maybe they can get some weak correlations around message sizes and access patterns. But it’s still a *huge* step forward over the status quo.

(Also, I don’t consider this as cool, but they built a proof of concept by modifying the Meteor web framework, and then modified a couple applications to use Mylar. The LoC added for Mylar (Figure 8) varies from 30-45 lines for applications ranging from 610 to 8410 initial lines. Seems pretty practical.)

Posted in papers | Tagged , , , | Leave a comment

Read more papers!

I’m now in industry, and miss the paper-reading of academia.  There are lots of good papers I’d like to read, but don’t have any excuse to, and have plenty of other things to do.

Then, after reading a disappointingly information-sparse article on the generally-excellent Ars Technica (not linkable AFAICT, but to be cross-posted momentarily as the first actual post), I posted a comment with my take on the paper (having read it a week before).  This got several upvotes and an explicit “thanks for the summary” comment.  That felt pretty good.

So now I have an excuse – I’ll read papers and write up a summary, hopefully doing a better job than the typical “University press release/news article” game of telephone.  I’ll focus primarily on CS, being my area of expertise and interest, but may also attempt the occasional physics or other science if I think I have a shot at understanding it or it’s interesting enough.

To kick things off, in the spirit of an article I read a while back, I’ll read seven papers in seven days during the week of April 20 (that gives me some time to pick papers, plus I’m travelling next weekend.)

Current candidates include:

I’d love to hear suggestions.  I also may start early; while I’ll aim for one per day that week, I may well read something before then.

Posted in meta | Leave a comment