skip to content
 

TRVE Data: Secure and Resilient Collaborative Applications

Dr Martin Kleppmann
Department of Computer Science and Technology
 

Cloud-based collaboration tools such as Google Docs, Evernote, iCloud and Dropbox are very convenient for users, but problematic from a security point of view. At present, most such services are provided by companies through a centralised server infrastructure, which is vulnerable to operational mistakes by the service provider, security breaches, and cyberattacks.

The goal of the TRVE Data project (pronounced “true data”) is to build the foundation for the next generation of collaboration software, providing stronger security and resilience than the current practice. We are developing algorithms, protocols, and code that allow real-time collaboration and data synchronisation across several devices without relying on central servers. Our research is based on the following principles:

End-to-end encryption

Today's Internet services typically process data in unencrypted form on their servers, and employ encryption (e.g. TLS) only for communication between servers and end-user devices (such as laptops or smartphones). Hence, users depend on the cloud provider to prevent unauthorised access and to maintain integrity of the data. A security breach of the provider could have disastrous consequences: a hacker who gains access to the servers, or a rogue employee, can potentially read and tamper with vast amounts of sensitive data.

In contrast, we are designing systems to use end-to-end encryption, which secures data all the way from one user's device to another user's device. In this approach, servers only ever handle encrypted data that they cannot decrypt. Thus, even if communication networks or servers are compromised, the confidentiality and integrity of sensitive data are protected, giving users better ownership and control over their data.

Making servers optional

At present, services typically transmit all data via a central server. Even if the communicating devices are in the same room, their data might be sent via a server on another continent. This approach is not only slow and wasteful, it also makes the system susceptible to disruption: if the server is blocked or subjected to a cyberattack (e.g. a DDoS attack), or if the operator goes out of business, the software stops working.

To improve the resilience of applications, we are using peer-to-peer communication where possible, sending data directly between collaborating devices, and utilising fast local networks when applicable. Servers may still be used, but the software continues working if servers are unreachable. Using local storage and local networks further improves users' control over their own data.

Open source and open standards

All software developed in this project is made freely available as open source, so that it can be easily adopted by application developers.

We have implemented this approach in Automerge, a JavaScript library for building collaborative applications. Automerge allows users to read and modify data even while their device is offline, and it performs data synchronisation and automatic conflict resolution when a network connection is available. Unlike most existing data synchronisation systems, Automerge does not require data to be sent via a centralised server, but rather allows local and peer-to-peer networks to be used, and it is compatible with end-to-end encryption protocols.

Keep in Touch

    Sign up to our Mailing List
    Follow us on Twitter
    Email us