Blog

News and articles

Using M-Pin with Geo-location/Geo-fencing

10 Oct, 2016 by Dr Michael Scott

M-Pin is a Multi-Factor identity based authentication protocol. Secret authentication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL. Download paper using M-Pin with Geo-location/Geo-fencing 1 Introduction M-Pin is a Multi-Factor identity based authentication protocol. Secret authen-tication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL.…

Migrating SOK to a type-3 Pairing

03 Oct, 2016 by Dr Michael Scott

The non-interactive authenticated key exchange protocol known as SOK after its inventors Sakai, Oghishi and Kasahara, is one of the original pairing-based protocols. Like many such early protocols it was designed to work with a symmetric pairing. However now it is known that symmetric pairings are inefficient. So the issue arises of how to migrate it successfully to the setting of an efficient asymmetric pairing. In this short research note we consider the challenges and opportunities.…

M-Pin Full Technology (Version 3.1)

26 Sep, 2016 by Dr Michael Scott

M-Pin is a two-factor authentication protocol which has been proposed as an alternative to Username/Password, which works in conjunction with SSL/TLS. Here we derive a more complex M-Pin derivative called M-Pin-Full which also supplants the functionality of SSL/TLS. Download Paper to learn about Full M-pin Technology 1 Introduction M-Pin is a zero-knowledge authentication protocol which authenticates a client to a server. Its unique feature is that it allows a short PIN number to be extracted from the client secret to create a token+PIN combination, facilitating two factor authentication.…

Late Binding for the M-Pin protocol

20 Sep, 2016 by Dr Michael Scott

The M-Pin protocol has been proposed for use in a setting which uses multiple Trusted Authorities. One way to realise M-Pin is to use “early binding”. With early binding the client secret shares issued by each authority are combined immediately after they are issued to each client, inside of the client process. Here we consider the possibilities of “late binding” whereby client secret shares are kept distinct. Conceptually with early binding all of the client secret shares are added to create a single secret, which is used to authenticate.…

M-Pin: A Multi-Factor Zero Knowledge Authentication Protocol

13 Sep, 2016 by Dr Michael Scott

Here we introduce the M-Pin client-server protocol, which features two-factor client authentication as an alternative to Username/Password. Despite the mathematical complexity of the protocol we demonstrate that an M-Pin client can be implemented in an environment with limited computational capability. Download this paper on M-Pin Authentication Protocol 1 Executive Summary The M-Pin protocol is intended to replace the well-known Username/Password authentication mechanism which is widely considered to be effectively broken. The main problem is the existence of a “password file” on the server, which is commonly stolen and hacked, revealing most user passwords.…

New Partnership: Dimension Data

12 Sep, 2016 by MIRACL Blogger

Dimension Data Signs on as Global Distribution Partner to Capture Additional Share of $4 Billion User Authentication & Market LONDON, September 12 , 2016 — MIRACL, a leading internet cyber-­security company, announced today the launch of its disruptive multi­factor authentication platform that allows security solution and managed service providers to expand their businesses in the $4.0 billion user authentication market and immediately capture revenue from current and net new customers.…

Electronic Voting

05 Sep, 2016 by Dr Michael Scott

With the elections looming in America, the issue of the security of electronic voting is back in the news. Both major parties are making serious allegations that the election may well be rigged. Its outcome may even be determined by interference from a foreign government. This extraordinary movie-plot possibility is made plausible by the widespread use of Electronic Voting machines – which are based on computers which may be vulnerable to undetectable hacking.…

The Essence of the Blockchain

30 Aug, 2016 by Dr Michael Scott

Here we attempt a simple explanation of the blockchain for a not overly technical audience. Download the Essence of the Blockchain PDF 1 Introduction The blockchain is a testament to the power of a single cryptographic primitive – the hash function. Really nothing else is required, so if you can get your head around the hash function, you can understand the basics of the blockchain. 2 The Hash Function A cryptographic hash function takes one input and calculates one output.…

The Apache Milagro Crypto Library (Version 2.0)

24 Aug, 2016 by Dr Michael Scott

We introduce a multi-lingual crypto library, specifically designed to support the Internet of Things. Download this paper on The Apache Milagro Crypto Library 1 Introduction There are many crypto libraries out there. Many offer a bewildering variety of cryptographic primitives, at different levels of security. Many use extensive assembly language in order to be as fast as possible. Many are very big, even bloated. Some rely on other external libraries. Many were designed by academics for academics, and so are not really suitable for commercial use.…

A Poor Programmer’s Fix for Username/Password

18 Aug, 2016 by Dr Michael Scott

You are a programmer that uses the Internet a lot. You don’t want to be one of those unfortunates that gets their password hacked, due to some asshole’s failure to properly protect the password file on a remote server. You don’t want to change the world, you just want to work securely with the world as it is. You haven’t the patience for elaborate procedures. You don’t want it to cost you.…

Another Computer Language Comparison

03 Aug, 2016 by Dr Michael Scott

In this article we describe our experience in implementing a high performance cryptographic library in multiple Computer Languages Download this paper on Another Computer Language Comparison 1 Introduction Most people have a favourite language they like to program in. Or they may have two or three on a horses-for-courses basis. Maybe they like one language for high level scripting, and another for low level stuff. Me I have always liked C and C++, and have many years experience using them.…

The Authentication Dilemma

03 Aug, 2016 by Dr Michael Scott

The Internet community is up in a heap about Username/Password, and what to replace it with. Here we try to shed a little light. Download paper and learn about the Authentication Dilemma What can Hackers actually do? They can by sneaky methods plant viruses on your computer and, to varying extents, take control of it. Often this is done by fooling you into opening an email attachment. Sometimes they can exploit bugs in the software to remotely break into your computer without any recourse to your foolishness.…