Blog

<p><img src="./miracl-blog-cryptography.jpg" alt=""></p> <p><strong><em>Cryptography has been a science since the 1940s. But how does it fit into today’s modern world and, most importantly, how can it steer effective cyber security? October is the Cyber Security Awareness Month both in Europe and the U.S., so there couldn’t be a better time for MIRACL’s Chief Crypto Officer, Dr Mike Scott, to explain the status of modern cryptography.</em></strong></p> <p>The importance of cyber security has never been clearer. Which, let us remind ourselves, has not always been the case. In the early days with all of the excitement around the potential applications of the Internet of Things, cyber entrepreneurs were gung-ho to push out products, with security either barely considered at all, or else as something to look at for version 2, all the while piously acknowledging security as “being important”.</p>…

<p><img src="./miracl-blog-bulbet-miracl.png" alt="bullbet miracl logo"></p> <h4 id="ultra-secure-authentication-for-gamers-miracl-gaming-solutions-announces-partnership-with-bulgarian-gaming-site-bulbet">Ultra Secure Authentication for Gamers: MIRACL Gaming Solutions announces partnership with Bulgarian Gaming Site, Bulbet.</h4> <p>Bulbet, the Bulgarian gaming site, has announced MIRACL Trust® as the player and transaction authentication solution for both their Social and Real-Money gaming products. MIRACL Gaming Solutions can uniquely offer the security, scalability and zero-friction user-flow critical for gaming businesses. Not only will MIRACL provide market leading security against both internal and external threats, it will ensure that Bulbet will meet and exceed current European standard PSD2 for transaction authentication.</p>…

<img src="./miracl-blog-core.png" alt="MIRACL Core, cryptographic library"> <h4 id="to-co-inside-with-attendance-at-the-2nd-international-conference-in-blockchain-identity-and-cryptography-in-edinburgh-miracl-trust-has-today-launched-its-new-commercially-relevant-cryptographic-library--miracl-core-v4">To co-inside with attendance at the 2nd International Conference in Blockchain, Identity and Cryptography in Edinburgh, MIRACL Trust® has today launched its new, commercially relevant cryptographic library – MIRACL Core (V4).</h4> <p>Years of experience and development, combined with a deep understanding as to what is needed in a cryptography library from a commercial point of view, means this new offering is unmatched - and meets the needs of organisations seeking cryptographic solutions to ensure they deliver the absolute best in security for their customers.</p>…

<img src="./miracl-blog-core-key.jpg" alt="MIRACL Core, cryptographic library"> <h4 id="to-co-inside-with-my-attendance-tomorrow-at-the-2nd-international-conference-in-blockchain-identity-and-cryptography-in-edinburgh-miracl-will-announce-details-of-its-new-cryptographic-library--miracl-core-v4">To co-inside with my attendance tomorrow at the 2nd International Conference in Blockchain, Identity and Cryptography in Edinburgh, MIRACL will announce details of its new cryptographic library – MIRACL Core (V4).</h4> <p>Years of experience and development, combined with a deep understanding as to what is needed in a cryptography library from a commercial point of view, means this new offering is unmatched - and meets the needs of organisations seeking cryptographic solutions to ensure they deliver the absolute best in security for their customers.</p>…

<img src="./miracl-blog-gaming-solutions-stacked-no-logo.png" alt="Digital signatures, cryptographich signing and designated verifier signatures"> <h2 id="with-miracl-its-one-pin-and-youre-in">With MIRACL, It’s One Pin And You’re In</h2> <h3 id="revolutionising-passwords-introducing-the-worlds-first-100-software-multi-factor-authentication">Revolutionising passwords. Introducing the world’s first 100% software multi-factor authentication.</h3> <p>This August, tech market disruptor MIRACL Gaming Solution launches a highly innovative, new authentication solution for gaming clients. MIRACL already supplies the worlds only 100% software, multi-factor authentication (MFA) PIN based solutionto customers such as banking giant Crédit Agricole and consumer credit leader, Experian.</p> <p>Challenging the increasingly out-dated concept of passwords and stored credentials, this new, highly-secure solution from MIRACL is set to revolutionise the way we provide authentication for online financial transactions, especially in the online gaming sector. Passwords are currently the cause of 81% of hacks and 70% of support queries. These two factors are responsible for a large proportion of customer churn so addressing them will boost operators’ customer retention and their overall profitability.</p>…

<img src="./miracl-blog-psd2update.jpg" alt="Digital signatures, cryptographic signing and designated verifier signatures"> <p><strong><em>(2 Minute Read)</em></strong></p> <br> <p>No-one thought complying to PSD2 was going to be easy. This revised Payment Services Directive is going to revolutionise the payment services industry but this is going to take time. Delaying until 2021 will ensure organisations find the best solution to make the necessary changes and ultimately ensure online payments within Europe are safer, faster, cheaper and more convenient.</p> <p>Last year, cyber incidents increased by 1000% and fraud losses on UK ‘card not present’ transactions 47%. Numbers that are only going to keep rising unless security on payments improve. PDS2 calls for big changes, but integrating and incorporating the right solution that is both user friendly and secure is important – delaying until 2021 provides organisations time to find the right solution.</p>…

<p><img src="./miracl-blog-digital-signature.jpg" alt="Digital signatures, cryptographich signing and designated verifier signatures"></p> <h4 id="here-dr-michael-scott-considers-digital-signatures-and-the-verification-they-provide-in-todays-digital-world-4-minute-read">Here, Dr Michael Scott considers digital signatures and the verification they provide in today’s digital world. (4 Minute Read)</h4> <p>Digital signature is an attempt to provide a digital analogue of the human signature. Before getting into that, let’s look again at the human signature, and what it provides.</p> <p>The hand-written human signature provides irrevocable authentication of a document. You sign something, you are committed to it, and you can’t deny it later.</p>…

<div class="tile is-5 is-pulled-left" style="margin: 0 30px 20px 0;"><img src="./miracl-blog-no-more-dongles.jpeg" alt="No more dongles"></div> <p>One of the biggest issues in security today is that of secure identification and the misuse of stolen credentials to gain fraudulent access. This is highlighted in recent Verizon Data Breach reports: in the <a href="https://www.verizonenterprise.com/resources/reports/2017_dbir_en_xg.pdf" target="_blank">2017 report</a> it is revealed that 62% of data breaches featured hacking with 81% of these leveraging stolen or weak passwords; in the <a href="https://www.verizonenterprise.com/verizon-insights-lab/dbir/" target="_blank">2018 report</a> the authors note the considerable number of breaches due to botnets using malware to capture login details and exclude them from their analysis since “due to the sheer number of them (over 43,000 successful accesses via stolen credentials), they would drown out everything else”.</p>…

<p><img src="./miracl-blog-hack.png" alt="Data breaches and how they can stop with two factor authentication"></p> <p>What do Yahoo!, Equifax, and eBay all have in common aside from data breaches on an epic scale? They all rely on a user’s trust across digital networks to move their businesses forward.</p> <p>If your enterprise still relies on stored and shared authentication credentials (e.g. passwords) it’s only a matter of time before your company’s name (and perhaps your name as well) appear in the news related to a hack of your user database.</p>…

<p><img src="./miracl-blog-data-protection.png" alt="data protection"></p> <p>Your end user has a relationship with your business application for only one reason. To do business with you. Anything that interferes with the security of that relationship not only disrupts your business, but also can place your customers at risk in other business relationships.</p> <p>As seen with the Equifax breach in the United States, 143 million US citizens lost control of their Social Security numbers, which are used in nearly all government and banking systems. Not only were citizen business and banking disrupted, but proposed legislation in the US could fine companies like Equifax up to $100 per affected user for future disclosures.</p>…

<p><img src="./miracl-blog-compliance.png" alt="Compliance for Regulated Industries"></p> <p>Europe’s financial institutions are sleepwalking into a regulatory nightmare with security systems that are not fit for purpose to meet the requirements of the European Union’s revised Directive on Payment Services (PSD2), which was adopted in 2015. Member states have had two years to introduce the necessary changes in their national legislation in order to comply with the new rules, and firms are expected to be compliant by January 2018.</p>…

<p><img src="./miracl-blog-leak.png" alt="Leaking secrets"></p> <p>Often a competent and experienced software engineer is tasked to implement a cryptographic algorithm. Unfortunately they may be unaware of what we call side-channels attacks.</p> <p>For example normally a programmer couldn’t care less about the power consumption profile of their running program. However in many situations where cryptography is deployed an attacker is in a position to monitor power consumption. And the power consumption profile may leak information about a secret cryptographic key. And power consumption is just one example of what we call a side-channel. A list of some of the side channels we need to worry about is given here - <a href="https://en.wikipedia.org/wiki/Side-channel_attack" target="_blank"><a href="https://en.wikipedia.org/wiki/Side-channel_attack" target="_blank">https://en.wikipedia.org/wiki/Side-channel_attack</a></a></p>…