News and articles
It’s interesting to compare progress in Computer Security with progress in Medicine Science. Think of computing technology as being analogous to the human body, and under attack from multiple potentially damaging external forces. Of course we have for years talked about computer “viruses”, so the comparison is a natural one. So if we were to look at progress in medical science and progress in computer security, hoping to draw optimistic conclusions from the comparison, what would we find?…
In today’s online world of increasing digital crime, internet fraud and database breaches, businesses are left with the growing worry about protecting their online commerce and customers. When authentication goes bad For years, industry experts have warned that passwords do not provide strong enough security as a sole line of defense against the ever escalating cyber security threats designed to exploit vulnerabilities with stored authentication credentials. Usernames and passwords have proven time and again to be a weak solution for authentication, and the databases where they are stored are a hacker’s dream come true.…
As described in my last posting on the ‘Essence of the Blockchain’, the block-chain is just a public ledger supported by the power of the cryptographic hash function. From a “genesis” block, a chain of blocks propagates onwards. Due to the one-wayness of the hash function, it can never be reversed and the contents of a prior block can never be changed. However we can add new blocks on to the end of it.…
By which I mean the Personal Identification Number. Most days we use it in conjunction with our ATM card to perform relatively large value transactions. As such its a pretty proven way of authenticating ourselves. So if we already have the authentication problem solved, why don’t we use the same method when authenticating to services on the Web? Why do we persist with the much more inconvenient and insecure Username and Password combination, rather than a Card and PIN number type of solution?…
The American National Institute for Standards in Technology (NIST) is considering proposals for several modes of operation for Format Preserving Encryption (FPE). The idea behind FPE is quite simple: A plaintext should encipher to a ciphertext with exactly the same format and length. The classic example would be a credit card number, in which case the 18 decimal digit plaintext should encrypt to an 18 decimal digit ciphertext. This is clearly very convenient.…
We propose a new Elliptic curve at a security level significantly greater than the standard 128 bits, that fills a gap in current proposals while bucking the expected security vs cost curve by exploiting the new trick recently described by Granger and Scott. This essentially reduces the cost of field multiplication to that of a field squaring. Download paper and learn about an alternative Elliptic Curve 1 Introduction If a non-cryptographer were asked to guess how much stronger TOP SECRET cryptography is compared with commercial strength cryptography, I would imagine that most would suggest a hundred times, maybe a thousand times, maybe even a million times.…
New Service Adopted by NTT Software to Expand Offerings While Eliminating the Largest Security Threat To Enterprise Customers In Digital Businesses (The Password Database). Tokyo, Japan, October 19, 2016 — MIRACL, a leading internet cyber-security company, announced today the launch of NTT Software as a Global Distribution Partner for its Multi-Factor Authentication security solution platform. NTT Software has added to its portfolio MIRACL’s world-class security product that can comprehensively address the need for secure and scalable authentication in highly regulated industries such as banking, government, and healthcare.…
We have been tasked to harden the M-Pin protocol against a “key-escrow” attacker, who has the authority to demand and be issued with all of the secrets from all of the distributed trust authorities (D-TAs) and the M-Pin server, and use them to try to create valid credentials in the identities of valid clients in order to impersonate them and gain access to their accounts on a remote server via the normal M-Pin authentication process.…
M-Pin is a Multi-Factor identity based authentication protocol. Secret authentication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL. Download paper using M-Pin with Geo-location/Geo-fencing 1 Introduction M-Pin is a Multi-Factor identity based authentication protocol. Secret authen-tication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL.…
The non-interactive authenticated key exchange protocol known as SOK after its inventors Sakai, Oghishi and Kasahara, is one of the original pairing-based protocols. Like many such early protocols it was designed to work with a symmetric pairing. However now it is known that symmetric pairings are inefficient. So the issue arises of how to migrate it successfully to the setting of an efficient asymmetric pairing. In this short research note we consider the challenges and opportunities.…
M-Pin is a two-factor authentication protocol which has been proposed as an alternative to Username/Password, which works in conjunction with SSL/TLS. Here we derive a more complex M-Pin derivative called M-Pin-Full which also supplants the functionality of SSL/TLS. Download Paper to learn about Full M-pin Technology 1 Introduction M-Pin is a zero-knowledge authentication protocol which authenticates a client to a server. Its unique feature is that it allows a short PIN number to be extracted from the client secret to create a token+PIN combination, facilitating two factor authentication.…
The M-Pin protocol has been proposed for use in a setting which uses multiple Trusted Authorities. One way to realise M-Pin is to use “early binding”. With early binding the client secret shares issued by each authority are combined immediately after they are issued to each client, inside of the client process. Here we consider the possibilities of “late binding” whereby client secret shares are kept distinct. Conceptually with early binding all of the client secret shares are added to create a single secret, which is used to authenticate.…
