News and articles

Re-imagining Internet Security Infrastructure

22 Apr, 2015 by MIRACL Blogger

It’s time for a re-boot of the Internet’s security infrastructure. The last two years have been anything but uneventful in the realm of information security. Let’s start with the Snowden revelations. The fallout from the treasure trove of classified information is still ongoing, but taking a geo-political view we can see that the Internet is now moving towards a “trust no one” model, whereby local service providers will spring up to satisfy the jurisdictional demands of their customers.…

Whatever it is, it needs security

21 Feb, 2015 by Dr Michael Scott

The ubiquity of “things” is both a strength and a weakness when considering the potential of the Internet of things. The possibilities of what can be connected are, literally, endless. Firstly, there will not be just one IoT, there will be multiple, and each will differ and be largely disjointed from the rest. The things may be identical or different in terms of computing capability and overall significance. The things may be mobile or stationary, and it’s not immediately clear if security will be an issue in every use-case.…

Crypto Security - How many bits?

02 Feb, 2015 by Dr Michael Scott

Very recently we have seen some progress in the cryptanalysis of Elliptic curves. This Austrian group have reportedly broken an elliptic curve at the 113-bit level of security, using 10 FPGAs. Before proceeding lets put a number against “security level”. Consider the Advanced Encryption Standard (AES) with a 128-bit random key. Lets call this AES-128. Now for elliptic curves we need twice as many bits for the same level of security.…

A Brief History of Authentication

20 Nov, 2014 by Dr Michael Scott

We authenticate ourselves multiple times every day. Every time we open a door with a key we are authenticating ourselves to the building we are entering, simply by demonstrating possession of the key. When we buy something with a bankcard we authenticate ourselves via possession of the card and knowledge of the associated PIN. This is known as two factor authentication. We use passports to authenticate ourselves when we travel. Sometimes we authenticate by simply recognising each other, although this is not a very scalable method.…

Backdoors in NIST elliptic curves

24 Oct, 2013 by Dr Michael Scott

Cryptography is a lot about trust. And in the real world cryptography depends on standards, as the standardization of cryptographic algorithms is how cryptography is projected into the real world. For years people have trusted the US based NIST – National Institute for Standards in Technology, with headquarters in Gaithersburg just outside Washington DC. I was there once at a conference*. But now thanks to the reckless actions of the NSA (National Security Agency), as exposed by various whistle-blowers, that trust has been blown, with incalculable consequences.…

2 step verification vs 2 factor authentication

21 Aug, 2013 by MIRACL Blogger

Several super high profile smash and grab attacks on global scale cloud service providers have prompted stronger authentication to be deployed on Google, Twitter, Evernote and many more providers. The balance between user friendliness and credible security is a key issue for these providers or any web site owner needing to increase secure authentication. There is no point in making the service exorbitantly difficult to use of course. When looking at the security they choose, however it raises the question why they would bother at all!…