A new incubating project at the Apache Software Foundation (ASF) promises a more secure Internet that doesn't require monolithic trust hierarchies and centralized certificate authorities. And it could eliminate the need for complex passwords, too.
At ApacheCon North America in Vancouver last Wednesday, telecommunications juggernaut NTT Group, along with its Silicon Valley-based innovation center NTT i3 and cryptography and cybersecurity specialist MIRACL, joined forces to contribute their security and authentication code to a new open source project: Apache Milagro (incubating).
By eliminating the need for a central trust authority and the public key infrastructure (PKI) model built 40 years ago for a client-server world, the new incubating project aims to provide a better framework for blockchain applications, cloud computing services, mobile and containerized developer applications.
Dividing keys in threes
Milagro seeks to establish a new Internet security framework made of cryptographic service providers called Distributed Trust Authorities (DTAs) that independently issue shares of keys to application endpoints which have embedded Milagro cryptographic libraries and applications. In a DTA framework, the function of a pairing-based key generation server is split into three services, each of which issues thirds of private keys to distinct entities.
The shares of the three private keys, generated by cloud computing providers, their customers and dedicated trust providers, are received by Crypto App clients, which thus become the only audience that possesses knowledge of the whole key. Brian Spector, CEO of MIRACL, says that since key generation services are under separate organizational controls, current root key compromises and key escrow threats become an order of magnitude more difficult because an attacker would need to subvert all three (or more) independent parties.
No longer living in a client-server world
"What we basically came to over the last couple of years is that the current crypto systems in place today were really intended for a client-server world," Spector says. "As we move to a distributed cloud-based world, then you've got a fundamental problem you need to solve which the current class of crypto systems just can't do."
The DTA framework and crypto libraries are intended to make it easy to secure Internet platforms as well as Internet of Things (IoT) devices and the mobile application ecosystems they connect to by providing a positive alternative to the single authority certificate authority used today, Spector says.
Milagro includes code for building blockchain security applications, multifactor authentication and secure communications, all with data governance and compliance that meets the requirements for financial services, government and healthcare.
"This implementation is just the beginning of this," says cryptography expert Go Yamamoto, associate director at NTT i3. "The Milagro project has the scope to expand for everyone. Here's a world without certificates, without passwords, without single points of compromise. The reason why it's open source is so everyone can kick the tires, look under the hood and evaluate it for themselves."
Sign up for CIO Asia eNewsletters.