Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apache incubating project promises new Internet security framework

Thor Olavsrud | May 13, 2016
The newly announced Apache Milagro (incubating) project seeks to end to centralized certificates and passwords in a world that has shifted from client-server to cloud, IoT and containerized applications.

Current contributions to the incubating project include the following:

  • The baseline Milagro Crypto Library (MCL), which enables developers to build distributed trust systems and select from a choice of pairing-based protocols that enable certificate-less key encapsulation, zero knowledge proof authentication, authenticated key agreement and digital signing
  • Milagro TLS, a pairing-based TLS library that enables encrypted connections with perfect forward secrecy between mobile applications or IoT devices and backend infrastructures without the need for certificates or PKI
  • Milagro MFA, a multifactor authentication platform that uses zero knowledge proof protocols to eliminate the password and thus the threat of password database breach; Milagro MFA includes client SDKs in JavaScript, C, iOS, Android and Windows Phone, as well as the Authentication Server for Linux

Kenji Takahashi, vice president, Product Management, Security, at NTT i3 notes the contributions all easily integrate with the Apache Web Server, allowing developers and security engineers to integrate with or build multifactor authentication solutions for their Web properties and Web applications.

"You can implement multifactor authentication within minutes," he says. "There are no hardware tokens required. It runs in a browser or an app."

While the technology is already robust — NTT is in the process of implementing a version of the Milagro MFA server and client that it will roll out later this year — Takahashi and Spector both say that building a community around the project is necessary to take it to the next level.

"From our viewpoint, we are trying to renew trust of the Internet," Takahashi says. "I call it 'IoT' — Internet of Trust. We cannot do it alone. We have to do it as a community. Trust, by nature, should be based on communities, people."

"Nowadays, if you're trying to fundamentally change the technology industry in a way that benefits all the participants, the way to do it is either the Linux Foundation or the Apache Foundation," Spector adds.

In the next few weeks, Spector says Milagro will issue its proposal for establishing the distributed trust ecosystem. Going forward, Takahashi says he would like to see the project address issues in IoT, connected cars, smart factories and smart grids.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.