Milagro: A distributed cryptosystem for the cloud
A new open source project within the Apache Incubator aims to create an alternative to outdated and problematic monolithic trust hierarchies such as commercial certificate authorities.
Apache Milagro (incubating) is a distributed cryptosystem for cloud computing.
A joint undertaking by MIRACL (formerly Certivox), NTT Innovation Institute, and NTT Labs, it will establish a new internet security framework made of cryptographic service providers called Distributed Trust Authorities, who independently issue shares of keys to application endpoints which have embedded Milagro cryptographic libraries and applications.
The project does not aim to replace digital certificates for web server-to-browser authentication, but to offer mutual authentication and key agreement for the Cloud Infrastructure as a Service industry.
A Distributed Trust Authority (DTA) framework splits the functions of a pairing-based key generation server into three services, issuing thirds of private keys to distinct identities. The shares of the three private keys, generated by cloud computing providers, their customers, and dedicated trust providers, are received by Crypto App clients, thus becoming the only audience who possess knowledge of the whole key. Since key generation services are under separate organizational controls, current root key compromises and key escrow threats are an order of magnitude more difficult since an attacker would need to subvert all three (or more) independent parties.
The DTA framework and crypto libraries make it easy to secure internet platforms, and IoT devices and mobile application ecosystems they connect to by providing a positive alternative to the single authority certificate infrastructure in use today.
“Apache Milagro (incubating) is an opportunity to fix what ails the internet and leverage the power of the open source community to fundamentally evolve the security underpinnings of the web for how it’s used today,” says Brian Spector, CEO of cryptography and cybersecurity firm MIRACL.
“The code and distributed trust model we are committing to Apache Milagro (incubating) is built for blockchain applications, cloud computing services, mobile and containerized developer applications by eliminating the need for any central trust authority.”
Milagro’s M-Pin protocol, and its existing open-source MIRACL implementation on which Milagro is built, is already in use by Experian, NTT, Ingram Micro, and Gov.UK and rolled out to perform at Internet scale for zero password multi-factor authentication and certificate-less HTTPS / secure channel.
“The move to incubation at Apache will help the community to grow and take on new members in an environment that guarantees open development and protection of participants. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects,” MIRACL told Help Net Security.
“Apache Milagro (incubating) is at the initial stages where the end destinations will be defined by the contributors who help build and steer the project. The initial goal is to enable developers and publishers to create a way to secure their applications and their users without placing monumental requirements on either. The eventual goal of Apache Milagro (incubating) is to provide a new security model for the web, mobile, enterprise and connected applications from independent sources whose strength lies in their unique approach and combined alliance.”
“Suggestions on destinations between the starting point and eventual goal are welcomed. Apache Milagro (incubating) is beginning its journey. We all know that once code is given to the open source community it continues to live and evolve,” they concluded.