OREANDA-NEWS. Leading into one of The Apache Software Foundation’s largest developer events, ApacheCon North America, MIRACL, NTT Innovation Institute, Inc. (NTT i3) and NTT Labs join forces to contribute their security and authentication code to a new open-source project within the Apache Incubator called Apache Milagro (incubating).

This joint contribution establishes a new internet security framework made of cryptographic service providers called Distributed Trust Authorities, who independently issue shares of keys to application endpoints which have embedded Milagro cryptographic libraries and applications.

A Distributed Trust Authority (D-TA) framework splits the functions of a pairing-based key generation server into three services, issuing thirds of private keys to distinct identities. The shares of the three private keys, generated by cloud computing providers, their customers, and dedicated trust providers, are received by Crypto App clients, thus becoming the only audience who possess knowledge of the whole key. Since key generation services are under separate organizational controls, current root key compromises and key escrow threats are are an order of magnitude more difficult since an attacker would need to subvert all three (or more) independent parties.

The D-TA framework and crypto libraries make it easy to secure internet platforms, and IoT devices and mobile application ecosystems they connect to by providing a positive alternative to the problematic single authority certificate infrastructure in use today. The results of this joint development are now contributed to Apache Milagro (incubating) including the code to build blockchain security applications, multi-factor authentication, secure communications, and data governance/compliance, which meet stringent requirements for finance services, government and healthcare.

“Any organization focused on solving the security challenges currently facing the web acknowledges that a single source solution continues to perpetuate a single point of compromise,” says Jon Oltsik, senior principal analyst at ESG. “A comprehensive approach must include participation from a community focused on solving a range of problems for a range of users to ensure that multiple perspectives are represented.”

“Security has been a key concern in many of today’s new and most disruptive applications, including commerce, health, government, online banking, and digital currency.” says Nina Simosko, CEO of NTT i3. “For emerging IoT and mobile services particularly, security will play an integral part of ensuring our social and industrial infrastructure can depended on these services. As the security risks becomes more prevalent to these services, enterprise organizations must adopt new security paradigms that address the new security risks while enabling key business digitalization strategies. We believe the technologies in Apache Milagro (incubating) will go along way to doing both.”

“Apache Milagro (incubating) is an opportunity to fix what ails the internet and leverage the power of the open source community to fundamentally evolve the security underpinnings of the web for how it’s used today,” says Brian Spector, CEO of cryptography and cybersecurity firm MIRACL. “The code and distributed trust model we are committing to Apache Milagro (incubating) is built for blockchain applications, cloud computing services, mobile and containerized developer applications by eliminating the need for any central trust authority. We are very excited to be part of Apache Milagro (incubating) and to work with the Apache Community to make the web more secure for everyone.”

“Apache Milagro (incubating) signals an important expansion from a few companies’ development efforts to a much wider community initiative that embraces the contributions of corporate development teams as well as independent developers,” says Dr. Hitoshi Fuji, Executive Manager at NTT Secure Platform Laboratories. “We are very pleased to have the opportunity to see our contributions expand in new directions through a widely-recognized and well-understood framework for organizations to work collaboratively, grow communities and protect contributors.”

Included in the contributions to the open source project is the baseline Milagro Crypto Library (MCL) that allows developers to build distributed trust systems and to select from a choice of secure, proven, pairing based protocols that enable certificateless key encapsulation, zero knowledge proof authentication, authenticated key agreement and digital signing.

Apache Milagro (incubating) also contains a pairing-based TLS library, Milagro TLS, that enables encrypted connections with perfect forward secrecy between mobile applications or IoT devices and backend service infrastructures without the need for certificates or PKI.

Higher level applications include Milagro MFA, a multi-factor authentication platform that uses zero knowledge proof protocols to eliminate the password and hence the threat of password database breach. Milagro MFA includes client SDKs in JavaScript, C, iOS, Android and Windows Phone, as well as the Authentication Server for Linux. These contributions work with the Apache Web Server which will allow developers and security engineers to integrate or build an easy-to-use multi-factor authentication solution into their existing web properties or web applications in minutes.

MIRACL, NTT i3 and NTT Labs will be engaging the Apache community at ApacheCon North America through a keynote session and a speaking track.