incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "OpenMiraclProposal" by niq
Date Tue, 10 Nov 2015 09:23:37 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "OpenMiraclProposal" page has been changed by niq:
https://wiki.apache.org/incubator/OpenMiraclProposal

New page:
= Project Proposal: OpenMiracl =
== Abstract ==
OpenMiracl is a distributed cryptosystem for cloud computing. Its purpose is to provide an
open source alternative to proprietary key management and certificate backed cryptosystems
used for secure communication and authentication. The adoption of OpenMiracl will create a
secure, free, open source alternative to monolithic certificate authorities and eliminate
single points of failure.

== Background ==
The Cloud Computing industry is using 40-year-old cryptographic algorithms and infrastructure,
invented for a different era when client-server computing was the dominant paradigm. At the
heart of it, is the continued reliance on outdated, and problematic, monolithic cryptographic
trust hierarchies such as commercial certificate authorities.

A number of factors are aligning to make this the right time to bring forth an alternative
to the Internet's continued reliance on PKI.

The Cloud Infrastructure as a Service (IaaS) industry as a whole encounters friction bringing
the largest customers in regulated industries onto their platforms because issues of cryptographic
trust, data residency, and data governance prevent total adoption among regulated industries.

Devops teams tasked with running an IaaS provider's datacenter automation encounter challenges
scaling and automating data center operations when confronted with the complexities of running
encryption, certificate and key management infrastructures built for a client-server era.

Enterprises in regulated industries find challenges to transform entirely into digital businesses
because the economics of cloud computing are unavailable to them.

Despite the astounding growth of cloud infrastructure as a service platforms over the last
few years, full adoption by organizations with stringent data security requirements won’t
be achieved until these fundamental capability issues get resolved.

Lastly, the Internet as a whole is suffering from an erosion of trust following incidents
with commercial certificate authorities industry, i.e., compromised root keys, and failures
in due diligence issuing real domain certificates.

Indeed, mass surveillance, a lack of easy end-user encryption, a growing demand for key escrow
under legal oversight, and general certificate authority security concerns create the question:
How appropriate is the continued dependency on PKI when the goal is to advance the benefits
of cloud computing across the technology landscape?

Netcraft is the industry standard for monitoring Active TLS certificates. In May 2015, they
stated that “Although the global [TLS] ecosystem is competitive, it is dominated by a handful
of major CAs — three certificate authorities (Symantec, Comodo, Godaddy) account for three-quarters
of all issued [TLS] certificates on public-facing web servers.”

The Internet Security Research Group's (ISRG) "Let's Encrypt" initiative aims to make Secure
Sockets Layer/Transport Layer Security (SSL/TLS) certificates available for free in an automated
fashion. This a step in the right direction, in that it removes the risk of profit before
ethics. The real issue, which is one entity acts as a monolithic trust hierarchy, is not addressed.
The monolithic trust hierarchy is a fundamental design flaw within PKI itself.

The rate of attacks against certificate authorities seems to be [increasing](http://wiki.cacert.org/Risk/History)
as the obvious single point of compromise design inherent to PKI is becoming a more popular
route to carry out attacks.

== Proposal ==
OpenMiracl is an open source, pairing-based cryptographic platform to solve key management,
secure communications, data governance and compliance issues that are challenging Cloud Providers
and their customers.

It does this without the need for certificate authorities, putting into place a new category
of service providers called Distributed Trust Authorities (D-TA's).

The M-Pin protocol, and its existing open-source MIRACL implementation on which OpenMiracl
will build, are already in use by Experian, NTT, Odin, Gov.UK and are being rolled out at
scale for zero password multi-factor authentication and certificate-less HTTPS / secure channel.

It is proposed that OpenMiracl enter incubation at Apache.  At the same time, a draft standard
for M-Pin has been prepared for submission to IETF.  The standards process at IETF and the
platform implementation at Apache will run in parallel.

=== Why Pairing-Based Cryptography, why now? ===
Over the last decade, pairings on elliptic curves have been a very active area of research
in cryptography. Pairings map pairs of points on an elliptic curve into the multiplicative
group of a finite field. Their unique properties have enabled many new cryptographic protocols
that had not previously been feasible.

Standards bodies have already begun standardizing various pairing-based schemes. These include
the IEEE, ISO, and IETF. Besides identity-based encryption (IBE), the standardized schemes
include identity-based signatures, identity-based signcryption, identity-based key establishment
mechanisms, and identity-based key distribution for use in multimedia.

NIST has also recommended the standardization and adoption of pairing-based cryptographic
systems __for government agencies__. In the NIST "Report on Pairing-based Cryptography" issued
in February 2015, they state:

>"It has been a decade since the first IBE schemes were proposed. These schemes have received
sufficient attention from the cryptographic community and no weakness has been identified.
IBE is being used commercially, primarily by Voltage Security and Trend Micro. Intel’s EPID
scheme is another example of pairings being used commercially. > As a result of our study,
we believe there is a good case for allowing government agencies to use pairings. Pairings
have been shown to have numerous applications, helping to solve problems that are impossible,
difficult, or inefficient with traditional public-key cryptography or symmetric encryption."

The biggest beneficiary of these new pairing-based cryptographic protocols will be the Cloud
Infrastructure as a Service industry. Pairing-based cryptography can provide real world solutions,
right now, to the outstanding issues of cryptographic trust, data security, governance and
compliance that create roadblocks to adoption of the Cloud by the industries that can most
benefit from it.

Pairing cryptography also makes possible the world in which a fleet of geographically distributed
and organizationally independent Distributed Trust Authorities act as multiple private-key
generators (PKGs) where trust need not reside in a single entity.

The difference between this new world of Distributed Trust Authorities and the current PKI
system will be a landscape that provides secure ease-of-use encryption and authentication,
does not rely upon a single trusted third party, and yet allows for limited key escrow subject
to an end customer's requirement.

=== OpenMiracl ===
The OpenMiracl libraries and tools consist of:

 * Distributed Key Management Service API
 * Distributed Key Management CLI
 * Software Defined Distributed Security Module (SD-DSM) build platform
 * Distributed Key Management Endpoints (software)
 * Crypto Apps, consisting of:
  * M-Pin Authentication Platform (delivering password-less 2FA)
   * M-Pin Secure Channel (delivering certificate-less TLS-PSK)
   * M-Pin-in-Mobile Client Libraries for iOS, Android and Windows Phone
   * M-Pin-in-Javascript Libraries for Browsers
  * Cloud Encryption Gateway (under nascent development)
  * Distributed Trust Authority Crypto App
  * Generic OpenMiracl for IoT cryptographic library

=== Distributed Trust Authorities ===
The OpenMiracl project introduces a service concept called a Distributed Trust Authority,
to replace either single-authority certificates or public key infrastructure.

The D-TA splits the functions of a pairing-based key generation server into three services
issuing thirds of private keys to distinct identities. The shares of the private keys, received
by Crypto App clients or Distributed Key Management Endpoints, become the only entities that
possess any knowledge of the whole key created from the shares.

To effect anything resembling a root key compromise that can occur in a traditional PKI or
commercial certificate authority, ***ALL*** Distributed Trust Authority servers must be compromised.
Cryptographically, one compromise of a Distributed Trust Authority does not yield an attacker
any advantage, all Distributed Trust Authority master secrets inside each D-TA providing shares
must be compromised. Note that all 3 D-TA's operate independently and are under separate organizational
control.

For the following examples, envision a Distributed Trust Authority model consisting of Cloud
Provider (D-TA 1), Cloud Provider end customer (D-TA 2) and neutral third party (D-TA 3).

Under this three participant model, where each member is responsible for the security of their
D-TA, the Cloud Provider can not subvert the security of the end customer, even with the collusion
of the neutral third party. The end customer will not suffer an internal insider attack unless
the Cloud Provider and neutral third party also collude.

=== Distributed Key Management API, CLI, Endpoints ===
The core infrastructure that consumes these thirds of private keys and is responsible for
their distribution is a message bus and API (D-KMS API), a command line interface (CLI) and
software (D-KMS Endpoints) which builds the Crypto Applications from source.

Any entity can run any mix or combination of components with other entities, but there is
no restriction on configuration. One party may operate all three D-TAs, Endpoints and APIs
if they wish.

The D-KMS CLI communicates securely with the API. The API is responsible for either creating
cryptographic keys and secrets or protecting existing keys and secrets through cryptographic
encapsulation, via a choice of pairing-based protocols. In either case, the API encapsulates
the keys and secrets for the identity of particular D-KMS Endpoints.

The D-KMS Endpoints are server operating systems with D-KMS Endpoint software installed. The
D-KMS Endpoint software, in conjunction with the D-KMS CLI, has the appropriate pairing-based
cryptographic keys to be able to de-encapsulate secrets and keys received from the D-KMS API.
These de-encapsulated secrets and keys can be stored, distributed or used in Crypto Applications,
such as M-Pin Authentication, Secure Channel or Encryption Gateway.

=== SD-DSM / Crypto Applications ===
Software Defined Distributed Security Modules, otherwise known as Crypto Applications "Crypto
Apps" get compiled from source files on-demand. Crypto App source files will be hosted on
major public repositories such as GitHub and Apache.

Crypto Applications are scaled across the datacenter through the D-KMS API in conjunction
with orchestration tools such as Apache Mesos and consume the de-encapsulated secrets and
keys.

==== M-Pin Authentication and Secure Channel ====
M-Pin is already deployed by such organizations as NTT and Experian in a two node Distributed
Trust Authority model, where MIRACL and its customer each host a D-TA node. In Experian's
case, M-Pin was selected to provide authentication for Experian's identity assurance platform,
contracted to the UK Government, for secure authentication of online citizens into UK government
websites, including HMRC (tax office). M-Pin was selected based on its security efficacy and
ability to scale to an Internet scale user population (UK online citizenry).

The M-Pin Authentication Platform serves as an example of what is possible exploiting a pairing
based protocol. M-Pin is capable of running in a native browser mode, delivering two-factor
authentication. M-Pin binds to any identity (as long as it is worldly unique) and improves
the user authentication experience as it can be visualized in a familiar ATM-style pin pad.

It's most unique trait is the exploitation of zero knowledge proof authentication. The M-Pin
Client proves to the M-Pin Server it possesses its cryptographic authentication key without
revealing it to the server. As a result, the M-Pin Server stores no authentication credentials,
eliminating the possibility of credential (i.e., password) smash n' grab attacks.

M-Pin Secure Channel extends the protocol to include authenticated key agreement between server
and client and mutual client-server authentication. The 'agreed key' is unique for each session,
possessing perfect forward secrecy.

M-Pin Secure Channel takes the agreed key and injects the key into a TLS-PSK session between
client and server, providing mutual authentication and perfect forward secrecy without the
need for PKI. This cryptographic underpinning can be extended to create secure VPN sessions
over various protocols.

In an M-Pin client and server context, clients and servers receive their shares of their private
keys from all three Distributed Trust Authorities. In the previously mentioned example, this
could be Cloud Provider, end customer and neutral third party or any combination thereof.

M-Pin Client and Server code are already open source, having been previously released under
BSD-Clause-3.

The next iteration and revision will be licensed under the Apache License.

==== Cloud Encryption Gateway ====
Many proprietary solutions have appeared on the information security market to solve data
governance issues about securing data in the cloud with encryption keys managed by an end
customer. To date, most of these solutions involve purchasing hardware or virtualized appliances
to run in an end customer's datacenter, with nothing more delivered than a single encryption
key under control of the end customer, performing sub-optimum deterministic encryption on
data sent to the cloud.

OpenMiracl's Cloud Encryption Gateway will be a virtualized or container based software, deployed
in an end customer's environment. This CEG will exploit pairing-based capabilities such as
attribute-based encryption (anyone in possession of the correct set of attributes can decrypt)
and, more generally, predicate-based encryption (anyone in possession of the right set of
attributes and a decryption key corresponding to a particular predicate can decrypt).

Doing so increases the flexibility of the solution by being enabled to address data residency
and governance requirements such as geo-location while allowing key management and rotation
protocols to be enforced.

== Rationale ==
The benefits of a strong authentication, secure channel and cloud encryption via an identity
framework for people and things are self-evident, and the plethora of homebrew proprietary
solutions and password nightmares seen today is clear evidence of a need for better solutions.

OpenMiracl's distributed trust model is particularly attractive, by virtue of dispensing with
need for (and potential for abuse of) any central trust authority without requiring sophistication
- such as understanding a Web of Trust - from end users.

A move to incubation at Apache will help the community to grow and take on new members in
an environment that guarantees open development and protection of participants.

This is particularly relevant right now as a second corporate team, NTT Data, with its own
culture joins as core developers. For the outside world, it offers the strong promise of openness.

== Initial Goals ==
OpenMiracl will seek to integrate the existing projects at CertiVox (now MIRACL) and NTT,
and will invite participation from a nascent broader community evidenced by the core MIRACL
library's 65 watchers and 29 forks at Github.

As well as looking to broaden direct participation, it will seek synergies with relevant Apache
projects, for example by providing OpenMiracl plugins for HTTPD and Trafficserver.

The initial software products will be the current standing M-Pin Core platform, client libraries
and the SD-DSM and Distributed Key Management API and client CLI (as noted above).

== Current Status ==
CertiVox (now MIRACL) has developed open source software at GitHub since 2014, though the
core MIRACL library goes back much further. Projects currently at GitHub include the M-Pin
Authentication Platform and the MIRACL cryptographic libraries under BSD-Clause-3 and AGPL
licenses.

These have attracted both community and corporate interest taking them beyond the realm of
a single-company project, with NTT being the second corporate team to take a substantial part
in development.  The project now seeks to transition smoothly to a full Open Development model.

The core team at CertiVox (now MIRACL) is geographically dispersed and developers are well-accustomed
to using online infrastructure and tools for their everyday work.  The team at NTTi3 and NTT
DATA and other contributing developers are included amongst the initial committers.

In addition to MIRACL operating a community D-TA, NTT, Experian and Dimension Data have all
agreed to host no-charge community D-TAs.  Other cloud providers are considering and have
been engaged. An open source platform from which to offer these services is a necessary component
to finalizing and launching community D-TA's.

== Meritocracy and Community ==
The project is moving from a single (startup) company open source project seeking a wider
community, to embrace a second corporate development team and third-party developers.  The
project is committed to broadening the community through meritocracy, and expects to welcome
contributions and recognize contributors.

It is hoped that incubation at Apache will help with this broadening, by providing a widely-recognised
and well-understood framework for working collaboratively, growing communities, and protecting
contributors.

== Core Developers ==
Dr. Michael Scott, Chief Cryptographer at CertiVox (now MIRACL), has been a major open source
and standards contributor to the field of elliptic curve cryptography for over twenty-five
years.

Others include

=== Existing team at CertiVox/MIRACL: ===
 Patrick Hilt - CTO
 Kealan McCusker - Cryptographer
 Stanislav Mihaylov - Architect
 Simeon Aladhem - Developer

=== Existing team at NTT: ===
 Go Yamamoto - Cryptographer
 Kenji Takahishi - Developer

=== Existing ASF Member: ===
 Nick Kew - Developer

== Alignment: ==
Whereas OpenMiracl has no track record of its own, the CertiVox (now MIRACL) team have been
working on related projects at Github.  Being geographically diverse, the team is well-accustomed
to day-to-day working in a similar environment to Apache and with similar tools and processes.
The anticipated role of Apache is to help the community to grow without fragmentation of communities,
code, or intellectual property.

We are not aware of any link with existing Apache projects.  However, it is likely that several
Apache projects may be interested in working with OpenMiracl to provide distributed identity
services.  Plugins for HTTPD and Trafficserver are already anticipated.

== Known Risks ==
=== Orphaned products ===
OpenMiracl is at the core of CertiVox (now MIRACL)'s business and important to NTT, Experian,
and other platform adopters who are in the process of coming online.

Interest, and with it both developer and user communities, are expected to grow strongly.
 There is little risk of the project losing momentum in the foreseeable future.

=== Experience with Open Source ===
The software has a history as open source, developed until recently by a geographically distributed
team within a single company. Github activity shows some evidence of a wider community.  The
major new development that leads the proposers to seek incubation at Apache is the coming
of new corporate interest: while both corporate teams have open-source experience, their cultures
and backgrounds differ.

We hope that incubation at Apache may help the teams collaborate in an environment of mutual
benefit, as well as attract independent developers to play a full part.

=== Homogenous Developers. ===
The established corporate teams are dispersed across several European countries and Japan.
 Prospective developers (whose companies are interested in OpenMiracl) are located in other
countries, and we anticipate a global community.

=== Reliance on Salaried Developers ===
Most of the initial committers are salaried developers from the core corporate teams.  Github
activity, including 29 forks of the Miracl library, indicates wider community interest, and
it is hoped that the developer community will grow substantially at Apache.

=== Apache Brand ===
The Apache brand is of course seen as an advantage.  However, the project is more directly
concerned with the Apache platform and environment to unite diverse teams.

== Relationships with Other Apache Products ==
See Alignment above.

== Documentation ==
OpenMiracl derives from Certivox's existing M-Pin, MIRACL and associated tools at github.com/Certivox/
Documentation at http://docs.certivox.com/ may also inform and feed into the OpenMiracl project.

== Initial Source and Intellectual Property ==
As soon as OpenMiracl is accepted into the Incubator, CertiVox (now MIRACL) will transfer
the source code and trademark to the ASF with a Software Grant, and licensed under the Apache
License 2.0. CertiVox/MIRACL retains rights to its existing MIRACL mark.

== External Dependencies ==
There are no external dependencies and all software is under the sole ownership of CertiVox/MIRACL.

== Cryptography ==
This is advanced cryptographic software, and as such may be subject to government interest
and red tape in some countries. However, the architecture by which SD-DSM / Crypto Apps are
distributed, via open source freely available code repositories, is intentional to exploit
the near universal interpretation of the Wassenar agreement to permit export of open source
cryptography without restriction (in most cases).

== Required Resources ==
Mailinglists:
 *  private
 *  dev
 *  users

Git repository (to mirror existing github repo)
 *       https://git-wip-us.apache.org/repos/asf/incubator-openmiracl.git

Issue Tracking
 *       JIRA repository to be requested

==== Trust Authority Service ====
The podling would like to request a VM at "ta.openmiracl[.incubator].apache.org" with which
to run a Community Trust Authority.  It is anticipated that this will serve as a test facility
for developers and may become a Trust Authority for the community of ASF committers.

== Initial Committers ==
 * Akira Nagai             (NTT)
 * Brian Spector           (Certivox/MIRACL)
 * Fuji Hitoshi            (NTT)
 * Genoveffa Pagano        (Certivox/MIRACL)
 * Go Yamamoto             (NTT)
 * Jordan Katserov         (Certivox/MIRACL)
 * Kealan McCusker         (Certivox/MIRACL)
 * Kenji Takahishi         (NTT)
 * Michael Scott           (Certivox/MIRACL)
 * Milen Rangelove         (Certivox/MIRACL)
 * Mitko Yugovski          (Certivox/MIRACL)
 * Michael Scott           (Certivox/MIRACL)
 * Nick Kew                (Apache)
 * Nick Pateman            (Certivox/MIRACL)
 * Patrick Hilt            (Certivox/MIRACL)
 * Simeon Aladhem          (Certivox/MIRACL)
 * Stanislav Mihaylov      (Certivox/MIRACL)
 * Tetsutaro Kobayashi     (NTT)

== Sponsors ==
=== Champion ===
 . Nick Kew

=== Mentors ===
 . [ TBD ]

=== Sponsoring Entity ===
 . The Apache Incubator

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message