Miracl

Miracl stands for Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK. This software library is an open source SDK for ECC (Elliptic curve cryptography). The main difference with other cryptographic SDKs is the fact that MIRACL is not just focused on PC use but also in other environments like SCADA and mobile apps.

FEATURES

MIRACL claims to secure highly constrained environments with some added value like doing it easily and quickly by simplifying the program development with an inline C++ wrapper. The library is composed by more than 100 routines to cover everything when it comes to multi-precision arithmetic. With these new libraries you will have two new data types defined: Big is the name for the large integers and large rational numbers with flash (Floating slash). Based on Knuth’s algorithms as explained on his classic work “The art of Computer Programming” in chapter 4, the large integer routines work with rounded fractions, as proposed before by D. Matula and P. Kornerup. These routines have been optimized so that they match the efficiency and speed and remaining on portable C. Also, if you need other fast assembly alternatives for routines which are more time critical, there are optional alternatives.

MIRACL also launched the Zero-Factor Authentication Platform. The features of this new platform include to eliminate the password database, which is the most sensitive information database of any company. Since there is no password or PIN database, there is no sensitive data to steal any IDs or passwords. This should meet all the requirements of many companies because, after all, it is also a free and open source. However, there are paid solutions by MIRACL as well and they do not tell the price in their website so, the only way to find out is to contact them and see. One of these services is a cloud hosted service to provide the implementation process. They also offer a white label service and they say it is at a very affordable price, however there is no way to know until you explain them about your business.

In the words of their CEO Brian Spector “At a time when businesses are struggling to secure everything connected to the internet, we are disrupting the authentication market by redefining the landscape,” so, instead of keeping with the usual trend of storing all the factors in the cloud, the whole idea is to remove this problem by not storing any. Since there is no need to secure and store any IDs and passwords, the system is completely immune to identity thefts as it has happened many times to very big companies. Since this is a very secure system, it is aimed mostly at regulated industries like gambling, banking, health care and insurances which, by using MIRACL will never have a bad day of getting a phone call that they were victims of a hacker attack and the password database has been breached.

The Cloud-hosted service is a multi-factor authentication as a service where users don’t need to create any passwords so that there is nothing to steal and nothing to break. Instead of doing that, what the system is really doing is to use a pairing-based cryptography in order to check the authentication between the user with a smartphone and the provider. This platform offers secure authentication with no friction for using the service. As everything is provided in the cloud there is no shipping needs or any need to setup anything or any infrastructure, there is also no need to integrate on-premise network devices. With a faster deployment, all the system can be up and running in less than a day. The activation from Dimension Data works in this way:

The developer has to sign up to their website and use the free trial for starters. This means to access their website and register as a developer and then enable and activate the app by integrating the SDKs into the app. There are a wide array of SDKs for different languages like .Net, java, Go, php, Ruby, Node.js, Python and Tornado. After that, all that remains is to setup the service and apply the keys provided by dimension data to the app to start testing. The end user has an easier job, because all they have to do is to go to the iTunes or Google Play and download the Dimension Data MFA app and install it to the smartphone. The app will perform a scan on the device and then will ask for a 4-digit code pin. That’s all for them.

PROS AND CONS

PROS

• Very secure
• Very easy to use
• Fast to deploy
• Part of it is open source and free
• Free trial in the cloud-hosted service

CONS

• Not many information about them or their services
• Their paid plans have no price in their website
• Not much community around them
• Their cloud-hosted service doesn’t have a price plan

CONCLUSION

With a growth in the cybercrime in the last years, online security is a must for any company dealing with sensitive data like banking, gaming, gambling, health-care, insurance and many others. Cybercrime seems to be always a step ahead the authorities and too often we hear in the news the database of a company has been breached and all the data from the customers has been exposed. There is no such a thing as too much security when you are dealing with sensitive data or you are working with online money. MIRACL claims to have found the solution to all these breaches by eliminating the password database from the servers. Since there is no password database, there is no sensitive data to steal and the system is supposed to be hacker-free. This is done by pairing the server with the device instead of using a password on the user’s end. However, there is still not much information about this and how reliable it can be so, for now, the only way to find out is either try or wait more time.