Periodic Reporting for period 1 - CIPHRA (CIPHRA)
Reporting period: 2020-01-01 to 2020-06-30
Bulk theft of data, including personal information, identities, passwords, etc., is one of the main cyber threats facing almost all IT industries without a robust and secure solution in sight. Such data breaches have high national, regional, and often global impact. One of the main causes of any data breach is passwords, as hackers can easily crack them offline. The current practice for password and personal data protection on digital online services is to use a variety of password hashing functions, which are functions that are easy to compute but hard to invert. However, the major problem with the current state-of-the-art password hashing functions, such as Argon2, bcrypt, scrypt, PBKDF2, etc., is that they do not stop data from being stolen in the first place. Given the sophisticated techniques and capabilities at the disposal of cybercriminals, both in terms of hardware and software, once the password database is breached and stolen, it is only a matter of time before all passwords are cracked. In fact, only strong passwords take longer time to crack, but weak ones, which unfortunately is the case for the majority of passwords chosen by most users, require from a few seconds to a few minutes to crack offline. Secure password protection thus remains as one of the major pain points almost almost all mass data storage providers in the IT industry are facing today.
Authentico's patented solution CIPHRA, which is a hardware-dependent cryptographic processor, is specifically designed for protection of, among others, passwords by making it infeasible to crack passwords even if a database is stolen, regardless of the password strength and the resources available to the hacker. CIPHRA protects the cryptographic infrastructure by generating unclonable encryption keys from authentication requests using a technology called PUF (physically unclonable function). The end result is that CIPHRA effectively eliminates offline password cracking.
The main objectives of this project are two-fold: one, to establish, via market research, which countries represent the greatest take-up potential; two, to identify which categories of companies will deliver the greatest impact and snowball effect for CIPHRA. In addition, we want to have an even clearer picture of customer needs and factors which influence their purchasing decisions. The question of pricing is a very important one, and is tied closely not only to the scalability of CIPHRA but also to our ability to offer a better and more affordable version of CIPHRA. Finally, a technological development roadmap would allow us to chart key technical milestones that bring us closer to a final and, from a technical perspective, adaptable CIPHRA solution.
Authentico's patented solution CIPHRA, which is a hardware-dependent cryptographic processor, is specifically designed for protection of, among others, passwords by making it infeasible to crack passwords even if a database is stolen, regardless of the password strength and the resources available to the hacker. CIPHRA protects the cryptographic infrastructure by generating unclonable encryption keys from authentication requests using a technology called PUF (physically unclonable function). The end result is that CIPHRA effectively eliminates offline password cracking.
The main objectives of this project are two-fold: one, to establish, via market research, which countries represent the greatest take-up potential; two, to identify which categories of companies will deliver the greatest impact and snowball effect for CIPHRA. In addition, we want to have an even clearer picture of customer needs and factors which influence their purchasing decisions. The question of pricing is a very important one, and is tied closely not only to the scalability of CIPHRA but also to our ability to offer a better and more affordable version of CIPHRA. Finally, a technological development roadmap would allow us to chart key technical milestones that bring us closer to a final and, from a technical perspective, adaptable CIPHRA solution.
The technical feasibility study allowed us to create a technical development plan for CIPHRA’s market launch. We advance the preparations for commercialisation and confirmed the market potential in the US, Japan and the UK. The market assessment has provided valuable insights into the current trends and opportunities on the global Hardware Security Module (HSM) market, activities undertaken by the competitors and the recent development results. We have verified that CIPHRA demonstrates a strong commercial potential. The main conclusion derived from this study, is that there exists a clear business opportunity to exploit, with our technology. The study outcomes allowed us to prepare the plan, enabling reaching our financial and commercialization targets, aligned with the overall business development strategy of the company.
Stolen passwords and user information are the biggest security problem on the Internet today, and more and more people are affected every year. In 2018, over 500 million passwords were stolen and today, there are a total of over 9 billion passwords and personal data to buy in illegal markets. Internet companies and e-retailers spend a lot of money on managing the security of their users. Today, it is necessary for all commercial players on the Internet to secure sensitive data for customers and users. With the patented technology CIPHRA, which secures the passwords and personal data of companies with online platforms, Authentico aims to become a world leader within a couple of years. The solution has already shown a strong proof of concept, but we need a couple of large and international players as reference customers to be able to increase the speed and successfully scale.