Print

SafeNet Thinks Outside the ‘Black Box’ with Industry’s First White Box Cryptography Software Protection Solution



Email
April 3, 2012 —  SafeNet, Inc., a global leader in data protection, today announced the industry’s first software protection solution to include white box cryptography. The SafeNet Sentinel® portfolio of software licensing and protection solutions now includes new functionality that protects security algorithms from attacks in “white box” environments, where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.
 
Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.
 
“Our white box solution assumes that attackers have full visibility. It replaces the exposed algorithm and encryption keys with special application libraries that minimize the attack surface,” said Michael Zunke, chief technology officer, Software Monetization Solutions, SafeNet.  “This methodology ensures that the protected keys remains hidden from hackers and are less susceptible to reconstruction during attacks.”
 
With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. Unlike traditional solutions that simply aim to hide encryption keys, SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys. With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary API (Application Programming Interface) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.
 
“Given the sophistication and level of today’s security breaches, it’s imperative that software vendors pay specific attention to software protection throughout the design and implementation stages, and continuously enhance it as part of the product lifecycle,” continued Zunke. “SafeNet’s software protection solutions allow ISVs to easily integrate a wide range of security measures, including white box cryptography, as part of their design directly at the source code level, further strengthening the overall protection scheme for the software vendor.”
 
White Box Cryptography Webinar
To learn more about white box cryptography, please join SafeNet software security expert, Mark Horvath as he presents on “Best Practices in Software Protection: White Box Cryptography.” In this session, Mark will discuss how white box cryptography works, and the superior level of security that this methodology provides when compared to traditional secure channel communications. The webinars will also be available in German and in Spanish on the Brighttalk LicensingLive EMEA channel at www.brighttalk.com/channel/7357




Share this link: http://sdt.bz/36491
 


Comments


04/11/2012 09:30:43 AM EST

Sounds like maybe they've just reinvented the TPM.

United StatesBubba Crypto


close
NEXT ARTICLE
Tasktop adds support to all members of software delivery teams
Tasktop Sync 3.0 includes new capabilities for teams using products from Serena, Rally, JIRA and Clarity PPM Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
APRIL 2014 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?