Cryptographic Key Protection
What is White-Box Cryptography?
Cryptography is at the heart of secure communication worldwide, and has become an indispensable protection mechanism for securing systems, communications and applications. Cryptographic keys are the fundamental building block of this protection mechanism.
Keys are used to:
- Protect digital assets, including media, software and devices
- Encrypt user licenses
- Bind devices
- Prove identity
- Secure communication against eavesdroppers
- Protect Host Card Emulation (HCE)
While offering strong protection, cryptography makes the assumption that cryptographic keys are kept absolutely secret. This assumption is very difficult to guarantee in real life since applications and systems can be compromised relatively easily.
Access to digital content, data and information systems is commonly protected by encryption, a first line of defense. However encryption has a single point of failure – the instance at which the decryption key is used. This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys will (typically) be constructed in memory. Subsequently, fatal exploits can be easily created.
Keys are the critical component for securing systems, communication and applications, and therefore must be protected at all times.
The term “white-box cryptography” (WBC) describes a secure implementation of cryptographic algorithms in an execution environment, such as on a desktop computer or a mobile device, which is fully observable and modifiable by an attacker.
White-box cryptography is intended for any security system that employs cryptographic algorithms and keys, and that is executed in an open and untrusted environment, such as on a desktop computer, mobile device, or embedded system. Examples of such systems are Digital Rights Management clients, Conditional Access Systems, game consoles, and set-top boxes.
Arxan’s WBC Solution
Arxan provides the strongest and most robust WBC solution. Our solution protects:
- Static keys – Embedded in an application when it ships
- Dynamic keys – Generated on the fly at run-time
- Sensitive user-data
Our solution offers a range of technical benefits:
- It offers stronger security than any other WBC solution
- Supports all major cryptography standards and functionality
- Offers a smaller footprint than other WBC solutions
- Delivers better performance
Our Solution, TransformIT®, is a sophisticated implementation of white-box cryptography. It combines mathematical algorithm with data and code obfuscation techniques to transform the key and related operations so keys cannot be discovered. The keys are never present either in either the static form or in runtime memory.
TransformIT® works by clearly separating the data into two domains:
- Open Domain – Contains data that the application needs to access. All code and data can be understood by the attacker
- Encrypted Domain – Contains keys, cryptographic routines and any sensitive data
This approach, from an attackers point of view, makes it impossible to meaningfully interpret the data within the encrypted domain.
TransformIT® works in conjunction with our patented guarding technology to provide comprehensive protection. It:
- Provides keys in white-box form for use in the cryptographic operations performed
- Allows both obfuscation and encryption on sensitive data and chained-together cryptographic operations, to reduce or remove the possibility of a successful attack
How is TransformIT Implemented?: