SafeNet, Inc has announced the industry’s first software protection solution to include white box cryptography. The SafeNet Sentinel® portfolio ofsoftware licensing and protection solutions now includes new functionality that protects security algorithms from attacks in “white box” environments, where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.

Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.

With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. Unlike traditional solutions that simply aim to hide encryption keys, SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys. 

With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary API (Application Programming Interface) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.

Check out more IT news at itvoir.com