What is White-Box Cryptography?
Key & Data Protection is the Digital.ai white-box cryptography solution to protecting keys and data in untrusted environments such as mobile devices, computers connected to the Web, embedded devices (the “Internet of Things”), and so on.
For complete details on implementing white-box cryptography for your apps, see Application Security Key & Data Protection.
Goals of Cryptography
In a networked environment, the most apparent goal of cryptography is to protect the privacy, or confidentiality, of communications. Cryptography is also used to authenticate the identity of communicating parties, to ensure that the message received is the message that was sent (otherwise known as integrity), and that an authenticated message cannot be repudiated.
A Digital.ai Key & Data Protection uses algorithms to help you achieve all of these goals:
- Confidentiality: Supported by the AES, DES, RSA, and ECC ElGamal ciphers
- Authenticity: Supported by Message Authentication Codes (MACs)
- Integrity: Supported by Secure Hashing Algorithms (SHA)
- Non-Repudiation: Supported by RSA or ECDSA digital signatures
Encryption/decryption ciphers and certain other security protocols depend on cryptographic keys. If the keys are not secure, the communication can be compromised. In a secure, “black-boxed” network, traditional cryptography provides sufficient protection―provided the encryption keys are protected as well.
In the open environment of the Internet, keys are not secure unless you give them additional protection. Key & Data Protection provides such additional protection in the form of white-box cryptography.
What is White-box Cryptography?
White-box cryptography addresses the problem of open, untrusted environments. The idea behind the white box is that the key is hidden in plain sight, in such a way that an attacker cannot deduce that it is the key. A white-boxed key is hard-coded into lookup tables and protected by randomization techniques.
White-box cryptography has been shown to be resistant to direct attack, and no automatic tools have been found to break it. Although weak implementations of it have been cracked, it remains the preferred technique for protecting keys in an untrusted environment.
Employing white-box keys along with Digital.ai's proprietary obfuscation techniques breaks many of the assumptions upon which side-channel attacks are based. In addition, using Digital.ai App Protection can prevent an attacker from collecting the time-series data upon which side-channel attacks depend.
Why Digital.ai White-box Cryptography?
Digital.ai's Key and Data Protection solution secures data in transit by safeguarding encryption and decryption keys within mobile and desktop apps using advanced white-box cryptography.
- This technique blends app code and keys to protect cryptographic operations, ensuring hardcoded keys cannot be extracted, and supports all major ciphers, modes, and key sizes.
- Interoperates with other cryptographic packages like OpenSSL without requiring server-side changes.
In addition to supporting all major algorithms and modes, Digital.ai Key and Data Protection is the only white-box cryptography security product that is validated to meet FIPS 140-3 security requirements.