Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/3/2012
02:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeNet Thinks Outside The 'Black Box'

SafeNet Sentinel portfolio includes new functionality that protects security algorithms from attacks in “white box” environments

BALTIMORE—April 3, 2012—SafeNet, Inc., a global leader in data protection, today announced the industry’s first software protection solution to include white box cryptography. The SafeNet Sentinel® portfolio of software licensing and protection solutions now includes new functionality that protects security algorithms from attacks in “white box” environments, where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.

Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.

“Our white box solution assumes that attackers have full visibility. It replaces the exposed algorithm and encryption keys with special application libraries that minimize the attack surface,” said Michael Zunke, chief technology officer, Software Monetization Solutions, SafeNet. “This methodology ensures that the protected keys remains hidden from hackers and are less susceptible to reconstruction during attacks.”

With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. Unlike traditional solutions that simply aim to hide encryption keys, SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys. With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary API (Application Programming Interface) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.

“Given the sophistication and level of today’s security breaches, it’s imperative that software vendors pay specific attention to software protection throughout the design and implementation stages, and continuously enhance it as part of the product lifecycle,” continued Zunke. “SafeNet’s software protection solutions allow ISVs to easily integrate a wide range of security measures, including white box cryptography, as part of their design directly at the source code level, further strengthening the overall protection scheme for the software vendor.”

White Box Cryptography Webinar

To learn more about white box cryptography, please join SafeNet software security expert, Mark Horvath as he presents on “Best Practices in Software Protection: White Box Cryptography.” In this session, Mark will discuss how white box cryptography works, and the superior level of security that this methodology provides when compared to traditional secure channel communications. The webinars will also be available in German and in Spanish on the Brighttalk LicensingLive EMEA channel at www.brighttalk.com/channel/7357

About SafeNet’s Licensing Solutions

SafeNet offers the industry’s strongest, most flexible software licensing and management solutions. The Sentinel portfolio provides award-winning IP protection, software licensing, and entitlement management technology that minimizes software piracy risks and enables flexible licensing, pricing, and packaging models that help software developers create new revenue opportunities and improve customer satisfaction.

To learn more about SafeNet’s full portfolio of software monetization solutions, visit www.safenet-inc.com/sentinel.

About SafeNet

Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...