Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/3/2012
02:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeNet Thinks Outside The 'Black Box'

SafeNet Sentinel portfolio includes new functionality that protects security algorithms from attacks in “white box” environments

BALTIMORE—April 3, 2012—SafeNet, Inc., a global leader in data protection, today announced the industry’s first software protection solution to include white box cryptography. The SafeNet Sentinel® portfolio of software licensing and protection solutions now includes new functionality that protects security algorithms from attacks in “white box” environments, where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.

Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.

“Our white box solution assumes that attackers have full visibility. It replaces the exposed algorithm and encryption keys with special application libraries that minimize the attack surface,” said Michael Zunke, chief technology officer, Software Monetization Solutions, SafeNet. “This methodology ensures that the protected keys remains hidden from hackers and are less susceptible to reconstruction during attacks.”

With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. Unlike traditional solutions that simply aim to hide encryption keys, SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys. With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary API (Application Programming Interface) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.

“Given the sophistication and level of today’s security breaches, it’s imperative that software vendors pay specific attention to software protection throughout the design and implementation stages, and continuously enhance it as part of the product lifecycle,” continued Zunke. “SafeNet’s software protection solutions allow ISVs to easily integrate a wide range of security measures, including white box cryptography, as part of their design directly at the source code level, further strengthening the overall protection scheme for the software vendor.”

White Box Cryptography Webinar

To learn more about white box cryptography, please join SafeNet software security expert, Mark Horvath as he presents on “Best Practices in Software Protection: White Box Cryptography.” In this session, Mark will discuss how white box cryptography works, and the superior level of security that this methodology provides when compared to traditional secure channel communications. The webinars will also be available in German and in Spanish on the Brighttalk LicensingLive EMEA channel at www.brighttalk.com/channel/7357

About SafeNet’s Licensing Solutions

SafeNet offers the industry’s strongest, most flexible software licensing and management solutions. The Sentinel portfolio provides award-winning IP protection, software licensing, and entitlement management technology that minimizes software piracy risks and enables flexible licensing, pricing, and packaging models that help software developers create new revenue opportunities and improve customer satisfaction.

To learn more about SafeNet’s full portfolio of software monetization solutions, visit www.safenet-inc.com/sentinel.

About SafeNet

Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.