Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/3/2012
02:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeNet Thinks Outside The 'Black Box'

SafeNet Sentinel portfolio includes new functionality that protects security algorithms from attacks in “white box” environments

BALTIMORE—April 3, 2012—SafeNet, Inc., a global leader in data protection, today announced the industry’s first software protection solution to include white box cryptography. The SafeNet Sentinel® portfolio of software licensing and protection solutions now includes new functionality that protects security algorithms from attacks in “white box” environments, where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.

Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.

“Our white box solution assumes that attackers have full visibility. It replaces the exposed algorithm and encryption keys with special application libraries that minimize the attack surface,” said Michael Zunke, chief technology officer, Software Monetization Solutions, SafeNet. “This methodology ensures that the protected keys remains hidden from hackers and are less susceptible to reconstruction during attacks.”

With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. Unlike traditional solutions that simply aim to hide encryption keys, SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys. With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary API (Application Programming Interface) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.

“Given the sophistication and level of today’s security breaches, it’s imperative that software vendors pay specific attention to software protection throughout the design and implementation stages, and continuously enhance it as part of the product lifecycle,” continued Zunke. “SafeNet’s software protection solutions allow ISVs to easily integrate a wide range of security measures, including white box cryptography, as part of their design directly at the source code level, further strengthening the overall protection scheme for the software vendor.”

White Box Cryptography Webinar

To learn more about white box cryptography, please join SafeNet software security expert, Mark Horvath as he presents on “Best Practices in Software Protection: White Box Cryptography.” In this session, Mark will discuss how white box cryptography works, and the superior level of security that this methodology provides when compared to traditional secure channel communications. The webinars will also be available in German and in Spanish on the Brighttalk LicensingLive EMEA channel at www.brighttalk.com/channel/7357

About SafeNet’s Licensing Solutions

SafeNet offers the industry’s strongest, most flexible software licensing and management solutions. The Sentinel portfolio provides award-winning IP protection, software licensing, and entitlement management technology that minimizes software piracy risks and enables flexible licensing, pricing, and packaging models that help software developers create new revenue opportunities and improve customer satisfaction.

To learn more about SafeNet’s full portfolio of software monetization solutions, visit www.safenet-inc.com/sentinel.

About SafeNet

Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.