Blog Entry

May 1

White Box Encryption Debuts

by R. Colin Johnson
Guest Contributor to LicensingLive
Originally published on Smarter Technology.


With hackers becoming increasingly sophisticated traditional “black box’ encryption techniques no longer cut it, necessitating a new era of “white box” encryption that is virtually uncrackable.

Traditional encryption techniques assume that the code that executes the security algorithms is hidden, so that hackers can only eavesdrop on what goes into and comes out of the “black box” making it very difficult to crack. Unfortunately, cryptographic algorithms that are executed in software can be extracted by enterprising hackers and executed in the broad daylight of their own or an untrustworthy platform.

“White box” cryptography, on the other hand, assumes that the hacker has somehow gained entry into the platform on which the encryption algorithms are running. However, by assuming that the adversary has full control over the execution environment, white-box encryption algorithms are go the extra mile to be inherently more trustworthy, since their engineering has been more thorough in making sure that the critical cryptography keys are never separately revealed–even in their encrypted form–thereby making the algorithm virtually uncrackable.

“White box” cryptography has been on the drawing board for years, making it a favorite subject of doctoral theses, and a pet research topic in software laboratories worldwide, but now SafeNet Inc. (Belcamp, Maryland) claims to have made the first commercial white-box cryptography solution widely available.

Called the Sentinel, SafeNet’s white-box cryptography solution uses algorithms that are hardened against reverse engineering, tampering and automated attack regimes by virtue of special application libraries that minimize what SafeNet calls the “attack surface,” thereby assuring that encrypted data is never called out so that hacker can concentrate on breaking its keys. Traditional “black box” cryptography, on the other hand, merely hides the keys leaving the encrypted data exposed, thereby inviting hackers with access to the algorithms to use automated techniques to guess the keys.

Instead, SafeNet’s Sentinel replaces the algorithm and encryption keys with a proprietary application programmers interface (API) that grants access to libraries which embed the keys inside the algorithmic code in a way that prevents them from ever being present in memory where hackers can observe them. Each application library is unique for a specific software vendor, preventing hacker from comparing the code of different vendors to pinpoint the differences that hold that hold that vendor’s encryption keys.

For all the details, SafeNet’s software security expert, Mark Horvath has a free webinar on the “Best Practices in Software Protection: White Box Cryptography” in which he discusses (in English, German and Spanish) how white box cryptography provides superior security a world of the increasingly cyberspace uncertainty.


About the Author:

R. Colin Johnson is a technology editor at EE Times and a contributing editor for Ziff Davis.  He has published articles about next-generation electronics and related technology for more than 20 years, and was awarded the prestigious Kyoto Prize Journalism Fellowship in 2010.  His unique perspective has prompted coverage of his articles in a diverse range of major media outlets, from the ultra-liberal National Public Radio (NPR) to the ultra-conservative Rush Limbaugh Show.  Mr. Johnson has degrees from the University of Michigan and Washington University.

  • R. Colin Johnson

    I believe that white-box encryption is an important new paradigm because it foils hackers even if they get access to cryptographic algorithms and watch them as they execute. Unlike traditional “black box” cryptography that assumes a hacker cannot look “inside the box”, SafeNet white-box cryptography ensures that hackers cannot deduce encryption keys even if they “pry open the lid”!

  • Pingback: White Box Encryption Debuts | LicensingLive! | Encryption & Secure

  • A

    If it were that unbreakable, why has none of the commercial entities that promote WBC, never revealed the algorithms ? Security by obscurity is a strict no no, especially in crypto, and the crypto world primarily relies on peer reviews of crypto algorithms to get an assurance on the security. Keep in mind that all serious WBC algorithms that have been revealed to the public have been broken and none of the commercial ones have revealed the core algo