White-Box Cryptography
White-Box Cryptography is emerging as a key technology to combat hacking and intellectual property (IP) theft in unsecure or untrusted environments.
Software developers seeking to reduce their code’s vulnerability to attack should understand the benefits of White-box cryptography and what to look for when selecting a solution.
The need for White-Box Cryptography
Popular trusted ciphers like RSA and AES were not
designed to operate in environments where their
execution could be observed. In fact, the standard
cryptographic model is that communications endpoints
and computing platforms are assumed to be
trusted. If the target device resides in a hostile
environment, then the cryptographic keys may be
directly visible to an attacker. An attacker may be able
to monitor the application and extract one or more
cryptographic keys embedded or generated by the
application. This is a common problem for PCs, set top
boxes and other devices where DRM, conditional
access or other security sensitive applications are
involved. Hackers monitor standard cryptographic APIs
or memory and simply grab keys when exposed. Two
recent examples of successful memory-based key
lifting attacks are the AACS/BackupHDDVD hack that
lifts the AACS keys from memory to enable the
BackupHDDDVD tool to copy the disc, and the
FairUse4WM utility that removes the DRM from
protected Windows Media content.
What is White-Box Cryptography?
In traditional cryptography, a black-box attack
describes the situation where the attacker tries to
obtain the cryptographic key by knowing the algorithm
and monitoring the inputs and outputs, but without the
execution being visible. White-box cryptography
addresses the much more severe threat model where
the attacker can observe everything, can access all
aspects of the target system/application, and may have
the black-box knowledge of the crypto algorithm.
Black-box Attack
- Attacker knows algorithm
- Watches inputs and outputs
- Controls input text
- No visibility of execution
White-box Attack
- Attacker can observe everything
- Attacker knows algorithm
- Watches inputs, outputs, intermediate calculations
- Controls input text
- Full visibility into Memory (debuggers and emulators)
More information about white-box cryptography is available in the Cloakware whitepaper Understanding the Advantages of Cloakware White-Box Cryptography.