Smartphones, tablet PCs, game consoles, embedded devices, set-top boxes, and other devices that operate with copyrighted content and sensitive data usually contain secret embedded cryptographic keys called device keys. These keys are specific to each device or device model, and are used in security features to control the licensing of the device, ensure secure bootstrapping of the operating system, and prevent installing unauthorized applications after the device has been released to the market. In many devices, the device keys are exposed at some point during execution of security features. Experienced adversaries can discover the keys by reverse engineering the security features' program code or analyzing the device memory. Once a key is found, an attacker can easily navigate to where it will typically be constructed in memory, and subsequently fatal exploits can be easily created.
whiteCryption SKB is a cryptographic library that provides an extensive set of cryptographic algorithms. The unique white-box implementation of these algorithms is designed so that debugging and reverse engineering do not reveal the cryptographic keys in plain form. By replacing the cryptographic algorithms of a device with the ones provided by whiteCryption SKB, robust protection for device keys and sensitive digital assets is created.
whiteCryption SKB enables hardware manufacturers and software producers to ensure that device keys are kept secret and protected on devices without dedicated security chips. This feature makes these types of untrusted devices secure for running applications and services that require the highest level of protection. As a result, the devices become more attractive to the content, media, and other industries that demand secure distribution and processing of their digital assets. Utilizing whiteCryption SKB has the advantage that different operating systems and hardware platforms can be supported with only one solution, making the integration and deployment straightforward and efficient.
whiteCryption SKB is designed to address today's security attributes and needs, but at the same time, it is flexible enough to adjust quickly and efficiently for future requirements. It can be easily integrated with any existing code and data protection schemes.
| Sample Use Case — Device That Runs Proprietary Applications | |
|---|---|
| Object | A device that only allows executing applications that are signed by the manufacturer. |
| Summary | The protection is implemented by embedding a secret verification key into the device's firmware. The AES algorithm is used to ensure fast verification of signatures. When a new application is installed on the device, the firmware verifies the signature of the application using the secret verification key and allows execution of the application only if the signature is valid. |
| Threat | A skilled hacker can break into the firmware of the device and extract the embedded verification key, which in turn would enable him to produce unauthorized applications for the device. |
| Solution | The embedded key can be protected with the help of whiteCryption SKB, a cryptographic library that is built from the ground up to prevent key extraction attacks. By integrating verification algorithms of whiteCryption SKB into the device's firmware, the manufacturer will ensure that the verification key is never exposed. |