The client-server communication model is used in a wide variety of software applications. While the server side is usually sufficiently protected and sealed from public access, this is not the case with the client side. Devices like smartphones, tablet PCs, notebooks, and desktops are considered insecure, and client applications running on them are exposed to security threats. Since adversaries can reverse engineer and debug the client applications, their internal secrets, such as the cryptographic keys, can be compromised. Examples of such endangered schemes are financial applications, end-user business applications, banking applications, healthcare applications, file synchronization utilities, and game clients.
whiteCryption technology can be successfully applied to protect client applications that are located in an insecure environment and that communicate with a server via an encrypted communication channel. Using whiteCryption SKB, a cryptographic library that provides industry-standard cryptographic algorithms, the client application is defended against security threats. The unique white-box implementation of these algorithms is designed so that debugging and reverse engineering do not reveal the cryptographic keys in plain form. By replacing the cryptographic algorithms of a client application's security features with the ones provided by whiteCryption SKB, robust protection for cryptographic keys and sensitive data is created.
whiteCryption SKB enables software producers to protect client applications that operate in insecure environments. The cryptographic keys used by the client applications are efficiently protected, thus ensuring secure distribution and processing of sensitive data in client-server deployments, which would be impossible without the whiteCryption SKB protection.
Utilizing whiteCryption SKB has the advantage that different operating systems and hardware platforms can be supported with only one solution, making the integration and deployment straightforward and efficient.
whiteCryption SKB is designed to address today's security attributes and needs, but at the same time, it is flexible enough to adjust quickly and efficiently for future requirements. It can be easily integrated with any existing code and data protection schemes.
| Sample Use Case — Desktop Client That Sends Signed Messages | |
|---|---|
| Object | A registered desktop client that communicates with a server. |
| Summary | The central server accepts communications from multiple registered customers. Customers use a desktop client application for submitting messages to the server. To verify that the messages are coming from valid customers and are not modified along the way, the server requires each customer to sign all submitted messages with a private key, which is unique to each client application. The server then uses each customer’s public key to verify the signatures. |
| Threat | The critical place is the signing algorithm in the client application because it requires a secret private key. Since the application is located in an open environment, an adversary can attempt to extract the private key from the program code. Having the customer's private key would enable the adversary to produce unauthorized messages. |
| Solution | To enhance security, the client application can use the signing functions provided by whiteCryption SKB. Based on the fundamental ability to perform computations on encrypted data, this operation is implemented in such a way that ensures the private key is never shown in plain form and cannot be altered. |