Metaforic WhiteBox is a state-of-the-art cryptographic solution that allows an application to perform cryptographic operations without exposing keys and other secrets that are critical to the security of those operations.
Metaforic WhiteBox ensures that these critical, secret elements are never revealed even while the cryptographic operations are being executed. Metaforic WhiteBox also provides strong protection against advanced attacks that seek to derive these secrets by observing the behavior of the operations.
Metaforic WhiteBox supports a wide variety of common algorithms including AES, RSA and ECDSA and is available for iOS, Android, BB10, Linux, Windows and OSX.
The Need for White Box Cryptography
Cryptography plays a significant role in modern applications. Basic data encryption is now commonplace and many applications make use of cryptography to verify the integrity of data, authenticate external parties, and to establish secure communications.
When used correctly, cryptographic solutions can allow these operations to be performed with a high degree of confidence in the security that they provide.
However, almost all cryptographic operations rely on secrets, typically in the form of symmetric keys or private keys. If a hacker can gain access to these secrets, then the cryptographic operations that depend upon them immediately become insecure. With standard cryptographic solutions, this is a relatively trivial task for any hacker that has direct access to the application.
This is particularly true when devices have been jail-broken or rooted by their owners, but in reality, all devices can be compromised by hackers without the consent of their owners.
Data on mobile devices is particularly vulnerable. Hackers can easily compromise the device environment and your applications in minutes, allowing them to steal credentials, leak data from Enterprise BYOD solutions and make fraudulent payment transactions.
This is the reality that application developers face today. More so than ever before, hackers are already on the devices and inside the applications. For cryptography to remain secure, cryptographic solutions must protect secrets against direct attacks.
Metaforic WhiteBox integrates seamlessly into your existing build processes by replacing your existing cryptographic routines with drop-in Metaforic WhiteBox implementations. When combined with Metaforic Core’s integrity protection, this embeds cryptographic routines immutably and irretrievably into your application such that the application itself can use them freely but hackers cannot misuse them or extract any secrets from them.