With WhiteBox you retain full control of business-critical Static Keys - these can never be shared by other white-box implementations
WhiteBox architectures are uniquely customisable by the developer, ensuring attackers can't anticipate how to analyse and attack
Highly efficient code-transformation ensures high performance, even in restricted devices such as Mobile Platforms and IoT
With legacy software crypto methods, it is difficult to keep cryptographic keys private because the hacker can easily analyse the software to find the secrets. This is compounded with the trend to running secure software on open platforms - these environments should always be considered as compromised - from the moment they are first switched on.
WhiteBox cryptography dissolves keys into the code and obscures algorithms, including at runtime. This keeps keys safe even when an attacker has complete access to the device on which the cryptographic functions are executing.
WhiteBox uniquely provides developers with a toolkit to compile WhiteBox implementations of cryptographic algorithms and other C-code within applications, while retaining control over the vital static keys that “unlock” the WhiteBox.
Traditional WhiteBox vendors provide a pre-compiled library, which requires the vendor to control your keys - effectively they manage your security.
The crypto functions that WhiteBox provides can be used via an API in exactly the same way as other crypto libraries, yet it provides a way to infuse your key data immutably into your application’s logic in such a way that it is impractical to extract.
WhiteBox Tool has been designed so that is can be used in performance-sensitive implementations such as the on-demand decryption of streamed DRM video in restricted Mobile platforms, yet its effect on code size is such that it is successfully deployed in multiple HCE Payment mobile applications globally.
WhiteBox protects data from attacks, whether it is at rest, in transit or in use by the application – without the need for hardware. WhiteBox allows you to encrypt and decrypt data without the encryption keys being exposed, allowing the secure transfer of sensitive information from directly within your applications.
Cryptography plays a significant role in modern applications. Basic data encryption is now commonplace and many applications make use of cryptography to verify the integrity of data, authenticate external parties, and to establish secure communications.
When used correctly, cryptographic solutions can allow these operations to be performed with a high degree of confidence in the security that they provide.
However, almost all cryptographic operations rely on secrets, typically in the form of symmetric keys or private keys. If a hacker can gain access to these secrets, then the cryptographic operations that depend upon them immediately become insecure. With standard cryptographic solutions, this is a relatively trivial task for any attacker that has direct access to the application.
This is particularly true when Mobile devices have been jail-broken or rooted by their owners, but in reality, all devices can be compromised by hackers without the consent of their owners.
Data on mobile devices is particularly vulnerable. Hackers can easily compromise the device environment and applications in minutes, allowing them to steal users’ Personal Data credentials, leak data from Banking and Enterprise solutions and to make fraudulent payment transactions.
This is the reality that application developers face today.
More so than ever before, hackers are already on your devices and inside your applications. For cryptography to remain secure, cryptographic solutions must protect your secrets against direct attacks.