Tuesday, May 01, 2012

#SECURITY: "White Box Encryption Debuts"

White-box encryption is a new paradigm that foils hackers even if they have access to the cryptographic algorithms and can watch them as they execute. Unlike traditional "black box" cryptography that assumes a hacker cannot look "inside the box", SafeNet white-box cryptography foils hackers even if they "pry open the lid": R. Colin Johnson

Black box encryption assumes that the bad guy is only able to eavesdrop on the encrypted data as it goes by (from Bob to Alice) Source:

Here is what says about white-box cryptography: With hackers becoming increasingly sophisticated traditional “black box’ encryption techniques no longer cut it, necessitating a new era of “white box” encryption that is virtually uncrackable.

Traditional encryption techniques assume that the code that executes the security algorithms is hidden, so that hackers can only eavesdrop on what goes into and comes out of the “black box” making it very difficult to crack. Unfortunately, cryptographic algorithms that are executed in software can be extracted by enterprising hackers and executed in the broad daylight of their own or an untrustworthy platform.

SafeNet provides many security solutions including format preserving tokenization (FPT) which uses tokens to preserve the length and format of sensitive data, ensuring that no changes to legacy databases are required in order to support a tokenization process. Source: SafeNet

"White box" cryptography, on the other hand, assumes that the hacker has somehow gained entry into the platform on which the encryption algorithms are running. However, by assuming that the adversary has full control over the execution environment, white-box encryption algorithms are go the extra mile to be inherently more trustworthy, since their engineering has been more thorough in making sure that the critical cryptography keys are never separately revealed--even in their encrypted form--thereby making the algorithm virtually uncrackable.
Further Reading