SafeNet Releases Software Protection Solution with White-box Cryptography

SafeNet Sentinel portfolio of software licensing and protection solutions hardened against reverse engineering, tampering, automated attacks in hostile environments.

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

SafeNet, Inc., a data protection vendor, has released a software protection solution to include white box cryptography. The SafeNet Sentinel portfolio of software licensing and protection solutions adds functionality that protects security algorithms from attacks in “white box” environments where attackers traditionally have been able to freely observe and alter dynamic code execution and internal algorithm details at will.

Traditionally, in software protection, cryptography has been virtually performed directly in front of the eyes of the attacker. There hasn’t been a black box protecting the secret keys and as such, the application’s execution can be monitored step by step with all accessed data is visible. In order to better secure and keep the secret keys out of harm’s way, a different approach needs to be taken.

“Our white box solution assumes that attackers have full visibility. It replaces the exposed algorithm and encryption keys with special application libraries that minimize the attack surface,” said Michael Zunke, chief technology officer, software monetization solutions, SafeNet. “This methodology ensures that the protected keys remains hidden from hackers and are less susceptible to reconstruction during attacks.”

With SafeNet’s white box solution, communication between protected applications and hardware tokens is fully encrypted, ensuring that the data passing through the secure channel cannot be replayed. SafeNet’s implementation is centered on white box cryptography, which assumes that attackers can trace protected applications and run-time environments in search of encryption keys.

With this assumption as part of the design, the algorithm and encryption keys are replaced with proprietary application programming interface (API) libraries that implement the same encryption but embed the encryption key as part of the algorithm in a way that ensures it is never present in memory and, therefore, cannot be extracted. Each application library is uniquely generated and obfuscated for each specific software vendor customer, making generic hacks virtually impossible to execute.

More information is available at