Advanced White-Box Cryptographic Protection

White-Box Works - A Code Generator

Security Leaders Keep their Code In-house

White-Box Works is a new solution for adding white-box cryptography to applications which store algorithms, cryptographic keys and other critical IP. It has been designed to be more resistant to advanced attacks such as Side Channel and Statistical Analysis. The flexibility of White-Box Works in platform and cryptographic key agnosticism, gives developers and architects greater freedom to develop even more secure applications. White-Box Works is delivered as a tool-kit and is completely deployable in-house.

More Than Just a White-Box Library

Instead of a single monolithic white-box library, White-Box Works creates a network of interconnecting protected code. Functions are split into several components, located throughout the run-time, and are networked while interacting. This makes it difficult for bad actors to analyze.

Standard Encryption

Standard encryption algorithm

A standard encryption algorithm requires that the key be present. The key is visible in a debugger at run-time. 

Traditional White-Box Cryptography

First Generation White-Box

White-box technology hides the key. Second-generation white-box tools attempt to randomize execution behavior. The basic flow of the algorithm is unchanged and is susceptible to side-channel attacks.

PACE White-Box Works Code Generator

White-Box Works

PACE's White-Box Works third-generation white-box tool hides the key and randomises ALL execution behaviors. It provides greater depth and strength of security and therefore is not susceptible to side-channel attacks. 

What Makes White-Box Works Different?

White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises.

EMVCo Certified

White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises.

Algorithm Agnostic

White-Box Works can transform any C-code into a protected white-box variant in a single step, offering unparalleled flexibility, security, and efficiency

Advanced Architecture

White-Box Works is significantly more performant than previous generations of white-box tools in large complex applications, such as our internal conductor use case.

Code Stays In-House

Customers can replace and update their deployed encryption keys and algorithms at will, with no need to re-engage PACE Anti-Piracy, or any other third-party vendor, to do so.

White-Box Works is Resistant to Modern Cryptographic Attacks

White-box implementations generated with White-Box Works can detect attacks and intentionally produce incorrect output.

Continuous in-house and external security evaluations ensure that white-box implementations generated with White-Box Works are resistant to modern white-box attacks including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.

White-Box Works is a new, unique solution for adding white-box cyptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible, without compromising ease of use or performance. 

Advanced Attacks

White-Box Works Defends Against

Reverse
Engineering

Recreating a program's binary code to trace it back to the original source code

Statistical
Analysis

Exploitation of statistical weaknesses in a targeted algorithm

Fault
Injection

Class of active physical attacks for the purposes of cryptographic key extraction

Code
Lifting

Exploits collisions occuring on internal variables of the implementation

Why Choose
PACE Anti-Piracy?

PACE Anti-Piracy employs a consultative approach to understand the unique security, compliance and business needs of our customers. We have helped hundreds of companies meet and exceed security requirements.

Advanced Products

Sophisticated products made by engineers for engineers.

Our Experience

Nearly four decades of experience protecting and licensing software.

Reliability

Consistently updated products offering cross platform support.

World-Class Support

Customers receive the highest level access to our engineering team.

"Riscure’s security analysts had full access to White-Box Works and generated white-box instances, while no external protections such as obfuscation or anti-instrumentation were applied, and successfully tested it through advanced key extraction attacks. 

The technology brings a unique security capability to solutions developers as it allows to create white-box instances of any algorithm, allowing for optimal flexibility and developer freedom where protection of cryptographic keys is vital. This makes it not only useful in Payment, but also in other fields such as DRM, eHealth, IoT, Automotive, etc.”

Security Expert

Director of Mobile Payment Security, Riscure

Riscure has pioneered in assessing the security of mobile technology. Among their accreditations, is the ability to perform security assessments for a wide variety of organizations including EMVCo.

Read Press Release

We are Software Security Experts

Evaluate our products with full engineering support. Start your trial today!
QUESTIONS

What is White-Box Cryptography?

A secure white-box protects cryptographic secrets against an attacker with full access to the implementation. The input and output of a white-box are the same as with a standard crypto operation, but in the transformed white-box version the protected cryptographic secrets are not visible to an attacker.

What is a White-Box Code Generator?

A white-box code generator is not simply a library of protected cryptographic operations. It is a tool that transforms any algorithm or dataflow operation into a protected white-box implementation. It can generate or update an unlimited number of unique implementations on-demand.

Where is White-Box Cryptography Used?

White-box cryptography is most often deployed to protect cryptographic implementations in apps that are executed on open devices, such as PCs, tablets, or smartphones when the developer needs to achieve the highest level of security with no dependency on hardware secure elements.

In these open devices, an attacker can observe the encrypt/decrypt operations using reverse engineering tools and easily extract an unencrypted copy of the data. More importantly, the attacker can also easily extract the encryption key being used, allowing the attacker to decrypt all data that is encrypted with that key. This makes unprotected crypto implementations in open devices extremely vulnerable to attacks.

White-box cryptography is also an excellent solution where periodic updates to the cryptographic implementation are required to prevent class breaks. These breaks would render costly hardware obsolete if it relied solely on hardware-based security.

Why Should We Choose the PACE's White-Box Works White-Box Code Generator?

White-Box Works is the newest thinking in the white-box space. It provides significantly better protection against attacks than other solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.

Its usability advantages include the ability to create a white-box implementation in a single step, eliminating the need to write a simulation harness. This approach also allows developers to easily combine cryptographic operations into a single white-box, unlike other solutions which provide pre-made combinations to provide useful functionality such as dynamic keys. White-Box Works makes it easy for developers to combine operations in ways that best suit their requirements, making it a lighter weight solution in many applications.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram