White-Box Works is a new solution for adding white-box cryptography to applications which store algorithms, cryptographic keys and other critical IP. It has been designed to be more resistant to advanced attacks such as Side Channel and Statistical Analysis. The flexibility of White-Box Works in platform and cryptographic key agnosticism, gives developers and architects greater freedom to develop even more secure applications. White-Box Works is delivered as a tool-kit and is completely deployable in-house.
A standard encryption algorithm requires that the key be present. The key is visible in a debugger at run-time.
White-box technology hides the key. Second-generation white-box tools attempt to randomize execution behavior. The basic flow of the algorithm is unchanged and is susceptible to side-channel attacks.
PACE's White-Box Works third-generation white-box tool hides the key and randomises ALL execution behaviors. It provides greater depth and strength of security and therefore is not susceptible to side-channel attacks.
White-box implementations generated with White-Box Works can detect attacks and intentionally produce incorrect output to confuse attackers.
Continuous in-house and external security evaluations ensure that white-box implementations generated with White-Box Works are resistant to modern white-box attacks including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.
White-Box Works is a new, unique solution for adding white-box cyptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible, without compromising ease of use or performance.
"Riscure’s security analysts had full access to White-Box Works and generated white-box instances, while no external protections such as obfuscation or anti-instrumentation were applied, and successfully tested it through advanced key extraction attacks.
The technology brings a unique security capability to solutions developers as it allows to create white-box instances of any algorithm, allowing for optimal flexibility and developer freedom where protection of cryptographic keys is vital. This makes it not only useful in Payment, but also in other fields such as DRM, eHealth, IoT, Automotive, etc.”
Director of Mobile Payment Security, Riscure
A secure white-box protects cryptographic secrets against an attacker with full access to the implementation. The input and output of a white-box are the same as with a standard crypto operation, but in the transformed white-box version the protected cryptographic secrets are not visible to an attacker.
A white-box code generator is not simply a library of protected cryptographic operations. It is a tool that transforms any algorithm or dataflow operation into a protected white-box implementation. It can generate or update an unlimited number of unique implementations on-demand.
White-box cryptography is most often deployed to protect cryptographic implementations in apps that are executed on open devices, such as PCs, tablets, or smartphones when the developer needs to achieve the highest level of security with no dependency on hardware secure elements.
In these open devices, an attacker can observe the encrypt/decrypt operations using reverse engineering tools and easily extract an unencrypted copy of the data. More importantly, the attacker can also easily extract the encryption key being used, allowing the attacker to decrypt all data that is encrypted with that key. This makes unprotected crypto implementations in open devices extremely vulnerable to attacks.
White-box cryptography is also an excellent solution where periodic updates to the cryptographic implementation are required to prevent class breaks. These breaks would render costly hardware obsolete if it relied solely on hardware-based security.
White-Box Works is the newest thinking in the white-box space. It provides significantly better protection against attacks than other solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.
Its usability advantages include the ability to create a white-box implementation in a single step, eliminating the need to write a simulation harness. This approach also allows developers to easily combine cryptographic operations into a single white-box, unlike other solutions which provide pre-made combinations to provide useful functionality such as dynamic keys. White-Box Works makes it easy for developers to combine operations in ways that best suit their requirements, making it a lighter weight solution in many applications.
Traditional white-box library products are monolithic and inflexible DLLs. This means they force developers to compromise on their creativity, while leaving them reliant on the vendor for updates. The ability for the developer to simultaneously serve multiple platforms and to add ancillary services (such as Loyalty) delivers far more value to the PSP or Merchant and subsequently the consumer.
PACE Anti-Piracy’s White-Box Works developer tools quickly and efficiently deliver critical components of the cryptographic architecture required for SoftPOS - while allowing the developer the freedom to create innovative software for retailers.
