iQoncept - Fotolia

Can white-box cryptography save your apps?

With the Internet of Things, software-based secure elements could hold the key.

If you think we can’t trust the endpoint now, wait for the Internet of Things to really get rolling. The number of “things” connecting to your networks will increase many-fold, according to your favored analysts’ forecasts. And you won’t be able to slap an antivirus package on most of this stuff.

While the technology isn’t precisely brand new, white-box cryptography (WBC) is getting more notice because it’s software-based and may hold promise for securing apps on devices and the Internet of Things. It gives an organization a way to encrypt critical portions of programs and store the keys for decryption in a manner that is essentially tamperproof.

Hidden keys

What exactly is white-box encryption? Cryptographer Thomas Pornin offered a compelling answer a few years back in response to a similar question on StackExchange:

“White-box cryptography is less ambitious, and correspondingly a bit less impossible, than the Holy Grail of video game vendors, namely preventing any kind of reverse engineering; WBC aims at protecting ‘just’ cryptographic keys.”

The key phrase there is “Holy Grail.” It’s natural to balk at the idea that an attacker could see the full implementation and behavior of a cryptosystem (this is where the “white box,” comes in) and not be able to reverse engineer it. Nor are you going to get an explanation here of just how this neat trick is pulled off, though there are a couple of useful papers online that are worth having a look at: see here and here.

WBC technology got plenty of pushback a few years ago, admits Andrew McLennan, whose startup Metaforic built white-box encryption systems before the company was acquired by Inside Secure in 2014. “But then when Host Card Emulation in the payment space came about, where Google basically said they were taking away the reliance on [hardware-based] secure elements, that kind of validated us almost overnight,” said McLennan, who is vice president of Inside Secure’s mobile security division. “It went from pushing uphill in snowdrifts to ‘wait a minute—if the likes of Visa and MasterCard are OK with it, maybe we should be OK with this.’” Inside Secure was exclusively focused on hardware secure elements before buying Metaforic; now software is a fast-growing part of their business.

Lost in execution

It’s natural to balk at the idea that an attacker could see the full implementation and behavior of a cryptosystem and not be able to reverse engineer it.

OK, but what’s a reasonable approximation of how this security technology works? According to McLennan, a cryptographic algorithm is intermixed with an encryption key in a process not unlike that of compiling code. (And, in fact, the source code does get compiled into an executable as part of this process.) Both the algorithm and key are “dissolved” (McLennan’s word) in the expression of the executable.

If you’ve got a key and you’ve got an algorithm, you can have digitally signed code. The application itself can check the validity of the code against the signature, and if things don’t match up, the program knows that its own code has been tampered with. In a traditional approach to doing this, you’d use a hardware-based root of trust like a Trusted Platform Module (TPM) to protect the keys needed to check the validity of the code. Microsoft’s BitLocker Drive Encryption, for example, relies on the physical TPM chip that is embedded in the motherboard of virtually all notebook and desktop computers. But with a white-box approach there’s no hardware required.

If this sounds like code obfuscation or Runtime Application Self Protection (RASP), that’s because there are similarities. But to the extent that an attacker can’t recover the key from the executable, this has a clear, provable strength. Obfuscation has to rely on outsmarting its attackers, and the overall strength of RASP has yet to be proven in the field. (All bets are off with WBC, though, if attackers find a way to extract the key.) Another benefit of the white-box approach is that the key is encrypted in memory and when in use. Of course, nothing prevents all three tactics from being deployed in tandem to safeguard applications; Arxan Technologies’ application protection, for example, does exactly that.

The Internet of Things already encompasses millions, if not hundreds of millions, of Internet-connected devices running on embedded systems. The vast majority don’t have built-in hardware providing tamperproof roots of trust. As flaws are discovered in the software that makes these things “smart,” such as when Charlie Miller and Chris Valasek hijacked the Jeep operating system earlier this year, attackers will exploit them with maneuvers that overwrite program code and data. Software-based secure elements give us a chance to detect the tampering before we’re cruising at high speed and the brakes are remotely switched off.

About the author:
Robert Richardson is the editorial director of TechTarget’s Security Media Group. Follow him on Twitter @cryptorobert.

Dig Deeper on Application and platform security

Enterprise Desktop
Cloud Computing