541,001 active members*
2,814 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Taking Encryption Protections to the Next Level

July 2017
26
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Taking Encryption Protections to the Next Level

It seems like every day we hear about damaging and costly cyberattacks resulting from pirated software, theft of digital Intellectual Property, stolen personal, financial and medical data, or malicious tampering of consumer IoT devices and connected industrial machine systems in the IIoT. What’s most alarming about these attacks is that many times hackers were able to exploit a vulnerability in the very protection mechanisms designed to secure them.

For centuries now, encryption schemes, from simple ciphers to complex symmetric and asymmetric cryptography, have been used as a formidable defense against hackers to protect data, communications, devices and systems. But just as encryption techniques have evolved and become more sophisticated, so have the abilities of cyber criminals to identify and attack vulnerabilities in code, cryptographic protocols or key management in even the most clever protection schemes. Encryption alone is not the end-all solution. For example, use of a weak algorithm for encryption and decryption may be insufficient to prevent a brute force attack. On the other hand, use of a strong encryption algorithm, but with an insecure implementation that may expose the decryption key, can render the application vulnerable to attack.

The fact is that there is no 100% secure solution in software protection. That’s why companies like Wibu-Systems are dedicated to the continuing development of novel technology-driven security solutions – staying steps ahead of the would-be hackers. Often times it is a collaboration that results in a breakthrough technology, as is the case of Wibu-Systems’ Blurry Box encryption that was developed in conjunction with the Karlsruhe Institute of Technology and the research center FZI. Blurry Box encryption technology was recently proven unbreakable in a global hacking contest.

Blurry Box is built upon the axiom known as Kerckhoffs’ Principle that states that the strength of the encryption system should depend upon the key being used, not the secrecy of the system. This approach is contrary to the often used obfuscation approach, which is otherwise known as  “security by obscurity”. Blurry Box cryptography offers software protection that is completely based on publicly available methods. The basic principle of Blurry Box cryptography is the use of one or more secure keys in a dongle and the fact that software is typically complex. Blurry Box cryptography uses seven published methods that greatly increase the complexity and time required for an attack to be successful.

As described in a recent article by Silicon Trust, Blurry Box splits each function block into several variants, which return the correct output of the original unencrypted function only for a specific input set. A wrapper function maps these inputs to the variants, which are encrypted with separate keys stored on a dongle. When the software is executed, the system only decrypts those variants that match the given input. Hackers will only ever see that part of the code that matches the previous input.

In traditional encryption, hackers could work their way through the function blocks in what is called a “copy-and-paste” attack. However, even if a hacker captures individual variants, the protected program is so complex that no hacker can derive additional variants from a specific subset that may become known to him. In essence, Blurry Box does not depend on making copy-and- paste attacks on individual variants impossible, but on making the attack strategy as a whole unfeasible.

The bottom line is that it would be easier and less expensive for a would-be attacker to develop similar software from scratch vs. attempting to crack an application protected by Blurry Box encryption.

Blurry Box can be employed to protect any software however it is deployed. In today’s smart factories, for example, Blurry Box can provide dramatic benefits, particularly in protecting sensitive information such as the technology or configuration data used in manufacturing processes. This invaluable data needs to be safeguarded against know-how theft, counterfeiting, and tampering. Applying Kerckhoffs’ Principle provides encryption methods associated with hardware anchors of trust to ensure IP confidentiality and the integrity and authenticity of digital signatures. You can read more technical details about Blurry Box, including use cases, in an article, Blurry Box Encryption Scheme and Why It Matters to Industrial IoT, published in the Industrial Internet Consortium’sJournal of Innovation.

You can also watch a brief animated description of Blurry Box and how it is integrated into Wibu-Systems’ CodeMeter Protection Suite.

0 comments

Blog Archiv

March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016