Software-Based Crypto Key Security
The Heartbleed vulnerability in OpenSSL is one of the most devastating hosted server-side vulnerabilities of all time. Though a patch was quickly released, there is no guarantee server keys cannot be compromised through other vulnerabilities discovered in the future.
WhiteboxSSL™ is a drop-in-replacement for OpenSSL using white box cryptography which completely mitigates Heartbleed-like attacks. WhiteboxSSL prevents an attacker from EVER getting the cryptography key out of memory. Here is an example of what an attacker would retrieve from memory using the Heartbleed attack:
Note: This white box key can be subjected to as much cryptographic analysis as an attacker desires. The relationship between the white box and classical AES key is nontrivial making it impractical to reconstruct the classical key using the tools available to a network-based attacker.
Based on the Classical 256-bit AES Key:
WhiteboxSSL replaces vulnerable key libraries found in OpenSSL and is packaged as a complete OpenSSL implementation with vulnerable libraries replaced for you. WhiteboxSSL uses all the typical OpenSSL cryptography algorithms (AES, ECC, SHA, RSA, etc) but uniquely obfuscates them to your server. That is, EVERY customer who uses WhiteboxSSL has a uniquely constructed key algorithm so the attacker can never create a break-once-run-everywhere attack.
- Key material can NEVER be found in memory.
- WhiteboxSSL is unique per customer.
- WhiteboxSSL is built on Microsemi’s fielded, mature, proven WhiteboxCRYPTO™ product.
WhiteboxSSL is comprehensive, easy to implement, and prevents memory attacks on key material stored in your servers. More information on how WhiteboxSSL protects your keys can be found on the WhiteboxCRYPTO webpage. To discuss purchasing, request white papers, review strength of security, or if you have other inquiries, contact us via our General Support form.
Microsemi is focused on serving our customers with unsurpassed responsiveness and technical expertise. We offer a wide range of services designed to deliver the best combination of technology, products and support to our customers.
We can respond to your design questions via the General Support form.
To contact us directly, phone (765) 775-1800.