Rambus

At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.

Home > Blogs > Payments > What is White Box Cryptography
 Back to Blog

What is White Box Cryptography

by Leave a Comment

This blog was originally posted on June 3, 2015 and was last updated on December 1, 2019

White box cryptography is just one example in a very broad field, so it is first important to understand the basics of cryptography itself.

What is white box cryptography

What is cryptography?

Explained in basic terms, cryptography attempts to hide sensitive information from malicious users, whilst successfully communicating the message to the intended recipient.

Cryptography is most often associated with scrambling plaintext into ciphertext (a process called encryption), then back again (known as decryption).

Understanding white box cryptography

White box cryptography is an essential technology when it comes to minimizing security risks for open devices, such as smartphones. Devices have to be secured to avoid being analyzed or rooted.

On open devices, the cryptographic keys used for making a payment are observable and modifiable, rendering them vulnerable to attack. White box cryptography prevents the exposure of confidential information such as these keys. To do so, keys are obfuscated by not only storing them in the form of data and code, but also random data and the composition of the code itself.

This process makes it very hard to determine the original key, even though the cryptographic algorithms are openly observable and modifiable. It should be noted, however, that there is not a standard specification for white box cryptography, so implementations may vary.

White box cryptography process
White box cryptography process

White box cryptography resists reverse engineering threats to the cryptographic keys, anti-reverse engineering deterrents are also required to ensure the code surrounding the white box cryptography primitives remains intact. This could be done through native machine-code obfuscation, mangling Java Native Interface names and Java byte-code obfuscation. In addition, anti-tamper mechanisms may be applied, such as integrity checking and self-healing. In some cases, these techniques are deployed to detect reverse-engineering tools.

Rambus helps protect the world’s most valuable resource: data

Discover all the cryptographic solutions for side channel attack prevention, content protection and trusted device provisioning.

Learn more about Security IP

 

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Rambus logo