RSA is in full swing with all its attendant hoopla—where else can you join a pub crawl with the pubs only ten feet apart? Despite the hype, however, it remains first and foremost a place to delve into the latest cyberthreats, learn new cyber defense strategies, see the hottest security tech, and meet other security experts who are passionate about protecting the world.
At Intertrust we’re especially fond of the RSA Conference given its origins as a small, unassuming gathering of cryptography experts. And while the conference scope and size has exploded along with the security industry, it continues to be a forum for innovative thinking about encryption, its applications, and its challenges. Which is one of the reasons we’re delighted to unveil whiteCryption Secure Key Box for Web, our new solution for web app key protection, at this year’s RSAC.
Secure Key Box (SKB) for Web is a white-box cryptography solution that secures encryption keys in web applications, including protection against side-channel attacks. It addresses a major cybersecurity flaw for which no other option exists.
If you’re at RSA Conference, schedule a time to see SKB for Web in person.
Cryptographic keys and the problem for web apps
A common misconception about security is that if systems and data are secured cryptographically, they are protected from most attacks. The problem with this approach is that it shifts the challenge of protecting data onto protecting the cryptographic keys. If they can be accessed by hackers, the whole system is compromised.
Web applications rely on encryption to protect their data and communicate securely. Unfortunately, the usual solutions for keeping cryptographic keys safe on devices and PCs can’t be applied as browsers do not have access to underlying hardware security support. This means that one of the most critical elements of cybersecurity infrastructure is also one of the most vulnerable.
There are a variety of techniques that hackers can use to try and extract these keys, such as:
- Reverse engineering applications and examining code to find hard-coded keys
- Side-channel attacks through compromised devices or browser exploits
- Scanning memory during runtime when keys are used in cryptographic operations
Once discovered, these cryptographic keys can be used for a wide range of subsequent attacks both on the client-side system or the server. This can include:
- Accessing and exfiltrating sensitive data
- Spoofing an authentic user identity
- Creating “trusted” digital signatures which are used for further attacks
- Creating, modifying, or deleting data or transactions
SKB for Web: The only comprehensive solution
Secure Key Box (SKB) for Web brings Intertrust’s proven whiteCryption white-box technology to web applications. The first and only enterprise-ready cryptographic key protection solution for web applications, it keeps keys from ever being exposed, whether at rest, in transit, or in use. It supports all standard cryptographic operations and can be slotted straight into action, making life a lot easier for developers.
whiteCryption SKB for Web highlights:
- Supports a wide variety of cryptographic functions (including all popular algorithms, signing, verification, key generation, and more)
- Cryptographic keys are never exposed in the clear
- Regular third-party penetration testing is conducted
- Runs on all major web browsers
See for yourself at RSAC 2020
You can see our unique Secure Key Box for Web solution at the RSA 2020 Conference in San Francisco by visiting us at Booth #5464 in the North Expo Hall. You’ll be able to chat with our experts and watch live demos.
For a deeper look at web app key security, come to our learning session “Extracting Secret Keys from Web Apps—And How to Prevent It” on February 27, 2020 at 11:30AM in the South Briefing Center.
You can also contact us to learn more about how we’re leading the way in keeping keys, code, and data secure.
About Prateek Panda
Prateek Panda is Director of Marketing at Intertrust Technologies and leads global marketing for Intertrust’s application shielding and device identity solutions. His expertise in product marketing and product management stem from his experience as the founder of a cybersecurity company with products in the mobile application security space.