Computer executable programs and applications are routinely deployed for execution or implementation on network-accessible systems and devices, which may be subject to undesirable third-party attacks if not adequately protected in their runtime environment. For instance, attackers can at times successfully gain sufficient control of the applications runtime environment to examine the application's inputs/outputs, and with the help of a disassembler and/or debugger, look at the result of some if not all intermediate computations carried out by the application. Security protocol/service applications and/or servers subject to such attacks may not only expose themselves and their related data to compromise, but also expose other clients/servers relying thereon for security measures.
In such an open “white-box” environment (vs. a closed “black-box” environment), the attacker is assumed to be able to conduct a “white-box attack”, meaning that they may ultimately be able to modify the data being operated on, the memory contents and the execution flow of the application. The term “white-box cryptography” (WBC) generally describes a secure implementation of a cryptographic algorithm in an execution environment, such as on a desktop computer or a mobile device, which is fully observable and modifiable by an attacker. Accordingly, WBC aims at protecting cryptographic keys from being disclosed in an application operating within such a white-box environment. To do so, the cryptographic algorithm is intermixed with an encryption key with the intent that the key is never revealed in memory even when runtime cryptographic computations are being observed in complete detail by an attacker. Such techniques are often used in the context of Digital Rights Management (DRM), for example.
In the case of software applications, these techniques are usually combined with more general code obfuscation methods that alter a software application (e.g. altering an executable binary) in various ways to create multiple instances of the application that, while providing the same and/or similar functionality, to an attacker appear different and/or operate differently (e.g. operate differently at a binary level). The goal of these methods is to frustrate the attacker's attempts to exploit information gained from one deployment of an application to compromise other deployments. These white-box and code obfuscation techniques usually introduce some randomness when generating the final binary executable, so that every instance generated from the same source code, while functionally equivalent, has a unique binary representation.
Different white-box cryptography related solutions are described, for example, in U.S. Pat. Nos. 8,510,726 and 8,712,041. Different white-box cryptography products are also currently available on the market, such as Intertrust's whiteCryption Secure Key Box API (https://www.intertrust.com/products/application-security), Gemalto's Sentinel portfolio of licensing solutions (https://sentinel.gemalto.com/software-monetization/white-box-cryptography) or the Cloakware family of products by Irdeto (https://blog. irdeto.com/tag/white-box-cryptography/).
Virtualization technology may also integrate similar techniques and methods. Virtualization solutions that offer protection against reverse engineering include products like VMProtect (http://vmpsoft.com/products/vmprotect) or Oreans Technologies' products like Code Virtualizer (https://oreans.com/codevirtualizer.php) or Themida (https://www.oreans.com/themida.php). A number of gaming software applications also use the StarForce virtualization system (http://www.star-force.com/solutions/software-protection/) for copy protection and anti-reverse engineering.
Another example of White-box cryptography, used here in the context of software distribution, is described in U.S. Patent Application Publication No. 2017/0116410, which describes a method of providing a protected item of software to a device, wherein the protected item of software is in a scripted, interpreted language or source code. The protected item of software, when executed by the device, is arranged to perform security-related operations, wherein at least one protected portion of the code has resistance against a white-box attack and/or may only be executed on one or more predetermined devices.
In the same context, U.S. Patent Application Publication No. 2016/0132317 describes systems and methods to facilitate secure application distribution through deployment of a diversity of application instances in an application distribution channel. The software diversification methods (including white-box cryptography and obfuscation techniques) are designed to mitigate large-scale automated circumvention of security protections by presenting attacking malware moving and/or otherwise unpredictably diverse targets.
This background information is provided to reveal information believed by the applicant to be of possible relevance. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art or forms part of the general common knowledge in the relevant art.