Attackers are constantly finding ways to bypass security systems to expose sensitive data in software. The last line of defense (and in many cases the only line of defense) is for applications to be capable of strongly defending their intellectual property, crypto operations, and secrets against any such attacks. How does one address these security gaps created by a growing demand for quickly deployable and securely protected applications?
Utilizing a combination of innovative countermeasures such as white-box cryptography, software obfuscation and code signing, CommScope CipherKnight™ and BinaryKnight™ suite balances protection and performance while allowing users to design, code, and build to suit their needs.
CipherKnight™ White-box uses mathematical transformations to convert programs into white-box implementations securing software against key-extraction, code-lifting, and side-channel attacks. It enables the implementation of standard ciphers such as RSA, AES, SHA, and ECC in such a way that no keys or other sensitive data is exposed making it hard for an adversary with full access to and control of any such implementation to recover. Using our white-box code generation tool, developers can create white-box codes in C++ that can easily be included in the application build system and making it platform independent.
BinaryKnight™ provides a further layer of protection against reverse engineering, debugger attachment, and runtime tampering attacks by deploying obfuscation, dynamic signature verification, and anti-debug detection. The data-flow obfuscation module uses a CommScope proprietary algorithm to protect the data pathways within an application. The control-flow obfuscation module uses heuristic methods to make codes unintelligible and hard to follow without affecting the outcome. This provides resilience against static analyses and reverse engineering attacks. The dynamic executable verification module of BinaryKnight™ enables integrity protection that is compatible with standard code signing and verification methods aiming to increase the cost of static and dynamic tampering attacks. Finally, the anti-debug module injects debugger detection and response code at random intervals in the target application to protect against debugger-based attacks. Using our BinaryKnight™ tool, developers can instrument their binary code ahead of deployment.
A combination of CipherKnight™ and BinaryKnight™ protections can potentially enhance software application resilience to various outside attacks and make it harder to exploit secrets and intellectual properties built into the software application. For more information, download our data sheet and whitepaper on IoT device security.