White-Box Encryption: Ending Web App Vulnerability

Key management must give way to new options that enable and protect true encryption for organizations

For as long as they’ve existed, web applications have been a favorite target for hackers. They are relatively easy to break and give hackers potential access to sensitive information as well as serving as an entry point to an otherwise well-protected system.

Last year, an investigation into data breaches by Verizon found that web applications are among the top three attack vectors across eight of the nine industry verticals studied. Moreover, web applications took the leading spot in four of those vertical sectors.

Give hackers an opening and they will find ways to unravel even the most hardened secrets. Once they gain access to sensitive data and the host system that the app communicates with, the consequences can run the gamut from financial loss and reputational harm to compromise of private consumer data, legal and compliance liabilities, and other damages.

Why Key Protection is Needed

Information shared via a browser needs to be encrypted to ensure it cannot be improperly accessed by individuals intent on exploiting it. Cryptography is used to protect communications between a web application and the host system. It relies on secret keys to encrypt and decrypt data. However, while using cryptography systems and data may seem fully secure, in reality it simply shifts the problem from protecting the data to protecting the keys that encrypt the data.

In short, encryption is only secure if the keys used for the encryption are kept secure. If those keys are easily accessible, then so is the encrypted data itself. In fact, hackers rarely try to break encryption algorithms. Instead, they try to exploit vulnerable applications of cryptography, very often attacking the way keys are managed. So, poor key management can be as bad as no encryption at all.

Hackers use a variety of techniques to try to extract these keys. Reverse engineering, untangling software programs to discover how they work or examining code to find hard-coded keys and then using those same keys in attacks against the server are among their most common methods.

They are also adept at scanning memory during an app’s runtime to reveal the cryptographic keys that are used in encryption operations. Side-channel attacks that attempt to find keys by exploiting indirect information such as patterns of memory access are also a part of their malicious offensive.

Once they’ve been snagged, cryptographic keys can be used for a wide range of subsequent attacks both on the client-side system or the server that uses the keys. The keys are like gold for rogue actors who profit from breaking through defenses to access and exfiltrate sensitive data, spoof an authentic user identity or snoop on secure communications.

Hackers have also been known to use keys to generate fraudulent digital signatures that mimic ‘trusted’ protections and are used for further attacks. A well-armored cybercriminal can also create, modify or delete data or transactions, causing untold damage to systems with unreadable commands, and to individuals and organizations whose sensitive information is lost or altered.

The Challenge of Storing Keys

One of the major challenges of using cryptography to protect data in web applications is the question of where to store cryptographic keys securely on the client-side. Secure elements, trusted execution environments and hardware security modules are strong solutions for cryptography key storage, but often web applications do not have access to these technologies.

The ease of use and reliability of web browsers as an application platform have been the primary drivers behind the huge surge in web application popularity. However, while convenient, the browser environment poses enormous security challenges. For example, private cryptography keys on the client-side often represent the actual identity of the user. Safeguarding these keys and preventing their disclosure to anyone, irrespective of intent, is critical.

Unfortunately, the usual solutions for keeping cryptographic keys safe on devices and PCs are not applicable. This is because browsers do not have access to underlying hardware security support. As a result, one of the most crucial elements of cybersecurity infrastructure is also one of the most vulnerable.

Existing Encryption Options Are Not Enough

Storing cryptographic keys in the browser has been an ongoing challenge and several attempts have been made to introduce a solution that is easy yet secure. Perhaps the most popular, Web Crypto API, provides cryptographic algorithms and is arguably better than “build-it-yourself” defenses because it is difficult to get these algorithms right.

In addition, Web Crypto API is built into the browser, which is an advantage because hackers cannot attack it directly from a web app. Instead, they have to have some kind of access to the browser executable or the underlying platform.

However, key management and storage is notoriously difficult. The Web Crypto API provides some limited key management features including key generation, key derivation and the ability to import and export keys. But it does not directly support any key storage mechanism. IndexedDB API or Web Storage API are the recommended key storage mechanisms, yet neither of these technologies provides access to secure hardware-based key storage. This opens up a key-lifting vulnerability via reverse engineering, memory examination or side-channel attacks.

Solutions such as Web Crypto API also are complicated to set up and use, a source of frustration and limitations to many users. Below is a screenshot from the Mozilla Developer Network highlighting caution in using the Web Crypto API:

A Solution That Works

White-box cryptography is a solution that provides software-based key storage. It is highly resistant to reverse engineering, memory examination and side-channel attacks. Fundamentally, it is an obfuscation technique that is intentionally difficult to reverse engineer, and the keys are not stored in the code in any simple way. Essentially, keys are embedded in the algorithms, making it inherently difficult to extract them.

Similarly, the keys in a white-box implementation are never exposed, even in memory, which means memory examination techniques will fail as well. Finally, modern white-box cryptography implementations have been engineered to be resistant to side-channel attacks.

This makes white-box cryptography a particularly viable solution for dealing with the types of web app vulnerabilities that arise from the limitations of key management and storage offered in common cryptographic libraries. It ensures sensitive keys are always encoded and difficult to extract and tamper.

Avatar photo

Bill Horne

Bill Horne, Ph.D., is Vice President and General Manager, Intertrust Secure Systems. He leads Intertrust’s Secure Systems division, and is responsible for the company’s application shielding suite of products and device identity PKI services. Prior to joining Intertrust, he was the Director of Security Research at Hewlett Packard Enterprise, where he led a team of R&D security experts who supported HP’s security product efforts. Previously, Horne was a research scientist at Intertrust’s STAR Lab from 1997 to 2002, before which he was at NEC Research Institute in Princeton, N.J. Horne has published more than 50 peer-reviewed articles on topics of security and machine learning, and has 33 granted and 44 pending patents to his name. He holds a B.S. in Electrical Engineering from the University of Delaware, and earned an M.S. and Ph.D. in Electrical Engineering from the University of New Mexico.

bill-horne has 4 posts and counting.See all posts by bill-horne