WhiteboxSSL from Microsemi Corporation is a cryptography key management plugin and drop-in replacement for OpenSSL. WhiteboxSSL builds on Microsemi's WhiteboxCRYPTO product line, providing security for server keys in memory and at rest. Designed for IT administrators who are responsible for maintaining the IT security infrastructure, Microsemi's WhiteboxSSL advanced white box cryptography key protection techniques enable them to protect the keys generated and managed by servers running OpenSSL software. Microsemi's security solution enables significantly stronger protection against memory attacks such as the one experienced in the highly-publicized Heartbleed attack.
Microsemi's WhiteboxSSL enhances and complements its WhiteboxCRYPTO, providing the capability to protect OpenSSL-generated keys with complex crypto-algorithm obfuscations and key transformations rendering attempts to capture network keys impractical given the tools available to a network-based attacker.
WhiteboxSSL is designed to replace vulnerable key libraries found in OpenSSL, and is packaged as a complete OpenSSL implementation or plugin. WhiteboxSSL uses typical OpenSSL cryptography algorithms such as AES, ECC, SHA and RSA; each is uniquely obfuscated to an individual server. That is, every user of WhiteboxSSL has a uniquely constructed key algorithm preventing an attacker from creating a “break-once-run-everywhere” attack.
A Microsemi WhiteboxSSL key can be subjected to as much cryptographic analysis as an attacker attempts. The relationship between a WhiteboxSSL key and a classical key is nontrivial, making it impractical to reconstruct the classical key using tools available to a network-based attacker. In short, when using WhiteboxSSL, classical crypto keys can never be found in memory or on disk.
WhiteboxSSL is built on Microsemi's WhiteboxCRYPTO product. The performance and strength-of-security of Microsemi's white box cryptography libraries is fully documented and characterized. WhiteboxSSL is written in ANSI-C compliant code allowing it to work on nearly any system configuration including Intel-based, ARM-based and PowerPC-based processors running Linux, Solaris, Windows, VxWorks, iOS, Android and a variety of other operating systems. Importantly, Microsemi WhiteboxSSL is a comprehensive security solution that is easy to install and requires nocustomization.