EEJournal

industry news
Subscribe Now
May 13, 2014

Microsemi Protects Against Future Heartbleed-Like Attacks with Introduction of Breakthrough WhiteboxSSL™ Cryptography Security Solution for OpenSSL

ALISO VIEJO, Calif.—May 13, 2014—Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, today unveiled WhiteboxSSL™, a cryptography key management plugin and drop-in replacement for OpenSSL. WhiteboxSSL builds on Microsemi’s proven and deployed WhiteboxCRYPTO™ product line providing security for server keys in memory and at rest. Designed for IT administrators who are responsible for maintaining the IT security infrastructure, Microsemi’s WhiteboxSSL advanced white box cryptography key protection techniques enable them to protect the keys generated and managed by servers running the popular OpenSSL software.  Microsemi’s leading-edge security solution enables significantly stronger protection against memory attacks such as the one experienced in the highly-publicized Heartbleed attack.

“The Heartbleed vulnerability in OpenSSL is one of the most devastating hosted server-side vulnerabilities of all time,” said Michael Mehlberg, vice president of security products management at Microsemi. “Though a patch was quickly released, there is no guarantee server keys will not be compromised through similar vulnerabilities discovered in the future. Microsemi’s WhiteboxSSL product is more than a patch; it is a fundamental solution to the security problems related to generating, storing, and transferring crypto keys through networked systems. With WhiteboxSSL, server keys are substantially better protected against memory attacks.”

According to Netcraft, OpenSSL is used on 66% of the active websites on the Internet today, and approximately 17% of those sites were exposed to the Heartbleed bug.  A typical server running OpenSSL will generate thousands of keys in its lifetime. These keys are critical to securing the data stored and transferred through that system. Compromising these keys can lead to major breaches in privacy, exposure to sensitive user data, and even loss of company IP. Microsemi’s WhiteboxSSL enhances and complements its field-tested WhiteboxCRYPTO providing the capability to protect OpenSSL-generated keys with complex crypto-algorithm obfuscations and key transformations rendering attempts to capture network keys impractical given the tools available to a network-based attacker.

Despite the complexity introduced for an attacker, installing WhiteboxSSL is incredibly fast and easy using one of two methods: An IT administrator can simply replace an OpenSSL installation with Microsemi WhiteboxSSL, or can add WhiteboxSSL as a plug-in to the key management portion of OpenSSL. The advanced technologies of the Microsemi security solution takes care of the rest—seamlessly generating and distributing white-box-protected keys.

WhiteboxSSL Key Features

Microsemi designed WhiteboxSSL to replace vulnerable key libraries found in OpenSSL, and is packaged as a complete OpenSSL implementation or plugin. WhiteboxSSL uses typical OpenSSL cryptography algorithms such as AES, ECC, SHA, and RSA; each is uniquely obfuscated to an individual server. That is, every user of WhiteboxSSL has a uniquely constructed key algorithm preventing an attacker from creating a “break-once-run-everywhere” attack.

Unlike a classical key generated by OpenSSL, which leads to full data loss when captured, a Microsemi WhiteboxSSL key can be subjected to as much cryptographic analysis as an attacker attempts. The relationship between a WhiteboxSSL key and a classical key is nontrivial making it impractical to reconstruct the classical key using tools available to a network-based attacker. In short, when using WhiteboxSSL, classical crypto keys can never be found in memory or on disk.

WhiteboxSSL is built on Microsemi’s mature and field-proven WhiteboxCRYPTO product. The performance and strength-of-security of Microsemi’s white box cryptography libraries is fully documented and characterized. WhiteboxSSL is written in ANSI-C compliant code allowing it to work on nearly any system configuration including Intel-based, ARM-based and PowerPC-based  processors running Linux, Solaris, Windows, VxWorks, iOS, Android, and a variety of other operating systems. Importantly, Microsemi WhiteboxSSL is a comprehensive security solution that is easy to install and requires no customization.

Availability

Microsemi’s WhiteboxSSL is available now. For more information on the Microsemi’s WhiteboxSSL, please visit: www.microsemi.com/whiteboxssl, or contact: sales.support@microsemi.com.

About Microsemi Security Portfolio

Microsemi provides uncompromising security wherever data is collected, communicated, or processed, and whenever its accuracy, availability, and authenticity are essential. For more than a decade, the company’s security experts have been providing information assurance (IA) and anti-tamper (AT) solutions and services to fortify critical program information and technology. Microsemi security products are used by U.S. federal organizations and commercial entities in applications requiring a high level of electronic security including financial, digital rights management, gaming, industrial automation and medical. Microsemi’s security solutions portfolio includes FPGAs, SoC products, cryptography solutions, TRRUST™-Stor solid state drives (SSD), intellectual property (IP) and firmware. The company also offers a comprehensive range of security related services, as well as design, assembly, packaging and testing services all in its trusted facilities.

About Microsemi

Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world’s standard for time; voice processing devices; RF solutions; discrete components; security technologies and scalable anti-tamper products; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 3,400 employees globally. Learn more at www.microsemi.com.

Leave a Reply

featured blogs
Wow! Biomimetic LEDs!
Apr 26, 2024
Biological-inspired developments result in LEDs that are 55% brighter, but 55% brighter than what?...
More from Max's Cool Beans...

featured video

Introducing Altera® Agilex 5 FPGAs and SoCs

Sponsored by Intel

Learn about the Altera Agilex 5 FPGA Family for tomorrow’s edge intelligent applications.

To learn more about Agilex 5 visit: Agilex™ 5 FPGA and SoC FPGA Product Overview

featured paper

Designing Robust 5G Power Amplifiers for the Real World

Sponsored by Keysight

Simulating 5G power amplifier (PA) designs at the component and system levels with authentic modulation and high-fidelity behavioral models increases predictability, lowers risk, and shrinks schedules. Simulation software enables multi-technology layout and multi-domain analysis, evaluating the impacts of 5G PA design choices while delivering accurate results in a single virtual workspace. This application note delves into how authentic modulation enhances predictability and performance in 5G millimeter-wave systems.

Download now to revolutionize your design process.

featured chalk talk

One Year of Synopsys Cloud: Adoption, Enhancements and Evolution
Sponsored by Synopsys
The adoption of the cloud in the design automation industry has encouraged innovation across the entire semiconductor lifecycle. In this episode of Chalk Talk, Amelia Dalton chats with Vikram Bhatia from Synopsys about how Synopsys is redefining EDA in the Cloud with the industry’s first complete browser-based EDA-as-a-Service cloud platform. They explore the benefits that this on-demand pay-per use, web-based portal can bring to your next design. 
Click here for more information about Synopsys Cloud
Jul 11, 2023
33,440 views