Blurrying the Lines of Encryption
2017-05-03 Daniela Previtali
If you are a history buff, you might find this post interesting. If you are a history buff with interest in cryptography and software hacking, you may have a lot of fun with it.
First the history. In 1883, Auguste Kerckhoffs, a Dutch linguist and cryptographer, wrote two journal articles in which he stated six design principles for military ciphers. One of those design principles has stood the test of time:
“It should not require secrecy, and it should not be a problem if it falls into enemy hands.”
In that era, the axiom could be restated to mean that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.”
In today’s cryptographic world, what’s now known as Kerckhoffs’ Principle is that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. In other words, a method of secretly coding and transmitting information should be secure even if everyone knows how it works.
This is the theory behind the new so called Blurry Box® cryptography mechanism, which is in direct contrast with the more familiar “Security through Obscurity” encryption practices, whereby much of the working methods of the system are kept secret. The main thought behind this approach is the belief that a system or component relying on obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, that will be sufficient to prevent a successful attack. However, since the protection methods are unpublished, the systems cannot be evaluated or compared to one another.
Blurry Box is based on Kerckhoffs’ Principle and offers a revolutionary approach to software protection. Its underlying goal is to make the effort required to illegally copy software higher than the effort needed to completely rewrite the same software. Blurry Box cryptography consists of 7 published methods, which increases the complexity of the software, making it practically impossible to create a counterfeit copy. In fact, it would be easier and faster to re-develop the software from scratch rather than to try and crack the software. Plus, the majority of hackers lack the domain expertise to recreate the software.
Now the fun. To demonstrate the strength of this novel encryption mechanism, Wibu-Systems has launched a contest to see if anyone can hack into a game protected by Blurry Box and prove they can run it on a Windows-based PC without the USB dongle that was provided for the contest and without an Internet connection. The cumulative prize offered by Wibu-Systems amounts to 50,000 EUR. Enrollment is open now and the hacking contest ends on June 2, 2017. See the full story. Game on!
Contributor
Daniela Previtali
Global Marketing Director
Daniela is a marketing veteran who has dedicated more than twenty-five years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.