Cryptographic Key Protection

Encryption is Not Enough

Applications across all platforms use cryptography to secure data at rest and in motion. Cryptographic keys play an essential part in encrypting and decrypting the data. The cryptographic algorithm is analogous to a vault, and the keys are equivalent to the combination of a safe. The length of the combination here represents the length of the key (Ex, 128 bit, 256 bit), so the longer the combination, the more challenging it is to brute force.

But cybercriminals today are not trying to break into the vault. They are focused on stealing the combination, i.e., your encryption key. And most enterprises are highly vulnerable to key-focussed attacks for two big reasons:

  • Poor implementations of encryption that don’t account for hostile environments
  • Poor practices lead to key exposure when storing and using keys

How Cybercriminals are Stealing Keys

Exploit poor Key Management practices

Exploit hardware-based security storage

Inspect apps in an execution environment under their control

Use malware to steal keys from device memory

Exfiltrate keys embedded in the source code

Compromising unsecured cloud storage

Secure Your Cryptographic Keys with White-Box Cryptography

Zimperium zKeyBox leverages white-box cryptography to protect keys and secrets within your mobile application. Fundamentally, white-box cryptography is an approach to hiding keys used in general-purpose software implementations. It transforms and obscures cryptographic algorithms so that keys never appear in the clear and the execution logic is untraceable. Your keys cannot be extracted—even if the device itself has been compromised. Key benefits include:

  • Supports All Standard & Custom Algorithms. Agnostic security works on all platforms and devices. Protect any cryptographic algorithm such as AES, 3DES, RSA, ECC, HMAC, etc. Custom algorithm support is also available.
  • No Hardware Dependency. No dependency on any hardware based mechanisms provided by the platforms. (Ex. Keystores, Secure Enclave, Trusted Execution Environment (TEE) on Android)
  • Protect Keys When Stored, In Transit, and In Use. Keep keys safe at all times, even on compromised, jailbroken, or rooted devices. Keys are never exposed in memory; algorithms operate directly on encoded keys.
See a Demo

Platforms Supported

Why Zimperium for Cryptographic Key Protection

Simple Deployment & Integration

zKeyBox is simple to integrate and offers plug-and-play replacement for standard cryptographic libraries.

Built-In Support for Regulations

Supports DUKPT key management, TR-31 key blocks, and separation of payment card and PIN data as specified by PCI-DSS.

Integrated Security Suite

zKeyBox is part of our Mobile App Protection Suite, the only unified platform with centralized visibility and comprehensive in-app protection.

“ToothPic’s mission is to help companies to enhance the security of their digital services through our unique technology. We were looking for a technological partner who shared our same goal and Zimperium turned out to be the perfect one to collaborate with. The integration of Zimperium’s zKeyBox in our Key Protection SDK has strengthened the robustness of our technology. Together we brought the security to the next level, offering on the market a solution never seen before.”

– Giulio Coluccia, CEO & Co-Founder of ToothPic

Recommended Reading

Top 5 Cryptographic Key Protection Best Practices

Read the top five best practices that developer teams should implement to keep cryptographic keys safer.

How to Make Mobile Payments Frictionless, Open and Secure for Everyone

Speakers: Andrew Cole (Chief Financial Officer of Felix Payment Systems), Noah Fitzgerald (Chief Operations Officer of Felix Payment Systems), & Krishna Vishnubhotla (VP of Product Strategy at Zimperium)

Complying with the PCI CPoC Standard

Download our report for an in-depth look at PCI CPoC requirements and how to meet them.

Sign Up For Our Newsletter

Get the latest Mobile Security News and Updates in your inbox
  • This field is for validation purposes and should be left unchanged.

Get started with Zimperium today