Drop-in, cryptography security solution for OpenSSL servers

May 14, 2014 // By Graham Prophet
Microsemi’s WhiteboxSSL will, the company asserts, offer a means of protection against future “Heartbleed-like” attacks; Microsemi says that WhiteboxSSL is more than a patch, and is a fundamental drop-in security technology that prevents memory-based server key vulnerability

WhiteboxSSL is a cryptography key management plugin and drop-in replacement for OpenSSL. WhiteboxSSL builds on Microsemi’s WhiteboxCRYPTO product line providing security for server keys in memory and at rest. Designed for IT administrators who are responsible for maintaining the IT security infrastructure, WhiteboxSSL advanced white box cryptography key protection techniques enable them to protect the keys generated and managed by servers running the popular OpenSSL software. Microsemi’s leading-edge security solution enables significantly stronger protection against memory attacks such as the one experienced in the highly-publicised Heartbleed attack.

“The Heartbleed vulnerability in OpenSSL is one of the most devastating hosted server-side vulnerabilities of all time,” said Michael Mehlberg, vice president of security products management at Microsemi. “Though a patch was quickly released, there is no guarantee server keys will not be compromised through similar vulnerabilities discovered in the future. Microsemi’s WhiteboxSSL product is more than a patch; it is a fundamental solution to the security problems related to generating, storing, and transferring crypto keys through networked systems. With WhiteboxSSL, server keys are substantially better protected against memory attacks.”

According to Netcraft, OpenSSL is used on 66% of the active websites on the Internet today, and approximately 17% of those sites were exposed to the Heartbleed bug. A typical server running OpenSSL will generate thousands of keys in its lifetime. These keys are critical to securing the data stored and transferred through that system. Compromising these keys can lead to major breaches in privacy, exposure of sensitive user data, and even loss of company IP. Microsemi’s WhiteboxSSL enhances and complements its WhiteboxCRYPTO providing the capability to protect OpenSSL-generated keys with complex crypto-algorithm obfuscations and key transformations rendering attempts to capture network keys impractical, given the tools available to a network-based attacker.

Despite the complexity introduced for an attacker, installing WhiteboxSSL is fast and easy using one of two methods: An IT administrator can simply replace an OpenSSL installation with Microsemi WhiteboxSSL, or