Wibu-Systems, the FZI Research Center, and the Karlsruhe Institute of Technology (KIT) are the joint winners of the prestigious 5th German IT Security Award. Out of the eleven finalists that were selected from 66 applicants, the high-profile members of the jury awarded the top prize to the people of Wibu-Systems, FZI, and KIT in recognition of their work on the new Blurry-Box cryptography system, an innovative and more effective approach to protecting software against piracy, reverse engineering, tampering, industrial espionage, or sabotage.
Blurry-Box operates according to Kerckhoffs’ principles, and provides demonstrably secure and accurate software protection. The security of the system relies on the secrecy of the key and the functional design of the application, rather than on keeping the procedure itself confidential.
At the award ceremony at the Ruhr University in Bochum, the project managers Oliver Winzenried, CEO and founder of Wibu-Systems, and Professor Dr. Joern Mueller-Quade, director of the Center for Applied Security Technology (KASTEL) at KIT, accepted the award and an endowment of 100,000 euros on behalf of the entire development team. The German IT Security Award of the Horst Görtz Foundation is awarded to promote IT security solutions “Made in Germany”.
In the Blurry-Box process, a number of functions and procedures of the protected program are duplicated, modified, and then encrypted before delivery, so that each variant works properly only for specific input values. Taken together, these variants cover the entire range of possible input values. When a function is run during software runtime, the matching input value variant is selected, decoded, and executed, with the use of a CmDongle. The design includes trap variants that are not supposed to be called up under standard circumstances. Should an attacker try to decrypt these trap variants, they trigger the CmDongle to block the process.
Professor Mueller-Quade feels deeply honored by the award and is excited about the promising future of this new methodology: “Applying Kerckhoffs’ principles will allow more public discussions and research into Blurry-Box processes in the future. Keeping a method confidential was never a good basis for security.”
Oliver Winzenried is equally enthusiastic: “The German IT Security Award is only conferred every two years and enjoys particular esteem among people working in the field. This makes winning the first prize such great confirmation for us and gives us even more incentive to continue with our work. Product and know-how protection is becoming more important every day; ISVs and manufacturers will have the opportunity to use the method we developed in our partnership for the best possible software protection to date. We will use the prize money to develop a sample application and deliver our protection method for testing in a public competition.”