All good projects start with an expert design long before any tools are chosen and work on the ground begins. Software protection follows the same rule: Plan first, commercialize later. These days, the design phase is made more complicated by other factors. It is no longer enough to have a well-encrypted software that is able to withstand piracy, reverse engineering, or tampering attacks. Applications are now running in highly connected environments, which expose them to other types of interactions and new weaknesses. Attack scenarios such as Meltdown and Spectre have also revealed that vulnerabilities can be deeply rooted in the system. Regardless of whether the software is a web interface running on a bank server or embedded in an IoT device, any vulnerability poses a potential threat. Like never before, security today plays a key role throughout the entire software lifecycle, affecting products, vendors, workforce, and even the wider environment.
After the last two sold-out editions, Heise returns with devSec to give the world a holistic response to the challenges modern software publishers are facing. The lectures and workshops will highlight general best practices, testing techniques, as well as many other topics related to individual programming languages or specific domains, such as the Internet of Things or cloud computing.
As a Gold Sponsor of the event, Wibu-Systems will bring almost 30 years of experience in software protection, licensing, and security to the avid audience at devSec. Wibu-Systems is an innovative security technology leader in the global software licensing market. In its mission to offer the most secure, unique, and highly versatile technology, Wibu-Systems has developed CodeMeter, a comprehensive, award-winning suite of hardware and software solutions for computers, embedded systems, mobile devices, PLCs, and microcontrollers. They incorporate internationally patented processes dedicated to protecting the integrity of digital assets. Software publishers and intelligent device manufacturers can use them to safeguard the intellectual property of their applications against illicit and fraudulent use, reverse engineering, and tampering attacks, and generate new digital business models, fully integrated with their ERP, CRM, and e-commerce platforms.
In his lecture, Blurry Box cryptography: IP protection based on Kerckhoffs' Principle, to be held from 11.30 am to 12.15 pm on September 25th, Alvaro Forero, one of the top security expert at Wibu-Systems’ headquarters, will introduce the theory behind Blurry Box, a technology developed by the Karlsruhe Institute of Technology (KIT), Wibu-Systems, and the Karlsruhe Research Center for Information Technology (FZI) and awarded first prize at the 5th German IT Security Award. Unlike traditional approaches for protecting software against reverse engineering such as obfuscation and wrapper encryption, which rely on the secrecy of the procedure, Blurry Box keeps the encryption key alone secret, while the process is made public. The lecture will then delve into the parts and methods of Blurry Box that are already available for use today when choosing CodeMeter.