Company:Arxan Technologies

From HandWiki
Short description: US technology security company
Arxan Technologies
TypePrivate
IndustryIT, Cybersecurity, Application Security
Founded2001
Headquarters
San Francisco, CA
,
USA
Number of locations
USA (6), United Kingdom (1), France (1), Germany (1), Sweden (1), Japan (1), Korea (1)
Key people
  • Joe Sander (CEO)
  • James Love (CRO)
  • Charlie Velasquez (CFO)
ProductsArxan Code Protection, Cryptographic Key & Data Protection, Threat Analytics, and App Management
Websitewww.arxan.com

Digital Ai (Formerly known as Arxan Technologies) is an American technology company specializing in anti-tamper and digital rights management (DRM) for Internet of Things (IoT), mobile, and other applications. Arxan's security products are used to prevent tampering or reverse engineering of software, thus preventing access or modifications to said software that are deemed undesirable by its developer. The company reports that applications secured by it are running on over 500 million devices. Its products are used across a range of industries, including mobile payments & banking, automotive, healthcare and gaming.[1][2][3]

History

Arxan is privately held and private equity-backed. In the fall of 2013, TA Associates, a private equity firm, completed a majority investment in Arxan Technologies. Previously, the company received Series B funding in 2003,[4] followed by $13 million in Series C funding in 2007 and a Series D funding of $4 million in 2009.[citation needed] Early investors included Trident Capital, EDF Ventures, Legend Ventures, Paladin Capital, Dunrath Capital, TDF Fund and Solstice Capital.

Arxan was founded in 2001 by Eric Davis and Purdue University researchers, Mikhail Atallah, Tim Korb, John Rice and Hoi Chang. The first funding came from Richard Early and Dunrath Capital. Rich Early subsequently became Arxan's first CEO. The company's early intellectual property was licensed from Purdue University. The company's initial focus was on defense anti-tamper applications. Following the sale of its defense technology unit, Arxan Defense Systems, to Microsemi in 2010,[5] Arxan focused on commercial applications.

In April 2020, Arxan Technologies joined CollabNet VersionOne and XebiaLabs to form Digital.ai, a software company with the stated aim of 'pulling software development, business agility and application security into a single platform'.[6][7]

Products

Arxan offers a number of Anti-Tamper Software products for application and cryptographic key protection.[8] These include:

  • Arxan Code Protection to secure Mobile, IoT & Embedded, Desktop and Server applications
  • Arxan Cryptographic Key & Data Protection to secure secret keys and data with white-box cryptography, which provide all the major crypto algorithms and features required to protect sensitive keys and data in hostile or untrusted operational environments. Arxan Cryptographic Key & Data Protection is FIPS140-2 validated.[9]

In May 2012, the company announced comprehensive support for Android application protection and hardening against tampering and piracy.[10] In June 2014, Arxan announced that its mobile application protection offerings will be sold by IBM as part of IBM's portfolio of security products.

Arxan's products are based on patented security techniques[11][12][13][14] for code hardening, tamper-proofing, key security and node locking. The core technology consists of a multi-layered, interconnected network of Guards that each perform a specific security function and are embedded into application binaries to make programs tamper-aware, tamper-resistant, and self-healing. The company claims a three-layer protection paradigm of defend, detect and react as a differentiating approach. By detecting when an attack is being attempted and responding to detected attacks with alerts and repairs, this protection helps secure software against hacking attacks and threats such as:[15]

  • static reverse engineering or code analysis
  • dynamic reverse engineering or debugging
  • tampering to disable or circumvent security mechanisms (authentication, encryption, anti-virus, security policies, etc.)
  • tampering to modify program functionality
  • tampering for piracy or unauthorized use
  • insertion of malware into an application
  • counterfeiting and IP theft
  • stealing of cryptographic keys

IoT anti-tamper

Arxan's IoT products insert the anti-tamper protection into the firmware of the device itself, causing parts of the code to continually check each other for integrity. If any tamper attempt is detected, Arxan's product can either attempt to restore the code to its original form, stop the firmware from running entirely, send a notification to the developer or any combination of the three.[16]

DRM

Its DRM solutions have been compared to their competitor Denuvo, with both working to provide a layer of anti-tamper security on top of already existing copy protection mechanisms added by the developer. This results in a multi-layered approach in which the original DRM software protects the software from unauthorized copying, modification or use, while Arxan prevents any attempt to remove or alter said protection. However, much like with Denuvo's application of it, this approach has also been criticised for increasing the use of system resources. Arxan has previously expressed strong confidence that its DRM solutions would not be cracked, but in fact cracks or bypasses for Arxan products have been shown to exist; in one example Zoo Tycoon Ultimate Animal Collection was successfully cracked in 2018 while using a five-layer approach featuring UWP, XbLA, MSStore, EAppX and Arxan protection simultaneously.[17][18][19] Several more bypasses of Arxan's protection have since emerged in 2018[20] and 2019, with Arxan-protected Gears 5 being cracked by a scene group less than two weeks following its original release.[21]

Media and awards

  • Deloitte 2014 Top 500 Fastest Growing Technology Company [22]
  • CIOReview Magazine 2014 Top 50 Most Promising IoT Companies [23]
  • 2015 Mobile Innovations Award Winner for Best Management of Mobile Security Issues [24]
  • Info Security Products Guide 2014 Winner for Best New Product: Mobile Application Integrity Protection™ Suite v 5.0 [25]

See also

References

  1. Rosen, Sam. "Arxan Hardens Multiplatform DRM Solutions". ABI Research. http://www.abiresearch.com/research_blog/1675. Retrieved 25 April 2012. 
  2. "Protecting TV Video Content that is Viewed on Multiple Types of Consumer Electronic – CE Devices". IPTV Magazine. http://www.iptv-blog.net/2011/06/protecting-tv-video-content-that-is.html. Retrieved 25 April 2012. 
  3. "So many DRMs, so many headaches". CSI Magazine: 36. Jan–Feb 2012. http://www.csimagazine.com/Digital_edition/csi_digital-csi-jan-feb12.pdf?vcabid=geaSelgnlSgrapgc&count=30/11/2011. 
  4. "Clearing Economic Hurdles, Arxan, Griffin secure additional financing". Biz Voice Magazine. Archived from the original on 2010-02-15. https://web.archive.org/web/20100215144442/http://www.bizvoicemagazine.com/archives/03sepoct/Financing.pdf. 
  5. "Microsemi acquires Arxan Defense Systems, Inc.". Microsemi. http://investor.microsemi.com/releasedetail.cfm?releaseid=507698. 
  6. www.ITSecurityNews.info (2020-04-16). "Arxan Technologies Joins New Software Company Digital.ai | | IT Security News" (in en-US). https://www.itsecuritynews.info/arxan-technologies-joins-new-software-company-digital-ai/. 
  7. "Arxan Technologies Becomes Part of Digital.ai". 2020-04-16. https://www.bloomberg.com/press-releases/2020-04-16/arxan-technologies-becomes-part-of-digital-ai. 
  8. "Arxan Technologies Products". Arxan Technologies. Archived from the original on 2012-05-08. https://web.archive.org/web/20120508110704/http://www.arxan.com/software-protection-products/index.php. 
  9. "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2017.htm#2840. 
  10. "Android Security: Protection of Java and Native Apps". Android Security. 17 May 2012. http://www.net-security.org/secworld.php?id=12946. 
  11. "Method and system for tamperproofing software". USPTO Patent Full-Text and Image Database. http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7757097.PN.&OS=PN/7757097&RS=PN/7757097. Retrieved 25 April 2012. 
  12. "Guards for application in software tamperproofing". USPTO Patent Full-Text and Image Database. http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/7287166. 
  13. "Method and Apparatus for Hiding A Private Key". USPTO Patent Full-Text and Image Database. Archived from the original on 2005-11-21. https://web.archive.org/web/20051121200711/http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1. 
  14. "Method and system for secure computational outsourcing and disguise". USPTO Patent Full-Text and Image Database. http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7707433.PN.&OS=PN/7707433&RS=PN/7707433. Retrieved 25 April 2012. 
  15. Dager, Mike (16 July 2009). "Cyberattack Defense: Staying One Step Ahead of Hackers". TechNewsWorld. http://www.technewsworld.com/story/67605.html. Retrieved 25 April 2012. 
  16. "Securing the Internet of Things" (in en). https://www.pcmag.com/news/securing-the-internet-of-things. 
  17. "Pirates Crack Microsoft's UWP Protection, Five Layers of DRM Defeated * TorrentFreak" (in en). 2018-02-15. https://torrentfreak.com/pirates-crack-microsofts-uwp-protection-five-layers-of-drm-defeated-180215/. 
  18. Hagedoorn, Hilbert. "Windows 10 UWP protection may have been cracked, Zoo Tycoon Ultimate AC had five layers of DRM" (in en-us). https://www.guru3d.com/news-story/windows-10-uwp-protection-may-have-been-crackedzoo-tycoon-ultimate-ac-had-five-layers-of-drm,3.html. 
  19. Popa, Bogdan. "Pirates Crack the First Windows 10 UWP Game" (in english). https://news.softpedia.com/news/pirates-crack-the-first-windows-10-uwp-game-519843.shtml. 
  20. Popa, Bogdan. "Gears of War 4 for Windows 10 (UWP) Cracked by CODEX" (in english). https://news.softpedia.com/news/gears-of-war-4-for-windows-10-uwp-cracked-by-codex-520193.shtml. 
  21. "Gears of War 5 Cracked by CODEX after 13 Days of Release" (in en-US). 2019-09-22. https://www.thenerdmag.com/gears-of-war-5-cracked-by-codex-after-13-days-of-release/. 
  22. "Deloitte 500 Fastest Growing Companies 2014". http://www2.deloitte.com/content/dam/Deloitte/us/Documents/technology-media-telecommunications/us-tmt-fast-500-2014-winners%27-brochure-121114.pdf. Retrieved Oct 19, 2015. 
  23. "CIOReview 2014 Top 50 Most Promising IoT Companies". Archived from the original on 2016-03-05. https://web.archive.org/web/20160305044642/http://software.cioreview.com/vendors/2014/50special1. Retrieved Oct 19, 2015. 
  24. "Mobile Innovations Awards 2015". http://www.themobileinnovationsawards.com/2015-shortlist-the-mobile-innovations-awards/. Retrieved Oct 19, 2015. 
  25. "Arxan Awards Page". Archived from the original on June 17, 2014. https://web.archive.org/web/20140617172938/http://www.arxan.com/company/industry-awards/. Retrieved June 9, 2014.