EPONA

Epona is a compiler that uses innovative software protection technology to prevent attackers from stealing your assets and putting your users at risk

Customer challenges

PROTECT

Make it harder for an attacker to reach your users data or systems 

DETECT

Know when an attacker is trying to exploit your apps and systems

REACT

Do not let an attack get any further into your apps and systems

COMPLY

Match the security expectations required by the stakeholders

Features

  • Code and data protection : Static and dynamic layers to prevent intrusion in your application
  • Runtime protection: Detect attacks and adapt your behaviour 
  • Secure storage : Bring encryption, integrity and signature to the data stored locally
  • Whitebox cryptography : Ensure your data and keys are safe while your application is running 

They trust us

PAYMENT SOLUTIONS

Prevent fraud in mobile payment, PoS, PoE

AUTOMOTIVE

Increase safety and security in connected cars  

IoT

Do not compromise performances for security on your devices

DRM

Ease the distribution of protected content

Why Choose Epona?

  • On premise : Designed for on-premise deployment within your infrastructure, also with airgapped capabilities
  • Interoperability : Connect with numerous tools and can be integrated within operational process via API 
  • Extensible : Choose your engines according to your needs from a selection of probes (third-party, Quarkslab or your own probes)
  • Confidentiality : Keep your files protected in a disconnected environment to ensure privacy
Epona App Shield Epona Keys Shield Epona Vault
Category App Shielding Zero-Trust Whitebox crypto Digital vault
Purpose Keep your software safe from theft, fraud, cloning and counterfeiting. Keep your secret keys safe from theft, leakage, cloning Keep all your digital assets safe from theft, leakage, cloning, counterfeiting.
Protects Software integrity, safe execution, source code (reverse engineering), vulnerability research and exploitation. Secret keys and unique identifier (UUID) Digital assets (i.e. passwords, identifier, authentication tokens, etc.)
Protection mode Static and dynamic Static and dynamic Persistent (on disk) keys & data
Protection layers Code & Data obfuscation (25+ different passes)Environmental protections (anti-root, anti-jailbreak, anti-debug, anti-hooking, anti-dynamic analysis)Integrity checks / anti-tamperingMulti-level configuration (block, function, module)Zero-trust: full control on the (re)generation of your applicationAutomatic test & reporting on applied protection Symmetric encryption: AES128 with CTC/CBR modesSignature: AES-CMAC, ECDSA on NIST-256pAsymmetric encryption: ElGamal on NIST-256pDiversification per client or per deviceZero-trust: full control on the (re)generation of your whitebox Device binded key/value databaseEncryption and authentication of dataOnly decrypt what you useRely on hardware security components if available (e.g. Android KeyStore)Small code and memory footprint
Languages C/C++ API API
Operating systems Linux, Android, Windows, OS X / iOS Linux, Android, Windows, OS X / iOS Linux, Android, Windows, OS X / iOS
Architecture x86, x86_64, ARM, ARM64 x86, x86_64, ARM, ARM64 x86, x86_64, ARM, ARM64
Security policy External YAML configuration or Pragma in the code API API
IDE integration Apple XCode, Microsoft Visual Studio, et Google Android NDK Apple XCode, Microsoft Visual Studio, et Google Android NDK Apple XCode, Microsoft Visual Studio, et Google Android NDK
Sec/Dev/Ops Gitlab, Jenkins Gitlab, Jenkins Gitlab, Jenkins