Attacking an obfuscated cipher by injecting faults Matthias Jacob Dan Boneh Edward.

Slides:



Advertisements
Similar presentations
Conventional Encryption: Algorithms
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
White-Box Cryptography
Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Modern Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
Software Obfuscation from Crackers’ viewpoint Y, Hiroki; K, Yuichiro; M Akito, N Masahide; M Ken-ichi Proceedings of the IASTED International Conference.
Feistel Model Last Updated: Aug 27, Feistel Cipher Structure Described by Horst Feistel (IBM) in 1973 Many symmetric encryption algorithms use this.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Dan Boneh Block ciphers The AES block cipher Online Cryptography Course Dan Boneh.
Network Encryption Vince Ceccarelli Group 7 TC 200.
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
LUCIFER hell's favorite cipher.... By: OUTSOURCED Trevin Maerten Eitan Romanoff.
1 Symmetric key cryptography: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plaintext input How secure.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
Computer and Network Security Rabie A. Ramadan Lecture 3.
Chapter 2 Symmetric Encryption.
Plaintextciphertext encryption algorithmdecryption algorithm plaintext.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
CS519, © A.SelcukDifferential & Linear Cryptanalysis1 CS 519 Cryptography and Network Security Instructor: Ali Aydin Selcuk.
Conventional Encryption Chapter 4. Multiple DES Advantage of extra stages –Each stage gives 56 more bits of key length –Double DES subject to meet-in-the-middle.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Data Encryption Standard 1977 “New Directions in Cryptography” 1976.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CST 312 Pablo Breuer. A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length Typically a block size of 64 or.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.
Hardware Protection Against Software Piracy
Attacking an obfuscated cipher by injecting faults
6b. Practical Constructions of Symmetric-Key Primitives.
Cryptography Lecture 18.
About Blowfish Encryption Video made by: Tudor Mare Sorin Nita Valentina Sociu Stefan Stefanescu.
SYMMETRIC ENCRYPTION.
Exercise 1: Let’s Communicate - Decrypt The message
Encryption Basics Types of ciphers Algorithms Modes Key Length
Cryptography Lecture 17.
Modern Cryptography.
Hash Function Requirements
The RSA Public-Key Encryption Algorithm
Advanced Encryption Standard
Cipher-Based MAC Network Security.
Stream Cipher Structure
Feistel Cipher Structure
Presentation transcript:

Attacking an obfuscated cipher by injecting faults Matthias Jacob Dan Boneh Edward Felten In the proceedings of the 2002 ACM Workshop on Digital Rights Management Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Attacking an obfuscated cipher by injecting faults Summary Fault injection to extract a DES key from decryption software protected using a particular commercial obfuscator Why hiding such a key is important How to mount the attack Claims that the technique can be used on any block cipher that uses rounds Possible defenses against this attack Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Appreciative comment: The topic is important: If we could let people run decryption software but hide the key from them, then copy protection, enforcement of software licensing, protecting trade secrets in software, etc., would be easy. Critical comments: 1. The technique requires so much access to the software being cracked that the attacker already has everything that can be gained by cracking it 2. The authors' claims of generality of the technique to other ciphers seem incorrect Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

How the attack works Figure 2, from the paper Block diagram of one round of DES Provide inputs that produce small changes in the output Insert faults before last round, analyse changes in outputs Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Criticism #1: Assumes too much access "First, both encryption and decryption operations need to be available, and second, the attacker needs to be able to modify the ciphertext arbitrarily.“ If you can encrypt and decrypt at will what need is there for the key? Attacker must be able to see boundaries between rounds in the code Attacker must be able to change data being passed into a round computation. Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Criticism #2: Incorrect claims of generality Rn-1 -> (Ln or Rn) unchanged (Feistel network) -- Not true for non-Feistel round-based block ciphers such as AES Few bits left to brute force after round subkey is found -- Not true for other Feistel ciphers including Skipjack, Blowfish, 3DES Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Appreciative comment (redux): The topic is important: If we could let people run decryption software but hide the key from them, then copy protection, enforcement of software licensing, protecting trade secrets in software, etc., would be easy. Questions based on appreciative comment How far is it worth going to prevent people from having full access to the software that they buy? What ethical rights do people have to software that they buy? What ethical rights do the publishers have? Do your answers justify ever hiding a decryption key in software? Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.