Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.

Published byHannah Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur."— Presentation transcript:

1 Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur

2 SoBeNet – Track 3 “Software Tamper Resistance” COSIC – Computer Security and Industrial Cryptography Members  Prof. Bart Preneel  Jan Cappaert  Brecht Wyseur Project Involvement  Obfuscation (Jan)  White-Box Cryptography (Brecht)

3 Overview Problem Description State-Of-The-Art White-Box Transformations Pro’s and Cons Future Research

4 Problem Description Quite easy to find stored or embedded keys  Shamir et al.: Playing hide and seek with stored keys  Algebraic attack on RSA key  Attack through entropy data Key information

5 White-Box Cryptography (chow et al. 2002) White-box attack context (WBAC) a.k.a. Malicious host attack context  Full-privileged attack software shares a host with cryptographic software, having complete access to the implementation of algorithms;  Dynamic execution (with instantiated cryptographic keys) can be observed;  Internal algorithm details are completely visible and alterable at will. The attacker's objective is to extract the cryptographic key, e.g. For use on a standard implementation of the same algorithm on a different platform.

6 Applications Software Agents  Embedded cryptographic keys for signing purposes Digital Rights Management (DRM) Smart Card Technology Asymmetric crypto system

7 State-Of-The-Art Sander et al.: Impossible situation to secure August 2002 – Chow et al.  A White-Box DES Implementation  A White-Box AES Implementation Link et al. – Security issues and improvements “Choice of implementation the sole remaining line of defense”

8 General idea (1) Expanding the cryptographic border External function encoding Attacker:  Analyse  Isolate random bijections  Analyse to find Goal: make isolation difficult Cryptographic algorithm Authentication code …

9 General Idea (2) Spreading embedded secret information Thus forcing an attacker to understand a greater part of the implementation KEY

10 How? White-Box Transformations Transform an algorithm into a series of key- dependant lookup tables

11 White-Box Transformations Partial Evaluation Combined Function Encoding By-Pass Encoding Split Path Encoding … Techniques apply on cryptographic algorithms build with XOR, substitution and permutation functions AES, DES, …

12 White-Box Transformations (2) Partial Evaluation 6 4 S Definition of a new key- dependant lookup table k

13 Internal Function Encoding A A B B A’ B’ Encoded version: f f g g Choose random bijection and White-Box Transformations (3)

14 Local Security Internal function encoding provides local security A’ is known. Because the bijection f is random, no information can be revealed of A (similar to one time path)

15 Global Security Currently no proof Can we guarantee white-box security? Trade-off between performance and level of security AES: Cryptanalysis by Billet et al. (2004)

16 Some Numbers DES  Chow et al.: 4,54 Mb  Improvement by Link et al.: 2,25 Mb AES  Normal implementation: 4.352 bytes  Chow et al.: 770.048 bytes 177 times bigger, 55 times slower 3104 lookups

17 Pro’s and Cons Pro’s  Expansion of cryptographic boundaries  Diversity by injection of random bijections Cons  Performance reduction  Implementation size  Lack of proof of security

18 Future Research Development of new techniques  Algebraic transformations  Dynamic key implementations Proof of security Development of an automated application tool Improve security with Obfuscation techniques

Download ppt "Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur."

Similar presentations

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
The Hardware Security Module. Agenda MAHOhard members To give background Project details Design and implementation.

The Hardware Security Module. Agenda MAHOhard members To give background Project details Design and implementation.
White-Box Cryptography

White-Box Cryptography
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.

Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) - 2007 Jordan’s Campus.

Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google