Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacking an obfuscated cipher by injecting faults Matthias Jacob Dan Boneh Edward.

Published byShanon McCarthy Modified over 8 years ago

Similar presentations

Presentation on theme: "Attacking an obfuscated cipher by injecting faults Matthias Jacob Dan Boneh Edward."— Presentation transcript:

1 Attacking an obfuscated cipher by injecting faults Matthias Jacob mjacob@cs.princeton.edu mjacob@cs.princeton.edu Dan Boneh dabo@cs.stanford.edu Edward Felten felton@cs.princeton.edu In the proceedings of the 2002 ACM Workshop on Digital Rights Management http://crypto.stanford.edu/DRM2002/drm1.pdf Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

2 Attacking an obfuscated cipher by injecting faults Summary Fault injection to extract a DES key from decryption software protected using a particular commercial obfuscator Why hiding such a key is important How to mount the attack Claims that the technique can be used on any block cipher that uses rounds Possible defenses against this attack Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

3 Appreciative comment: The topic is important: If we could let people run decryption software but hide the key from them, then copy protection, enforcement of software licensing, protecting trade secrets in software, etc., would be easy. Critical comments: 1. The technique requires so much access to the software being cracked that the attacker already has everything that can be gained by cracking it 2. The authors' claims of generality of the technique to other ciphers seem incorrect Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

4 How the attack works Figure 2, from the paper Block diagram of one round of DES Provide inputs that produce small changes in the output Insert faults before last round, analyse changes in outputs Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

5 Criticism #1: Assumes too much access "First, both encryption and decryption operations need to be available, and second, the attacker needs to be able to modify the ciphertext arbitrarily.“ If you can encrypt and decrypt at will what need is there for the key? Attacker must be able to see boundaries between rounds in the code Attacker must be able to change data being passed into a round computation. Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

6 Criticism #2: Incorrect claims of generality Rn-1 -> (Ln or Rn) unchanged (Feistel network) -- Not true for non-Feistel round-based block ciphers such as AES Few bits left to brute force after round subkey is found -- Not true for other Feistel ciphers including Skipjack, Blowfish, 3DES Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

7 Appreciative comment (redux): The topic is important: If we could let people run decryption software but hide the key from them, then copy protection, enforcement of software licensing, protecting trade secrets in software, etc., would be easy. Questions based on appreciative comment How far is it worth going to prevent people from having full access to the software that they buy? What ethical rights do people have to software that they buy? What ethical rights do the publishers have? Do your answers justify ever hiding a decryption key in software? Oral report presented for COMPSCI 725 by Sidney MarkowitzSidney Markowitz

Download ppt "Attacking an obfuscated cipher by injecting faults Matthias Jacob Dan Boneh Edward."

Similar presentations

Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
White-Box Cryptography

White-Box Cryptography
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Modern Cryptography.

Modern Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Similar presentations

Ads by Google