Multilateral White-Box Cryptanalysis: Case study on WB-AES of CHES Challenge 2016

The security requirement of white-box cryptography (WBC) is that it should protect the secret key from a white-box security model that permits an adversary who is able to entirely control the execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the WBCs are vulnerable to algebraic attacks from a white-box security perspective. Recently, a new differential computation analysis (DCA) attack has been proposed that thwarts the white-box implementation of block cipher AES (WB-AES) by monitoring the memory information accessed during the execution of the algorithm. Although the attack requires the ability to estimate the internal information of the memory pattern, it retrieves the secret key after a few attempts. In addition, it is proposed that the hardware implementation of WB-AES is vulnerable to differential power analysis (DPA) attack. In this paper, we propose a DPA-based attack that directly exploits the intermediate values of WB-AES computation with ut requiring to utilize memory data. We also demonstrate its practicability with respect to public software implementation of WB-AES. Additionally, we investigate the vulnerability of our target primitive to DPA by acquiring actual power consumption traces of software implementation

Revisiting the BGE Attack on a White-Box AES Implementation

White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracting its embedded AES key with a work factor of $2^{30}$. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. This paper presents several improvements to the other phases of the BGE attack. The paper shows that the overall work factor of the BGE attack is reduced to $2^{22}$ when all improvements are implemented. In 2010, Karroumi presented a white-box AES implementation that is designed to withstand the BGE attack. This paper shows that the implementations of Karroumi and Chow \emph{et al.} are the same. As a result, Karroumi\u27s white-box AES implementation is vulnerable to the attack it was designed to resist

White-Box Cryptography in the Gray Box - A Hardware Implementation and its Side Channels

Implementations of white-box cryptography aim to protect a secret key in a white-box environment in which an adversary has full control over the execution process and the entire environment. Its fundamental principle is the map of the cryptographic architecture, including the secret key, to a number of encoded tables that shall resist the inspection and decomposition of an attacker. In a gray-box scenario, however, the property of hiding required implementation details from the attacker could be used as a promising mitigation strategy against side-channel attacks (SCA). In this work, we present a first white-box implementation of AES on reconfigurable hardware for which we evaluate this approach assuming a gray-box attacker. We show that - unfortunately - such an implementation does not provide sufficient protection against an SCA attacker. We continue our evaluations by a thorough analysis of the source of the observed leakage, and present additional results which can be used to build stronger white-box designs

Методи диференціального обчислювального криптоаналізу вбудованих систем

У роботі визначено існуючі методи проведення диференціального обчислювального аналізу: трасування програми та трасування емулятора. Доповнено існуючі інструменти для виконання другого методу, створено програму з допомогою Qiling Framework, що здатна емулювати файли на архітектурах AMD64, ARM, MIPS, та знімати траси. У трасах логується інформація про запити програми до пам’яті (на читання чи запис), які потім фільтруються та перетворюються у потрібний формат для проведення кореляційного аналізу. Існуючий інструмент для проведення кореляційного аналізу був модифікований для можливості візуалізації результатів.The paper recalls two existing methods of differential computation analysis: instrumenting the binary and instrumenting an emulator that is in charge of the binary execution. Existing tools have been modified to make them suitable for the second method, including a Qiling Framework program that can emulate files on AMD64, ARM, and MIPS architectures, and record traces. The traces include the information about the addresses in memory that are accessed, the type of the access (read, write, execute), and the value the addresses contain. Then they are filtered and formatted for the differential power analysis tools. The existing tool for conducting differential correlation analysis was modified to allow results visualization

Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge

In 2017, the first CHES Capture the Flag Challenge was organized in an effort to promote good design candidates for white-box cryptography. In particular, the challenge assessed the security of the designs with regard to key extraction attacks. A total of 94 candidate programs were submitted, and all of them were broken eventually. Even though most candidates were broken within a few hours, some candidates remained robust against key extraction attacks for several days, and even weeks. In this paper, we perform a qualitative analysis on all candidates submitted to the CHES 2017 Capture the Flag Challenge. We test the robustness of each challenge against different types of attacks, such as automated attacks, extensions thereof and reverse engineering attacks. We are able to classify each challenge depending on their robustness against these attacks, highlighting how challenges vulnerable to automated attacks can be broken in a very short amount of time, while more robust challenges demand for big reverse engineering efforts and therefore for more time from the adversaries. Besides classifying the robustness of each challenge, we also give data regarding their size and efficiency and explain how some of the more robust challenges could actually provide acceptable levels of security for some real-life applications

A Masked White-box Cryptographic Implementation for Protecting against Differential Computation Analysis

Recently, gray-box attacks on white-box cryptographic implementations have succeeded. These attacks are more efficient than white-box attacks because they can be performed without detailed knowledge of the target implementation. The success of the gray-box attack is reportedly due to the unbalanced encoding used to generate the white-box lookup table. In this paper, we propose a method to protect the gray-box attack against white-box implementations. The basic idea is to apply the masking technique before encoding intermediate values during the white-box lookup table generation. Because we do not require any random source in runtime, it is possible to perform efficient encryption and decryption using our method. The security and performance analysis shows that the proposed method can be a reliable and efficient countermeasure

Solução de criptografia de caixa branca para aplicações JavaScript

Atualmente, a linguagem de programação JavaScript é uma das mais utilizadas. Por todo o mundo são produzidas e distribuídas inúmeras aplicações JavaScript. Assim sendo, estas têm de ser protegidas contra roubos que podem violar a propriedade intelectual da aplicação e contra adulterações maliciosas que podem modificar o seu comportamento. Para proteger estas aplicações, um dos possíveis caminhos é usar encriptação. No entanto, a encriptação, tem um único ponto de falha: a chave criptográfica. Caso esta seja comprometida, a aplicação ficará facilmente acessível para potenciais atacantes. As soluções de criptografia de caixa branca tentam proteger a chave para que um atacante não lhe tenha acesso e, consequentemente, a aplicação tenha um maior nível de segurança. Neste documento é apresentada a primeira solução de criptografia de caixa branca para aplicações JavaScript. Esta solução é totalmente adaptada ao contexto em que se insere, sendo tão importante o acesso ao código fonte da aplicação como à chave criptográfica. Além disso, é uma solução que combate as principais formas de ataque proporcionadas pela própria linguagem. A solução de criptografia de caixa branca será resistente a modificações por parte de um atacante. Caso este modifique, de alguma forma, a aplicação, esta deixará de funcionar.Nowadays, the JavaScript programming language is one of the most used. JavaScript applications are produced and distributed in all over the world. Therefore, this kind of applications has to be protected against thefts which can break the intellectual property and against malicious tampering. In order to protect JavaScript applications, one of the possible ways is to use encryption. However the encryption has a unique point of failure: the encryption key. If this key is compromised, the application will become easily accessible for potential attackers. The white-box cryptography solutions try to protect the encryption key so that an attacker can not have access to that and, thereafter, the application will have a higher security level. In this document is presented the first white-box cryptography solution for JavaScript applications. This solution fits well in it's environment and the access to the source code of the application has the same relevance that the cryptographic key. Besides that, it's a solution that fights the majors threads of the JavaScript programming language. The white-box cryptography solution will have an anti-tampering mechanism. If an attacker modifies the application, it will not working anymore

White-box cryptography with global device binding from message-recoverable signatures and token-based obfuscation

White-box cryptography has been proposed as a software protection technique for applications where limited or no hardware-based security is available. In recent years it has been crucial for enabling the security of mobile payment applications. In this paper we continue a recent line of research on device binding for white-box cryptography. Device binding ensures that a white-box program is only executable on one specific device and is unusable elsewhere. Building on this, we ask the following question: is it possible to design a {\em global} white-box program which is compiled once, but can be securely shared with multiple users and bound to each of their devices? Acknowledging this question, we define different flavours of security for such global white-boxes and provide corresponding constructions. We first consider families of \emph{strong} global white-boxes which can be securely distributed and bound to users\u27 devices without the need of sharing secrets between the compiling entity and the users. We then show how such strong global white-boxes can be constructed based on message recoverable signatures (MRS). To this end, we introduce \emph{puncturable} MRS which we build based on puncturable PRFs and indistinguishability obfuscation. Later in the paper we consider the use of Token-Based Obfuscation (TBO) and show that TBO can provide us a direct way to construct global white-boxes, as long as we can securely share a token generation key between the users and compiling entities. While such global white-boxes have weaker security guarantees than their stronger counterparts, our results show that white-box crypto can be built from more accepted assumptions than previously considered. Moreover, TBO allows us to construct white-boxes for any functionality or encryption scheme and thus provides us a very general feasibility result for device binding

Analysis of Software Countermeasures for Whitebox Encryption

Whitebox cryptography aims to ensure the security of cryptographic algorithms in the whitebox model where the adversary has full access to the execution environment. To attain security in this setting is a challenging problem: Indeed, all published whitebox implementations of standard symmetric-key algorithms such as AES to date have been practically broken. However, as far as we know, no whitebox implementation in real-world products has suffered from a key recovery attack. This is due to the fact that commercial products deploy additional software protection mechanisms on top of the whitebox implementation. This makes practical attacks much less feasible in real-world applications. There are numerous software protection mechanisms which protect against standard whitebox attacks. One such technique is control flow obfuscation which randomizes the order of table lookups for each execution of the whitebox encryption module. Another technique is randomizing the locations of the various Look up tables (LUTs) in the memory address space. In this paper we investigate the effectiveness of these countermeasures against two attack paradigms. The first known as Differential Computational Analysis (DCA) attack was developed by Bos, Hubain, Michiels and Teuwen in CHES 2016. The attack passively collects software execution traces for several plaintext encryptions and uses the collected data to perform an analysis similar to the well known differential power attacks (DPA) to recover the secret key. Since the software execution traces contain time demarcated physical addresses of memory locations being read/written into, they essentially leak the values of the inputs to the various LUTs accessed during the whitebox encryption operation, which as it turns out leaks sufficient information to perform the power attack. We found that if in addition to control flow obfuscation, one were to randomize the locations of the LUTs in the memory, then it is very difficult to perform the DCA on the resultant system using such table inputs and extract the secret key in reasonable time. As an alternative, we investigate the version of the DCA attack which uses the outputs of the tables instead of the inputs to mount the power analysis attack. This modified DCA is able to extract the secret key from the flow obfuscated and location randomized versions of several whitebox binaries available in crypto literature. We develop another attack called the Zero Difference Enumeration (ZDE) attack. The attack records software traces for several pairs of strategically selected plaintexts and performs a simple statistical test on the effective difference of the traces to extract the secret key. We show that ZDE is able to recover the keys of whitebox systems. Finally we propose a new countermeasure for protecting whitebox binaries based on insertion of random delays which aims to make both the ZDE and DCA attackspractically difficult by adding random noise in the information leaked to the attacker

A Tutorial on White-box AES

Abstract. White-box cryptography concerns the design and analysis of implementations of cryptographic algorithms engineered to execute on untrusted platforms. Such implementations are said to operate in a white-box attack context. This is an attack model where all details of the implementation are completely visible to an attacker: not only do they see input and output, they see every intermediate computation that happens along the way. The goal of a white-box attacker when targeting an implementation of a cipher is typically to extract the cryptographic key; thus, white-box implementations have been designed to thwart this goal (i.e., to make key extraction difficult/infeasible). The academic study of white-box cryptography was initiated in 2002 in the seminal work of Chow, Eisen, Johnson and van Oorschot (SAC 2002). Here, we review the first white-box AES implementation proposed by Chow et al. and give detailed information on how to construct it. We provide a number of diagrams that summarize the flow of data through the various look-up tables in the implementation, which helps clarify the overall design. We then briefly review the impressive 2004 cryptanalysis by Billet, Gilbert and Ech-Chatbi (SAC 2004). The BGE attack can used to extract an AES key from Chow et al.’s original white-box AES implementation with a work factor of about 2 30, and this fact has motivated subsequent work on improved AES implementations