4,621 research outputs found

    White-Box AES Implementation Revisited

    Get PDF
    White-box cryptography is an obfuscation technique for protecting secret keys in software implementations even if an adversary has full access to the implementation of the encryption algorithm and full control over its execution platforms. This concept was presented by Chow et al. with white-box implementations of DES and AES in 2002. The strategy used in the implementations has become a design principle for subsequent white-box implementations. However, despite its practical importance, progress has not been substantial. In fact, it is repeated that as a proposal for a white-box implementation is reported, an attack of lower complexity is soon announced. This is mainly because most cryptanalytic methods target specific implementations, and there is no general attack tool for white-box cryptography. In this paper, we present an analytic toolbox on white-box implementations in this design framework and show how to reveal the secret information obfuscated in the implementation using this. For a substitution-linear transformation cipher on nn bits with S-boxes on mm bits, if mQm_Q-bit nonlinear encodings are used to obfuscate output values in the implementation, our attack tool can remove the nonlinear encodings with complexity O(nmQ23mQ)O(\frac{n}{m_Q}2^{3m_Q}). We should increase mQm_Q to obtain higher security, but it yields exponential storage blowing up and so there are limits to increase the security using the nonlinear encoding. If the inverse of the encoded round function FF on nn bits is given, the affine encoding AA can be recovered in O(nmmA323m)O(\frac{n}{m}\cdot{m_A}^32^{3m}) time using our specialized affine equivalence algorithm, where mAm_A is the smallest integer pp such that AA (or its similar matrix obtained by permuting rows and columns) is a block-diagonal matrix with p×pp\times p matrix blocks. According to our toolbox, a white-box implementation in the Chow et al.\u27s framework has complexity at most O(min{22mmnm+4,nlogn2n/2})O\left(\min\left\{ \tfrac{2^{2m}}{m}\cdot n^{m+4}, n\log n \cdot 2^{n/2}\right\}\right) within reasonable storage, which is much less than 2n2^n. To overcome this, we introduce an idea that obfuscates two AES-128 ciphers at once with input/output encoding on 256 bits. To reduce storage, we use a sparse unsplit input encoding. As a result, our white-box AES implementation has up to 110-bit security against our toolbox, close to that of the original cipher. More generally, we may consider a white-box implementation on the concatenation of tt ciphertexts to increase security

    Efficient and Provable White-Box Primitives

    Get PDF
    International audienceIn recent years there have been several attempts to build white-box block ciphers whose implementations aim to be incompress-ible. This includes the weak white-box ASASA construction by Bouil-laguet, Biryukov and Khovratovich from Asiacrypt 2014, and the recent space-hard construction by Bogdanov and Isobe from CCS 2015. In this article we propose the first constructions aiming at the same goal while offering provable security guarantees. Moreover we propose concrete instantiations of our constructions, which prove to be quite efficient and competitive with prior work. Thus provable security comes with a surprisingly low overhead

    Measuring Performances of a White-Box Approach in the IoT Context

    Get PDF
    The internet of things (IoT) refers to all the smart objects that are connected to other objects, devices or servers and that are able to collect and share data, in order to "learn" and improve their functionalities. Smart objects suffer from lack of memory and computational power, since they are usually lightweight. Moreover, their security is weakened by the fact that smart objects can be placed in unprotected environments, where adversaries are able to play with the symmetric-key algorithm used and the device on which the cryptographic operations are executed. In this paper, we focus on a family of white-box symmetric ciphers substitution-permutation network (SPN)box, extending and improving our previous paper on the topic presented at WIDECOM2019. We highlight the importance of white-box cryptography in the IoT context, but also the need to have a fast black-box implementation (server-side) of the cipher. We show that, modifying an internal layer of SPNbox, we are able to increase the key length and to improve the performance of the implementation. We measure these improvements (a) on 32/64-bit architectures and (b) in the IoT context by encrypting/decrypting 10,000 payloads of lightweight messaging protocol Message Queuing Telemetry Transport (MQTT)

    SoK: Design Tools for Side-Channel-Aware Implementations

    Get PDF
    Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure the physical properties of the device. Hence, they cannot be used during the design process and fail to provide root cause analysis. An alternative approach that is gaining traction is to automate leakage detection by modeling the device. The demand to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. In this SoK, we classify approaches to automated leakage detection based on the model's source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals' effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection

    Software Obfuscation with Symmetric Cryptography

    Get PDF
    Software protection is of great interest to commercial industry. Millions of dollars and years of research are invested in the development of proprietary algorithms used in software programs. A reverse engineer that successfully reverses another company‘s proprietary algorithms can develop a competing product to market in less time and with less money. The threat is even greater in military applications where adversarial reversers can use reverse engineering on unprotected military software to compromise capabilities on the field or develop their own capabilities with significantly less resources. Thus, it is vital to protect software, especially the software’s sensitive internal algorithms, from adversarial analysis. Software protection through obfuscation is a relatively new research initiative. The mathematical and security community have yet to agree upon a model to describe the problem let alone the metrics used to evaluate the practical solutions proposed by computer scientists. We propose evaluating solutions to obfuscation under the intent protection model, a combination of white-box and black-box protection to reflect how reverse engineers analyze programs using a combination white-box and black-box attacks. In addition, we explore use of experimental methods and metrics in analogous and more mature fields of study such as hardware circuits and cryptography. Finally, we implement a solution under the intent protection model that demonstrates application of the methods and evaluation using the metrics adapted from the aforementioned fields of study to reflect the unique challenges in a software-only software protection technique

    Optimization of code caves in malware binaries to evade machine learning detectors

    Get PDF
    Machine Learning (ML) techniques, especially Artificial Neural Networks, have been widely adopted as a tool for malware detection due to their high accuracy when classifying programs as benign or malicious. However, these techniques are vulnerable to Adversarial Examples (AEs), i.e., carefully crafted samples designed by an attacker to be misclassified by the target model. In this work, we propose a general method to produce AEs from existing malware, which is useful to increase the robustness of ML-based models. Our method dynamically introduces unused blocks (caves) in malware binaries, preserving their original functionality. Then, by using optimization techniques based on Genetic Algorithms, we determine the most adequate content to place in such code caves to achieve misclassification. We evaluate our model in a black-box setting with a well-known state-of-the-art architecture (MalConv), resulting in a successful evasion rate of 97.99 % from the 2k tested malware samples. Additionally, we successfully test the transferability of our proposal to commercial AV engines available at VirusTotal, showing a reduction in the detection rate for the crafted AEs. Finally, the obtained AEs are used to retrain the ML-based malware detector previously evaluated, showing an improve on its robustness.This research was supported by the Ministerio de Ciencia, Innovación y Universidades (Grant Refs. PGC2018-095322-B-C22 and PID2019-111429RB-C21), by the Region of Madrid grant CYNAMON- CM (P2018/TCS-4566), co-financed by European Structural Funds ESF and FEDER, and the Excellence Program EPUC3M17

    Revisiting Lightweight Encryption for IoT Applications: Error Performance and Throughput in Wireless Fading Channels with and without Coding

    Get PDF
    © 2013 IEEE. Employing heavy conventional encryption algorithms in communications suffers from added overhead and processing time delay; and in wireless communications, in particular, suffers from severe performance deterioration (avalanche effect) due to fading. Consequently, a tremendous reduction in data throughput and increase in complexity and time delay may occur especially when information traverse resource-limited devices as in Internet-of-Things (IoT) applications. To overcome these drawbacks, efficient lightweight encryption algorithms have been recently proposed in literature. One of those, that is of particular interest, requires using conventional encryption only for the first block of data in a given frame being transmitted. All the information in the remaining blocks is transmitted securely without the need for using heavy conventional encryption. Unlike the conventional encryption algorithms, this particular algorithm achieves lower overhead/complexity and higher data throughput. Assuming the additive white Gaussian noise (AWGN) channel, the performance of the lightweight encryption algorithm under study had been evaluated in literature in terms of throughput under the assumption that the first block, that undergoes conventional encryption, is free of error, which is practically unfeasible. In this paper, we consider the AWGN channel with Rayleigh fading and assume that the signal experiences a certain channel bit error probability and investigate the performance of the lightweight encryption algorithm under study in terms of bit error probability and throughput. We derive analytical expressions for these performance metrics considering modulated signals with and without coding. In addition, we propose an extension to the lightweight encryption algorithm under study by further enhancing its security level without significantly affecting the overhead size and processing time. Via numerical results we show the superiority of the lightweight encryption algorithm under study over the conventional encryption algorithms (like the AES) and the lightweight encryption algorithms proposed in literature in terms of error and throughput performance
    corecore