White-Box Cryptography: Formal Notions and (Im)possibility Results

A key research question in computer security is whether one can implement software that offers some protection against software attacks from its execution platform. While code obfuscation attempts to hide certain characteristics of a program P, white-box cryptography specifically focusses on software implementations of cryptographic primitives (such as encryption schemes); the goal of a white-box implementation is to offer a certain level of robustness against an adversary who has full access to and control over the implementation of the primitive. Several formal models for obfuscation have been presented before, but it is not clear if any of these definitions can capture the concept of white-box cryptography. In this paper, we discuss the relation between obfuscation and white-box cryptography, and formalize the notion of white-box cryptography by capturing the security requirement using a \u27White-Box Property\u27 (WBP). In the second part, we present positive and negative results on white-box cryptography. We show that for interesting programs (such as encryption schemes, and digital signature schemes), there are security notions that cannot be satisfied when adversaries have white-box access, while the notion is satisfied when the adversary has black-box access to its functionality. On the positive side, we show that there exists an obfuscator for a symmetric encryption scheme for which a useful security notion (such as CPA security) remains satisfied when an adversary has access to its white-box implementation

Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings

At DRM 2002, Chow et al. presented a method for implementing the DES block cipher such that it becomes hard to extract the embedded secret key in a white-box attack context. In such a context, an attacker has full access to the implementation and its execution environment. In order to provide an extra level of security, an implementation shielded with external encodings was introduced by Chow et al. and improved by Link and Neumann. In this paper, we present an algorithm to extract the secret key from such white-box DES implementations. The cryptanalysis is a differential attack on obfuscated rounds, and works regardless of the shielding external encodings that are applied. The cryptanalysis has a average time complexity of $2^{14}$ and a negligible space complexity

A reference architecture for software protection

This paper describes the ASPIRE reference architecture designed to tackle one major problem in this domain: the lack of a clear process and an open software architecture for the composition and deployment of multiple software protections on software application

The ASPIRE framework for software protection

In the ASPIRE research project, a software protection tool flow was designed and prototyped that targets native ARM Android code. This tool flow supports the deployment of a number of protections against man-at-the-end attacks. In this tutorial, an overview of the tool flow will be presented and attendants will participate to a hands-on demonstration. In addition, we will present an overview of the decision support systems developed in the project to facilitate the use of the protection tool flow

A Reference Architecture for Software Protection

This paper describes the ASPIRE reference archi-tecture designed to tackle one major problem in this domain: the lack of a clear process and an open software architecture for the composition and deployment of multiple software protections on software applications

Code Renewability for Native Software Protection

Software protection aims at safeguarding assets embedded in software by preventing and delaying reverse engineering and tampering attacks. This paper presents an architecture and supporting tool flow to renew parts of native applications dynamically. Renewed and diversified code and data belonging to either the original application or to linked-in protections are delivered from a secure server to a client on demand. This results in frequent changes to the software components when they are under attack, thus making attacks harder. By supporting various forms of diversification and renewability, novel protection combinations become available, and existing combinations become stronger. The prototype implementation is evaluated on a number of industrial use cases

White-Box Cryptography (White-box cryptografie)

This thesis studies the topic of 'white-box cryptography' (WBC), wh ich focuses on software implementations of cryptographic primitives (suc h as encryption schemes). Traditionally, cryptographic primitives are de signed to protect data and keys against 'black-box' attacks. In suc h a context, an adversary has knowledge of the algorithm and may examine various inputs to and outputs from the system, but has no visibility on the internal details of the execution of a key instantiated primitive. In contrast, the goal of white-box implementations is to provide a degre e of robustness against attacks from the execution environment. In such an environment, an adversary has unrestricted access to the software imp lementation. The main part of this dissertation covers the security assessment of whi te-box implementations. This contribution is two-fold: we study practica l white-box techniques and perform a theoretical study. First, a study i s conducted on the practical white-box implementations of DES and AES en cryption algorithms, which includes their cryptanalysis. Subsequently, g eneric cryptanalysis results are described, which opens a discussion tow ards white-box design strategies. Since no formal definitions of white-box cryptography were presented bef ore and the proposed white-box implementations did not come with any pro of of security, we initiate a study towards a theoretical model for whit e-box cryptography. The study on formal models of obfuscation and provab le security leads to a definition where we capture the security requirem ents of WBC defined over some cryptographic scheme and a security notion . This new theoretical model provides a context to investigate the secur ity of white-box implementations, which leads to a number of positive an d negative possibility results. Considering the practical interest of research in WBC, we conclude with an overview of a selection of applications and related research fields t hat might benefit from and contribute to this research topic.status: publishe

2nd International Workshop on Software Protection : SPRO 2016

Software Protection techniques aim to defend the confidentiality and integrity of software applications that are exposed to an adversary that shares the execution host and access privileges of the application. This scenario is often denoted as protection against MATE (Man-At-The-End) attacks. This is an area of growing importance. For industry, in many cases the deployment of such techniques is crucial to ensure business continuity. Following the first SPRO workshop co-located with ICSE 2015 in Florence, Italy, this second edition aims to establish a tradition where academics and industrial experts in software protection can meet to confront the challenges in designing stronger protections and in developing better support to deploy those protections and to make them compatible with industrial software development life cycle requirements

Remote attestation on legacy operating systems with trusted platform modules

status: publishe