Differential computation analysis:hiding your white-box designs is not enough

\u3cp\u3eAlthough all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell “secure” white-box products. In this paper, we present a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. To illustrate its effectiveness, we show how DCA can extract the secret key from numerous publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This approach allows one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated manner.\u3c/p\u3

Simulated annealing

\u3cp\u3eMany problems in engineering, planning and manufacturing can be modeled as that of minimizing or maximizing a cost function over a finite set of discrete variables. This class of so-called combinatorial optimization problems has received much attention over the years and major achievements have been made in its analysis (Ausiello et al.\u3c/p\u3

Scheduling TV recordings for a recommender-based DVR

\u3cp\u3eIn a recommender-based digital video recorder, TV programs are considered for automatic recording on a hard disk. The choice of which programs to record depends on (i) the scores assigned to the programs by the recommender, (ii) the times and channels at which the programs are broadcast, and (iii) the number of tuners available for recording. For a given set of programs that are broadcast in a given time interval, and a given number m of tuners, we consider the problem of determining a subset S'⊆ of programs with a maximum sum of scores that can be recorded with the m tuners. We show that this problem can be formulated as a min-cost flow problem and can be solved to optimality in O (mn\u3csup\u3e2\u3c/sup\u3e)time. In addition, we indicate how the min-cost flow approach can be adapted to take into account practical considerations such as uncertainties in the actual broadcast times of programs and programs that are broadcast multiple times in the given time interval. We present experimental results that suggest that, for realistic settings, near-optimal subsets can be determined on low-cost hardware.\u3c/p\u3

White-box cryptography:don’t forget about grey-box attacks

\u3cp\u3eDespite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse-engineering efforts. In this paper, we describe new approaches to assess the security of white-box implementations which require neither knowledge about the look-up tables used nor expensive reverse-engineering efforts. We introduce the differential computation analysis (DCA) attack which is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. Similarly, the differential fault analysis (DFA) attack is the software counterpart of fault injection attacks on cryptographic hardware. For DCA, we developed plugins to widely available dynamic binary instrumentation (DBI) frameworks to produce software execution traces which contain information about the memory addresses being accessed. For the DFA attack, we developed modified emulators and plugins for DBI frameworks that allow injecting faults at selected moments within the execution of the encryption or decryption process as well as a framework to automate static fault injection. To illustrate the effectiveness, we show how DCA and DFA can extract the secret key from numerous publicly available non-commercial white-box implementations of standardized cryptographic algorithms. These approaches allow one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated or semi-automated manner.\u3c/p\u3