Abstract. Conventional software implementations of cryptographic algorithms are totally insecure where a hostile user may control the execution environment, or where co-located with malicious software. Yet current trends point to increasing usage in environments so threatened. We discuss encrypted-composed-function methods intended to provide a practical degree of protection against white-box (total access) attacks in untrusted execution environments. As an example, we show how aes can be implemented as a series of lookups in key-dependent tables. The intent is to hide the key by a combination of encoding its tables with random bijections representing compositions rather than individual steps, and extending the cryptographic boundary by pushing it out further into the containing application. We partially justify our aes implementation, and motivate its design, by showing how removal of parts of the recommended implementation allows specified attacks, including one utilizing a pattern in the aes SubBytes table.
Abstract. For digital rights management (drm) software implementations incorporating cryptography, white-box cryptography (cryptographic implementation designed to withstand the white-box attack context) is more appropriate than traditional black-box cryptography. In the whitebox context, the attacker has total visibility into software implementation and execution. Our objective is to prevent extraction of secret keys from the program. We present methods to make such key extraction difficult, with focus on symmetric block ciphers implemented by substitution boxes and linear transformations. A des implementation (useful also for triple-des) is presented as a concrete example.
Currently, most means of communication include some form of identification of the sender/originator, but none of these identifications are securely authenticated (at least not conveniently or in wide use). Legitimate business entities can be misrepresented by their name, and this creates opportunities for various scams known as phishing. We propose a new end-to-end authentication scheme that can be used to authenticate companies over many means of communication including telephony, email, web, and Instant Messaging. The framework is flexible and gives concerned legitimate institutions the ability to delegate their authenticated names to employees outside the office as well as outsourcing companies.
Categories and Subject DescriptorsK.6.5 [Management of computing and information systems]:
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.