Cryptanalysis of a Perturbated White-Box AES Implementation

Mulder, Yoni De; Wyseur, Brecht; Preneel, Bart

doi:10.1007/978-3-642-17401-8_21

Cited by 62 publications

(32 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several research efforts have also been focused on key extraction of proposed whitebox ciphers via cryptanalysis [1,31,26,10,9]. However, these attacks assume that the location and structure of the LUTs used by the white-box ciphers is known or can be easily recovered from its binary file.…”

Section: White-box Cryptographymentioning

confidence: 99%

Software-Based Protection against Changeware

Bănescu

Pretschner

Battré³

et al. 2015

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

We call changeware software that surreptitiously modifies resources of software applications, e.g., configuration files. Changeware is developed by malicious entities which gain profit if their changeware is executed by large numbers of end-users of the targeted software. Browser hijacking malware is one popular example that aims at changing webbrowser settings such as the default search engine or the home page. Changeware tends to provoke end-user dissatisfaction with the target application, e.g. due to repeated failure of persisting the desired configuration. We describe a solution to counter changeware, to be employed by vendors of software targeted by changeware. It combines several protection mechanisms: white-box cryptography to hide a cryptographic key, software diversity to counter automated key retrieval attacks, and run-time process memory integrity checking to avoid illegitimate calls of the developed API.

show abstract

Section: White-box Cryptographymentioning

confidence: 99%

Software-Based Protection against Changeware

Bănescu

Pretschner

Battré³

et al. 2015

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…A subsequent WB-AES design introduced perturbations in the cipher in an attempt to thwart the previous attack [14]. This approach was broken [51] using algebraic analysis with a 2 17 time complexity in 2010. Another WB-AES approach which resisted the previous attacks was presented in [69] in 2009 and got broken in 2012 with a work factor of 2 32 [50].…”

Section: White-box Advanced Encryption Standard (Wb-aes)mentioning

confidence: 99%

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Bos

Hubain²,

Michiels

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available whitebox programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

show abstract

“…Note that S(x) is an S-box with an 8-bit input value, x, and Tboxes for round 10 have to absorb two round keys, 9 k and k 10 , where ,…”

Section: Addroundkey and Subbytesmentioning

confidence: 99%

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

Lee¹,

Choi²,

Choi³

2015

ETRI J

View full text Add to dashboard Cite

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white‐box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white‐box attacks. The first white‐box AES (WB‐AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white‐box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB‐AES with 230 time complexity, and Michiels and others generalized it for all substitution‐linear transformation ciphers. Recently, a collision‐based cryptanalysis was also reported. In this paper, we revisit Chow and others’ first WB‐AES implementation and present a conditional re‐encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.

show abstract

Cryptanalysis of a Perturbated White-Box AES Implementation

Cited by 62 publications

References 14 publications

Software-Based Protection against Changeware

Software-Based Protection against Changeware

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

Contact Info

Product

Resources

About