Towards Security Notions for White-Box Cryptography

Saxena, Amitabh; Wyseur, Brecht; Preneel, Bart

doi:10.1007/978-3-642-04474-8_4

Cited by 30 publications

(29 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal security notions for symmetric white-box schemes are discussed and introduced in [59,22]. In [11] it is shown how one can use the ASASA construction with injective Sboxes (where ASA stands for the affine-substitution-affine [55] construction) to instantiate white-box cryptography.…”

Section: Miscellaneous White-box Resultsmentioning

confidence: 99%

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Bos

Hubain²,

Michiels

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available whitebox programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

show abstract

Section: Miscellaneous White-box Resultsmentioning

confidence: 99%

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Bos

Hubain²,

Michiels

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…A first step towards a theoretical model was proposed by Saxena, Wyseur and Preneel [28], and subsequently extended by Wyseur in his PhD thesis [30]. These results show how to translate any security notion in the black-box model into a security notion in the white-box model.…”

Section: Introductionmentioning

confidence: 93%

“…As a matter of fact, some of our security notions are not black-box notions that one would wish to preserve in the whitebox setting, but arise from new features potentially introduced by the white-box compilation. Note that although we use a different formalism and pursue different goals, our work and those in [28,30] are not in contradiction but rather co-exist in a wider framework.…”

Section: Introductionmentioning

confidence: 99%

White-Box Security Notions for Symmetric Encryption Schemes

Delerablée

Lepoint

Paillier

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. White-box cryptography has attracted a growing interest from researchers in the last decade. Several white-box implementations of standard block-ciphers (DES, AES) have been proposed but they have all been broken. On the other hand, neither evidence of existence nor proofs of impossibility have been provided for this particular setting. This might be in part because it is still quite unclear what white-box cryptography really aims to achieve and which security properties are expected from white-box programs in applications. This paper builds a first step towards a practical answer to this question by translating folklore intuitions behind white-box cryptography into concrete security notions. Specifically, we introduce the notion of white-box compiler that turns a symmetric encryption scheme into randomized white-box programs, and we capture several desired security properties such as one-wayness, incompressibility and traceability for white-box programs. We also give concrete examples of white-box compilers that already achieve some of these notions. Overall, our results open new perspectives on the design of white-box programs that securely implement symmetric encryption.

show abstract

“…This is not always relevant in RFID, where one may clearly distinguish the Human prover from the prover's device. We model these concepts by introducing the black-box [8,60] and white-box [15,52] models in our framework. This allows to refine the success probabilities of an adversary and point out that some published works underestimate the success probabilities when the prover has a full control on the execution of the algorithm.…”

Section: Prover Modelmentioning

confidence: 99%

A framework for analyzing RFID distance bounding protocols

Avoine

Bingöl

Kardaş

et al. 2011

JCS

132

View full text Add to dashboard Cite

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unified framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is finally demonstrated on a study case: Munilla-Peinado distance bounding protocol.

show abstract

Towards Security Notions for White-Box Cryptography

Cited by 30 publications

References 22 publications

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

White-Box Security Notions for Symmetric Encryption Schemes

A framework for analyzing RFID distance bounding protocols

Contact Info

Product

Resources

About