White-Box Cryptography

Wyseur, Brecht

doi:10.1007/978-1-4419-5906-5_627

Cited by 18 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We used this tool to model attacks on two software protection techniques. The first, as shown in Figure 5, aims to extract the cryptographic key from a White-Box Crypto (WBC) [36] library. The second aims at de-obfuscating the code of an application protected by the use of custom, randomized instruction sets that are interpreted by a software virtual machine (SoftVM) [37], as shown in Figure 6.…”

Section: Petri Net Modelling Of Attacksmentioning

confidence: 99%

“…The ACTC's protections aim at defending against reverse-engineering, tampering, and cloning. They include code and data obfuscations [13], white-box cryptography (as also discussed in Section 4.2.8) [36], code mobility [41], code diversity, code guards, code renewability, remote attestation and migration of sensitive code to secure servers [42], use of custom instruction sets interpreted by virtual machines [37] (as also discussed in Section 4.2.8), anti-debugging by means of self-debuggers [27], and more.…”

Section: Validation On Software Protection Tool Chainmentioning

confidence: 99%

See 1 more Smart Citation

A meta-model for software protections and reverse engineering attacks

Basile

Canavese

Regano

et al. 2019

Journal of Systems and Software

View full text Add to dashboard Cite

Software protection techniques are used to protect valuable software assets against man-at-the-end attacks. Those attacks include reverse engineering to steal confidential assets, and tampering to break the software's integrity in unauthorized ways. While their ultimate aims are the original assets, attackers also target the protections along their attack path. To allow both humans and tools to reason about the strength of available protections (and combinations thereof) against potential attacks on concrete applications and their assets, i.e., to assess the true strength of layered protections, all relevant and available knowledge on the relations between the relevant aspects of protections, attacks, applications, and assets need to be collected, structured, and formalized. This paper presents a software protection meta-model that can be instantiated to construct a formal knowledge base that holds precisely that information. The presented meta-model is validated against existing models and taxonomies in the domain of software protection, and by means of prototype tools that we developed to help non-modelling-expert software defenders with populating a knowledge base and with extracting and inferring practically useful information from it. All discussed tools are available as open source, and we evaluate their use as part of a software protection work flow on an open source application and industrial use cases.

show abstract

Section: Petri Net Modelling Of Attacksmentioning

confidence: 99%

Section: Validation On Software Protection Tool Chainmentioning

confidence: 99%

A meta-model for software protections and reverse engineering attacks

Basile

Canavese

Regano

et al. 2019

Journal of Systems and Software

View full text Add to dashboard Cite

show abstract

“…A digital signature scheme typically consists of three algorithms: the key generation algorithm, the signing algorithm, and the verification algorithm. There are three main attack models according to the capabilities of an adversary to attack cryptosystems [21], for example, a digital signature scheme. The first is the black-box model.…”

Section: Digital Signature Schemes and Attack Modelsmentioning

confidence: 99%

Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

Shi

Lin

Xiong

et al. 2016

Mobile Information Systems

View full text Add to dashboard Cite

Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.

show abstract

“…There are three main models of the capability of an adversary to attack a cryptosystem [1]. First is the black-box model.…”

Section: Introductionmentioning

confidence: 99%

A Secure Implementation of a Symmetric Encryption Algorithm in White-Box Attack Contexts

Shi

Qin

Zhao

2013

Journal of Applied Mathematics

View full text Add to dashboard Cite

In a white-box context, an adversary has total visibility of the implementation of the cryptosystem and full control over its execution platform. As a countermeasure against the threat of key compromise in this context, a new secure implementation of the symmetric encryption algorithm SHARK is proposed. The general approach is to merge several steps of the round function of SHARK into table lookups, blended by randomly generated mixing bijections. We prove the soundness of the implementation of the algorithm and analyze its security and efficiency. The implementation can be used in web hosts, digital right management devices, and mobile devices such as tablets and smart phones. We explain how the design approach can be adapted to other symmetric encryption algorithms with a slight modification.

show abstract

White-Box Cryptography

Cited by 18 publications

References 9 publications

A meta-model for software protections and reverse engineering attacks

A meta-model for software protections and reverse engineering attacks

Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

A Secure Implementation of a Symmetric Encryption Algorithm in White-Box Attack Contexts

Contact Info

Product

Resources

About