On the Foundations of White-Box Cryptography

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Brzuska, Christopher, Prof., Aalto University, Department of Computer Science, Finland
dc.contributor.advisor Michiels, Wil, Prof., TU Eindhoven and NXP Semiconductors, Netherlands
dc.contributor.author Bock, Estuardo Alpírez
dc.date.accessioned 2020-05-27T09:00:05Z
dc.date.available 2020-05-27T09:00:05Z
dc.date.issued 2020
dc.identifier.isbn 978-952-60-3922-0 (electronic)
dc.identifier.isbn 978-952-60-3921-3 (printed)
dc.identifier.issn 1799-4942 (electronic)
dc.identifier.issn 1799-4934 (printed)
dc.identifier.issn 1799-4934 (ISSN-L)
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/44380
dc.description The public defense on 12th June 2020 at 16:00 (4 p.m.) will be available via remote technology. Link: https://aalto.zoom.us/j/65850868700 Zoom Quick Guide: https://www.aalto.fi/en/services/zoom-quick-guide Electronic online display version of the doctoral thesis is available by email by request from aaltodoc-diss@aalto.fi
dc.description.abstract In the white-box attack scenario, we consider an adversary who gets access to the implementation code of a cryptographic algorithm with an embedded secret key. Additionally, the adversary is assumed to be in control of the execution environment of the implementation. White-box cryptography aims to maintain an implementation secure, even in the presence of such a strong adversary. In this thesis, we study the foundations of white-box cryptography, clarifying its security goals, studying its feasibility and studying the effectiveness of popular attacks on real life implementations. Towards this goal, we consider the use case of white-box cryptography for mobile payment applications and compare it with its more traditional use case in digital rights management. We start by studying security definitions previously suggested and explain why the properties captured by these definitions do not align with the security we wish to achieve for white-box crypto in the context of mobile payment applications. We then propose new security notions, focusing on confidentiality and integrity as basic security goals and hardware-binding as a means to mitigate code-lifting attacks. Following this line, we present security notions for a hardware-bound white-box key derivation function (WKDF), for hardware-binding for white-box encryption, and for a hardware-bound white-box payment scheme. We present feasibility results for our WKDF based on the assumption of puncturable pseudorandom functions (PPRF) and indistinguishability obfuscation. Our construction consists of a PPRF which we use for deriving keys and bind it to a pseudorandom function-like functionality which is used for verifying if the program is running on the intended device. Via obfuscation, we hide the secret keys used for key derivation and for verification and bind these two functionalities together. Based on our WKDF, we construct a mobile payment scheme, whose security is derived from the WKDF. Additionally, we construct an incompressible white-box encryption scheme based on the standard assumption of one-way permutations. Finally, we study the susceptibility of white-box implementations w.r.t. gray-box attacks, i.e. key extraction attacks adopted from side-channel analysis of hardware implementations. We focus on the differential computation analysis (DCA), which performs a statistical analysis on execution traces of white-box designs. We study the effectiveness of this attack and show that popular white-box design frameworks are too weak to protect against DCA. Our studies lead us to an improvement and generalization of this attack. We conclude this thesis by conducting a qualitative analysis on candidate implementations submitted to the 2017 WhiBox CTF Challenge. Our results highlight the importance of achieving resistance against gray-box attacks, as well as the importance of achieving the notion of hardware-binding in order to reduce adversarial capabilities in the real world. en
dc.format.extent 30 + app. 212
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.publisher Aalto University en
dc.publisher Aalto-yliopisto fi
dc.relation.ispartofseries Aalto University publication series DOCTORAL DISSERTATIONS en
dc.relation.ispartofseries 92/2020
dc.relation.haspart [Publication 1]: Estuardo Alpirez Bock, Alessandro Amadori, Chris Brzuska, Wil Michiels. On the Security Goals of White-box Cryptography. In IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2), 38 pages, February 2020. DOI: 10.13154/tches.v2020.i2.327-357
dc.relation.haspart [Publication 2]: Estuardo Alpirez Bock, Chris Brzuska, Marc Fischlin, Christian Janson, Wil Michiels. Security Reductions for White-Box Key-Storage in Mobile Payments. In submission, 36 pages, September 2019
dc.relation.haspart [Publication 3]: Estuardo Alpirez Bock, Alessandro Amadori, Joppe W. Bos, Chris Brzuska, Wil Michiels. Doubly Half-injective PRGs for Incompress- ible White-box Cryptography. In Topics in Cryptology – CT-RSA 2019, pp. 189–209, February 2019. DOI: 10.1007/978-3-030-12612-4_10
dc.relation.haspart [Publication 4]: Estuardo Alpirez Bock, Chris Brzuska, Wil Michiels, Alexander Treff. On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography. In Applied Cryptography and Network Security, pp. 103–120, June 2018. DOI: 10.1007/978-3-319-93387-0_6
dc.relation.haspart [Publication 5]: Estuardo Alpirez Bock, Joppe W. Bos, Chris Brzuska, Charles Hubain, Wil Michiels, Cristofaro Mune, Eloi Sanfelix Gonzalez, Philippe Teuwen, Alexander Treff. White-Box Cryptography: Don’t Forget About Grey Box Attacks. Journal of Cryptology, 32(4), pp. 1095–1143, October 2019. DOI: 10.1007/s00145-019-09315-1
dc.relation.haspart [Publication 6]: Estuardo Alpirez Bock, Alexander Treff. Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge. Accepted for publication in COSADE, 20 pages, October 2020
dc.subject.other Computer science en
dc.title On the Foundations of White-Box Cryptography en
dc.type G5 Artikkeliväitöskirja fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.contributor.school School of Science en
dc.contributor.department Matematiikan ja systeemianalyysin laitos fi
dc.contributor.department Department of Mathematics and Systems Analysis en
dc.subject.keyword white-box cryptography en
dc.subject.keyword definitional studies en
dc.subject.keyword automated attacks en
dc.identifier.urn URN:ISBN:978-952-60-3922-0
dc.type.dcmitype text en
dc.type.ontasot Doctoral dissertation (article-based) en
dc.type.ontasot Väitöskirja (artikkeli) fi
dc.contributor.supervisor Brzuska, Christopher, Prof., Aalto University, Department of Computer Science, Finland
dc.opn Paillier, Pascal, Dr., Cryptoexperts Paris, France
dc.contributor.lab Cryptography en
dc.rev Paillier, Pascal, Dr., Cryptoexperts Paris, France
dc.rev Bogdanov Andrey, Prof., DTU Denmark and Cybercrypt, Denmark
dc.date.defence 2020-06-12
local.aalto.formfolder 2020_05_26_klo_15_00
local.aalto.archive yes


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse