On the Foundations of White-Box Cryptography
Loading...
Journal Title
Journal ISSN
Volume Title
School of Science |
Doctoral thesis (article-based)
| Defence date: 2020-06-12
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Author
Date
2020
Major/Subject
Mcode
Degree programme
Language
en
Pages
30 + app. 212
Series
Aalto University publication series DOCTORAL DISSERTATIONS, 92/2020
Abstract
In the white-box attack scenario, we consider an adversary who gets access to the implementation code of a cryptographic algorithm with an embedded secret key. Additionally, the adversary is assumed to be in control of the execution environment of the implementation. White-box cryptography aims to maintain an implementation secure, even in the presence of such a strong adversary. In this thesis, we study the foundations of white-box cryptography, clarifying its security goals, studying its feasibility and studying the effectiveness of popular attacks on real life implementations. Towards this goal, we consider the use case of white-box cryptography for mobile payment applications and compare it with its more traditional use case in digital rights management. We start by studying security definitions previously suggested and explain why the properties captured by these definitions do not align with the security we wish to achieve for white-box crypto in the context of mobile payment applications. We then propose new security notions, focusing on confidentiality and integrity as basic security goals and hardware-binding as a means to mitigate code-lifting attacks. Following this line, we present security notions for a hardware-bound white-box key derivation function (WKDF), for hardware-binding for white-box encryption, and for a hardware-bound white-box payment scheme. We present feasibility results for our WKDF based on the assumption of puncturable pseudorandom functions (PPRF) and indistinguishability obfuscation. Our construction consists of a PPRF which we use for deriving keys and bind it to a pseudorandom function-like functionality which is used for verifying if the program is running on the intended device. Via obfuscation, we hide the secret keys used for key derivation and for verification and bind these two functionalities together. Based on our WKDF, we construct a mobile payment scheme, whose security is derived from the WKDF. Additionally, we construct an incompressible white-box encryption scheme based on the standard assumption of one-way permutations. Finally, we study the susceptibility of white-box implementations w.r.t. gray-box attacks, i.e. key extraction attacks adopted from side-channel analysis of hardware implementations. We focus on the differential computation analysis (DCA), which performs a statistical analysis on execution traces of white-box designs. We study the effectiveness of this attack and show that popular white-box design frameworks are too weak to protect against DCA. Our studies lead us to an improvement and generalization of this attack. We conclude this thesis by conducting a qualitative analysis on candidate implementations submitted to the 2017 WhiBox CTF Challenge. Our results highlight the importance of achieving resistance against gray-box attacks, as well as the importance of achieving the notion of hardware-binding in order to reduce adversarial capabilities in the real world.Description
The public defense on 12th June 2020 at 16:00 (4 p.m.) will be available via remote technology.
Link: https://aalto.zoom.us/j/65850868700
Zoom Quick Guide: https://www.aalto.fi/en/services/zoom-quick-guide
Electronic online display version of the doctoral thesis is available by email by request from aaltodoc-diss@aalto.fi
Supervising professor
Brzuska, Christopher, Prof., Aalto University, Department of Computer Science, FinlandThesis advisor
Brzuska, Christopher, Prof., Aalto University, Department of Computer Science, FinlandMichiels, Wil, Prof., TU Eindhoven and NXP Semiconductors, Netherlands
Keywords
white-box cryptography, definitional studies, automated attacks
Other note
Parts
-
[Publication 1]: Estuardo Alpirez Bock, Alessandro Amadori, Chris Brzuska, Wil Michiels. On the Security Goals of White-box Cryptography. In IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2), 38 pages, February 2020.
DOI: 10.13154/tches.v2020.i2.327-357 View at publisher
- [Publication 2]: Estuardo Alpirez Bock, Chris Brzuska, Marc Fischlin, Christian Janson, Wil Michiels. Security Reductions for White-Box Key-Storage in Mobile Payments. In submission, 36 pages, September 2019
-
[Publication 3]: Estuardo Alpirez Bock, Alessandro Amadori, Joppe W. Bos, Chris Brzuska, Wil Michiels. Doubly Half-injective PRGs for Incompress- ible White-box Cryptography. In Topics in Cryptology – CT-RSA 2019, pp. 189–209, February 2019.
DOI: 10.1007/978-3-030-12612-4_10 View at publisher
-
[Publication 4]: Estuardo Alpirez Bock, Chris Brzuska, Wil Michiels, Alexander Treff. On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography. In Applied Cryptography and Network Security, pp. 103–120, June 2018.
DOI: 10.1007/978-3-319-93387-0_6 View at publisher
-
[Publication 5]: Estuardo Alpirez Bock, Joppe W. Bos, Chris Brzuska, Charles Hubain, Wil Michiels, Cristofaro Mune, Eloi Sanfelix Gonzalez, Philippe Teuwen, Alexander Treff. White-Box Cryptography: Don’t Forget About Grey Box Attacks. Journal of Cryptology, 32(4), pp. 1095–1143, October 2019.
DOI: 10.1007/s00145-019-09315-1 View at publisher
- [Publication 6]: Estuardo Alpirez Bock, Alexander Treff. Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge. Accepted for publication in COSADE, 20 pages, October 2020