Iqra khalil

Mode/Type: Academic

Work inspired by:Chow & Brecht Wyseur

White box cryptography

(in an insecure environment)

Motivation How WBC enables us to implement cryptographic

algorithms bundled with a key, with guarantees that

adversaries can’t extract this key.

Why White box cryptography inspired by code

obfuscation and discuss white box implementations.

keywords

Whitebox cryptography

Obfuscation

Confusion and diffusion

WB-AES

T tables

Creditcard implementation

content

Study Whitebox cryptography against of blackbox

and greybox model and attacks.

Code obfuscation

Implementation:

Use cases

Space cipher:AES based whitebox block cipher.

SPNbox: Dedicated whitebox block cipher

Confusion

Diffusion

Applications

cryptography

Cryptography:

cryptography has offered a means of communicating

sensitive (secret, confidential or private) information

while making it unintelligible to everyone except for the

message recipient

Model/Attacks in a secure enviroment:

Black box Model / attack

Greybox cryptography Model/attack

Techniques in a insecure enviroment:

Whitebox cryptography Model / attack

Black box cryptography Endpoints are secure.

In the black-box model, adversaries interact with the

device from the outside by using prescribed channels.

Greybox cryptography The Grey box scenario

assumes that the partialphysical access to the Key orthat it is “leaking” so called sidechannel information.

Attacker is assume to have:

Partial physical access to thecryptographic key as a result ofthe

cipher leaking side-channel

Information.

Electromagnetic radiation analysis

Current/power consumption analysis

Operation timing analysis

Whitebox cryptography White box cryptography

techniques aim at protectingsoftware implementations of cryptographic algorithmsagainst key recovery.

Attacker is assume to have:

Attacker have full control of implementation:

-Read memory/register

-Memory inspection

-CPU call interceptions

-Debugging

-Code tempering

-Cache hacks

-Inserting breakpoints

-Force a system crash

-Modification of internal variables

-Dynamic analysis of implementation

Need of whitebox cryptography Standard cryptographic models suppose that

endpoints, PC

and hardware protection tokens are to be trusted.

Cryptography is increasingly deployed in applications

that are executed on open devices (such as PCs,

tablets or smartphones). The open nature of these

systems makes the software extremely vulnerable to

attacks, since the attacker has complete control over

the execution platform and the software

implementation itself.

Whitebox cryptography technical views(Hiding keys in software )

White-box cryptography is a fairly recent research domain; it was introduced by Chow, Eisen, Johnson and van Oorschot in 2002.

Protection against key extraction in the strongest possible thread model.

Secure key, not data

Challenge:The challenge that white-box cryptography aims to address is to implement a cryptographic algorithm insoftware in such a way that cryptographic assets remain secure even when subject to white-box attacks.

Inspired by code obfuscation.

Code obfuscation

Obfuscation is a technique

that aims to protect software from reverse

engineering by artificially making it look very

complex.

Obfuscation defence the whitebox attacks.

Support randamization.

process

Generate for every key a fixedimplementation, that will contain hard-coded key.

Hide hardcoded key so,that encrypt and decryptoperations maintain sensitive data without revealing any portions of the key.

Their white-box techniques transform a cipher into a series of key-dependent lookup tables

The secret key is hard-coded into the lookup tables and protected by randomization techniques that are applied

Result:

Make the key extraction difficultor even impracticable

implementation Digital Rights Management Systems

scenerio 1The end-user is then able to purchase some type of premium content (e.g., new GoTseason)

The content arrives at the user’s device encrypted, and is decrypted by the software as it is viewed

A malicious end-user may attempt to extractcryptographic keys from the software andthen use them to redistribute content outsidethe DRM system

Cont…

DRM

Scenerio 2

One example of a successful memorybased key

extracting attack has enabled the BackupHDDVD tool to

copy the content of a protected DVD and remove the

DRM from Windows protected media content.

Cont..

Client-side web application.

Scenerio 31-Web application forms some client-side queries to

the backend

2-A malicious user may attempt to form malicious

queries and exploit some backend vulnerabilities.

Advance Encryption standard

AES: originA specification for the encryption of electronic data

established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Based on modern form of block cipher

Key sizes 128, 192 or 256 bits • Block size 128 bits • Structure Substitution-permutation network • Rounds 10, 12 or 14 (depending on key size)

Cont…. AES

Modern Block cipher:

S-P NetworkClaude Shannon introduced the idea of substitution-permutation S-P networks .

is a series of linked mathematical operations used in block cipher algorithms such as AES.

Introduced the ideas of confusion & diffusion

– Confusion seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible

– Diffusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible

Cont… AES

S-P Network consists of:

substitution (S-box) (improves confusion)

permutation (P-box) (improves diffusion)

Cont… AES

AES structure

Key whitening attack on AES

AES deploys a key whitening operation as a final step in its operation. this is an addition with the finalround key to protect the final round of the cipher from being annihilated. The penultimate operation consists of a table lookup operation.

design of the cipher is public

The lookup table definition is known

So it is an open channel for whitebox attacker.

with a simple hex editor, these lookuptables can be located in the binary, and changed into zeros. and hence the execution of the implementation will output the final round key,from which the original AES key can easily be derived.

Key whitening attack

WB-AES

where F and G are random encodings, which are injected in

between A,B and B,C respectively.

The overall functionality (input A – output C) remains the same.

Steps to the whitebox AES

whitebox AES: TBOX

WB-AES- Ty tables

WB-AES:TyTables and XorTables

Whitebox

applicationImplementation of White-Box Cryptography in Credit Card Processing Combined with Code Obfuscation:

Credit card details encryption using Marjanne Plasmans algorithms plus code obfuscation.

Encryption using AES,RSA and SHA with different combination of key size

STEP-1: Credit card details (Names, CVV No, Date of

birth,

Amount) are submitted from user and consider it as

Plaintext

for following algorithm.

STEP-2: Plaintext P is encrypted using AES and key

KCEK

STEP-3: KCEK is encrypted using RSA which is asymmetrickey algorithm and used public key and get the cipher text 1(C1).STEP-4: Calculating the hash of C1 using SHA and generateMAC value of KEK.STEP-5: Again encrypting the Hash, KEK using tworandomly generated and concatenated key KMAC and KREKusing AES algorithm.STEP-6: Concatenate C1 and C2 and get new value of cipherC0.

Content Encryption Key KCEK. KCEK is a randomly generated.The client sends C0 to the recipient device, after receiving C0; the receiver splits it into C1 and C2 and decrypts the cipher text using private key.

summary A white-box technology consists of a program-generating

compiler that, for some specific cryptographic algorithm, takes as

input a secret key and produces a white-box secure program that

implements the cryptographic algorithm with the specified secret

key. Anyone in control of the generated program can execute it

on any input and get the expected output, but is unable to learn

anything more than such input-output pairs. The white-box

program remains unintelligible and securely hides the secret key,

just as trusted hardware would.

FAQs1- In white box cryptography ,what are the public key and secret key primitives?

Make public-key encryption fr0m secret-key primitives.

it’s easy to construct a publickey encryption scheme from a whiteboximplementation of a secret key encryption algorithm.

Example:

Anyone possessing the whitebox implementation can encrypt a message, whereas only someone with the secret key can decrypt the message.

2- Whitebox evaluation parameters?

-computation time - Memory usage

Reference

https://www.slideshare.net/Iqrakhalil2/white-box-

crytography-in-an-insecure-enviroment