White box crytography in an insecure enviroment
-
Upload
iqra-khalil -
Category
Technology
-
view
218 -
download
0
Transcript of White box crytography in an insecure enviroment
Iqra khalil
Mode/Type: Academic
Work inspired by:Chow & Brecht Wyseur
White box cryptography
(in an insecure environment)
Motivation How WBC enables us to implement cryptographic
algorithms bundled with a key, with guarantees that
adversaries can’t extract this key.
Why White box cryptography inspired by code
obfuscation and discuss white box implementations.
keywords
Whitebox cryptography
Obfuscation
Confusion and diffusion
WB-AES
T tables
Creditcard implementation
content
Study Whitebox cryptography against of blackbox
and greybox model and attacks.
Code obfuscation
Implementation:
Use cases
Space cipher:AES based whitebox block cipher.
SPNbox: Dedicated whitebox block cipher
Confusion
Diffusion
Applications
cryptography
Cryptography:
cryptography has offered a means of communicating
sensitive (secret, confidential or private) information
while making it unintelligible to everyone except for the
message recipient
Model/Attacks in a secure enviroment:
Black box Model / attack
Greybox cryptography Model/attack
Techniques in a insecure enviroment:
Whitebox cryptography Model / attack
Black box cryptography Endpoints are secure.
In the black-box model, adversaries interact with the
device from the outside by using prescribed channels.
Greybox cryptography The Grey box scenario
assumes that the partialphysical access to the Key orthat it is “leaking” so called sidechannel information.
Attacker is assume to have:
Partial physical access to thecryptographic key as a result ofthe
cipher leaking side-channel
Information.
Electromagnetic radiation analysis
Current/power consumption analysis
Operation timing analysis
Whitebox cryptography White box cryptography
techniques aim at protectingsoftware implementations of cryptographic algorithmsagainst key recovery.
Attacker is assume to have:
Attacker have full control of implementation:
-Read memory/register
-Memory inspection
-CPU call interceptions
-Debugging
-Code tempering
-Cache hacks
-Inserting breakpoints
-Force a system crash
-Modification of internal variables
-Dynamic analysis of implementation
Need of whitebox cryptography Standard cryptographic models suppose that
endpoints, PC
and hardware protection tokens are to be trusted.
Cryptography is increasingly deployed in applications
that are executed on open devices (such as PCs,
tablets or smartphones). The open nature of these
systems makes the software extremely vulnerable to
attacks, since the attacker has complete control over
the execution platform and the software
implementation itself.
Whitebox cryptography technical views(Hiding keys in software )
White-box cryptography is a fairly recent research domain; it was introduced by Chow, Eisen, Johnson and van Oorschot in 2002.
Protection against key extraction in the strongest possible thread model.
Secure key, not data
Challenge:The challenge that white-box cryptography aims to address is to implement a cryptographic algorithm insoftware in such a way that cryptographic assets remain secure even when subject to white-box attacks.
Inspired by code obfuscation.
Code obfuscation
Obfuscation is a technique
that aims to protect software from reverse
engineering by artificially making it look very
complex.
Obfuscation defence the whitebox attacks.
Support randamization.
process
Generate for every key a fixedimplementation, that will contain hard-coded key.
Hide hardcoded key so,that encrypt and decryptoperations maintain sensitive data without revealing any portions of the key.
Their white-box techniques transform a cipher into a series of key-dependent lookup tables
The secret key is hard-coded into the lookup tables and protected by randomization techniques that are applied
Result:
Make the key extraction difficultor even impracticable
implementation Digital Rights Management Systems
scenerio 1The end-user is then able to purchase some type of premium content (e.g., new GoTseason)
The content arrives at the user’s device encrypted, and is decrypted by the software as it is viewed
A malicious end-user may attempt to extractcryptographic keys from the software andthen use them to redistribute content outsidethe DRM system
Cont…
DRM
Scenerio 2
One example of a successful memorybased key
extracting attack has enabled the BackupHDDVD tool to
copy the content of a protected DVD and remove the
DRM from Windows protected media content.
Cont..
Client-side web application.
Scenerio 31-Web application forms some client-side queries to
the backend
2-A malicious user may attempt to form malicious
queries and exploit some backend vulnerabilities.
Advance Encryption standard
AES: originA specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
Based on modern form of block cipher
Key sizes 128, 192 or 256 bits • Block size 128 bits • Structure Substitution-permutation network • Rounds 10, 12 or 14 (depending on key size)
Cont…. AES
Modern Block cipher:
S-P NetworkClaude Shannon introduced the idea of substitution-permutation S-P networks .
is a series of linked mathematical operations used in block cipher algorithms such as AES.
Introduced the ideas of confusion & diffusion
– Confusion seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible
– Diffusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible
Cont… AES
S-P Network consists of:
substitution (S-box) (improves confusion)
permutation (P-box) (improves diffusion)
Cont… AES
AES structure
Key whitening attack on AES
AES deploys a key whitening operation as a final step in its operation. this is an addition with the finalround key to protect the final round of the cipher from being annihilated. The penultimate operation consists of a table lookup operation.
design of the cipher is public
The lookup table definition is known
So it is an open channel for whitebox attacker.
with a simple hex editor, these lookuptables can be located in the binary, and changed into zeros. and hence the execution of the implementation will output the final round key,from which the original AES key can easily be derived.
Key whitening attack
WB-AES
where F and G are random encodings, which are injected in
between A,B and B,C respectively.
The overall functionality (input A – output C) remains the same.
Steps to the whitebox AES
whitebox AES: TBOX
WB-AES- Ty tables
WB-AES:TyTables and XorTables
Whitebox
applicationImplementation of White-Box Cryptography in Credit Card Processing Combined with Code Obfuscation:
Credit card details encryption using Marjanne Plasmans algorithms plus code obfuscation.
Encryption using AES,RSA and SHA with different combination of key size
STEP-1: Credit card details (Names, CVV No, Date of
birth,
Amount) are submitted from user and consider it as
Plaintext
for following algorithm.
STEP-2: Plaintext P is encrypted using AES and key
KCEK
STEP-3: KCEK is encrypted using RSA which is asymmetrickey algorithm and used public key and get the cipher text 1(C1).STEP-4: Calculating the hash of C1 using SHA and generateMAC value of KEK.STEP-5: Again encrypting the Hash, KEK using tworandomly generated and concatenated key KMAC and KREKusing AES algorithm.STEP-6: Concatenate C1 and C2 and get new value of cipherC0.
Content Encryption Key KCEK. KCEK is a randomly generated.The client sends C0 to the recipient device, after receiving C0; the receiver splits it into C1 and C2 and decrypts the cipher text using private key.
summary A white-box technology consists of a program-generating
compiler that, for some specific cryptographic algorithm, takes as
input a secret key and produces a white-box secure program that
implements the cryptographic algorithm with the specified secret
key. Anyone in control of the generated program can execute it
on any input and get the expected output, but is unable to learn
anything more than such input-output pairs. The white-box
program remains unintelligible and securely hides the secret key,
just as trusted hardware would.
FAQs1- In white box cryptography ,what are the public key and secret key primitives?
Make public-key encryption fr0m secret-key primitives.
it’s easy to construct a publickey encryption scheme from a whiteboximplementation of a secret key encryption algorithm.
Example:
Anyone possessing the whitebox implementation can encrypt a message, whereas only someone with the secret key can decrypt the message.
2- Whitebox evaluation parameters?
-computation time - Memory usage
Reference
https://www.slideshare.net/Iqrakhalil2/white-box-
crytography-in-an-insecure-enviroment