Abstract
Whitebox cryptography aims to ensure the security of cryptographic algorithms in the whitebox model where the adversary has full access to the execution environment. To attain security in this setting is a challenging problem: Indeed, all published whitebox implementations of standard symmetric-key algorithms such as AES to date have been practically broken. However, as far as we know, no whitebox implementation in real-world products has suffered from a key recovery attack. This is due to the fact that commercial products deploy additional software protection mechanisms on top of the whitebox implementation. This makes practical attacks much less feasible in real-world applications. There are numerous software protection mechanisms which protect against standard whitebox attacks. One such technique is control flow obfuscation which randomizes the order of table lookups for each execution of the whitebox encryption module. Another technique is randomizing the locations of the various Look up tables (LUTs) in the memory address space. In this paper we investigate the effectiveness of these countermeasures against two attack paradigms. The first known as Differential Computational Analysis (DCA) attack was developed by Bos, Hubain, Michiels and Teuwen in CHES 2016. The attack passively collects software execution traces for several plaintext encryptions and uses the collected data to perform an analysis similar to the well known differential power attacks (DPA) to recover the secret key. Since the software execution traces contain time demarcated physical addresses of memory locations being read/written into, they essentially leak the values of the inputs to the various LUTs accessed during the whitebox encryption operation, which as it turns out leaks sufficient information to perform the power attack. We found that if in addition to control flow obfuscation, one were to randomize the locations of the LUTs in the memory, then it is very difficult to perform the DCA on the resultant system using such table inputs and extract the secret key in reasonable time. As an alternative, we investigate the version of the DCA attack which uses the outputs of the tables instead of the inputs to mount the power analysis attack. This modified DCA is able to extract the secret key from the flow obfuscated and location randomized versions of several whitebox binaries available in crypto literature. We develop another attack called the Zero Difference Enumeration (ZDE) attack. The attack records software traces for several pairs of strategically selected plaintexts and performs a simple statistical test on the effective difference of the traces to extract the secret key. We show that ZDE is able to recover the keys of whitebox systems. Finally we propose a new countermeasure for protecting whitebox binaries based on insertion of random delays which aims to make both the ZDE and DCA attackspractically difficult by adding random noise in the information leaked to the attacker.
Highlights
Whitebox cryptography was introduced by Chow et al in 2002 [CEJvO02a] as a technique to protect software implementations of cryptographic algorithms in untrusted environments
We propose a new countermeasure for protecting whitebox binaries based on insertion of random dummy operations, which aims to make Differential Computational Analysis (DCA) attacks practically difficult by adding random noise in the information leaked to the attacker
Along with the paper introducing the concept of DCA [BHMT16], a toolset for practical analysis of binaries was provided by Bos et al The toolset can be used to record execution traces of target binaries, and apply differential power attacks (DPA) attacks to trace files of AES and DES encryptions
Summary
Whitebox cryptography was introduced by Chow et al in 2002 [CEJvO02a] as a technique to protect software implementations of cryptographic algorithms in untrusted environments. All published whitebox solutions for AES to date have been practically broken [BGE04, WMGP07, MWP10, MRP12, LRM+13, Mul14], due to increasing demand, a large number of companies still sell and deploy whitebox AES products and solutions The reason for this is that the security model of whitebox cryptography is too strong in many real-world applications. The control flow randomization and the tamper resistance prevent the adversary from performing attacks which may require finding a correct byte position and overwriting it To bypass these protections, considerable reverse engineering efforts by means of analysis tools with high skills and experience are required on the adversary’s side [Wys12]. A number of other practical key recovery attacks against whitebox AES implementations have been proposed [BGE04, MWP10, MRP12, LRM+13, Mul14] in which, by decomposing the obfuscated table, the secret key is derived with practical time complexity. It is still questionable if previous attacks work for the real-world products where additional countermeasures are deployed and the adversary has limited control of the environment
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
