Secure Obfuscation Research Articles

Obfuscating EVES Algorithm and Its Application in Fair Electronic Transactions in Public Clouds

In EUROCRYPT’10, Hada proposed a secure obfuscator of encrypted signature scheme which can be executed on an untrusted server to solve the security problem of untrusted proxy signature. In Hada's scheme, the server can generate a valid signature for the user without obtaining user's secret key; however, the scheme cannot resist the collusion attack. In this paper, we extend the study of encrypted signature schemes and propose an obfuscator for encrypted verifiable encrypted signature (EVES), and model the application in electronic transactions. The proposed scheme cannot only prevent the semihonest server from obtaining user's sensitive information, but also resist to the collusion activities between verifier/receiver and untrusted cloud. We show that the obfuscation scheme achieves the requirement of virtual black-box security under standard cryptographic assumptions. The experiments show that the time of constructing the EVES obfuscator is 63 ms, the signing time of the obfuscated algorithm is 78 ms, and the verifying time of obfuscated signature is 63 ms, which is more efficient and practical than related schemes, and the scheme can be deployed in scenarios requiring electronic transactions in outsourced clouds.

Robust Design-for-Security Architecture for Enabling Trust in IC Manufacturing and Test

Due to the prohibitive costs of semiconductor manufacturing, most system-on-chip design companies outsource their production to offshore foundries. As most of these devices are manufactured in environments of limited trust that often lack appropriate oversight, a number of different threats have emerged. These include unauthorized overproduction of the integrated circuits (ICs), sale of out-of-specification/rejected ICs discarded by manufacturing tests, piracy of intellectual property, and reverse engineering of the designs. Over the years, researchers have proposed different metering and obfuscation techniques to enable trust in outsourced IC manufacturing, where the design is obfuscated by modifying the underlying functionality and only activated by using a secure obfuscation key. However, Boolean satisfiability-based algorithms have been shown to efficiently break key-based obfuscation methods, and thus circumvent the primary objectives of metering and obfuscation. In this paper, we present a novel secure cell design for implementing the design-for-security infrastructure to prevent leaking the key to an adversary under any circumstances. Importantly, our design does not limit the testability of the chip during the normal manufacturing flow in any way, including postsilicon validation and debug. Our proposed design is resistant to various known attacks at the cost of a very little (< 1%) area overhead.

Secure and privacy-oriented obfuscation scheme for smart metering in smart grid via dynamic aggregation and lightweight perturbation

Smart metering in smart grid system has raised several condemnations based on its security and privacy invasiveness. The major techniques adopted to mitigate the security and privacy invasions of smart metering are aggregation and perturbation. However, aggregating smart meters' measurements is not enough to secure or preserve the privacy of consumers in either spatial or temporal metering. More so, the existence of perfect perturbation technique which can efficiently reconstruct data during the reconstruction phase has been a major challenge in existing perturbation schemes. In this paper, a scheme that combines aggregation and perturbation to secure smart meters' measurements and preserve consumer privacy is proposed. The scheme dynamically changes the topology and direction of aggregation in neighbourhood area network during spatial and temporal aggregation. It efficiently combines perturbation and aggregation techniques. A novel perturbs generation method was proposed for the perturbation scheme with dynamic constraint-based topology generation method. The simulation results showed that the scheme not only prevented gleaning of the metering but made it difficult for the adversary to perform pre-target attack on any of the smart meters in the network.

Secure Data Obfuscation Scheme to Enable Privacy-Preserving State Estimation in Smart Grid AMI Networks

While the newly envisioned smart(er) grid (SG) will result in a more efficient and reliable power grid, its collection and use of fine-grained meter data has widely raised concerns on consumer privacy. While a number of approaches are available for preserving consumer privacy, these approaches are mostly not very practical to be used due to two reasons. 1) Since the data is hidden, this reduces the ability of the utility company to use the data for distribution state estimation. 2) The approaches were not tested under realistic wireless infrastructures that are currently in use. In this paper, we propose to implement a meter data obfuscation approach to preserve consumer privacy that has the ability to perform distribution state estimation. We then assess its performance on a large-scale advanced metering infrastructure (AMI) network built upon the new IEEE 802.11s wireless mesh standard. For the data obfuscation approach, we propose two secure obfuscation value distribution mechanisms on this 802.11s-based wireless mesh network (WMN). Using obfuscation values provided via this approach, the meter readings are obfuscated to protect consumer privacy from eavesdroppers and the utility companies while preserving the utility companies’ ability to use the data for state estimation. We assessed the impact of this approach on data goodput, delay, and packet delivery ratio (PDR) under a variety of conditions. Simulation results have shown that the proposed approach can provide very similar performance to that of nonprivacy approach with negligible overheads on the meters and network.

Discussion on the theoretical results of white-box cryptography

White-box cryptography (WBC) aims to resist attacks from attackers who can control all the implementation details of cryptographic schemes. In 2009, Saxena et al. proposed a fundamental of white-box cryptography via the notion ``white-box property (WBP). Under this model, they proved that there do not exist obfuscators that can satisfy every security notion for a program (the negative result). On the other hand, they proved that there exists an obfuscator satisfying WBP for some security notion (the positive result). These contributions provide us a general cognition of WBC, which is big progress for the theoretical research. To better understand them, we make discussion on each result and achieve some new results. For the negative result, we prove that insufficiently secure obfuscator is the real cause of the negative result. We point out that the security of a white-box scheme cannot be guaranteed if it is instantiated by a less secure obfuscator, since the obfuscator used in their proof does not satisfy the ``Virtual Black-box Property with auxiliary input. From our proof, we also conclude that the notion WBP is equal to ``Virtual Black-box Property with auxiliary input. For the positive result, we prove that security notion under black-box model should not be used in white-box context without any modification; although the positive result is meaningful, it is unlikely to prove that an obfuscator satisfies WBP for IND-CPA, since the security notion ``IND-CPA is under black-box model, which has different adversary with WBP.

Cdoe Obofsucaitn: Securing Software from Within

How do we protect software from reverse engineering? For decades, this problem was addressed by attempting to write (or transform programs into) intricate, circumvoluted, and complicated code. However, there's little proof that obfuscation protects software from being deobfuscated. Computer scientists and engineers are now working on bringing obfuscation from a wobbly art to a sound, sturdy, and provable methodology. Following a major cryptography breakthrough in 2013, secure obfuscation and other schemes that were once considered science fiction might just become reality.

Protecting Software through Obfuscation

Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today’s software obfuscations keep up with state-of-the-art code analysis and where we stand in the arms race between software developers and code analysts. The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving deobfuscation techniques and off-the-shelf code analysis tools. The answer very much depends on the goals of the analyst and the available resources. On the one hand, many forms of lightweight static analysis have difficulties with even basic obfuscation schemes, which explains the unbroken popularity of obfuscation among malware writers. On the other hand, more expensive analysis techniques, in particular when used interactively by a human analyst, can easily defeat many obfuscations. As a result, software obfuscation for the purpose of intellectual property protection remains highly challenging.

Strongly average‐case secure obfuscation: achieving input privacy and circuit obscurity

AbstractA program obfuscator is a compiling algorithm that takes a program/circuit as input and generates a new garbled circuit to implement the same functionality as before while obtaining hard‐to‐understand in some sense, that is, infeasible to learn information from the garbled circuit. In order to obtain a practical application, an obfuscation should satisfy equivalent in functionality, polynomial slowdown in efficiency, and virtual black‐box in security. In this paper, we model a stronger cryptographic obfuscation that does not only achieves the obfuscated circuit obscurity but also supports input re‐key privacy. In order to implement the re‐encryption obfuscation, we at first propose a key‐privacy two‐level encryption mechanism that implicitly supports the transformation from level‐2 ciphertext into level‐1 one, which provides an efficient method to re‐encrypt the ciphertext without explicitly decryption procedure. Under the mechanism of two‐level encryption and function of re‐encryption, we construct an obfuscation of re‐encryption that takes as input a probabilistic (keys) circuit and outputs a transformed circuit. We also give the proof that the obfuscator achieves the average‐case security for the circuit family under the extended DBDH assumption and Decisional Linear assumption in the standard model. Copyright © 2016 John Wiley &amp; Sons, Ltd.

Secure Obfuscation for Encrypted Group Signatures.

In recent years, group signature techniques are widely used in constructing privacy-preserving security schemes for various information systems. However, conventional techniques keep the schemes secure only in normal black-box attack contexts. In other words, these schemes suppose that (the implementation of) the group signature generation algorithm is running in a platform that is perfectly protected from various intrusions and attacks. As a complementary to existing studies, how to generate group signatures securely in a more austere security context, such as a white-box attack context, is studied in this paper. We use obfuscation as an approach to acquire a higher level of security. Concretely, we introduce a special group signature functionality-an encrypted group signature, and then provide an obfuscator for the proposed functionality. A series of new security notions for both the functionality and its obfuscator has been introduced. The most important one is the average-case secure virtual black-box property w.r.t. dependent oracles and restricted dependent oracles which captures the requirement of protecting the output of the proposed obfuscator against collision attacks from group members. The security notions fit for many other specialized obfuscators, such as obfuscators for identity-based signatures, threshold signatures and key-insulated signatures. Finally, the correctness and security of the proposed obfuscator have been proven. Thereby, the obfuscated encrypted group signature functionality can be applied to variants of privacy-preserving security schemes and enhance the security level of these schemes.

Lattice‐based obfuscation for re‐encryption functions

AbstractProgram obfuscation is a compiler that transfers a program into an unintelligible form while preserving the original functionality. Secure obfuscation for several particular function families has been raised out despite the general impossibility result presented by Barak et al. Re‐encryption function is a useful primitive, which transforms ciphertexts for one party into ciphertexts under another party's public key. Hohenberger et al. constructed a special re‐encryption function and securely obfuscated it in TCC'07, and the security is based on classical hardness assumption. In this paper, we construct a new re‐encryption function and securely obfuscate it based on the standard learning with error (LWE) assumption. LWE is proved to be reducible to standard lattice problems, which are conjectured immune to quantum cryptanalysis or ‘post‐quantum’. Besides, we discuss about the relations between these two cryptographic primitives in detail: proxy re‐encryption and obfuscation for re‐encryption functions. Copyright © 2014 John Wiley &amp; Sons, Ltd.

Obfuscation for multi‐use re‐encryption and its application in cloud computing

SummaryWith the rapid development of cloud computing, more and more data are being centralized into cloud server for sharing. It is a challenge problem on how to keep them both private and accessible. Re‐encryption function is a useful tool to fulfill secure cloud computing. Cloud data owners store their encrypted data on the cloud server. When other cloud users want to share the cloud data, cloud server can re‐encrypt the encrypted data for them. So data on the cloud server can be both accessible and private. Secure obfuscation for re‐encryption function can hide all the private information in the re‐encryption function, so the obfuscated program can be directly outsourced to cloud server without leaking anything about the computation task. In this paper, we study on secure obfuscation for three kinds of new re‐encryption functions: multi‐use re‐encryption, conditional re‐encryption with keyword search, and broadcast re‐encryption. We utilize the obfuscated results as tools to fulfill secure cloud computing. Cloud‐computing schemes based on obfuscation have better security compared with other tools. Copyright © 2014 John Wiley &amp; Sons, Ltd.