White-Box Cryptography: Don’t Forget About Grey-Box Attacks

Bock, Estuardo Alpírez; Bos, Joppe W.; Brzuska, Chris; Hubain, Charles; Michiels, Wil; Mune, Cristofaro; Gonzalez, Eloi Sanfelix; Teuwen, Philippe; Treff, Alexander

doi:10.1007/s00145-019-09315-1

Cited by 14 publications

(5 citation statements)

References 54 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alternatively, the security of our current method could be analyzed using several approaches in the white-box model. In particular, we did not consider the known techniques based on side-channel analysis, such as differential fault analysis [7] and differential computation analysis [12]. Our Python project could be used to test and compare the efficiency of several attacks on white-box implementations using self-equivalence encodings.…”

Section: Discussionmentioning

confidence: 99%

“…The publication of these papers sparked more interest in the topic of whitebox cryptography, with many new constructions based on DES [31] and AES [40,28,41,29,2] appearing over the years. Unfortunately, all of these implementations have been broken, using both algebraic attacks [39,26,34,22,30,24] and attacks based on side-channel analysis [16,13,12]. All of these designs improved upon or were inspired by the CEJO framework.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A White-Box Speck Implementation Using Self-equivalence Encodings

Vandersmissen¹,

Ranea²,

Preneel³

2022

Applied Cryptography and Network Security

View full text Add to dashboard Cite

In 2002, Chow et al. initiated the formal study of white-box cryptography and introduced the CEJO framework. Since then, various white-box designs based on their framework have been proposed, all of them broken. Ranea and Preneel proposed a different method in 2020, called self-equivalence encodings and analyzed its security for AES. In this paper, we apply this method to generate the first academic whitebox speck implementations using self-equivalence encodings. Although we focus on speck in this work, our design could easily be adapted to protect other add-rotate-xor (ARX) ciphers. Then, we analyze the security of our implementation against key-recovery attacks. We propose an algebraic attack to fully recover the master key and external encodings from a white-box speck implementation, with limited effort required. While this result shows that the linear and affine self-equivalences of speck are insecure, we hope that this negative result will spur additional research in higher-degree self-equivalence encodings for white-box cryptography. Finally, we created an open-source Python project implementing our design, publicly available at https://github.com/jvdsn/ white-box-speck. We give an overview of five strategies to generate output code, which can be used to improve the performance of the whitebox implementation. We compare these strategies and determine how to generate the most performant white-box speck code. Furthermore, this project could be employed to test and compare the efficiency of attacks on white-box implementations using self-equivalence encodings.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A White-Box Speck Implementation Using Self-equivalence Encodings

Vandersmissen¹,

Ranea²,

Preneel³

2022

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…Such a depiction and understanding of a white box is borrowed from computer science and software model testing as a space where there is sufficient conceptual knowledge (Khan & Khan, 2012). The white box model has also been used by scientists in biology (Leifsson, 2008) and cryptography (Bock, 2019). In behavioral science, the white box was employed to depict the observer's depth of knowledge regarding the internal functioning of a system (Glanville, 1982).…”

Section: The White Boxmentioning

confidence: 99%

A perspective on embracing emerging technologies research for organizational behavior

Philip

2021

OMJ

View full text Add to dashboard Cite

Purpose Emerging technologies are capable of enhancing organizational- and individual-level outcomes. The organizational behavior (OB) field is beginning to pursue opportunities for researching emerging technologies. This study aims to describe a framework consisting of white, black and grey boxes to demonstrate the tight coupling of phenomena and paradigms in the field and discusses deconstructing OB’s white box to encourage data-driven phenomena to coexist in the spatial framework. Design/methodology/approach A scoping literature review was conducted to offer a preliminary assessment of technology-oriented research currently occurring in OB. Findings The literature search revealed two findings. First, the number of published papers on emerging technologies in top management journals has been increasing at a steady pace. Second, various theoretical perspectives at the micro- and macro- organizational level have been used so far for conducting technology-oriented research. Originality/value By conducting a scoping review of emerging technologies research in OB literature, this paper reveals a conceptual black box relating to technology-oriented research. The essay advocates for loosening OB’s tightly coupled white box to incorporate emerging technologies both as a phenomenon and as data analytical techniques.

show abstract

“…In particular, new approaches to verify the security of a white-box implementation have been proposed in [44] where Bos et al present differential fault analysis (DFA) and differential computational analysis (DCA) attacks (further information on fault-injection and differential power analysis attacks can be found in [45,46] respectively). In addition, in [47,48] the authors explained more formally why DCA is effective against linear and nibble encoding, Rivain and Wang [43] provide an extensive analysis on the effectiveness of DCA, finally Biryukov and Udovenko [49] give a general protection method for white-box implementations against DCA.…”

Section: The White-box Approachmentioning

confidence: 99%

Measuring Performances of a White-Box Approach in the IoT Context

et al. 2019

View full text Add to dashboard Cite

The internet of things (IoT) refers to all the smart objects that are connected to other objects, devices or servers and that are able to collect and share data, in order to "learn" and improve their functionalities. Smart objects suffer from lack of memory and computational power, since they are usually lightweight. Moreover, their security is weakened by the fact that smart objects can be placed in unprotected environments, where adversaries are able to play with the symmetric-key algorithm used and the device on which the cryptographic operations are executed. In this paper, we focus on a family of white-box symmetric ciphers substitution-permutation network (SPN)box, extending and improving our previous paper on the topic presented at WIDECOM2019. We highlight the importance of white-box cryptography in the IoT context, but also the need to have a fast black-box implementation (server-side) of the cipher. We show that, modifying an internal layer of SPNbox, we are able to increase the key length and to improve the performance of the implementation. We measure these improvements (a) on 32/64-bit architectures and (b) in the IoT context by encrypting/decrypting 10,000 payloads of lightweight messaging protocol Message Queuing Telemetry Transport (MQTT).

show abstract

White-Box Cryptography: Don’t Forget About Grey-Box Attacks

Cited by 14 publications

References 54 publications

A White-Box Speck Implementation Using Self-equivalence Encodings

A White-Box Speck Implementation Using Self-equivalence Encodings

A perspective on embracing emerging technologies research for organizational behavior

Measuring Performances of a White-Box Approach in the IoT Context

Contact Info

Product

Resources

About