White box cryptography
yalegko
1,921 views
20 slides
Mar 14, 2016
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
Some overview of "box" paradigms, such as black, gray and white boxes. Notes about white-box cryptography and its use cases. Simpliest white-box AES implementation sketch.
Slide Content
Broslavsky Oleg
SiBears
SiBears
Attacker is assumed to have:
Zero visibility on code during
execution
External information, such as plaintext
or ciphertext
Considered secure as long as the
cipher has no cryptographic
weaknesses
Zero visibility on code during
execution
External information, such as plaintext
or ciphertext
Considered secure as long as the
cipher has no cryptographic
weaknesses
Attacker is assumed to have:
Partial physical access to the
cryptographic key as a result of the
cipher leaking side-channel
information
Electromagnetic radiation analysis
Current/power consumption analysis
Operation timing analysis
Partial physical access to the
cryptographic key as a result of the
cipher leaking side-channel
information
Electromagnetic radiation analysis
Current/power consumption analysis
Operation timing analysis
Attacker is assumed to have:
Full visibility — inputs, outputs,
memory (using debuggers), and
intermediate calculations
Access to the algorithms while
watching how they are carried out
Traditional cryptography is not secure
when running in a white-box model
Full visibility — inputs, outputs,
memory (using debuggers), and
intermediate calculations
Access to the algorithms while
watching how they are carried out
Traditional cryptography is not secure
when running in a white-box model
Digital Rights Management Systems
The end-user is then able to purchase some
type of premium content (e.g., new GoT
season)
The content arrives at the user’s device
encrypted, and is decrypted by the software
as it is viewed
A malicious end-user may attempt to extract
cryptographic keys from the software and
then use them to redistribute content outside
the DRM system
The end-user is then able to purchase some
type of premium content (e.g., new GoT
season)
The content arrives at the user’s device
encrypted, and is decrypted by the software
as it is viewed
A malicious end-user may attempt to extract
cryptographic keys from the software and
then use them to redistribute content outside
the DRM system
Client-side web application.
Web application forms some client-side
queries to the backend
A malicious user may attempt to form
malicious queries and exploit some backend
vulnerabilities
Common case W/ white-box crypto in JS
Web application forms some client-side
queries to the backend
A malicious user may attempt to form
malicious queries and exploit some backend
vulnerabilities
Common case W/ white-box crypto in JS
Generate for every key a fixed
implementation, that will contain
hard-coded key
Hide hardcoded key so,
that encrypt and decrypt
operations maintain sensitive
data without revealing any
portions of the key
Make the key extraction difficult
or even impracticable
implementation, that will contain
hard-coded key
Hide hardcoded key so,
that encrypt and decrypt
operations maintain sensitive
data without revealing any
portions of the key
Make the key extraction difficult
or even impracticable
The Advanced Encryption Standard (AES) is a specification for the encryptionof
electronic data established by the U.S. National Institute of Standards and
Technology (NIST)
electronic data established by the U.S. National Institute of Standards and
Technology (NIST)
Each byte in
the state matrix is replaced
with a SubByte using an 8-
bit substitution box
This operation provides the
non-linearity in the cipher.
The S-box used is derived
from the multiplicative
inverse over GF(2
8
)
Known to have good non-
linearity properties
the state matrix is replaced
with a SubByte using an 8-
bit substitution box
This operation provides the
non-linearity in the cipher.
The S-box used is derived
from the multiplicative
inverse over GF(2
8
)
Known to have good non-
linearity properties
Cyclically shifts the bytes in each row by a
certain offset
The importance of this step is to avoid the
columns being linearly independent
certain offset
The importance of this step is to avoid the
columns being linearly independent
Together with ShiftRows,
MixColumns provides diffusion in
the cipher
Each column is treated as a
polynomial over GF(2
8
) and is
then multiplied modulo x
4
+1 with
a fixed polynomial
c(x) = 3x
3
+ x
2
+ x + 2
MixColumns provides diffusion in
the cipher
Each column is treated as a
polynomial over GF(2
8
) and is
then multiplied modulo x
4
+1 with
a fixed polynomial
c(x) = 3x
3
+ x
2
+ x + 2
For each round, a round
key is derived from the
main key using Rijndael's
key schedule
The subkey is added by
combining each byte of the
state with the
corresponding byte of the
subkey using bitwise XOR
key is derived from the
main key using Rijndael's
key schedule
The subkey is added by
combining each byte of the
state with the
corresponding byte of the
subkey using bitwise XOR
Move 0 round
key into the loop
Swap SubBytes and
ShiftRows operations
(order of bytes affects
only the order of
substitutions not the
result at all)
key into the loop
Swap SubBytes and
ShiftRows operations
(order of bytes affects
only the order of
substitutions not the
result at all)
Combine
AddShiftedRoudKey and
SubBytes into Nr
substitution tables (one
for each round).
Name such tables T-
tables and will calculate
them as following:
AddShiftedRoudKey and
SubBytes into Nr
substitution tables (one
for each round).
Name such tables T-
tables and will calculate
them as following:
Since the MixColumns is
a linear transformation,
it can also be
implemented using
couple of tables
a linear transformation,
it can also be
implemented using
couple of tables
MixColumns step can be decomposed into an exclusive-or of
four 32-bit values
4 x TyTables each with 256
entries (one for every
possible byte value)
XOR operation also could
easily be implemented
using substitution tables
four 32-bit values
4 x TyTables each with 256
entries (one for every
possible byte value)
XOR operation also could
easily be implemented
using substitution tables
More information can be found in §4
of A Tutorial on White-box AES by
James Muir
For more security Chow
suggest to apply to the
state in every round
invertible mixing
bijections and external
encodings
of A Tutorial on White-box AES by
James Muir
For more security Chow
suggest to apply to the
state in every round
invertible mixing
bijections and external
encodings
Comics styled AES
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Website with aggregated information about white-box
cryptography
http://www.whiteboxcrypto.com/
A Tutorial on White-box AES by James Muir
https://ccsl.carleton.ca/~jamuir/papers/wb-aes-tutorial.pdf
Some example implementations of White-box AES and attacks
on it
https://github.com/openwhitebox
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Website with aggregated information about white-box
cryptography
http://www.whiteboxcrypto.com/
A Tutorial on White-box AES by James Muir
https://ccsl.carleton.ca/~jamuir/papers/wb-aes-tutorial.pdf
Some example implementations of White-box AES and attacks
on it
https://github.com/openwhitebox
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,921
- Slides 20
- Favorites 5
- Age 3548 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views