Visible to the public White Box CryptographyConflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

White Box Cryptography


Open devices, such as PCs, tablets, and smartphones, are extremely vulnerable to attacks since the attacker has complete control over the execution platform and the software implementation itself in the form of a white-box attack. The goal of white-box cryptography is to create a successful cryptographic algorithm so that assets remain secure even while under white-box attacks. For the Science of Security community, the subject is relevant to composability, resilience, and metrics. The work cited here has been presented over a period of years.

W. Michiels, “Opportunities in White-Box Cryptography,” in IEEE Security & Privacy, vol. 8, no. 1, pp. 64-67, Jan.-Feb. 2010. doi:10.1109/MSP.2010.44 Abstract: White-box cryptography is the discipline of implementing a cryptographic algorithm in software such that an adversary will have difficulty extracting the cryptographic key. This approach assumes that the adversary has full access to and full control over the implementation’s execution. White-box implementations can provide good protection when combined with other security measures.
Keywords: cryptography; advanced encryption standard; cryptographic algorithm; data encryption standard; white-box cryptography; Cryptography; Protection; Security; Software algorithms; black-box cryptography; crypto corner; gray-box cryptography; security & privacy (ID#: 16-10845)


Jong-Yeon Park, Ji-Sun Choi, and Okyeon Yi, “Methods for Practical Whitebox Cryptography,” Information and Communication Technology Convergence (ICTC), 2010 International Conference on, Jeju, 2010, pp. 474-479. doi:10.1109/ICTC.2010.5674789
Abstract: White box cryptography is the new technique against attacks on white box attack environments. In white box attack model, the attacker is even stronger than in black box attack model, and the attacker can monitor all intermediate values. Therefore, safety algorithms are needed against all operation steps being exposure. Chow introduced secure white box cryptography with AES DES implementations against white box attack model. However, slower performance by operating too many look up tables is a problem of practical use of white box cryptography. Also key updating on dynamic situations of white box cryptography is much harder than key updating of black box cryptography. Thus, this paper suggests using a specific mode of operation to improve speed of white box implementations, and show concrete examples of enhancement of performance. Also, it suggests a technique of key updating with dynamic and static tables in practically.
Keywords: cryptography; AES DES implementations; black box attack model; dynamic key updates; look up tables; white box attack model; white box cryptography; Decoding; Encoding; Encryption; Generators; Servers; AES; DES; MEDUSA; PCBC mode (ID#: 16-10846)


Z. Cherif, F. Flament, J. L. Danger, S. Bhasin, S. Guilley, and H. Chabanne, “Evaluation of White-Box and Grey-Box Noekeon Implementations in FPGA,” Reconfigurable Computing and FPGAs (ReConFig), 2010 International Conference on, Quintana Roo, 2010, pp. 310-315. doi:10.1109/ReConFig.2010.36
Abstract: White-box implementations of cryptographic algorithms aim to denying the key readout even if the source code embedding the key is disclosed. They are based on sets of large tables perfectly known by the user but including unknown encoding functions. While former white-box implementations have been proposed in software, hardware white-box implementations are also possible. Their main drawback is the complexity of their architectures, which often requires large tables. In this paper we show that it is possible to implement white-box cryptography in an FPGA by taking advantages of LUTs. We also propose a grey-box approach, where intermediate random variables are unknown to the attacker. We show that such approach allows to reduce the complexity by using fewer tables. The resistance against side channel attacks has been evaluated for different implementations. Our results show the interest of the proposed methods for a better compromise complexity/security.
Keywords: cryptography; field programmable gate arrays; random number generation; source coding; FPGA; LUTs; cryptographic algorithm; encoding function; grey-box Noekeon implementation; intermediate random variable; source code; white-box Noekeon implementation; white-box cryptography; FPGA implementations; MIM; Mutual Information Metric; Noekeon; SCA; Side Channel Analysis; TRNG; grey-box cryptography; random number generator (ID#: 16-10847)


J. Bringer, H. Chabanne, and J. L. Danger, “Protecting the NOEKEON Cipher Against SCARE Attacks in FPGAs by Using Dynamic Implementations,” Reconfigurable Computing and FPGAs, 2009. ReConFig ’09. International Conference on, Quintana Roo, 2009, pp. 183-188. doi:10.1109/ReConFig.2009.19
Abstract: Protecting an implementation against side channel analysis for reverse engineering (SCARE) attacks is a great challenge and we address this challenge by presenting a first proof of concept. White-box cryptography has been developed to protect programs against an adversary who has full access to their software implementation. It has also been suggested as a countermeasure against side channel attacks and we examine here these techniques in the wider perspective of SCARE. We consider that the adversary has only access to the cryptographic device through its side channels and his goal is to recover the specifications of the algorithm. In this work, we focus on FPGA (field-programmable gate array) technologies and examine how to thwart SCARE attacks by implementing a block cipher following white-box techniques. The proposed principle is based on changing dynamically the implementations. It is illustrated by an example on the Noekeon cipher and feasibility in different FPGAs is studied.
Keywords: cryptography; field programmable gate arrays; FPGA; NOEKEON cipher; SCARE attacks; block cipher; dynamic implementations; field-programmable gate array; side channel analysis-for-reverse engineering attacks; software implementation; white-box cryptography; Cryptography; Field programmable gate arrays; GSM; Hardware; Protection; Resists; Reverse engineering; Software algorithms; Table lookup (ID#: 16-10848)


R. Luo, X. Lai, and R. You, “A New Attempt of White-Box AES Implementation,” Security, Pattern Analysis, and Cybernetics (SPAC), 2014 International Conference on, Wuhan, 2014, pp. 423-429. doi:10.1109/SPAC.2014.6982727
Abstract: In this paper, we propose an improved table-based white-box implementation of AES which is able to resist different types of attack, including the BGE attack and De Mulder et al.’s cryptanalysis, to protect information under “white-box attack context”. The notion of white-box attack context, introduced by Chow et al., describes a general setting in which cryptographic algorithms are executed in untrusted environments. In this setting, adversaries have attained complete access to the implementations of cryptographic algorithms as well as the dynamic execution environments. The key strategy applied to our design is to compose different operations of the AES round function and convert the composition into encoded lookup tables. The new scheme exploits larger key-dependent tables, each of which contains two bytes of the round keys. We then analyze the security against different types of attack and measure two security metrics: the “white-box diversity” and “ambiguity”. The new scheme can withstand the BGE attack due to the utilization of larger mixing bijections and tabulated “ShiftRows” it can also resist the cryptanalysis of De Mulder et al. since the bindings between “nTMC” and “TSR” are irreducible and the non-linear encodings are introduced to all tables.
Keywords: cryptography; table lookup; AES round function; BGE attack; De Mulder cryptanalysis; ShiftRows; TSR; cryptographic algorithms; dynamic execution environments; encoded lookup tables; key-dependent tables; nTMC; nonlinear encodings; table-based white-box implementation; white-box AES implementation; white-box ambiguity; white-box attack context; white-box diversity; Context; Encoding; Encryption; Resists; Vectors; AES; software privacy; white-box cryptography; white-box implementation (ID#: 16-10849)


S. Gueron, “White Box AES Using Intel’s New AES Instructions,” Information Technology: New Generations (ITNG), 2013 Tenth International Conference on, Las Vegas, NV, 2013, pp. 417-421. doi:10.1109/ITNG.2013.64
Abstract: White box cryptography deals with content protection scenarios where software decrypts some contents, using a secret key (embedded in the code in some obfuscated way), while the adversary has access to the code and its execution. Obviously, performance is slowed down by the obfuscation overheads. This paper demonstrates a method for using Intel’s New AES Instructions to write decryption code without directly using the cipher key or any of the round keys in a register (or in memory). Such implementation can enjoy some of the performance benefits that the AES instructions offer. We show an example where it is more than 2.5 times faster than a lookup table based alternative.
Keywords: cryptography; instruction sets; Intel New AES Instructions; cipher key; code access; content decryption; content protection; decryption code writing; lookup table; memory; obfuscation overhead; register; round keys; secret key; white box AES; white box cryptography; Ciphers; Encryption; Schedules; Software; Standards; AES;  (ID#: 16-10850)


J. Y. Park, J. N. Kim, J. D. Lim, and D. G. Han, “A Whitebox Cryptography Application for Mobile Device Security Against Whitebox Attacks — How to Apply WBC on Mobile Device,” IT Convergence and Security (ICITCS), 2014 International Conference on, Beijing, 2014, pp. 1-5. doi:10.1109/ICITCS.2014.7021725
Abstract: Since white box cryptography was proposed, many meaningful research has been studying on many fields. In fact, many companies provide services with WBC (White Box Cryptography) solutions. However, most of them are used in only services related to DRM, there is no basic approach that is attached to system or platform itself. This paper explains WBC research trends and some important problems, shows how to efficiently use WBC with mobile environment.
Keywords: cryptography; mobile computing; DRM; WBC; mobile device security; whitebox cryptography application; Cryptography; Encoding; Hardware; Mobile communication; Mobile handsets; Software (ID#: 16-10851)


A. Dima, J. Wack, and S. Wakid, “Raising the Bar on Software Security Testing,” in IT Professional, vol. 1, no. 3, pp. 27-32, May/Jun 1999. doi:10.1109/6294.774950
Abstract: Industry and government are promoting open security testing. The authors consider how one free tool can help find malicious code in Java apps. They discuss white-box testing, cryptography and firewall testing.
Keywords: Java; program testing; security of data; software tools; cryptography; firewall testing; government; industry; malicious code; open security testing; software security testing; software tool; white-box testing; Automatic testing; Costs; Decision making; ISO standards; Information security; NIST; National security; Protection; Software testing; System testing (ID#: 16-10852)


Y. X. Gu, B. Wyseur, B. Preneel, J.-D. Aussel, and R. Sailer, “Point/Counterpoint,” in IEEE Software, vol. 28, no. 2, pp. 56-59, March-April 2011. doi:10.1109/MS.2011.39
Abstract: The article is discussing new challenges faced by modern security systems because the traditional perimeter defenses against man-in-the-middle attacks are inadequate in protection against the man-at-the-end white-box attacks favored by many attackers.
Keywords: industrial property; security of data; man at the end white box attack; man in the middle attack; perimeter defence; security system; software based protection; Cryptography; Hardware; Operating systems; Protocols; Software protection; co-design; hardware; point/counterpoint; security; software (ID#: 16-10853)


T. Nakasone, Y. Li, K. Ohta, and K. Sakiyama, “Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage,” Electromagnetic Compatibility (EMC EUROPE), 2013 International Symposium on, Brugge, 2013, pp. 411-414. doi: (not provided)
Abstract: This paper discusses the efficiency of the CC-EMA (Clockwise Collision based ElectroMagnetic Analysis) attack on hardware implementation of 128-bit AES (Advanced Encryption Standard) block cipher. The analysis efficiency of CC-EMA was first discussed on a white-box setting, i.e., using a known-key AES (Advanced Encryption Standard) hardware [10]. Then, more realistic attack scenario was applied for CC-EMA, where the secret key of AES hardware was unknown, i.e., black-box analysis, and the attack efficiency in the key recovery was briefly discussed in [11]. In this paper, we revisit the previous work for CC-EMA and explore the attack efficiency of CC-EMA furthermore in order to evaluate the information leakage from proximal EM measurements of IC (Integrated Circuit) devices. In order to evaluate the attack efficiency under various attack environments, we construct a simulation environment, where the intensity of EM radiation is parameterised assuming that it follows a normal distribution. As a result, we show that CC-EMA attack delivers equal or superior performance in the key recovery compared to the CEMA (Correlation EMA) attack and the key can be recovered by CC-EMA with less than 1100 EM measurements, in such case that the EM intensity for CC could be measured distinctly.
Keywords: cryptography; integrated circuits; normal distribution; 128-bit AES block cipher; CC-EMA attack; EM radiation intensity; IC devices; advanced encryption standard; attack efficiency; black-box analysis; clockwise collision based electromagnetic analysis attack; information leakage evaluation; integrated circuit devices; normal distribution; proximal EM measurements; Clocks; Cryptography; Electromagnetic compatibility; Hardware; High definition video; Integrated circuit modeling; Registers (ID#: 16-10854)


Y. Xiao and X. Lai, “A Secure Implementation of White-Box AES,” Computer Science and its Applications, 2009. CSA ’09. 2nd International Conference on, Jeju, Korea (South), 2009, pp. 410-415. doi:10.1109/CSA.2009.5404239
Abstract: ShiftRows has no effect on Chow’s scheme, the obfuscations of the key can be divided into smaller ones and removed with the help of specific characters of the MixColumns operation in AES. In this paper, we present a secure implementation of White-Box AES, the main difference lies in ShiftRows operation. It is now embedded in matrices product, the output encodings has the same size as the output of MixColumns operation (32bits). Thus the obfuscation of the key cannot be divided into smaller ones or removed by using Billet's attack technique. Thus, our scheme can resist Billet’s attack. It is more secure than Chow's.
Keywords: Billets; Cryptography; Encoding; Information analysis; Manipulator dynamics; Protection; Resists; Security; Software algorithms; Table lookup (ID#: 16-10855)


J. Bringer, H. Chabanne, and K. Simoens, “Blackbox Security of Biometrics (Invited Paper),” Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2010 Sixth International Conference on, Darmstadt, 2010, pp. 337-340. doi:10.1109/IIHMSP.2010.89
Abstract: We analyze the security of biometric template protection methods that involve trusted hardware. The methods are defined in the black box security model, i.e., we consider components that perform operations on the biometric data they contain and only the input-output behaviour of these components is analyzed. The functionality that is implemented by these black boxes is assumed to be known, but as opposed to the white-box model no intermediate values can be observed. We illustrate our approach and demonstrate that additional countermeasures may be needed to protect the stored biometric data.
Keywords: biometrics (access control); security of data; biometric data protection; biometric template protection methods; black box security model; white-box model; Authentication; Bioinformatics; Biological system modeling; Biometrics; Cryptography; Databases; Biometric template protection; Blackbox security model; Trusted hardware (ID#: 16-10856)


J. J. A. Fournier and P. Loubet-Moundi, “Memory Address Scrambling Revealed Using Fault Attacks,” Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010 Workshop on, Santa Barbara, CA, 2010, pp. 30-36. doi:10.1109/FDTC.2010.13
Abstract: Today’s trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories’ contents by flipping ‘1’s to ‘0’s. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
Keywords: fault simulation; flash memories; logic testing; security of data; smart cards; EEPROM memory; ROM+EEPROM chips; UV radiation; chip designers; fault attacks; fault injection tool; flash-only products; floating gate memories; hardware level; heat radiation; memory address scrambling; operating system; security devices; smart card industry; software level; white box analysis; Arrays; Circuit faults; EPROM; Nonvolatile memory; Passivation; Security; Smart cards; EEPROM; Fault Injections; Flash; Floating Gate memories; address scrambling; reverse-engineering (ID#: 16-10857)


N. D. Goots, N. A. Moklovyan, P. A. Moldovyanu, and D. H. Summerville, “Fast DDP-Based Ciphers: From Hardware to Software,” Circuits and Systems, 2003 IEEE 46th Midwest Symposium on, 2003, vol., 2, pp. 770-773. doi:10.1109/MWSCAS.2003.1562400
Abstract: Data-dependent (DD) permutations (DDP) that are very suitable to cheap hardware implementation have been introduced as a cryptographic primitive for the design of fast firmware and software encryption systems. DDP can be performed with so called controlled permutation boxes (CPB) which are fast white implemented in cheap hardware. The latter defines the efficiency of the embedding of CPB in microcontrollers and microprocessors when adding a new fast instruction that allows one to perform DDP. Software and firmware encryption algorithms combining DDP with fast arithmetic operations are described.
Keywords: cryptography; digital arithmetic; firmware; microcontrollers; controlled permutation boxes; data-dependent permutations; fast DDP-based ciphers; fast arithmetic operations; fast instruction; firmware encryption system; hardware implementation; microcontrollers; microprocessors; software encryption systems; Arithmetic; Cryptography; Hardware; Microcontrollers; Microprocessors; Microprogramming; Security; Software algorithms; Software systems; Topology (ID#: 16-10858)


J. Zhou, Z. Cao, X. Dong, and X. Lin, “TR-MABE: White-Box Traceable and Revocable Multi-Authority Attribute-Based Encryption and Its Applications to Multi-Level Privacy-Preserving E-Healthcare Cloud Computing Systems,” Computer Communications (INFOCOM), 2015 IEEE Conference on, Kowloon, 2015, pp. 2398-2406. doi:10.1109/INFOCOM.2015.7218628
Abstract: Cloud-assisted e-healthcare systems significantly facilitate the patients to outsource their personal health information (PHI) for medical treatment of high quality and efficiency. Unfortunately, a series of unaddressed security and privacy issues dramatically impede its practicability and popularity. In e-healthcare systems, it is expected that only the primary physicians responsible for the patients treatment can not only access the PHI content but verify the real identity of the patient. Secondary physicians participating in medical consultation and/or research tasks, however, are only permitted to view or use the content of the protected PHI, while unauthorized entities cannot obtain anything. Existing work mainly focuses on patients conditional identity privacy by exploiting group signatures, which are very computationally costly. In this paper, we propose a white-box traceable and revocable multi-authority attribute-based encryption named TR-MABE to efficiently achieve multilevel privacy preservation without introducing additional special signatures. It can efficiently prevent secondary physicians from knowing the patients identity. Also, it can efficiently track the physicians who leak secret keys used to protect patients identity and PHI. Finally, formal security proof and extensive simulations demonstrate the effectiveness and practicability of our proposed TR-MABE in e-healthcare cloud computing systems.
Keywords: cloud computing; cryptography; data privacy; digital signatures; health care; medical information systems; PHI; TR-MABE encryption; cloud-assisted e-healthcare systems; e-healthcare cloud computing systems; electronic health care; formal security proof; group signatures; medical consultation; medical research; medical treatment; multilevel privacy-preserving e-healthcare; patient identity; patient treatment; patients conditional identity privacy; personal health information; privacy issue; security issue; white-box traceable revocable multiauthority attribute-based encryption; Access control; Cloud computing; Encryption; Medical services; Privacy; Cloud computing system; attribute-based encryption; multi-authority; traceability and revocability (ID#: 16-10859)


Y. Shi and J. Lin, “A Security Framework for Agent-Based Non-Fixed Services Composition,” Information Technology and Applications (IFITA’ 10), 2010 International Forum on, Kunming, 2010, vol. 3, pp. 10-14. doi:10.1109/IFITA.2010.160
Abstract: Mobile agents play a key role in many researches on non-fixed services composition, but threats from potentially malicious hosts become a great obstacle of services composition based on mobile agent technology because an agent on a malicious host is in a white-box attack context. A security framework based on bilinear pairings on elliptic curves using a special digital signature technique and a multi-recipient encryption scheme is proposed. The framework provides following security features: First, verifiability, strong unforgeability and strong identifiability of digital signatures of composition member. Second, prevention of misuse of digital signatures of composition controller. Third, confidentiality of parameters and result of services composition with high efficiency. All these security features relies on the difficulty of solving discrete logarithm problems and gap Diffie-Hellman problems, which are computational infeasible to solve at present.
Keywords: digital signatures; mobile agents; problem solving; public key cryptography; agent based nonfixed services composition security framework; bilinear pairing; digital signature technique; discrete logarithm problem solving; elliptic curve; mobile agent technology; multirecipient encryption scheme; white box attack context; Computer architecture; Context; Encryption; Mobile agents; Web services; composition; mobile agent; security; services (ID#: 16-10860)


Z. Liu, Z. Cao, and D. S. Wong, “White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures,” in IEEE Transactions on Information Forensics and Security, vol. 8, no. 1, pp. 76-88, Jan. 2013. doi:10.1109/TIFS.2012.2223683
Abstract: In a ciphertext-policy attribute-based encryption (CP-ABE) system, decryption keys are defined over attributes shared by multiple users. Given a decryption key, it may not be always possible to trace to the original key owner. As a decryption privilege could be possessed by multiple users who own the same set of attributes, malicious users might be tempted to leak their decryption privileges to some third parties, for financial gain as an example, without the risk of being caught. This problem severely limits the applications of CP-ABE. Several traceable CP-ABE (T-CP-ABE) systems have been proposed to address this problem, but the expressiveness of policies in those systems is limited where only and gate with wildcard is currently supported. In this paper we propose a new T-CP-ABE system that supports policies expressed in any monotone access structures. Also, the proposed system is as efficient and secure as one of the best (non-traceable) CP-ABE systems currently available, that is, this work adds traceability to an existing expressive, efficient, and secure CP-ABE scheme without weakening its security or setting any particular trade-off on its performance.
Keywords: cryptography; decryption key; decryption privilege; monotone access structure; traceable ciphertext-policy attribute-based encryption system; white-box traceable ciphertext-policy; Access control; Buildings; Encryption; Logic gates; Receivers; Attribute-based encryption; ciphertext-policy; traceability (ID#: 16-10861)


G. Khachatryan, M. Hovsepyan, and A. Jivanyan, “Efficient Secure Pattern Search Algorithm,” Computer Science and Information Technologies (CSIT), 2015, Yerevan, 2015, pp. 90-94. doi:10.1109/CSITechnol.2015.7358257
Abstract: In this paper we describe an efficient protocol for oblivious evaluation of a binary alphabet Deterministic Finite Automata (DFA) between the DFA owner (client) and the input text owner (server). The protocol requires only a single round of client-server communication. The number of server-side computations is linear to the text length and does not depend on the size of the DFA, and the number of client-side computations is linear to the multiplication of the number of the DFA states and text length, and it does not depend on the internal structure of the DFA. Our protocol uses white-box based 1-out-of-2 oblivious transfer protocol as a construction block. As a result, we have no public-key operations in our algorithm. Also, we have developed a test program which implements the protocol and this paper includes the results of benchmarks done for different input data. These results demonstrate the efficiency of the construction and confirm the low computational overhead of server side operations.
Keywords: client-server systems; finite automata; public key cryptography; search problems; text analysis; transport protocols; DFA owner; DFA states; binary alphabet deterministic finite automata; client-server communication; client-side computations; computational overhead; construction block; public-key operations; secure pattern search algorithm; server side operations; server-side computations; text owner; white-box based 1-out-of-2 oblivious transfer protocol; Algorithm design and analysis; Benchmark testing; Electronic mail; Encryption; Protocols; Servers; Cryptography; oblivious transfer; secure function evaluation; white-box (ID#: 16-10862)


J. Ning, X. Dong, Z. Cao, L. Wei, and X. Lin, “White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 6, pp. 1274-1288, June 2015. doi:10.1109/TIFS.2015.2405905
Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: (1) the number of attributes is not polynomially bounded and (2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.
Keywords: authorisation; cryptography; invasive software; ciphertext policy attribute-based encryption; commercial applications; decryption privilege; fine grained access control; flexible attributes; malicious user tracing; modified decryption key; traitor tracing; universe CP-ABE systems; white box traceability; Educational institutions; Encryption; Games; Polynomials; TV; Attribute-Based Encryption; Attribute-based encryption; Ciphertext-Policy; White-box Traceability; ciphertext-policy; large universe; white-box traceability (ID#: 16-10863)


J. Cui and Q. Wen, “Analysis on Operating Mechanism of SecurityKISS,” Computational Intelligence and Security (CIS), 2012 Eighth International Conference on, Guangzhou, 2012, pp. 666-669. doi:10.1109/CIS.2012.153
Abstract: Security KISS is a popular virtual private network tool used to protect privacy, ensure anonymity and bypass Internet restrictions. In this paper, we use Black-box analysis method and White-box analysis method to analyze the communication behavior and the encryption algorithm of the software. We get the workflow and the internal structures of the software in detail. In addition, we analyze the security of the software, and point out the defects existed. Finally, experimental results verify the accuracy and reliability of our analysis. This shows that the method we proposed to analyze network software is very efficient.
Keywords: computer network security; cryptography; data privacy; virtual private networks; SecurityKISS; black-box analysis; encryption algorithm; privacy protection; software security; virtual private network tool; white-box analysis; Computers; Encryption; IP networks; Servers; Software; Virtual private networks; Security KISS; encryption communication; reverse analysis (ID#: 16-10864)


P. T. Devanbu and S. G. Stubblebine, “Cryptographic Verification of Test Coverage Claims,” in IEEE Transactions on Software Engineering, vol. 26, no. 2, pp. 178-192, Feb 2000. doi:10.1109/32.841116
Abstract: The market for software components is growing, driven on the “demand side” by the need for rapid deployment of highly functional products and, on the “supply side”, by distributed object standards. As components and component vendors proliferate, there is naturally a growing concern about quality and the effectiveness of testing processes. White-box testing, particularly the use of coverage criteria, Is a widely used method for measuring the “thoroughness” of testing efforts. High levels of test coverage are used as indicators of good quality control procedures. Software vendors who can demonstrate high levels of test coverage have a credible claim to high quality. However, verifying such claims involves knowledge of the source code, test cases, build procedures, etc. In applications where reliability and quality are critical, it would be desirable to verify test coverage claims without forcing vendors to give up valuable technical secrets. In this paper, we explore cryptographic techniques that can be used to verify such claims. Our techniques have certain limitations, which we discuss in this paper. However, vendors who have done the hard work of developing high levels of test coverage can use these techniques (for a modest additional cost) to provide credible evidence of high coverage, while simultaneously reducing disclosure of intellectual property.
Keywords: cryptography; formal verification; industrial property; program testing; quality control; safety-critical software; software quality; cryptographic verification; distributed object standards; intellectual property; quality control procedures; reliability; software components; software vendors; test coverage claims; white-box testing; Application software; Costs; Cryptography; Intellectual property; Particle measurements; Quality control; Software quality; Software safety; Software standards; Software testing (ID#: 16-10865)


G. Khachatrian and M. Kyureghyan, “A New Public Key Encryption System Based on Permutation Polynomials,” Cloud Engineering (IC2E), 2014 IEEE International Conference on, Boston, MA, 2014, pp. 540-543. doi:10.1109/IC2E.2014.52
Abstract: In this paper a new public key encryption and digital signature system based on permutation polynomials is developed. The permutation polynomial P(x) is replaced by P(xi) mod g(x) where g(x) is a secret primitive polynomial, i is the secret number such that (i, 2n-1) =1 and P(xi) = Pi(x) is declared to be a public polynomial for encryption. A public key encryption of given m(x) is the evaluation of polynomial Pi(x) at point m(x) where the result of evaluation is calculated via so called White box reduction, which does not reveal the underlying secret polynomial g(x). It is shown that for the new system to achieve a comparable security with conventional public key systems based on either Discrete logarithm or Integer factorization problems, substantially less processing length n is required resulting in a significant acceleration of public key operations.
Keywords: computational complexity; number theory; public key cryptography; White box reduction; digital signature system; discrete logarithm; integer factorization problems; permutation polynomials; public key encryption system; public key operations; public key systems; public polynomial; secret number; secret primitive polynomial; Digital signatures; Encryption; Polynomials; Public key; digital signature; permutation polynomials; public-key encryption; white box reduction (ID#: 16-10866)


H. E. Link and W. D. Neumann, “Clarifying Obfuscation: Improving the Security of White-Box DES,” Information Technology: Coding and Computing (ITCC 2005) International Conference on, 2005, vol. 1., pp. 679-684.  doi:10.1109/ITCC.2005.100
Abstract: To ensure the security of software executing on malicious hosts, as in digital rights management (DRM) applications, it is desirable to encrypt or decrypt content using white-box-encoded cryptographic algorithms in the manner of Chow et al. (2002). Such encoded algorithms must run on an adversary’s machine without revealing the private key information used, despite the adversary’s ability to observe and manipulate the running algorithm. We have implemented obfuscated (white-box) DES and triple-DES algorithms along the lines of Chow et al., with alterations that improve the security of the key. Our system is secure against two previously published attacks on Chow et al.’s system, and our own adaptation of a statistical bucketing attack on their system.
Keywords: cryptography; industrial property; decryption; encryption; obfuscation; software security; statistical bucketing attack; triple-DES algorithms; white-box DES; white-box-encoded cryptographic algorithms; Application software; Content management; Cryptography; Encoding; Information security; Jacobian matrices; Laboratories; National security; Performance analysis; Protection (ID#: 16-10867)


A. Ahmad, M. Farooq, and M. Amin, “SBoxScope: A Meta S-Box Strength Evaluation Framework for Heterogeneous Confusion Boxes,” 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA, 2016,
pp. 5545-5553. doi:10.1109/HICSS.2016.685
Abstract: In cipher algorithms -- both block or streaming -- the most important non-linear component is a confusion box (commonly termed as s Substitution box or an S-box). The designers of cipher algorithms create an S-box on the basis of a unique formal model, as a result, its parameters -- including its size -- are different. Consequently, it becomes a daunting task for a cryptanalyst to conduct a comparative study to analyze, in a scientific yet unbiased manner, the cryptographic strength of these heterogeneous S-boxes. The major contribution of this paper is SBoxScope -- a meta S-Box strength evaluation framework -- that enables designers and analysts to evaluate cryptographic strength of heterogeneous S-boxes. The framework consists of two layers: (1) White Box Layer analyzes the contents of an S-box and calculates 8 relevant parameters (5 core and 3 auxiliary) and then normalizes them to draw conclusions about the strength of an S-box, (2) Black Box Layer assumes that no knowledge is available about the contents of an S-box, rather, it gives a predefined input bit stream to each S-box and then applies NIST tests to measure 10 parameters. Finally, the two layer are augmented that empowers an analyst to make a decision about the strength of an S-box after analyzing 18 different parameters. In this paper, we have evaluated 9 S-boxes of five well known cipher algorithms: AES, MARS, Skipjack, Serpent and Twofish.
Keywords: Algorithm design and analysis; Ciphers; Computer architecture; Correlation; Mars; NIST; Cipher Algorithms; Cryptographic Strength; Cryptography (ID#: 16-10868)


I. Azhar, N. Ahmed, A. G. Abbasi, A. Kiani, and A. Shibli, “Keeping Secret Keys Secret in Open Systems,” Open Source Systems and Technologies (ICOSST), 2014 International Conference on, Lahore, 2014, pp. 100-104. doi:10.1109/ICOSST.2014.7029328
Abstract: Security of cryptographic keys stored on an untrusted host is a challenging task. Casual storage of keys could lead to an unauthorized access using physical means. If an adversary can access the binary code, the key material can be easily extracted using well-known key-finding techniques. This paper proposes a new technique for securing keys within software. In our proposed technique, we transform keys (randomly generated bit-strings) to a set of randomized functions, which are then compiled and obfuscated together to form a secure application. When the keys are required at the run-time, an inverse transform is computed by the application dynamically to yield the original bit-strings. We demonstrate that our technique resists attacks by many entropy based key finding algorithms that scan the host’s RAM at run-time.
Keywords: computer network security; cryptography; inverse transforms; open systems; RAM; binary code; cryptographic key security; entropy-based key finding algorithm; inverse transform; key material; key-finding technique; randomized functions; randomly-generated bit-strings; secret keys; Availability; Cryptography; Heuristic algorithms; Lead; Open systems; Software; Key Hiding; Open System Security; White-Box Model (ID#: 16-10869)


S. V. Ghiţă, V. V. Patriciu, and I. Bica, “A New DRM Architecture Based on Mobile Code and White-Box Encryption,” Communications (COMM), 2012 9th International Conference on, Bucharest, 2012, pp. 303-306. doi:10.1109/ICComm.2012.6262567
Abstract: This paper represents an attempt to introduce a new Digital Rights Management (DRM) architecture for the distribution and protection of the digital contents. Based on the analysis of current DRM systems and cutting edge state of the art technologies, we propose an innovative design to cope with the existing limitations and weaknesses of a DRM ecosystem. We support the idea of introducing mobile code technologies together with white-box encryption techniques to the next generation of DRM systems. This paper presents our evaluation of current DRM solutions and recent technical breakthroughs. We also introduce a new architectural design. The paper justifies the new architecture and carries out a security analysis for the solution proposed.
Keywords: cryptography; digital rights management; DRM architecture; DRM ecosystem; architectural design; digital content distribution; digital content protection; digital rights management architecture; innovative design; mobile code technologies; security analysis; white-box encryption techniques; Authentication; Encryption; Licenses; Mobile agents; Mobile communication; DRM; mobile code; white-box encryption (ID#: 16-10870)


Y. Shi and Z. He, “A Lightweight White-Box Symmetric Encryption Algorithm Against Node Capture for WSNs,” Wireless Communications and Networking Conference (WCNC), 2014 IEEE, Istanbul, 2014, pp. 3058-3063. doi:10.1109/WCNC.2014.6952994
Abstract: Wireless Sensor Networks (WSNs) are often deployed in hostile environments and an adversary can potentially capture sensor nodes. This is a typical white-box attack context, i.e., the adversary may have total visibility of the implementation of the build-in cryptosystem and full control over its execution platform - the sensor nodes. Existing encryption algorithms for white-box attack contexts require large memory footprint and hence are not applicable for wireless sensor networks scenarios. As a countermeasure against the threat in this context, a lightweight secure implementation of the symmetric encryption algorithm SMS4 is proposed. The basic idea of our solution is to merge several steps of the round function of SMS4 into table lookups, blended by randomly generated mixing bijections. Its security and efficiency are analyzed. Evaluation shows our solution satisfies the requirement of sensor nodes in terms of limited memory size and low computational costs.
Keywords: cryptography; wireless sensor networks; SMS4 symmetric encryption algorithm; WSN; lightweight white-box symmetric encryption algorithm; memory footprint; node capture; sensor nodes; Algorithm design and analysis; Ciphers; Encryption; Software algorithms; Wireless sensor networks; Node capture; Sensor networks; Symmetric encryption algorithm; White-box attack context (ID#: 16-10871)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.