Visible to the public Automating the BGE Attack on White-Box Implementations of AES with External Encodings

TitleAutomating the BGE Attack on White-Box Implementations of AES with External Encodings
Publication TypeConference Paper
Year of Publication2020
AuthorsAmadori, A., Michiels, W., Roelse, P.
Conference Name2020 IEEE 10th International Conference on Consumer Electronics (ICCE-Berlin)
Keywordscomposability, Consumer electronics, encoding, Manuals, Metrics, pubcrawl, resilience, Resiliency, reverse engineering, secure software, security, Software systems, Standards, test equipment, white box, white box cryptography, White Box Security, white-box cryptography
Abstract

Cloud-based payments, virtual car keys, and digital rights management are examples of consumer electronics applications that use secure software. White-box implementations of the Advanced Encryption Standard (AES) are important building blocks of secure software systems, and the attack of Billet, Gilbert, and Ech-Chatbi (BGE) is a well-known attack on such implementations. A drawback from the adversary's or security tester's perspective is that manual reverse engineering of the implementation is required before the BGE attack can be applied. This paper presents a method to automate the BGE attack on a class of white-box AES implementations with a specific type of external encoding. The new method was implemented and applied successfully to a CHES 2016 capture the flag challenge.

DOI10.1109/ICCE-Berlin50680.2020.9352195
Citation Keyamadori_automating_2020