Differential computation analysis: hiding your white-box designs is not enough

J.W. Bos, C. Hubain, W. Michiels, P. Teuwen

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

22 Citaties (Scopus)

Uittreksel

Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell “secure” white-box products. In this paper, we present a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. To illustrate its effectiveness, we show how DCA can extract the secret key from numerous publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This approach allows one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated manner.

TaalEngels
TitelCryptographic Hardware and Embedded Systems – CHES 2016
Subtitel18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings
RedacteurenB. Gierlichs , A.Y. Poschmann
Plaats van productieDordrecht
UitgeverijSpringer
Pagina's215-236
Aantal pagina's22
ISBN van elektronische versie978-3-662-53139-6
ISBN van geprinte versie978-3-662-53140-2
DOI's
StatusGepubliceerd - 2016
Evenement18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016 - Santa Barbara, Verenigde Staten van Amerika
Duur: 17 aug 201619 aug 2016

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9813
ISSN van geprinte versie03029743
ISSN van elektronische versie16113349

Congres

Congres18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016
LandVerenigde Staten van Amerika
StadSanta Barbara
Periode17/08/1619/08/16

Vingerafdruk

Reverse engineering
Box Product
Trace
Attack
Differential Power Analysis
Cryptography
Software
Reverse Engineering
Look-up Table
Instrumentation
Hardware
Data storage equipment
Binary
Industry
Dependent
Design
Knowledge
Side channel attack
Community
Framework

Citeer dit

Bos, J. W., Hubain, C., Michiels, W., & Teuwen, P. (2016). Differential computation analysis: hiding your white-box designs is not enough. In B. Gierlichs , & A. Y. Poschmann (editors), Cryptographic Hardware and Embedded Systems – CHES 2016: 18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings (blz. 215-236). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9813). Dordrecht: Springer. DOI: 10.1007/978-3-662-53140-2_11
Bos, J.W. ; Hubain, C. ; Michiels, W. ; Teuwen, P./ Differential computation analysis : hiding your white-box designs is not enough. Cryptographic Hardware and Embedded Systems – CHES 2016: 18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings. redacteur / B. Gierlichs ; A.Y. Poschmann. Dordrecht : Springer, 2016. blz. 215-236 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5b22a951a8b8458e8d3cf28bdd6b85c2,
title = "Differential computation analysis: hiding your white-box designs is not enough",
abstract = "Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell “secure” white-box products. In this paper, we present a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. To illustrate its effectiveness, we show how DCA can extract the secret key from numerous publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This approach allows one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated manner.",
author = "J.W. Bos and C. Hubain and W. Michiels and P. Teuwen",
year = "2016",
doi = "10.1007/978-3-662-53140-2_11",
language = "English",
isbn = "978-3-662-53140-2",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "215--236",
editor = "{Gierlichs }, B. and A.Y. Poschmann",
booktitle = "Cryptographic Hardware and Embedded Systems – CHES 2016",
address = "Germany",

}

Bos, JW, Hubain, C, Michiels, W & Teuwen, P 2016, Differential computation analysis: hiding your white-box designs is not enough. in B Gierlichs & AY Poschmann (redactie), Cryptographic Hardware and Embedded Systems – CHES 2016: 18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9813, Springer, Dordrecht, blz. 215-236, Santa Barbara, Verenigde Staten van Amerika, 17/08/16. DOI: 10.1007/978-3-662-53140-2_11

Differential computation analysis : hiding your white-box designs is not enough. / Bos, J.W.; Hubain, C.; Michiels, W.; Teuwen, P.

Cryptographic Hardware and Embedded Systems – CHES 2016: 18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings. redactie / B. Gierlichs ; A.Y. Poschmann. Dordrecht : Springer, 2016. blz. 215-236 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9813).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

TY - GEN

T1 - Differential computation analysis

T2 - hiding your white-box designs is not enough

AU - Bos,J.W.

AU - Hubain,C.

AU - Michiels,W.

AU - Teuwen,P.

PY - 2016

Y1 - 2016

N2 - Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell “secure” white-box products. In this paper, we present a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. To illustrate its effectiveness, we show how DCA can extract the secret key from numerous publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This approach allows one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated manner.

AB - Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell “secure” white-box products. In this paper, we present a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. To illustrate its effectiveness, we show how DCA can extract the secret key from numerous publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This approach allows one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated manner.

UR - http://www.scopus.com/inward/record.url?scp=84981316101&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-53140-2_11

DO - 10.1007/978-3-662-53140-2_11

M3 - Conference contribution

SN - 978-3-662-53140-2

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 215

EP - 236

BT - Cryptographic Hardware and Embedded Systems – CHES 2016

PB - Springer

CY - Dordrecht

ER -

Bos JW, Hubain C, Michiels W, Teuwen P. Differential computation analysis: hiding your white-box designs is not enough. In Gierlichs B, Poschmann AY, redacteurs, Cryptographic Hardware and Embedded Systems – CHES 2016: 18th International Conference, Santa Barbara, California, August 17-19, 2016, Proceedings. Dordrecht: Springer. 2016. blz. 215-236. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Beschikbaar vanaf, DOI: 10.1007/978-3-662-53140-2_11