Advertisement

Software Tamper Resistance Based on White-Box SMS4 Implementation

  • Tingting LinEmail author
  • Yixin Zhong
  • Xuejia Lai
  • Weidong Qiu
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1122)

Abstract

In software protection, we’ve always faced the problem that an attacker is assumed to have full control over the target software and its execution. This is similar to the attack model in white-box cryptography, which aims to provide robust and secure implementations of cryptographic schemes against white-box attacks. In this paper, we propose our tamper-resistance technique, Siren, that uses white-box implementation to make software tamper resistant. We interpret the binary of software code as lookup table and incorporate these tables into the underlying white-box SMS4 implementation. In addition, we prove that Siren has good performance in security, and show the lower space complexity and higher efficiency. Finally, we present CBC-Siren, a white-box encryption scheme using CBC mode, which can provide protection to code with flexible size.

Keywords

White-box cryptograpyh Software Tamper resistance SMS4 CBC 

Notes

Acknowledgments

This work was supported by National Natural Science Foundation of China (No. 61702331, 61472251, U1536101, 71774111, 61972249, 61972248), China Postdoctoral Science Foundation (No. 2017M621471). National Cryptography Development Fund (NO. MMJJ20170105) and Science and Technology on Communication Security Laboratory. The authors are very grateful to the anonymous referees for their valuable comments and suggestions, helping them to improve the quality of this paper.

References

  1. 1.
    Collberg, C., Low, D., Thomborson, C.: Breaking abstractions and unstructuring data structures. In: Proceedings of the 1998 International Conference on Computer Languages (Cat. No. 98CB36225), pp. 28–38. IEEE (1998)Google Scholar
  2. 2.
    Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_2CrossRefGoogle Scholar
  3. 3.
    Lach, J., Mangione-Smith, W.H., Kahng, A.B.: Watermarking techniques for intellectual property protection. In: Proceedings of the 35th annual Design Automation Conference, pp. 776–781. ACM (1998)Google Scholar
  4. 4.
    Ma, H., Lu, K.: Software watermarking using return-oriented programming. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 369–380. ACM (2015)Google Scholar
  5. 5.
    Dalla, P.M., Preda, M.: Software watermarking: a semantics-based approach. Electron. Notes Theor. Comput. Sci. 331, 71–85 (2017)CrossRefGoogle Scholar
  6. 6.
    Kannan, S., Blum, M.: Designing programs that check their work. J. ACM (JACM) 42(1), 269–291 (1995)CrossRefGoogle Scholar
  7. 7.
    Blum, M., Wasserman, H.: Software reliability via run-time result-checking. J. ACM (JACM) 44(6), 826–849 (1997)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-44993-5_1CrossRefGoogle Scholar
  9. 9.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36492-7_17CrossRefzbMATHGoogle Scholar
  10. 10.
    Xiao, Y., Lai, X.: White-box cryptography and implementations of SMS4. In: Proceedings of the 2009 CACR Annual Meeting, vol. 34. Science Press, Beijing (2009)Google Scholar
  11. 11.
    Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24209-0_19CrossRefGoogle Scholar
  12. 12.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_4CrossRefGoogle Scholar
  13. 13.
    Shi, Y., Wei, W., He, Z.: A lightweight white-box symmetric encryption algorithm against node capture for wsns. Sensors 15(5), 11928–11952 (2015)CrossRefGoogle Scholar
  14. 14.
    Kang, Y.A., Lee, S., Kim, T.: A masked white-box cryptographic implementation for protecting against differential computation analysis. IEEE Trans. Inf. Forensics Secur. 13(10), 2602–2615 (2018)CrossRefGoogle Scholar
  15. 15.
    Michiels, W., Gorissen, P.: Mechanism for software tamper resistance: an application of white-box cryptography. In: Proceedings of the 2007 ACM Workshop on Digital Rights Management, pp. 82–89. ACM (2007)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Tingting Lin
    • 1
    • 3
    Email author
  • Yixin Zhong
    • 1
  • Xuejia Lai
    • 1
    • 2
  • Weidong Qiu
    • 3
  1. 1.School of Electrical and Information EngineeringShanghai Jiao Tong UniversityShanghaiChina
  2. 2.Westone Cryptologic Research Center, State Key Laboratory of CryptologyBeijingChina
  3. 3.School of Cyber SecurityShanghai Jiao Tong UniversityShanghaiChina

Personalised recommendations