Abstract
Conventional software implementations of cryptographic algorithms are totally insecure where a hostile user may control the execution environment, or where co-located with malicious software. Yet current trends point to increasing usage in environments so threatened. We discuss encrypted-composed-function methods intended to provide a practical degree of protection against white-box (total access) attacks in untrusted execution environments. As an example, we show how aes can be implemented as a series of lookups in key-dependent tables. The intent is to hide the key by a combination of encoding its tables with random bijections representing compositions rather than individual steps, and extending the cryptographic boundary by pushing it out further into the containing application. We partially justify our aes implementation, and motivate its design, by showing how removal of parts of the recommended implementation allows specified attacks, including one utilizing a pattern in the aes SubBytes table.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J. Algesheimer, C. Cachin, J. Camenisch, G. Karjoth, Cryptographic Security for Mobile Code, pp. 2–11 in Proceedings of the 2001 ieee Symposium on Security and Privacy, May 2001.
R.J. Anderson, M.G. Kuhn, Low Cost Attacks on Tamper-Resistant Devices, pp. 125–136, 5th International Workshop on Security Protocols (lncs 1361), Springer 1997.
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, K. Yang, On the (Im)possibility of Obfuscating Programs, pp. 1–18, Advances in Cryptology-Crypto 2001 (lncs 2139), Springer-Verlag, 2001.
E. Biham, A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, pp. 513–525, Advances in Cryptology-Crypto’ 97 (lncs 1294), Springer-Verlag, 1997. Revised: Technion-C.S. Dept.-Technical Report CS0910-revised, 1997.
E. Biham, A. Shamir, Power Analysis of the Key Scheduling of the aes Candidates, presented at the 2nd aes Candidate Conference, Rome, Mar. 22-23 1999.
D. Boneh, R.A. DeMillo, R.J. Lipton, On the Importance of Eliminating Errors in Cryptographic Computations, J. Cryptology 14(2), pp. 101–119, 2001.
S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, A Cautionary Note Regarding Evaluation of aes Candidates on Smart-Cards, presented at the Second aes Candidate Conference, Rome, Italy, March 22-23, 1999.
S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot, A White-Box des Implementation for drm Applications, Proceedings of drm 2002-2nd acm Workshop on Digital Rights Management, Nov. 18, 2002 (Springer-Verlag lncs, to appear).
S. Chow, Y. Gu, H. Johnson, V.A. Zakharov, An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs, pp. 144–155, Proceedings of isc 2001-Information Security, 4th International Conference (Malaga, Spain, 1-3 October 2001), lncs 2200, Springer-Verlag, 2001.
F. Cohen, Operating System Protection Through Program Evolution, Computers and Security 12(6), 1 Oct. 1993, pp. 565–584.
J. Daemen, V. Rijmen, Resistance Against Implementation Attacks: A Comparative Study of the aes proposals, presented at the Second aes Candidate Conference, Rome, Italy, March 22-23, 1999.
J. Daemen, M. Peeters, G. [van Assche, Bitslice Ciphers and Power Analysis Attacks, pp. 134–149, 7th International Workshop on Fast Software Encryption-fse 2000 (lncs 1978), Springer-Verlag, 2000.
J. Daemen, V. Rijmen, aes Proposal: Rijndael, http://csrc.nist.gov/encryption/aes/rijndael/Rijndael_OnlinePDF.pdf, 1999.
J. Daemen, V. Rijmen, The Design of Rijndael: aes-The Advanced Encryption Standard, Springer, 2001.
S. Forrest, A. Somayaji, D. H. Ackley, Building Diverse Computer Systems, pp. 67–72, Proceedings of the 6th Workshop on Hot Topics in Operating Systems, ieee Computer Society Press, 1997.
M. Jakobsson, M.K. Reiter, Discouraging Software Piracy Using Software Aging, pp. 1–12, Security and Privacy in Digital Rights Management-acm ccs-8 Workshop drm 2001 (lncs 2320), Springer-Verlag, 2002.
P.C. Kocher, Timing Attacks against Implementations of Di.e-Hellman, RSA, DSS, and Other Systems, pp. 104–113, Advances in Cryptology-Crypto’ 96 (lncs 1109), Springer-Verlag, 1996.
P. Kocher, J. Jaffe, B. Jun, Differential Power Analysis, pp. 388–397, Advances in Cryptology-Crypto’ 99 (lncs 1666), Springer-Verlag, 1999.
O. Kömmerling, M.G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors, pp. 9–20, Proceedings of the usenix Workshop on Smartcard Technology (Smartcard’ 99), usenix Association, isbn 1-880446-34-0, 1999.
P. L’Ecuyer, Efficient and Portable Combined Random Number Generators, Communications of the acm 31(6), pp. 742–749, 1988.
T. Sander, C.F. Tschudin, Towards Mobile Cryptography, pp. 215–224, Proceedings of the 1998 ieee Symposium on Security and Privacy.
T. Sander, C.F. Tschudin, Protecting Mobile Agents Against Malicious Hosts, pp. 44–60, Mobile Agent Security (lncs 1419), Springer-Verlag, 1998.
N. van Someren, A. Shamir, Playing Hide and Seek with Keys, pp. 118–124, Financial Cryptography’ 99 (lncs 1648), Springer-Verlag, 1999.
C. Wang, A Security Architecture for Survivability Mechanisms, Doctoral thesis, University of Virginia, October 2000.
J. Xiao, Y. Zhou, Generating Large Non-Singular Matrices over an Arbitrary Field with Blocks of Full Rank, Cryptology ePrint Archive (http://eprint.iacr.org), no. 2002/096.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C. (2003). White-Box Cryptography and an AES Implementation. In: Nyberg, K., Heys, H. (eds) Selected Areas in Cryptography. SAC 2002. Lecture Notes in Computer Science, vol 2595. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36492-7_17
Download citation
DOI: https://doi.org/10.1007/3-540-36492-7_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00622-0
Online ISBN: 978-3-540-36492-4
eBook Packages: Springer Book Archive