CE39 - Sécurité Globale, Cybersécurité

Secure Software using Whitebox Technology – SWITECH

SWITECH

Secure Software using Whitebox Cryptography

Main issues and objectives for white-box cryptography

Cryptographic algorithms are increasingly deployed in various applications embedded on connected devices, such as smartphones and tablets. In this environment, the capabilities of the adversary can be greatly enhanced, and we should consider an adversary who can access the binary code, modify its execution, tamper with the memory, and use existing reverse engineering tools such as debuggers to recover the hidden secrets. In general consumers have an implicit trust in the security level of products and services produced by manufacturers and solution providers. Therefore it is often devastating in terms of technical credibility when security solutions are successfully broken and subsequently subject to uncontrolled cloning and counterfeiting.<br />The goal of the SWITECH project is to make White-Box Cryptography (WBC) a mature technology, by providing new constructions for cryptographic implementations, by improving known attacks and de- veloping new ones, and by building innovative demonstrators based on concrete use cases to demonstrate the feasibility of security products in pure software.

• Specify a concrete and market-oriented use case --> Secure wallet for cryptocurrencies
• Define security models --> Prevent key extraction + take into account the software environment (code lifting), taking into account more theoretical models (iO = indistinguishability obfuscation)
• Find new attacks and develop assessment tools --> Design a versatile attack toolkit to assess the real-world security of white-box implementations.
• Develop secure constructions --> secret key algorithms (AES) and public key algorithms (ECDSA)
• Build a demonstrator --> Mobile application using white box cryptography to secure storage and spending of cryptocurrency coins.

The project analyzed in detail:
• The security challenges posed by the usual applications of white-box cryptography: DRM (Digital Right Management), Mobile payment and wallet-type applications, cryptocurrencies
• Concepts of security for white box cryptography: protection against key extraction (unbreakability), security against “code lifting” type attacks
• The use of the concept of iO (indistinguishability obfuscation) to pair a white box implementation with the hardware device in which it is executed.

The project partners organized an international competition, WhibOx 2019, in conjunction with the annual CHES conference, during which participants were invited to either propose white-box implementations of AES or attempt to break submitted proposals. Within the SWITECH project, new generic attack techniques were developed on this occasion, and gave rise to two international publications.

• With a view to assessing the security of white-box implementations, a standardization action has been launched at ISO. This is in particular the draft standard ISO/IEC 24485 (Information security, cybersecurity and privacy protection — Security techniques — Security properties and best practices for test and evaluation of white box cryptography)

- J.S. Coron, H.V.L. Pereira: On Kilian's Randomization of Multilinear Map Encodings. ASIACRYPT 2019
- J.S. Coron, L. Notarnicola: Cryptanalysis of CLT13 Multilinear Maps with Independent Slots. ASIACRYPT 2019
- L. Goubin, P. Paillier, M. Rivain, J. Wang: How to reveal the secrets of an obscure white-box implementation. J. Cryptogr. Eng. 10(1): 49-66 (2020)
- L. Goubin, M. Rivain, J. Wang: Defeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3)
- A. Biryukov, A. Udovenko: Dummy Shuffling against Algebraic Attacks in White-box Implementations. EUROCRYPT 2021
- J.S. Coron, L. Spignoli. Secure Wire Shuffling in the Probing Model. CRYPTO 2021.

Cryptographic algorithms are increasingly deployed in various applications embedded on connected devices, such as smartphones and tablets. In this environment, the capabilities of the adversary can be greatly enhanced, and we should consider an adversary who can access the binary code, modify its execution, tamper with the memory, and use existing reverse engineering tools such as debuggers to recover the hidden secrets. In general consumers have an implicit trust in the security level of products and services produced by manufacturers and solution providers. Therefore it is often devastating in terms of technical credibility when security solutions are successfully broken and subsequently subject to uncontrolled cloning and counterfeiting.

The goal of the SWITECH project is to make White-Box Cryptography (WBC) a mature technology, by providing new constructions for cryptographic implementations, by improving known attacks and developing new ones, and by building innovative demonstrators based on concrete use cases to demonstrate the feasibility of security products in pure software. This is an industrial research project that brings together theoretical cryptographers and industrial experts whose main concern is the security of security products. The public laboratory partners are Versailles University and University of Luxembourg. The industrial partner is CryptoExperts. Besides developing secure white-box contructiongs, defining security models, exporing new attacks and developing new attack tools, the goal of the SWITECH project is to specify a concrete, market-driven use case and build a concrete demonstrator to demonstrate the feasibility of security products in pure software. Based on this use case, we will build Android mobile application that makes use of white-box cryptography to secure the storing and spending of cryptocurrency coins. This will require a dynamic ECDSA white-box implementation that can operate transactions from tokens.

Project coordinator

Monsieur Louis Goubin (Laboratoire de mathématiques de Versailles)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.

Partner

CRX CRYPTOEXPERTS
LUX Université du Luxembourg / Computer Science and Communications Research Unit
LMV Laboratoire de mathématiques de Versailles

Help of the ANR 483,488 euros
Beginning and duration of the scientific project: March 2020 - 36 Months

Useful links

Explorez notre base de projets financés

 

 

ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter