Presented at
Black Hat Europe 2015,
Unknown date/time
(Unknown duration).
White-Box Cryptography (WBC) aims to provide software implementations of cryptographic algorithms that are resistant against an attacker with full access to the internals. Therefore, the key must remain secure even if the attacker is able to inspect and modify the execution of the cryptographic algorithm. This is often referred to as "security in the White-Box context." In a vanilla implementation of a cryptographic algorithm, access to intermediate results directly leads to extraction of the key. To achieve security in the white-box context, data encoding schemes and strong obfuscation are typically applied. This type of implementation is commonly seen in DRM systems, and is currently gaining momentum in the mobile payment market. Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills. In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We will introduce generic yet practical attacks on WBC implementations of the TDES and AES ciphers. Additionally, we will analyze the requirements for each attack and discuss potential countermeasures. We have applied these attacks to recover cryptographic keys from commercial as well as academic implementations. During the presentation, we will demonstrate several attacks on open source WBC implementations using custom tools. If you are tasked with evaluating the attack resistance of a WBC-based solution, this presentation will provide a better understanding of what White-Box Cryptography is and how to evaluate its robustness against different key extraction attacks. If you are a WBC designer, you will obtain a better understanding of what the most common weak points of such schemes are. Our results highlight the importance of evaluating WBC implementations with respect to these generic attacks in order to provide correct judgment about their level of security.
Presenters:
-
Eloi Sanfelix
- Riscure
Eloi Sanfelix works as a Principal Security Analyst at Riscure, where he performs security evaluations on different products ranging from software-based solutions to embedded systems. Most of his working time is currently spent reverse engineering and analyzing protected software such as DRM systems and mobile payment applications. In the last few years, he has also been involved in evaluating the security of embedded systems and smart card technology, mostly for the PayTV and the payment industries. In his spare time, Eloi enjoys participating in CTF competitions with the int3pids team.
-
Job de Haas
- Riscure
Job de Haas holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, smart meters, and a variety of modems (ADSL, Wireless). Further, he is a specialist in the reverse engineering of applications and consumer electronics. At Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card-sharing attacks for conditional access providers. Job has participated in the creation of several certification schemes for customers of embedded products. Job has a long speaking history at international conferences, including talks on security of mobile technologies, reverse engineering of firmware, and side channel attacks on embedded systems.
-
Cristofaro Mune
- Riscure
Cristofaro Mune works as a Principal Security Analyst at Riscure, where he performs security evaluations on different products ranging from software-based solutions to embedded systems. In the past, he has been a Security Research Lead for Mobile Security Lab, working on vulnerabilities in mobile devices, applications and services, but in his experience there are also security assessments of IT networks, devices and services for major companies. As a researcher he has been presenting some of his works at major security conferences such as Black Hat, CONFidence and Syscan. His current main interests are exploitation of embedded architectures, reverse engineering, TEE and DRM solutions.
Links:
Similar Presentations: