scholarly journals Analysis of Software Countermeasures for Whitebox Encryption

2017 ◽  
pp. 307-328 ◽  
Author(s):  
Subhadeep Banik ◽  
Andrey Bogdanov ◽  
Takanori Isobe ◽  
Martin Jepsen
Keyword(s):  
Real World ◽  
Random Noise ◽  
Control Flow ◽  
Sufficient Information ◽  
Software Protection ◽  
Secret Key ◽  
Execution Traces ◽  
Protection Mechanisms ◽  
Software Execution ◽  
Control Flow Obfuscation

Whitebox cryptography aims to ensure the security of cryptographic algorithms in the whitebox model where the adversary has full access to the execution environment. To attain security in this setting is a challenging problem: Indeed, all published whitebox implementations of standard symmetric-key algorithms such as AES to date have been practically broken. However, as far as we know, no whitebox implementation in real-world products has suffered from a key recovery attack. This is due to the fact that commercial products deploy additional software protection mechanisms on top of the whitebox implementation. This makes practical attacks much less feasible in real-world applications. There are numerous software protection mechanisms which protect against standard whitebox attacks. One such technique is control flow obfuscation which randomizes the order of table lookups for each execution of the whitebox encryption module. Another technique is randomizing the locations of the various Look up tables (LUTs) in the memory address space. In this paper we investigate the effectiveness of these countermeasures against two attack paradigms. The first known as Differential Computational Analysis (DCA) attack was developed by Bos, Hubain, Michiels and Teuwen in CHES 2016. The attack passively collects software execution traces for several plaintext encryptions and uses the collected data to perform an analysis similar to the well known differential power attacks (DPA) to recover the secret key. Since the software execution traces contain time demarcated physical addresses of memory locations being read/written into, they essentially leak the values of the inputs to the various LUTs accessed during the whitebox encryption operation, which as it turns out leaks sufficient information to perform the power attack. We found that if in addition to control flow obfuscation, one were to randomize the locations of the LUTs in the memory, then it is very difficult to perform the DCA on the resultant system using such table inputs and extract the secret key in reasonable time. As an alternative, we investigate the version of the DCA attack which uses the outputs of the tables instead of the inputs to mount the power analysis attack. This modified DCA is able to extract the secret key from the flow obfuscated and location randomized versions of several whitebox binaries available in crypto literature. We develop another attack called the Zero Difference Enumeration (ZDE) attack. The attack records software traces for several pairs of strategically selected plaintexts and performs a simple statistical test on the effective difference of the traces to extract the secret key. We show that ZDE is able to recover the keys of whitebox systems. Finally we propose a new countermeasure for protecting whitebox binaries based on insertion of random delays which aims to make both the ZDE and DCA attackspractically difficult by adding random noise in the information leaked to the attacker.

scholarly journals Distributed Watchdogs Based on Blockchain for Securing Industrial Internet of Things

Sensors ◽  
2021 ◽  
Vol 21 (13) ◽  
pp. 4393
Author(s):  
JongHyup Lee ◽  
Taekyoung Kwon
Keyword(s):  
Internet Of Things ◽  
Software Protection ◽  
Industrial Internet Of Things ◽  
Industrial Systems ◽  
Industrial Internet ◽  
Unique Identity ◽  
Protection Mechanisms ◽  
Software Updates ◽  
Detailed Specification ◽  
Industrial Environments

The Industrial Internet of Things (IIoT) could enhance automation and analytics in industrial environments. Despite the promising benefits of IIoT, securely managing software updates is a challenging problem for those critical applications. This is due to at least the intrinsic lack of software protection mechanisms in legacy industrial systems. In this paper, to address the challenges in building a secure software supply chain for industrial environments, we propose a new approach that leverages distributed watchdogs with blockchain systems in protecting software supply chains. For this purpose, we bind every entity with a unique identity in the blockchain and employ the blockchain as a delegated authenticator by mapping every reporting action to a non-fungible token transfer. Moreover, we present a detailed specification to clearly define the behavior of systems and to apply model checking.

scholarly journals A Noise Study of the PSW Signature Family: Patching DRS with Uniform Distribution †

Information ◽  
2020 ◽  
Vol 11 (3) ◽  
pp. 133
Author(s):  
Arnaud Sipasseuth ◽  
Thomas Plantard ◽  
Willy Susilo
Keyword(s):  
Uniform Distribution ◽  
Random Noise ◽  
Theoretical Framework ◽  
New Method ◽  
Signature Scheme ◽  
Secret Key ◽  
Initial Work ◽  
Dimensional Ball ◽  
Diagonal Reduction

At PKC 2008, Plantard et al. published a theoretical framework for a lattice-based signature scheme, namely Plantard–Susilo–Win (PSW). Recently, after ten years, a new signature scheme dubbed the Diagonal Reduction Signature (DRS) scheme was presented in the National Institute of Standards and Technology (NIST) PQC Standardization as a concrete instantiation of the initial work. Unfortunately, the initial submission was challenged by Yu and Ducas using the structure that is present on the secret key noise. In this paper, we are proposing a new method to generate random noise in the DRS scheme to eliminate the aforementioned attack, and all subsequent potential variants. This involves sampling vectors from the n-dimensional ball with uniform distribution. We also give insight on some underlying properties which affects both security and efficiency on the PSW type schemes and beyond, and hopefully increase the understanding on this family of lattices.

Control flow obfuscation based protection method for Android applications

2017 ◽  
Vol 14 (11) ◽  
pp. 247-259 ◽  
Author(s):  
Yong Peng ◽  
Guanyu Su ◽  
Bin Tian ◽  
Maohua Sun ◽  
Qi Li
Keyword(s):  
Control Flow ◽  
Protection Method ◽  
Android Applications ◽  
Control Flow Obfuscation

scholarly journals Topology-Inspired Method Recovers Obfuscated Term Information From Induced Software Call-Stacks

2021 ◽  
Vol 7 ◽  
Author(s):  
Kelly Maggs ◽  
Vanessa Robins
Keyword(s):  
Large Scale ◽  
Source Code ◽  
Computer Software ◽  
Black Box ◽  
Proof Of Concept ◽  
Software Vulnerabilities ◽  
Execution Traces ◽  
Function Calls ◽  
Software Execution ◽  
Primary Unit

Fuzzing is a systematic large-scale search for software vulnerabilities achieved by feeding a sequence of randomly mutated input files to the program of interest with the goal being to induce a crash. The information about inputs, software execution traces, and induced call stacks (crashes) can be used to pinpoint and fix errors in the code or exploited as a means to damage an adversary’s computer software. In black box fuzzing, the primary unit of information is the call stack: a list of nested function calls and line numbers that report what the code was executing at the time it crashed. The source code is not always available in practice, and in some situations even the function names are deliberately obfuscated (i.e., removed or given generic names). We define a topological object called the call-stack topology to capture the relationships between module names, function names and line numbers in a set of call stacks obtained via black-box fuzzing. In a proof-of-concept study, we show that structural properties of this object in combination with two elementary heuristics allow us to build a logistic regression model to predict the locations of distinct function names over a set of call stacks. We show that this model can extract function name locations with around 80% precision in data obtained from fuzzing studies of various linux programs. This has the potential to benefit software vulnerability experts by increasing their ability to read and compare call stacks more efficiently.

scholarly journals Coarsening optimization for differentiable programming

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-27
Author(s):  
Xipeng Shen ◽  
Guoqiang Zhang ◽  
Irene Dea ◽  
Samantha Andow ◽  
Emilio Arroyo-Fang ◽  
...  
Keyword(s):  
Real World ◽  
Control Flow ◽  
Algorithmic Differentiation ◽  
Symbolic Reasoning ◽  
Single Operation ◽  
Real World Applications ◽  
Novel Method ◽  
Expression Swell

This paper presents a novel optimization for differentiable programming named coarsening optimization. It offers a systematic way to synergize symbolic differentiation and algorithmic differentiation (AD). Through it, the granularity of the computations differentiated by each step in AD can become much larger than a single operation, and hence lead to much reduced runtime computations and data allocations in AD. To circumvent the difficulties that control flow creates to symbolic differentiation in coarsening, this work introduces phi-calculus, a novel method to allow symbolic reasoning and differentiation of computations that involve branches and loops. It further avoids "expression swell" in symbolic differentiation and balance reuse and coarsening through the design of reuse-centric segment of interest identification. Experiments on a collection of real-world applications show that coarsening optimization is effective in speeding up AD, producing several times to two orders of magnitude speedups.

Sign in / Sign up

Export Citation Format

Share Document