Abstract
In a white-box attack context, an attacker has full visibility of the implementation of a cipher and full control over its execution environment. As a countermeasure against the threat of a key exposure in this context, a white-box implementation of the block cipher SHARK, i.e., the white-box SHARK, was proposed in a piece of prior work in 2013. However, based on our observation and investigation, it has been derived that the white-box SHARK is insufficiently secure, where the hidden key and external encodings can be extracted with a work factor of approximately 1.5 * (2 ^ 47).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wyseur, B.: White-box cryptography. Katholieke Universiteit, Doctoral Dissertation, B-3001 Heverlee (Belgium) (2009)
Michiels, W.: Opportunities in white-box cryptography. IEEE Secur. Priv. 8, 64–67 (2010)
Chow, S., Eisen, P., Johnson, H., Van Orschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)
Shi, Y., Liu, Q., Zhao, Q.: A secure implementation of a symmetric encryption algorithm in white-box attack contexts. J. Appl. Math. 2013 Article ID 431794, 9 p. (2013). doi:10.1155/2013/431794
Shi, Y., Xiong, G.Y.: An undetachable threshold digital signature scheme based on conic curves. Appl. Math. Inform. Sci. 7, 823–828 (2013)
Babamir, F.S., Norouzi, A.: Achieving key privacy and invisibility for unattended wireless sensor networks in healthcare. Comput. J. 57, 624–635 (2014)
Tague, P., Li, M.Y., Poovendran, R.: Mitigation of control channel jamming under node capture attacks. IEEE Trans. Mob. Comput. 8, 1221–1234 (2009)
Hwang, S.O.: Content and service protection for IPTV. IEEE Trans. Broadcast. 55, 686 (2009)
Nishimoto, Y., Imaizumi, H., Mita, N.: Integrated digital rights management for mobile IPTV using broadcasting and communications. IEEE Trans. Broadcast. 55, 419–424 (2009)
Razzaque, M.A., Ahmad Salehi, S., Cheraghi, S.M.: Security and privacy in vehicular ad-hoc networks: survey and the road ahead. In: Khan, S., Khan Pathan, A.-S. (eds.) Wireless Networks and Security. SCT, vol. 2, pp. 107–132. Springer, Heidelberg (2013)
Yang, W.: Security in vehicular Ad Hoc networks (VANETs). In: Chen, L., Ji, J., Zhang, Z. (eds.) Wireless Network Security, pp. 95–128. Springer, Heidelberg (2013)
Mejri, M.N., Ben-Othman, J., Hamdi, M.: Survey on VANET security challenges and possible cryptographic solutions. Veh. Commun. 1, 53–66 (2014)
He, S., Lin, L., Letong, F., Yuan Xiang, G.: Introducing code assets of a new white-box security modeling language. In: 2014 IEEE 38th International Computer Software and Applications Conference Workshops (COMPSACW), pp. 116–121 (2014)
Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2nd International Conference on Computer Science and its Applications, CSA 2009, pp. 1–6. IEEE (2009)
Shi, Y., Lin, J., Zhang, C.: A white-box encryption algorithm for computing with mobile agents. J. Internet Technol. 12, 981–993 (2011)
Shi, Y., He, Z.: A lightweight white-box symmetric encryption algorithm against node capture for WSNs. In: 2014 IEEE Wireless Communications and Networking Conference (WCNC), pp. 3058–3063. IEEE (2014)
Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of white-box DES. In: ITCC 2005: International Conference on Information Technology: Coding and Computing, vol. 1, pp. 679–684 (2005)
Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011)
Bringer, J., Chabanne, H., Dottax, E.: White Box Cryptography: Another Attempt (2006)
Jacob, M., Boneh, D., Felten, E.W.: Attacking an obfuscated cipher by injecting faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003)
Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007)
Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007)
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box aes implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)
Michiels, W., Gorissen, P., Hollmann, H.D.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009)
Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory in the Benelux, Boekelo, The Netherlands, 24–25 May 2012. WIC (Werkgemeenschap voor Inform.-en Communicatietheorie) (2012)
De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010)
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Kn udsen, L., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013)
Biryukov, A., Cannière, C.D., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003)
Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–286. Springer, Heidelberg (2014)
Hohl, F.: Time limited blackbox security: protecting mobile agents from malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)
Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A.: The cipher SHARK. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 99–111. Springer, Heidelberg (1996)
Doerksen, M., Solomon, S., Thulasiraman, P.: Designing APU oriented scientific computing applications in OpenCL. In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), pp. 587–592 (2011)
Manocha, D.: General-purpose computations using graphics processors. Computer 38, 85–88 (2005)
Acknowledgments
This research has been supported by the National Natural Science Foundation of China (No. 61202382), the Fundamental Research Funds for the Central Universities, and the Scientific Research Foundation for the Returned Overseas Chinese Scholars. The authors would like to extend their appreciation to the PC members and anonymous reviewers for their valuable comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Shi, Y., Fan, H. (2015). On Security of a White-Box Implementation of SHARK. In: Lopez, J., Mitchell, C. (eds) Information Security. ISC 2015. Lecture Notes in Computer Science(), vol 9290. Springer, Cham. https://doi.org/10.1007/978-3-319-23318-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-23318-5_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23317-8
Online ISBN: 978-3-319-23318-5
eBook Packages: Computer ScienceComputer Science (R0)