Skip to main content
SpringerLink
Log in

Software Tamper Resistance Based on White-Box SMS4 Implementation

  • Conference paper
  • First Online:
Smart City and Informatization (iSCI 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1122))

Included in the following conference series:

  • 1441 Accesses

Abstract

In software protection, we’ve always faced the problem that an attacker is assumed to have full control over the target software and its execution. This is similar to the attack model in white-box cryptography, which aims to provide robust and secure implementations of cryptographic schemes against white-box attacks. In this paper, we propose our tamper-resistance technique, Siren, that uses white-box implementation to make software tamper resistant. We interpret the binary of software code as lookup table and incorporate these tables into the underlying white-box SMS4 implementation. In addition, we prove that Siren has good performance in security, and show the lower space complexity and higher efficiency. Finally, we present CBC-Siren, a white-box encryption scheme using CBC mode, which can provide protection to code with flexible size.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Collberg, C., Low, D., Thomborson, C.: Breaking abstractions and unstructuring data structures. In: Proceedings of the 1998 International Conference on Computer Languages (Cat. No. 98CB36225), pp. 28–38. IEEE (1998)

    Google Scholar 

  2. Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_2

    Chapter  Google Scholar 

  3. Lach, J., Mangione-Smith, W.H., Kahng, A.B.: Watermarking techniques for intellectual property protection. In: Proceedings of the 35th annual Design Automation Conference, pp. 776–781. ACM (1998)

    Google Scholar 

  4. Ma, H., Lu, K.: Software watermarking using return-oriented programming. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 369–380. ACM (2015)

    Google Scholar 

  5. Dalla, P.M., Preda, M.: Software watermarking: a semantics-based approach. Electron. Notes Theor. Comput. Sci. 331, 71–85 (2017)

    Article  Google Scholar 

  6. Kannan, S., Blum, M.: Designing programs that check their work. J. ACM (JACM) 42(1), 269–291 (1995)

    Article  Google Scholar 

  7. Blum, M., Wasserman, H.: Software reliability via run-time result-checking. J. ACM (JACM) 44(6), 826–849 (1997)

    Article  MathSciNet  Google Scholar 

  8. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1

    Chapter  Google Scholar 

  9. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17

    Chapter  MATH  Google Scholar 

  10. Xiao, Y., Lai, X.: White-box cryptography and implementations of SMS4. In: Proceedings of the 2009 CACR Annual Meeting, vol. 34. Science Press, Beijing (2009)

    Google Scholar 

  11. Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19

    Chapter  Google Scholar 

  12. Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_4

    Chapter  Google Scholar 

  13. Shi, Y., Wei, W., He, Z.: A lightweight white-box symmetric encryption algorithm against node capture for wsns. Sensors 15(5), 11928–11952 (2015)

    Article  Google Scholar 

  14. Kang, Y.A., Lee, S., Kim, T.: A masked white-box cryptographic implementation for protecting against differential computation analysis. IEEE Trans. Inf. Forensics Secur. 13(10), 2602–2615 (2018)

    Article  Google Scholar 

  15. Michiels, W., Gorissen, P.: Mechanism for software tamper resistance: an application of white-box cryptography. In: Proceedings of the 2007 ACM Workshop on Digital Rights Management, pp. 82–89. ACM (2007)

    Google Scholar 

Download references

Acknowledgments

This work was supported by National Natural Science Foundation of China (No. 61702331, 61472251, U1536101, 71774111, 61972249, 61972248), China Postdoctoral Science Foundation (No. 2017M621471). National Cryptography Development Fund (NO. MMJJ20170105) and Science and Technology on Communication Security Laboratory. The authors are very grateful to the anonymous referees for their valuable comments and suggestions, helping them to improve the quality of this paper.

Author information

Authors and Affiliations

  1. School of Electrical and Information Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China

    Tingting Lin, Yixin Zhong & Xuejia Lai

  2. Westone Cryptologic Research Center, State Key Laboratory of Cryptology, P. O. Box 5159, Beijing, 100878, China

    Xuejia Lai

  3. School of Cyber Security, Shanghai Jiao Tong University, Shanghai, 200240, China

    Tingting Lin & Weidong Qiu

Authors
  1. Tingting Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yixin Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xuejia Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weidong Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tingting Lin .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Ottawa, Ottawa, ON, Canada

    Abdulmotaleb El Saddik

  3. Shanghai Jiao Tong University, Shanghai, China

    Xuejia Lai

  4. University of Murcia, Murcia, Spain

    Gregorio Martinez Perez

  5. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, T., Zhong, Y., Lai, X., Qiu, W. (2019). Software Tamper Resistance Based on White-Box SMS4 Implementation. In: Wang, G., El Saddik, A., Lai, X., Martinez Perez, G., Choo, KK. (eds) Smart City and Informatization. iSCI 2019. Communications in Computer and Information Science, vol 1122. Springer, Singapore. https://doi.org/10.1007/978-981-15-1301-5_38

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1301-5_38

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1300-8

  • Online ISBN: 978-981-15-1301-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation