当前位置:
X-MOL 学术
›
J. Cryptol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
White-Box Cryptography: Don’t Forget About Grey-Box Attacks
Journal of Cryptology ( IF 2.3 ) Pub Date : 2019-02-12 , DOI: 10.1007/s00145-019-09315-1 Estuardo Alpirez Bock , Joppe W. Bos , Chris Brzuska , Charles Hubain , Wil Michiels , Cristofaro Mune , Eloi Sanfelix Gonzalez , Philippe Teuwen , Alexander Treff
Journal of Cryptology ( IF 2.3 ) Pub Date : 2019-02-12 , DOI: 10.1007/s00145-019-09315-1 Estuardo Alpirez Bock , Joppe W. Bos , Chris Brzuska , Charles Hubain , Wil Michiels , Cristofaro Mune , Eloi Sanfelix Gonzalez , Philippe Teuwen , Alexander Treff
Despite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse-engineering efforts. In this paper, we describe new approaches to assess the security of white-box implementations which require neither knowledge about the look-up tables used nor expensive reverse-engineering efforts. We introduce the differential computation analysis (DCA) attack which is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. Similarly, the differential fault analysis (DFA) attack is the software counterpart of fault injection attacks on cryptographic hardware. For DCA, we developed plugins to widely available dynamic binary instrumentation (DBI) frameworks to produce software execution traces which contain information about the memory addresses being accessed. For the DFA attack, we developed modified emulators and plugins for DBI frameworks that allow injecting faults at selected moments within the execution of the encryption or decryption process as well as a framework to automate static fault injection. To illustrate the effectiveness, we show how DCA and DFA can extract the secret key from numerous publicly available non-commercial white-box implementations of standardized cryptographic algorithms. These approaches allow one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated or semi-automated manner.
中文翻译:
白盒密码学:不要忘记灰盒攻击
尽管标准化密码原语的所有当前科学白盒方法都已被公开破坏,但这些攻击需要了解实现所使用的内部数据表示。在实践中,所需的实施知识水平只能通过大量的逆向工程工作来实现。在本文中,我们描述了评估白盒实现安全性的新方法,这些方法既不需要有关所用查找表的知识,也不需要昂贵的逆向工程工作。我们介绍了差分计算分析 (DCA) 攻击,它是密码硬件社区应用的差分功率分析攻击的软件对应物。相似地,差分故障分析 (DFA) 攻击是对加密硬件的故障注入攻击的软件对应物。对于 DCA,我们为广泛可用的动态二进制检测 (DBI) 框架开发了插件,以生成软件执行跟踪,其中包含有关正在访问的内存地址的信息。对于 DFA 攻击,我们为 DBI 框架开发了修改过的模拟器和插件,允许在加密或解密过程中的选定时刻注入故障,以及自动静态故障注入的框架。为了说明有效性,我们展示了 DCA 和 DFA 如何从标准化密码算法的众多公开可用的非商业白盒实现中提取密钥。
更新日期:2019-02-12
中文翻译:
白盒密码学:不要忘记灰盒攻击
尽管标准化密码原语的所有当前科学白盒方法都已被公开破坏,但这些攻击需要了解实现所使用的内部数据表示。在实践中,所需的实施知识水平只能通过大量的逆向工程工作来实现。在本文中,我们描述了评估白盒实现安全性的新方法,这些方法既不需要有关所用查找表的知识,也不需要昂贵的逆向工程工作。我们介绍了差分计算分析 (DCA) 攻击,它是密码硬件社区应用的差分功率分析攻击的软件对应物。相似地,差分故障分析 (DFA) 攻击是对加密硬件的故障注入攻击的软件对应物。对于 DCA,我们为广泛可用的动态二进制检测 (DBI) 框架开发了插件,以生成软件执行跟踪,其中包含有关正在访问的内存地址的信息。对于 DFA 攻击,我们为 DBI 框架开发了修改过的模拟器和插件,允许在加密或解密过程中的选定时刻注入故障,以及自动静态故障注入的框架。为了说明有效性,我们展示了 DCA 和 DFA 如何从标准化密码算法的众多公开可用的非商业白盒实现中提取密钥。
京公网安备 11010802027423号