Robust Combiners for Software Hardening

Practical software hardening schemes, as well as practical encryption schemes, e.g., AES, are heuristic and do not rely on provable security. One technique to enhance security is robust combiners. An algorithm C is a robust combiner for specification S, e.g., privacy, if for any two implementations X and Y , of a cryptographic scheme, the combined scheme C(X, Y ) satisfies S provided either X or Y satisfy S. We present the first robust combiners for software hardening, specifically for White-Box Remote Program Execution (WBRPE). WBRPE is a software hardening technique that is employed to protect execution of programs in remote, hostile environment. WBRPE provides a software only platform allowing secure execution of programs on untrusted, remote hosts, ensuring privacy of the program, and of the inputs to the program, as well as privacy and integrity of the result of the computation. Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of reductions and code manipulation.

[1]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[2]  Bartosz Przydatek,et al.  On Robust Combiners for Private Information Retrieval and Other Primitives , 2006, CRYPTO.

[3]  Marc Fischlin,et al.  Multi-property Preserving Combiners for Hash Functions , 2008, TCC.

[4]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[5]  Armin B. Cremers,et al.  Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs , 2001, SEC.

[6]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[7]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[8]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[9]  Amir Herzberg Folklore, practice and theory of robust combiners , 2009, J. Comput. Secur..

[10]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[11]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[12]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[13]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[14]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[15]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[16]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[17]  Dan Boneh,et al.  On the Impossibility of Efficiently Combining Collision Resistant Hash Functions , 2006, CRYPTO.

[18]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[19]  Amir Herzberg,et al.  Towards a Theory of White-Box Security , 2009, SEC.

[20]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[21]  Aaron Weiss Trusted computing , 2006, NTWK.

[22]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.