Measuring Performances of a White-Box Approach in the IoT Context

The internet of things (IoT) refers to all the smart objects that are connected to other objects, devices or servers and that are able to collect and share data, in order to “learn” and improve their functionalities. Smart objects suffer from lack of memory and computational power, since they are usually lightweight. Moreover, their security is weakened by the fact that smart objects can be placed in unprotected environments, where adversaries are able to play with the symmetric-key algorithm used and the device on which the cryptographic operations are executed. In this paper, we focus on a family of white-box symmetric ciphers substitution–permutation network (SPN)box, extending and improving our previous paper on the topic presented at WIDECOM2019. We highlight the importance of white-box cryptography in the IoT context, but also the need to have a fast black-box implementation (server-side) of the cipher. We show that, modifying an internal layer of SPNbox, we are able to increase the key length and to improve the performance of the implementation. We measure these improvements (a) on 32/64-bit architectures and (b) in the IoT context by encrypting/decrypting 10,000 payloads of lightweight messaging protocol Message Queuing Telemetry Transport (MQTT).

[1]  Alex Biryukov,et al.  Attacks and Countermeasures for White-box Designs , 2018, IACR Cryptol. ePrint Arch..

[2]  Zongjian He,et al.  An ultra-lightweight white-box encryption scheme for securing resource-constrained IoT devices , 2016, ACSAC.

[3]  Alex Biryukov,et al.  Symmetrically and Asymmetrically Hard Cryptography , 2017, ASIACRYPT.

[4]  Andrey Bogdanov,et al.  White-Box Cryptography Revisited: Space-Hard Ciphers , 2015, CCS.

[5]  Vashek Matyas,et al.  Examining PBKDF2 security margin - Case study of LUKS , 2019, J. Inf. Secur. Appl..

[6]  Jihoon Cho,et al.  Hybrid WBC: Secure and efficient encryption schemes using the White-Box Cryptography , 2015, IACR Cryptol. ePrint Arch..

[7]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[8]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[9]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[10]  Elisa Bertino,et al.  Data Security and Privacy in the IoT , 2016, EDBT.

[11]  Xuejia Lai,et al.  A new attempt of white-box AES implementation , 2014, Proceedings 2014 IEEE International Conference on Security, Pattern Analysis, and Cybernetics (SPAC).

[12]  Bart Preneel,et al.  Cryptanalysis of a Perturbated White-Box AES Implementation , 2010, INDOCRYPT.

[13]  Mohamed Karroumi,et al.  Protecting White-Box AES with Dual Ciphers , 2010, ICISC.

[14]  Feng Liu,et al.  Protecting white-box cryptographic implementations with obfuscated round boundaries , 2016, Science China Information Sciences.

[15]  Yongjin Yeom,et al.  Cryptanalysis of the obfuscated round boundary technique for whitebox cryptography , 2020, Science China Information Sciences.

[16]  Sung-Bae Cho,et al.  Integrated modular Bayesian networks with selective inference for context-aware decision making , 2015, Neurocomputing.

[17]  Louis Goubin,et al.  How to reveal the secrets of an obscure white-box implementation , 2019, Journal of Cryptographic Engineering.

[18]  Chuankun Wu,et al.  Protect white-box AES to resist table composition attacks , 2018, IET Inf. Secur..

[19]  Brice Minaud,et al.  On Recovering Affine Encodings in White-Box Implementations , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[20]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[21]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[22]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[23]  Matthieu Rivain,et al.  Analysis and Improvement of Differential Computation Attacks against Internally-Encoded White-Box Implementations , 2019, IACR Cryptol. ePrint Arch..

[24]  Xiapu Luo,et al.  A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices , 2019, IEEE Transactions on Computers.

[25]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[26]  Itai Dinur,et al.  An Improved Affine Equivalence Algorithm for Random Permutations , 2018, IACR Cryptol. ePrint Arch..

[27]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[28]  Myungchul Kim,et al.  A Key Leakage Preventive White-box Cryptographic Implementation , 2018, IACR Cryptol. ePrint Arch..

[29]  Julien Bringer,et al.  White Box Cryptography: Another Attempt , 2006, IACR Cryptol. ePrint Arch..

[30]  Bart Preneel,et al.  Cryptanalysis of the Xiao - Lai White-Box AES Implementation , 2012, Selected Areas in Cryptography.

[31]  Laurence T. Yang,et al.  Data Mining for Internet of Things: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[32]  Andrey Bogdanov,et al.  Higher-Order DCA against Standard Side-Channel Countermeasures , 2018, IACR Cryptol. ePrint Arch..

[33]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[34]  P. Kiberstis Playing Hide and Seek , 2014, Science Signaling.

[35]  Xuejia Lai,et al.  A Secure Implementation of White-Box AES , 2009, 2009 2nd International Conference on Computer Science and its Applications.

[36]  Wil Michiels,et al.  Doubly Half-Injective PRGs for Incompressible White-Box Cryptography , 2019, CT-RSA.

[37]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.1 , 2017, RFC.

[38]  D. Parisi,et al.  The Agent-Based Approach: A New Direction for Computational Models of Development , 2001 .

[39]  Andrey Bogdanov,et al.  Analysis of Software Countermeasures for Whitebox Encryption , 2017, IACR Trans. Symmetric Cryptol..

[40]  Andrea Visconti,et al.  White-Box Cryptography: A Time-Security Trade-Off for the SPNbox Family , 2018, WIDECOM.

[41]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[42]  Wil Michiels,et al.  White-Box Cryptography: Don’t Forget About Grey-Box Attacks , 2019, Journal of Cryptology.

[43]  Bart Preneel,et al.  Two Attacks on a White-Box AES Implementation , 2013, Selected Areas in Cryptography.

[44]  Shen Lei,et al.  Differential Fault Analysis on AES and DES , 2013 .

[45]  Leandro Marín,et al.  White Box Implementations Using Non-Commutative Cryptography , 2019, Sensors.

[46]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[47]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[48]  Isaac Woungang,et al.  2nd International Conference on Wireless Intelligent and Distributed Environment for Communication WIDECOM 2019 , 2019 .

[49]  Kim-Kwang Raymond Choo,et al.  White-Box Implementation of Shamir’s Identity-Based Signature Scheme , 2020, IEEE Systems Journal.

[50]  Alex Biryukov,et al.  Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract) , 2014, ASIACRYPT.

[51]  Bart Preneel,et al.  Revisiting the BGE Attack on a White-Box AES Implementation , 2013, IACR Cryptol. ePrint Arch..

[52]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[53]  Yousung Kang,et al.  A Masked White-Box Cryptographic Implementation for Protecting Against Differential Computation Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[54]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[55]  Wil Michiels,et al.  Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough , 2016, CHES.

[56]  Wil Michiels,et al.  On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography , 2018, IACR Cryptol. ePrint Arch..

[57]  Julien Bringer,et al.  Perturbing and Protecting a Traceable Block Cipher , 2006, IACR Cryptol. ePrint Arch..

[58]  Hooman Tahayori,et al.  Artificial immune system based on interval type-2 fuzzy set paradigm , 2011, Appl. Soft Comput..

[59]  H. Feistel Cryptography and Computer Privacy , 1973 .

[60]  Wil Michiels,et al.  Cryptanalysis of a Generic Class of White-Box Implementations , 2009, Selected Areas in Cryptography.

[61]  Andrey Bogdanov,et al.  Towards Practical Whitebox Cryptography: Optimizing Efficiency and Space Hardness , 2016, ASIACRYPT.

[62]  Hooman Tahayori,et al.  Detecting misbehaving nodes in MANET with an artificial immune system based on type-2 fuzzy sets , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[63]  George Okeyo,et al.  A survey on privacy and security of Internet of Things , 2020, Comput. Sci. Rev..

[64]  Andrea Visconti,et al.  Exploiting an HMAC-SHA-1 Optimization to Speed up PBKDF2 , 2020, IEEE Transactions on Dependable and Secure Computing.

[65]  Brice Minaud,et al.  Efficient and Provable White-Box Primitives , 2016, ASIACRYPT.

[66]  Roger A. Light Mosquitto: server and client implementation of the MQTT protocol , 2017, J. Open Source Softw..

[67]  Andrea Visconti,et al.  On the Weaknesses of PBKDF2 , 2015, CANS.