DefeatingState-of-the-ArtWhite-BoxCountermeasures - PowerPoint PPT Presentation

DefeatingState-of-the-ArtWhite-BoxCountermeasures withAdvancedGray-BoxAttacks Louis Goubin 4 Matthieu Rivain 1 Junwei Wang ( 王军委 ) 1,2,3 1 CryptoExperts 2 University of Luxembourg 3 University Paris 8 4 UVSQ Prerecorded talk for CHES 2020 , September 2020

Gray-Box Model: side-channel leakage White-Box Model: “full” control of impl. and its execution environment White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » SecurityModels: ShadesofGray c = Enc ( m ) m m Enc Dec Black-Box Model: input/output behavior [1/24]

White-Box Model: “full” control of impl. and its execution environment White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » SecurityModels: ShadesofGray c = Enc ( m ) m m Enc Dec Black-Box Model: input/output behavior Gray-Box Model: side-channel leakage [1/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » SecurityModels: ShadesofGray c = Enc ( m ) m m Enc Dec Black-Box Model: input/output behavior Gray-Box Model: side-channel leakage White-Box Model: “full” control of impl. and its execution environment [1/24]

White-BoxCryptography Data-DependencyAnalysis Conclusion » White-BoxThreatModel AdvancedGray-BoxCountermeasuresandAttacks To extract a cryptographic key Enc Where from a software implementation of cipher Whom by malwares, co-hosted applications, user themselves, · · · How by all kinds of means ∗ analyze the code ∗ spy on the memory ∗ interfere the execution ∗ cut external randomness ∗ · · · [2/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » MotivationandReal-WorldApplications ∗ Why not using secure hardware ? ∗ not always available ∗ expensive (to produce, deploy, integrate, update) ∗ usually has a long lifecycle ∗ security breach is hard to mitigate ∗ Applications ∗ Digital Content Distribution ∗ Mobile Payment ∗ Digital Contract Signing ∗ Blockchains and cryptocurrencies Credits to [Shamir, van Someren 99] [3/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » SecuritythroughObscurity ∗ All public white-box designs broken ∗ Growing demand in industry ∗ No provably secure solution ∗ Huge application potential ⇓ Security through obscurity : home-made design + obfuscation Time consuming reverse engineering + structural analysis [4/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » DifgerentialComputationAnalysis(DCA) [BHMT16] Differential power analysis (DPA) techniques on computational leakages. gray-box model white-box model Enc Enc c c m m side-channel leakages (noisy) computational leakages (noisy-free) e.g. power / EM / time / · · · e.g. registers / accessed memory / · · · Many publicly available implementations are broken by DCA. [5/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » WhibOxCompetitions ∗ Organized as CHES CTF events The competition gives an opportunity for researchers and practitioners to confront their (secretly designed) white-box implementations to state-of-the-art attackers —- WhibOx 2017 ∗ Designer: to submit the C source codes of AES-128 with secret key ∗ Attacker: to reveal the hidden key ∗ No need to disclose identity or underlying techniques [6/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » WhibOxCompetitions(cont.) ∗ WhibOx 2017 ∗ 94 submissions were all broken by 877 individual breaks ∗ most (86%) of them were alive for < 1 day ∗ mostly broken by DCA [BT20] ∗ WhibOx 2019 ∗ new rules encourage designers to submit “smaller” and “faster” implementations ∗ 27 submissions with 124 individual breaks ∗ 3 implementations survived, but broken after the competition in this article [7/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » Outline AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion [8/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion AdvancedGray-BoxCountermeasuresandAttacks ∗ LinearMasking,Higher-OrderDCA,andLinearDecodingAnalysis ∗ AlgebraicSecurityandNon-LinearMasking ∗ Shuffming [8/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » LinearMasking [ISW03] ∗ Intermediate value x is split into n shares x = x 1 ⊕ x 2 · · · ⊕ x n original states masked states Masking ∗ Shares are manipulated separately such that any subset of at most n − 1 shares is independent of x ∗ Resistant against ( n − 1 ) -th order DCA attacks [9/24]

White-BoxCryptography Data-DependencyAnalysis Conclusion » Higher-OrderDCA(HO-DCA) [BVRW19] AdvancedGray-BoxCountermeasuresandAttacks ( t ∗ Trace pre-processing : an n -th order trace contains q = points: ) n j 1 j 2 j n · · · ψ ( , · · · , ) , ∗ The natural combination function ψ is XOR sum ∗ Perform DCA attacks on the higher-order traces ( 1000 ≈ 2 43 ) ∗ Linear masking can be broken 5 ∗ ∃ fixed n positions in which the shares are [10/24]

White-BoxCryptography Data-DependencyAnalysis Conclusion » LinearDecodingAnalysis(LDA) [GPRW20] AdvancedGray-BoxCountermeasuresandAttacks ∗ Assumption: there exists a linear (affine) decoding function   D ( v 1 , v 2 , · · · , v t ) = a 0 ⊕ a i · v i  = ϕ k ( x )  ⊕ 1 ≤ i ≤ t for some sensitive variable ϕ k and some fixed coefficients a 0 , a 1 , · · · , a t . ∗ Record the v i ’s over N executions: v ( 1 ) v ( 1 ) 1 a 0 ϕ k ( x ( 1 ) )   · · ·     t 1 v ( 2 ) v ( 2 ) a 1 ϕ k ( x ( 2 ) ) 1 · · ·   1 t     . . . .  ...  .  = . . .     . .  1 . .             a n ϕ k ( x ( N ) ) v ( N ) v ( N ) 1 · · · 1 t [11/24]

White-BoxCryptography Data-DependencyAnalysis Conclusion » LinearDecodingAnalysis(LDA)(cont.) [GPRW20] AdvancedGray-BoxCountermeasuresandAttacks ∗ Record the v i ’s over N executions: v ( 1 ) v ( 1 ) 1 ϕ k ( x ( 1 ) ) a 0   · · ·     t 1 v ( 2 ) v ( 2 ) a 1 ϕ k ( x ( 2 ) ) 1  · · ·  t 1     . . . .  ...   = . . . .       . . 1 . .          a t  v ( N ) v ( N )  ϕ k ( x ( N ) ) 1 · · · t 1 ∗ Linear masking is vulnerable to LDA ∗ system solvable for k ∗ ∗ but not for incorrect key guess k × 1000 2 . 8 ≈ 2 28 ∗ Trace Complexity t + O ( 1 ) ∗ Computation complexity O t 2 . 8 · |K| ( ) [12/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion AdvancedGray-BoxCountermeasuresandAttacks ∗ LinearMasking,Higher-OrderDCA,andLinearDecodingAnalysis ∗ AlgebraicSecurityandNon-LinearMasking ∗ Shuffming [12/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » AlgebraicSecurityandNon-LinearMasking [BU18] ∗ Introduced by Biryukov and Udovenko at Asiacrypt 2018 ∗ To capture LDA like algebraic attack A d -th degree algebraically-secure non-linear masking ensures that any function of up to d degree to the intermediate variables should not compute a “predictable” variable. [13/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » First-DegreeSecureNon-LinearMasking [BU18] ∗ Quadratic decoding function ( a , b , c ) �→ ab ⊕ c ∗ Secure gadgets for bit XOR, bit AND, and refresh ∗ Provably secure composition ∗ But vulnerable to DCA attack Cor ( ab ⊕ c , c ) = 1 2 ∗ They suggest using a combination of linear masking and non-linear masking to thwart both DCA (probing security) and LDA (algebraic security). [14/24]

White-BoxCryptography Data-DependencyAnalysis Conclusion » CombinationofLinearMaskingandNon-linearMasking AdvancedGray-BoxCountermeasuresandAttacks We suggest three possible natural combinations: 1. apply linear masking on top of non-linear masking x = a 1 ⊕ a 2 ⊕ · · · ⊕ a n b 1 ⊕ b 2 ⊕ · · · ⊕ b n c 1 ⊕ c 2 ⊕ · · · ⊕ c n ( )( ) ( ) ⊕ 2. apply non-linear masking on top of linear masking x = a 1 b 1 ⊕ c 1 a 2 b 2 ⊕ c 2 a n b n ⊕ c n ( ) ( ) ( ) ⊕ ⊕ · · · ⊕ . 3. merge the two maskings into a new encoding x = ab ⊕ c 1 ⊕ c 2 ⊕ · · · ⊕ c n . [15/24]

White-BoxCryptography AdvancedGray-BoxCountermeasuresandAttacks Data-DependencyAnalysis Conclusion » Higher-DegreeDecodingAnalysis(HDDA) [GPRW20] ∗ Assume the decoding function is of degree d ∗ Trace pre-processing : a d -th degree trace contains all monomials of degree ≤ d · · · × × · · · × t 2 . 8 d < 2 50 ∗ Perform LDA attacks on the higher-degree traces ∗ Higher-degree trace samples: ∑ d ( t ( t + d ⇓ ≪ t d ) ) = i = 0 i d d = 2 t < 487 ∗ Complexity: O t 2 . 8 d · |K| , practical when t , d are small. ( ) ⇒ d = 3 t < 62 ⇒ [16/24]