Navigation

Vortrag von Estuardo Alpirez Bock: „White-Box Cryptography: Use Cases and Foundations“

Am 5. Februar 2021 um 14 Uhr hält Estuardo Alpirez Bock von der Aalto-Universität Finnland einen Vortrag zum Thema „White-Box Cryptography: Use Cases and Foundations“.

Die Informationen zur Einwahl via Zoom finden Sie hier.

Unten stehend finden Sie die Kurzfassung des Vortrags in englischer Sprache.

The white-box attack model was introduced in 2002 by Chow, Eisen, Johnson and van Oorschot. In this attack model, we consider an adversary who gets access to the implementation code of a cryptographic algorithm with an embedded secret key. Additionally, the adversary is assumed to be in control of the execution environment of the implementation. White-box cryptography aims to maintain an implementation secure, even in the presence of such a strong adversary. White-box crypto has been widely deployed to protect digital rights management (DRM) and mobile payment applications. Since its introduction, a number of candidate designs for white-box AES and DES have been proposed. Unfortunately, all of these candidates have been subject to key extraction attacks, and it is not clear which level of security white-box cryptographic implementations achieve in real life.

In this talk, we will have a look at the security goals of white-box cryptography.  As we will see, the security properties expected from a white-box program may vary depending on the use case we are considering. In this line, we will study formal security notions for white-box cryptography introduced in the literature and discuss their usefulness. Additionally, we will take a look at provably secure constructions which achieve security in these white-box models. Finally, we will take a look at popular attack strategies on real life implementations of white-box AES.