Yang Shi
ABSTRACT
Embedded devices with constrained computational resources, such as wireless sensor network nodes, electronic tag readers, roadside units in vehicular networks, and smart watches and wristbands, are widely used in the Internet of Things. Many of such devices are deployed in untrustable environments, and others may be easy to lose, leading to possible capture by adversaries. Accordingly, in the context of security research, these devices are running in the white-box attack context, where the adversary may have total visibility of the implementation of the built-in cryptosystem with full control over its execution. It is undoubtedly a significant challenge to deal with attacks from a powerful adversary in white-box attack contexts. Existing encryption algorithms for white-box attack contexts typically require large memory use, varying from one to dozens of megabytes, and thus are not suitable for resource-constrained devices. As a countermeasure in such circumstances, we propose an ultra-lightweight encryption scheme for protecting the confidentiality of data in white-box attack contexts. The encryption is executed with secret components specialized for resource-constrained devices against white-box attacks, and the encryption algorithm requires a relatively small amount of static data, ranging from 48 to 92 KB. The security and efficiency of the proposed scheme have been theoretically analyzed with positive results, and experimental evaluations have indicated that the scheme satisfies the resource constraints in terms of limited memory use and low computational cost.
- Belli, L., Cirani, S., Davoli, L., Gorrieri, A., Mancin, M., Picone, M., and Ferrari, G., 2015. Design and deployment of an iot application-oriented testbed. Computer 48, 9, 32--40.Google Scholar
Cross Ref
- Biham, E., 2000. Cryptanalysis of patarin's 2-round public key system with s boxes (2r). In Proceedings of the Advances in Cryptology --- EUROCRYPT 2000 2000/01/01 2000, Springer Berlin Heidelberg, 408--416. Google ScholarDigital Library
- Billet, O., Gilbert, H., and Ech-Chatbi, C., 2005. Cryptanalysis of a white box aes implementation. In Proceedings of the Selected Areas in Cryptography 2005/01/01 2005, Springer Berlin Heidelberg, 227--240. Google ScholarDigital Library
- Biryukov, A., Bouillaguet, C., and Khovratovich, D., 2014. Cryptographic schemes based on the asasa structure: black-box, white-box, and public-key In Proceedings of the Advances in Cryptology - ASIACRYPT 2014 2014/01/01 2014, Springer Berlin Heidelberg, 63--84.Google Scholar
- Biryukov, A. and Khovratovich, D., 2015. Decomposition attack on sasasasas.Google Scholar
- Biryukov, A., Leurent, G., and Perrin, L., 2015. Cryptanalysis of feistel networks with secret round functions. In Proceedings of the Selected Areas in Cryptography-SAC 2015, 21st International Conference, Sackville, NB, Canada, August 12--14, 2015, Revised Selected Papers2015, Springer International Publishing. Google ScholarDigital Library
- Biryukov, A. and Perrin, L., 2015. On reverse-engineering s-boxes with hidden design criteria or structure. In Proceedings of the Advances in Cryptology - CRYPTO 2015 2015/01/01 2015, Springer Berlin Heidelberg, 116--140.Google ScholarCross Ref
- Biryukov, A. and Shamir, A., 2010. Structural cryptanalysis of sasas. Journal of Cryptology 23, 4 (2010/10/01), 505--518. Google ScholarDigital Library
- Bogdanov, A. and Isobe, T., 2015. White-box cryptography revisited: Space-hard ciphers. In Proceedings of the Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security2015, ACM, 2813699, 1058--1069. Google ScholarDigital Library
- Bos, J.W., Hubain, C., Michiels, W., and Teuwen, P., 2016. Differential computation analysis: Hiding your white-box designs is not enough. In Proceedings of the Conference on Cryptographic Hardware and Embedded Systems 2016 (CHES 2016)2016, Springer.Google ScholarCross Ref
- Brecht, W., Wil, M., Paul, G., and Bart, P., 2007. Cryptanalysis of white-box des implementations with arbitrary external encodings. In 2007, 264--277. Google ScholarDigital Library
- Bringer, J., Chabanne, H., and Dottax, E., 2006. White box cryptography: Another attempt.Google Scholar
- Chow, S., Eisen, P., Johnson, H., and Van Oorschot, P.C., 2003. A white-box des implementation for drm applications. In Proceedings of the Digital Rights Management2003, Springer, 1--15.Google ScholarCross Ref
- Chow, S., Eisen, P., Johnson, H., and Van Orschot, P.C., 2003. White-box cryptography and an aes implementation. In Proceedings of the Selected Areas in Cryptography2003, 250--270. Google ScholarDigital Library
- De Mulder, Y., Roelse, P., and Preneel, B., 2013. Cryptanalysis of the xiao - lai white-box aes implementation. In Proceedings of the Selected Areas in Cryptography 2013/01/01 2013, Springer Berlin Heidelberg, 34--49.Google ScholarCross Ref
- De Mulder, Y., Wyseur, B., and Preneel, B., 2010. Cryptanalysis of a perturbated white-box aes implementation. In Proceedings of the Progress in Cryptology-INDOCRYPT 20102010, Springer, 292--310.Google Scholar
- Delabrida, S., D'angelo, T., Oliveira, R.a.R., and Loureiro, A.a.F., 2016. Building wearables for geology: An operating system approach. ACM SIGOPS Operating Systems Review 50, 1, 31--45. Google ScholarDigital Library
- Delerablée, C., Lepoint, T., Paillier, P., and Rivain, M., 2014. White-box security notions for symmetric encryption schemes. In Proceedings of the Selected Areas in Cryptography - SAC 2013: 20th International Conference, Burnaby, BC, Canada, August 14--16, 2013, Revised Selected Papers2015, Springer Berlin Heidelberg, 247--264. Google ScholarDigital Library
- Diffie, W. and Ledin, G., Sms4 encryption algorithm for wireless networks.Google Scholar
- Gandino, F., Montrucchio, B., and Rebaudengo, M., 2010. Tampering in rfid: A survey on risks and defenses. Mobile Networks and Applications 15, 4, 502--516. Google ScholarDigital Library
- Gilbert;, H., Plût;, J., and Treger, J., 2015. Key-recovery attack on the asasa cryptosystem with expanding s-boxes In Proceedings of the Advances in Cryptology - CRYPTO 20152015.Google Scholar
- Goubin, L., Masereel, J.-M., and Quisquater, M., 2007. Cryptanalysis of white box des implementations. In Proceedings of the Selected Areas in Cryptography2007, 278--295. Google ScholarDigital Library
- Hohl, F., 1998. Time limited blackbox security: Protecting mobile agents from malicious hosts. In Mobile agents and security, G. VIGNA Ed. Springer Berlin Heidelberg, 92--113. Google ScholarDigital Library
- Jacob, M., Boneh, D., and Felten, E., 2003. Attacking an obfuscated cipher by injecting faults. In Proceedings of the Digital Rights Management2003, Springer, 16--31.Google Scholar
- Junod, P. and Vaudenay, S., 2005. Fox : A new family of block ciphers. In Proceedings of the Selected Areas in Cryptography: 11th International Workshop, SAC 2004, Waterloo, Canada, August 9--10, 2004, Revised Selected Papers2005, Springer Berlin Heidelberg, 114--129. Google ScholarDigital Library
- Karroumi, M., 2011. Protecting white-box aes with dual ciphers. In Proceedings of the Information Security and Cryptology-ICISC 20102011, Springer, 278--291. Google ScholarDigital Library
- Kasper, T., Oswald, D., and Paar, C., 2014. Sweet dreams and nightmares: Security in the internet of things. In Information Security Theory and Practice: Securing the Internet of Things, D. NACCACHE and D. SAUVERON Eds. Springer-Verlag Berlin, Berlin, 1--9. Google ScholarDigital Library
- Kirkham, R. and Greenhalgh, C., 2015. Social access vs. Privacy in wearable computing: A case study of autism. Pervasive Computing, IEEE 14, 1, 26--33.Google ScholarCross Ref
- Kruge, C.P., Hancke, G.P., and Iannella, R., 2014. Benchmarking internet of things devices. In Proceedings of the 2014 12th Ieee International Conference on Industrial Informatics2014, Ieee, 611--616.Google Scholar
- Lai, X. and Massey, J.L., 1991. A proposal for a new block encryption standard. In Advances in cryptology --- eurocrypt '90: Workshop on the theory and application of cryptographic techniques aarhus, denmark, may 21--24, 1990 proceedings, I.B. DAMG RD Ed. Springer Berlin Heidelberg, Berlin, Heidelberg, 389--404. Google ScholarDigital Library
- Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., and Preneel, B., 2014. Two attacks on a white-box aes implementation. In Proceedings of the Selected Areas in Cryptography - SAC 2013 2014/01/01 2014, Springer Berlin Heidelberg, 265--285. Google ScholarDigital Library
- Lin, C., Wu, G., Qiu, T., and Deng, J., 2015. A low-cost node capture attack algorithm for wireless sensor networks. International Journal of Communication Systems, n/a-n/a.Google Scholar
- Link, H.E. and Neumann, W.D., 2005. Clarifying obfuscation: Improving the security of white-box des. ITCC 2005: International Conference on Information Technology: Coding and Computing, Vol 1, 679--684. Google ScholarDigital Library
- Mcintosh, S., Brand, D., Kaplan, M., Karger, P.A., Mcintosh, M.G., Palmer, E.R., Paradkar, A.M., Toll, D., and Weber, S.M., 2010. Method and system for hardware based program flow monitor for embedded software Google Patents.Google Scholar
- Mejri, M.N., Ben-Othman, J., and Hamdi, M., 2014. Survey on vanet security challenges and possible cryptographic solutions. Vehicular Communications 1, 2 (4//), 53--66. Google ScholarDigital Library
- Michiels, W., Gorissen, P., and Hollmann, H.D.L., 2008. Cryptanalysis of a generic class of white-box implementations. In Proceedings of the Selected Areas in Cryptography2008, 414--428.Google Scholar
- Minaud, B., Derbez, P., Fouque, P.-A., and Karpman, P., 2015. Key-recovery attacks on asasa. In Proceedings of the Advances in Cryptology - ASIACRYPT 2015: 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 -- December 3, 2015, Proceedings, Part II2015, Springer Berlin Heidelberg, 3--27.Google Scholar
- Nakahara, J., 2008. An analysis of fox. In Brazilian Symposium on Information and Computer System Security, 187--198.Google Scholar
- Newell, A., Yao, H., Ryker, A., Ho, T., and Nita-Rotaru, C., 2014. Node-capture resilient key establishment in sensor networks: Design space and new protocols. ACM Comput. Surv. 47, 2, 1--34. Google ScholarDigital Library
- Patarin, J., 2001. Generic attacks on feistel schemes. In Proceedings of the Advances in Cryptology --- ASIACRYPT 2001 2001/01/01 2001, Springer Berlin Heidelberg, 222--238. Google ScholarDigital Library
- Patarin, J. and Goubin, L., 1997. Asymmetric cryptography with s-boxes is it easier than expected to design efficient asymmetric cryptosystems? In Proceedings of the Information and Communications Security1997, 369--380. Google ScholarDigital Library
- Razzaque, M.A., S, A., and Cheraghi, S., 2013. Security and privacy in vehicular ad-hoc networks: Survey and the road ahead. In Wireless networks and security, S. KHAN and A.-S. KHAN PATHAN Eds. Springer Berlin Heidelberg, 107--132.Google Scholar
- Saini, M., Alelaiwi, A., and Saddik, A.E., 2015. How close are we to realizing a pragmatic vanet solution? A meta-survey. ACM Comput. Surv. 48, 2, 1--40. Google ScholarDigital Library
- Segura-Garcia, J., Felici-Castell, S., Perez-Solano, J.J., Cobos, M., and Navarro, J.M., 2015. Low-cost alternatives for urban noise nuisance monitoring using wireless sensor networks. Ieee Sensors Journal 15, 2 (Feb), 836--844.Google ScholarCross Ref
- Shi, Y. and Fan, H., 2015. On security of a white-box implementation of shark. In Proceedings of the the 18th Information Security Conference (ISC)2015, Springer International Publishing Switzerland, 455--471. Google ScholarDigital Library
- Shi, Y. and He, Z., 2014. A lightweight white-box symmetric encryption algorithm against node capture for wsns. In Proceedings of the Wireless Communications and Networking Conference (WCNC), 2014 IEEE2014, IEEE, 3058--3063.Google Scholar
- Shi, Y., Liu, Q., and Zhao, Q.P., 2013. A secure implementation of a symmetric encryption algorithm in white-box attack contexts. Journal of Applied Mathematics.Google ScholarCross Ref
- Shi, Y., Wei, W., and He, Z., 2015. A lightweight white-box symmetric encryption algorithm against node capture for wsns. Sensors 15, 5, 11928.Google ScholarCross Ref
- Shih, C.-S. and Wu, G.-F., 2016. Multiple protocol transport network gateway for iot systems. ACM SIGAPP Applied Computing Review 15, 4, 7--18. Google ScholarDigital Library
- Shirai, T., Shibutani, K., Akishita, T., Moriai, S., and Iwata, T., 2007. The 128-bit blockcipher clefia. In Proceedings of the Fast Software Encryption: 14th International Workshop, FSE 2007, Luxembourg, Luxembourg, March 26--28, 2007, Revised Selected Papers2001', Springer Berlin Heidelberg, 181--195. Google ScholarDigital Library
- Strobel, D., Oswald, D., Richter, B., Schellenberg, F., and Paar, C., 2014. Microcontrollers as (in)security devices for pervasive computing applications. Proceedings of the IEEE 102, 8, 1157--1173.Google ScholarCross Ref
- Su, S., Dong, H., Fu, G., Zhang, C., and Zhang, M., 2014. A white-box clefia implementation for mobile devices. In IET Conference Proceedings Institution of Engineering and Technology, 21--27.Google Scholar
- Tolhuizen, L., 2012. Improved cryptanalysis of an aes implementation. In Proceedings of the 33rd WIC Symposium on Information Theory in the Benelux, Boekelo, The Netherlands, May 24--25, 2012 WIC (Werkgemeenschap voor Inform.-en Communicatietheorie).Google Scholar
- Tt, L. and Xj, L., 2013. Efficient attack to white-box sms4 implementation. Joumal of Software 24, 9, 2238--2249.Google Scholar
- Vaudenay, S., 1999. On the lai-massey scheme. In Proceedings of the Advances in Cryptology - ASIACRYPT'99: International Conference on the Theory and Application of Cryptology and Information Security, Singapore, November 14--18, 1999. Proceedings1999, Springer Berlin Heidelberg, 8--19. Google ScholarDigital Library
- Xiao, Y. and Lai, X., 2009. A secure implementation of white-box aes. In Proceedings of the Computer Science and its Applications, 2009. CSA'09. 2nd International Conference on2009, IEEE, 1--6.Google Scholar
- Xiao, Y. and Lai, X., 2009. White-box cryptography and a white-box implementation of the sms4 algorithm. In Proceedings of the Chaincrypto 2009 2009, 24--34.Google Scholar
- Yang, W., 2013. Security in vehicular ad hoc networks (vanets). In Wireless network security Springer Berlin Heidelberg, 95--128.Google Scholar
- Yum, D.H. and Lee, P.J., 2012. Exact formulae for resilience in random key predistribution schemes. Ieee Transactions on Wireless Communications 11, 5 (May), 1638--1642.Google ScholarCross Ref
Index Terms
- An ultra-lightweight white-box encryption scheme for securing resource-constrained IoT devices
Recommendations
Optimized CL-PKE with lightweight encryption for resource constrained devices
ICDCN '19: Proceedings of the 20th International Conference on Distributed Computing and NetworkingResource constrained devices such as sensors and RFIDs are utilized in many application areas to sense, store and transmit the sensitive data. This data must be encrypted to achieve confidentiality. The implementation of traditional public key ...
A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware sPA1 Encryption Scheme
Proceedings of the 17th International Conference on Public-Key Cryptography --- PKC 2014 - Volume 8383We present a construction of a CCA2-secure encryption scheme from a plaintext aware sPA1, weakly simulatable public key encryption scheme. The notion of plaintext aware, weakly simulatable public key encryption has been considered previously by Myers, ...
Design and evaluation of a novel White-box encryption scheme for resource-constrained IoT devices
AbstractAlong with significant benefits to the end-users, the Internet-of-Things (IoT) technology also brings unprecedented security challenges. IoT requires many embedded and resource-constrained devices that are usually deployed in an insecure and ...
Comments