Unboxing the White-Box - Practical Attacks Against Obfuscated Ciphers

Explore practical attacks against obfuscated ciphers in this Black Hat conference talk. Delve into the world of White-Box Cryptography (WBC) and learn how to assess the security of implementations that aim to protect cryptographic algorithms from attackers with full internal access. Discover how attacks typically used against hardware cryptosystems can be adapted to white-box settings, focusing on TDES and AES ciphers. Gain insights into generic yet practical attack methods, their requirements, and potential countermeasures. Witness demonstrations of attacks on open-source WBC implementations using custom tools. Whether you're tasked with evaluating WBC-based solutions or designing them, acquire a deeper understanding of common vulnerabilities and the importance of robust security assessments. Explore topics such as differential fault analysis, software protection techniques, and the generalization of differential side-channel attacks in the context of white-box cryptography.

Intro
What and why...
Black-Box Security
Gray-Box Security
Sign of the times...
White Box Cryptography
Software in the White Box context
Software Protection
How does WBC work?
WBC Construction: partial evaluation
Example code
External encoding
WBC attack literature
Differential Fault Analysis
DFA computation for DES
Divide and conquer
DFA attack process
Locating the injection point
Fault injection
STEP 3: Analysis
Summary DFA results
Hypothesis testing
Generalization of differential SCA attacks
To our surprise....
SCA attack process
Capture measurement
SCA Analysis
What does it mean?
How to make it stronger?