Efficient and portable combined random number generators
Communications of the ACM
Operating system protection through program evolution
Computers and Security
The Design of Rijndael
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
Playing "Hide and Seek" with Stored Keys
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Discouraging Software Piracy Using Software Aging
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Bitslice Ciphers and Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs
ISC '01 Proceedings of the 4th International Conference on Information Security
Protecting Mobile Agents Against Malicious Hosts
Mobile Agents and Security
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Cryptographic Security for Mobile Code
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A security architecture for survivability mechanisms
A security architecture for survivability mechanisms
Design principles for tamper-resistant smartcard processors
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Software piracy prevention through diversity
Proceedings of the 4th ACM workshop on Digital rights management
Review and analysis of synthetic diversity for breaking monocultures
Proceedings of the 2004 ACM workshop on Rapid malcode
Obfuscated databases and group privacy
Proceedings of the 12th ACM conference on Computer and communications security
Software obfuscation from crackers' viewpoint
ACST'06 Proceedings of the 2nd IASTED international conference on Advances in computer science and technology
The design of composite permutations with applications to DES-like S-boxes
Designs, Codes and Cryptography
Drm to counter side-channel attacks?
Proceedings of the 2007 ACM workshop on Digital Rights Management
Mechanism for software tamper resistance: an application of white-box cryptography
Proceedings of the 2007 ACM workshop on Digital Rights Management
The Long-Short-Key Primitive and Its Applications to Key Security
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Towards Security Notions for White-Box Cryptography
ISC '09 Proceedings of the 12th International Conference on Information Security
Security evaluation of a type of table-network implementation of block ciphers
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Cryptanalysis of white-box DES implementations with arbitrary external encodings
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Cryptanalysis of white box DES implementations
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Information hiding in software with mixed Boolean-arithmetic transforms
WISA'07 Proceedings of the 8th international conference on Information security applications
A secure and robust approach to software tamper resistance
IH'10 Proceedings of the 12th international conference on Information hiding
A framework for analyzing RFID distance bounding protocols
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Watermarking for adaptive streaming protocols
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
Protecting white-box AES with dual ciphers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Cryptanalysis of a white box AES implementation
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Replacement attacks against VM-protected applications
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
A flexible and open DRM framework
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Masking with randomized look up tables
Cryptography and Security
A method for secure and efficient block cipher using white-box cryptography
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
A new watermarking method with obfuscated quasi-chirp transform
IWDW'11 Proceedings of the 10th international conference on Digital-Forensics and Watermarking
A novel obfuscation: class hierarchy flattening
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Hi-index | 0.00 |
Conventional software implementations of cryptographic algorithms are totally insecure where a hostile user may control the execution environment, or where co-located with malicious software. Yet current trends point to increasing usage in environments so threatened. We discuss encrypted-composed-function methods intended to provide a practical degree of protection against white-box (total access) attacks in untrusted execution environments. As an example, we show how AES can be implemented as a series of lookups in key-dependent tables. The intent is to hide the key by a combination of encoding its tables with random bijections representing compositions rather than individual steps, and extending the cryptographic boundary by pushing it out further into the containing application. We partially justify our AES implementation, and motivate its design, by showing how removal of parts of the recommended implementation allows specified attacks, including one utilizing a pattern in the AES SubBytes table.