Book a meeting

What is white-box cryptography?

White-box cryptography is a software-only implementation technique that aims to secure cryptographic operations in environments where an attacker has complete control of the software. Unlike traditional cryptography, which focuses on securing data through encryption and reducing the security problem to protecting the key, white-box cryptography attempts to protect both the cryptographic algorithms and the keys within the software itself.

Generally, "white-box" refers to a system or process that is fully transparent, and all internal workings, structures, or algorithms are visible and accessible, allowing for deeper inspection and understanding. In contrast, "black-box" refers to a system whose internal workings are hidden, and only inputs and outputs are visible.

Summary

White-box cryptography combines cryptographic techniques with obfuscation to protect keys within application code. This approach aims to make it difficult for attackers to identify and extract cryptographic keys, even in untrusted environments. However, it's crucial to understand that white-box cryptography is never secure without additional obfuscation and runtime protection measures, and can potentially be broken by skilled attackers given enough time and resources.

Deep dive

White-box cryptography transforms cryptographic algorithms and their associated keys into a form that attempts to conceal the keys' presence and make the algorithms resistant to analysis and extraction. However, it always faces a trade-off between the size and speed of the implementation versus its security.

How it works

White-box cryptography involves several key components:

  1. Key protection: Instead of relying on secure hardware like HSMs, smart cards, or TPMs for key storage, white-box cryptography embeds keys directly into the software.
  2. Masking: This process secures cryptographic keys and data with randomness for computation, adding an extra layer of protection.
  3. Obfuscation: While obfuscation alone doesn't provide security, it's a crucial component of white-box cryptography. Obfuscation techniques are used to hide the operations performed, making it harder for attackers to understand the code.
  4. Runtime protection: Additional measures are implemented to detect and prevent tampering during execution.
It's important to note that white-box cryptography differs from mere obfuscation. While obfuscation hides the kind of operations performed, white-boxing specifically aims to hide the intermediate values from the computation.

Use cases in mobile app security

White-box cryptography finds several important applications within mobile environments, where hardware-based security solutions may be impractical or unavailable. Here are several key use cases:

  1. Financial apps: Mobile banking and payment apps utilize white-box cryptography to protect sensitive data like account details, transaction information, and authentication keys. While not as robust as hardware solutions, it offers a software-based alternative for securing cryptographic operations.
  2. Content protection: Streaming services and content delivery apps employ white-box cryptography to prevent unauthorized access and piracy. It helps protect decryption keys and content, making it more challenging for attackers to extract and distribute protected media.
  3. Secure messaging: Messaging apps leverage white-box cryptography to enhance the confidentiality of communications. It helps protect encryption keys and secure the message encryption/decryption process within the app itself.
  4. IoT device management: Mobile apps controlling IoT devices can use white-box cryptography to secure communication channels and protect device authentication mechanisms, enhancing overall system security.
  5. Data storage: Apps handling sensitive local data can employ white-box cryptography to secure encryption keys used for protecting stored information, adding an extra layer of security beyond standard encryption.

While white-box cryptography provides valuable protection in these scenarios, it's important to note that it's not infallible. Determined attackers may eventually break the protection given sufficient time and resources. Therefore, developers should consider it as part of a broader security strategy, potentially combining it with other protective measures when possible.

White-box cryptography vs. other security approaches

Compared to black-box and grey-box cryptography, white-box cryptography operates under the most challenging threat model, assuming the attacker has full control over the software environment. This makes it inherently more difficult to secure.

Unlike trusted execution environments such as Intel SGX, which can be broken by skilled attackers, white-box cryptography doesn't rely on hardware features. However, this also means it lacks the security benefits that hardware-based solutions can provide.

History

The concept of white-box cryptography was first introduced in 2003 by Chow, Eisen, Johnson, and van Oorshot, who proposed initial attempts at white-box DES and AES implementations. Their designs were based on representing ciphers as networks of lookup tables, obfuscated by composing them with small (4- or 8-bit) random encodings. This approach ensured that each individual obfuscated table contained no information about the secret key, forcing potential attackers to analyze multiple tables simultaneously.

However, these early schemes were quickly broken. In 2004, Billet, Gilbert, and Ech-Chatbi successfully attacked the designs using structural cryptanalysis, in what became known as "the BGE attack".

Over the next two decades (2005-2022), numerous attempts were made to improve white-box cryptography designs. Unfortunately, these efforts were consistently thwarted by practical dedicated attacks.

A significant development occurred in 2016 when Bos, Hubain, Michiels, and Teuwen demonstrated that adaptations of standard side-channel power analysis attacks could efficiently and automatically break most existing white-box designs. This revelation opened up a new research direction focused on generic attacks (correlation-based, algebraic, fault injection) and protections against them.

The WhibOx challenges have further highlighted the ongoing difficulties in creating secure white-box implementations. In these competitions, the longest-standing AES implementation remained unbroken for only 30 days, while asymmetric algorithms like ECDSA were consistently broken in less than a week. These results were achieved using only white-boxing and obfuscation techniques, without additional runtime protections.

Future

As the field of white-box cryptography continues to evolve, researchers are exploring new techniques to enhance the security of white-box implementations. The challenges revealed by the WhibOx competitions and the history of broken implementations have underscored the need for innovative approaches.

Future research directions may include:

  1. Developing more robust obfuscation techniques that can withstand advanced analysis methods.
  2. Exploring the integration of white-box cryptography with other security measures, such as secure enclaves or trusted execution environments.
  3. Investigating the potential of post-quantum cryptography in the context of white-box implementations.
  4. Improving the efficiency of white-box implementations to make them more practical for real-world applications.
  5. Developing new theoretical models to better understand the limits and possibilities of white-box cryptography.

Despite these ongoing efforts, creating truly secure white-box cryptographic solutions that can withstand determined attacks over extended periods remains an open challenge. The future of white-box cryptography will likely involve a continuous arms race between implementers and attackers, driving innovation in both offensive and defensive techniques.

As the field progresses, it's crucial for practitioners to remain aware of the limitations of white-box cryptography and to use it judiciously, often in combination with other security measures, rather than as a standalone solution for protecting sensitive cryptographic operations.

Sources

  1. https://developer.android.com/about/dashboards
  2. https://mas.owasp.org/MASTG/0x04c-Tampering-and-Reverse-Engineering/
  3. https://www.whiteboxcrypto.com/
  4. https://whibox.io/contests/

 

 

Get the inside scoop, app security news and more from Promon

Sign up to our newsletter