SlideShare a Scribd company logo
Denis Kolegov, Nikita Oleksov, Oleg Broslavsky
Tomsk State University
Information Security and Cryptography Department
White-Box HMAC
Make your cryptography secure to white-box attacks
May 17-18, Moscow
Attacker is assumed to have:
Zero visibility on code during
execution
External information, such as plaintext
or ciphertext
Considered secure as long as the
cipher has no cryptographic
weaknesses
2
Attacker is assumed to have:
Partial physical access to the
cryptographic key as a result of the
cipher leaking side-channel
information
 Electromagnetic radiation analysis
 Current/power consumption analysis
 Operation timing analysis
3
Attacker is assumed to have:
Full visibility — inputs, outputs,
memory (using debuggers), and
intermediate calculations
Access to the algorithms while
watching how they are carried out
Traditional cryptography is not secure
when running in a white-box model
4
Digital Rights Management Systems
 The end-user is then able to purchase some
type of premium content (e.g., new GoT
season)
 The content arrives at the user’s device
encrypted, and is decrypted by the software
as it is viewed
 A malicious end-user may attempt to extract
cryptographic keys from the software and
then use them to redistribute content outside
the DRM system
5
Client-side web application
 Web application forms some client-side
queries to the backend
 A malicious user may attempt to form
malicious queries and exploit some backend
vulnerabilities
Common case W/ white-box crypto in JS 6
Generate for every key a fixed
implementation, that will contain
hard-coded key
Hide hardcoded key so,
that encrypt and decrypt
operations maintain sensitive
data without revealing any
portions of the key
Make the key extraction difficult
or even impracticable
7
The Advanced Encryption Standard (AES) is a specification for the encryption of
electronic data established by the U.S. National Institute of Standards and
Technology (NIST) 8
9
The Advanced Encryption Standard (AES) is a specification for the encryptionof
electronic data established by the U.S. National Institute of Standards and
Technology (NIST) 10
All that functions could
be easily implemented
using substitution tables
11
Long story short…
More information can be found in §4
of A Tutorial on White-box AES
by James Muir
For more security Chow
suggest to apply to the
state in every round
invertible mixing
bijections and external
encodings
12
Client-side web application.
 Web application forms some client-side
queries to the backend
 A malicious user may attempt to form
malicious queries and exploit some backend
vulnerabilities
Common case W/ white-box crypto in JS
We need
keyed-hashes!
13
2 common ways to build a keyed-hash
Use a block cipher Use HMAC scheme
 Easy to use: just turn on
CBC-MAC mode
 Mb slower than pure hash
 Possibly short block size
 Easy to compute
 Lots of possible hashes
 Fast
14
HMACK(m) = hash[(K ⊕ opad) || h(K ⊕ ipad || m)]
Construction scheme:
Common hash calculation scheme:
15
Each round of hash changes inner hash variables. Saving its’
states give us a possibility to continue hash calculations
>>> import md5
>>> m =md5.new()
>>> m.update("Nobody inspects")
>>> m.update(" the spammish repetition")
>>> m.digest()
'xbbdx9cx83xddx1exa5xc9xd9xdexc9xa1x8dxf0xffxe9‘
>>> md5.new("Nobody inspects the spammish repetition").digest()
'xbbdx9cx83xddx1exa5xc9xd9xdexc9xa1x8dxf0xffxe9'
Gives the same as
16
Both keyed parts are
located at the first
hash block
HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)]
17
HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)]
IV f
K ⊕ opad
SO IV f
K ⊕ ipad
Si
Save inner states of hashing algorithm after the first block for
the key padded with opad and with ipad
18
Si f
m
So f
h(K ⊕ ipad || m)
hmac
HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)]
Common hash-
function realization
Hard-coded states
used as IV
19
Implementation of such white-box HMAC scheme using any cryptographic of
hash function requires only minimal changes in hash function code and no
changes in the common template
20
Si
So
https://github.com/tsu-iscd/jcrypto
Implementation of White-box AES128-CTR and HMAC-SHA256
in JavaScript language
 RFC 4231 test vectors
 NIST test vectors
 Another custom tests (e.g. jsSHA test vectors)
21
Oleg Broslavsky
ovbroslavsky@gmail.com
@yalegko
Nikita Oleksov
neoleksov@gmail.com
@NEOleksov
22
Denis Kolegov
dnkolegov@gmail.com
@dnkolegov

More Related Content

What's hot

Présentation mémoire
Présentation mémoirePrésentation mémoire
Présentation mémoireanaselhachmi
 
Appareillage_industriel_ppt
Appareillage_industriel_pptAppareillage_industriel_ppt
Appareillage_industriel_pptMohammedTAOUSSI4
 
الحوسبة السحابية
الحوسبة السحابيةالحوسبة السحابية
الحوسبة السحابيةMohamed Yahya
 
Gsm energy meter
Gsm energy meterGsm energy meter
Gsm energy meterikm104
 
Student college alert system to parents by their entry at the college premise...
Student college alert system to parents by their entry at the college premise...Student college alert system to parents by their entry at the college premise...
Student college alert system to parents by their entry at the college premise...Khadarbaba Shaik
 

What's hot (9)

Présentation mémoire
Présentation mémoirePrésentation mémoire
Présentation mémoire
 
Appareillage_industriel_ppt
Appareillage_industriel_pptAppareillage_industriel_ppt
Appareillage_industriel_ppt
 
الحوسبة السحابية
الحوسبة السحابيةالحوسبة السحابية
الحوسبة السحابية
 
Fibre optique
Fibre optiqueFibre optique
Fibre optique
 
E commerce ouvrage pdf
E commerce ouvrage pdfE commerce ouvrage pdf
E commerce ouvrage pdf
 
Gsm energy meter
Gsm energy meterGsm energy meter
Gsm energy meter
 
Student college alert system to parents by their entry at the college premise...
Student college alert system to parents by their entry at the college premise...Student college alert system to parents by their entry at the college premise...
Student college alert system to parents by their entry at the college premise...
 
L'Internet des Objets
L'Internet des ObjetsL'Internet des Objets
L'Internet des Objets
 
Assurance 2 (1)
Assurance 2 (1)Assurance 2 (1)
Assurance 2 (1)
 

Viewers also liked

White box cryptography
White box cryptographyWhite box cryptography
White box cryptographyyalegko
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013Nick Sullivan
 
ИИ: Этические аспекты проблемы выбора
ИИ: Этические аспекты проблемы выбораИИ: Этические аспекты проблемы выбора
ИИ: Этические аспекты проблемы выбораyalegko
 
Hide and seek - interesting uses of forensics and covert channels.
Hide and seek - interesting uses of forensics and covert channels.Hide and seek - interesting uses of forensics and covert channels.
Hide and seek - interesting uses of forensics and covert channels.tkisason
 
How to admin
How to adminHow to admin
How to adminyalegko
 
How to Open School For Young Hackers
How to Open School For Young HackersHow to Open School For Young Hackers
How to Open School For Young Hackersyalegko
 
AOP and Inversion of Conrol
AOP and Inversion of ConrolAOP and Inversion of Conrol
AOP and Inversion of Conrolyalegko
 
How to make school CTF
How to make school CTFHow to make school CTF
How to make school CTFyalegko
 

Viewers also liked (8)

White box cryptography
White box cryptographyWhite box cryptography
White box cryptography
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
 
ИИ: Этические аспекты проблемы выбора
ИИ: Этические аспекты проблемы выбораИИ: Этические аспекты проблемы выбора
ИИ: Этические аспекты проблемы выбора
 
Hide and seek - interesting uses of forensics and covert channels.
Hide and seek - interesting uses of forensics and covert channels.Hide and seek - interesting uses of forensics and covert channels.
Hide and seek - interesting uses of forensics and covert channels.
 
How to admin
How to adminHow to admin
How to admin
 
How to Open School For Young Hackers
How to Open School For Young HackersHow to Open School For Young Hackers
How to Open School For Young Hackers
 
AOP and Inversion of Conrol
AOP and Inversion of ConrolAOP and Inversion of Conrol
AOP and Inversion of Conrol
 
How to make school CTF
How to make school CTFHow to make school CTF
How to make school CTF
 

Similar to White-Box HMAC. Make your cipher secure to white-box attacks.

White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviromentIqra khalil
 
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
 
Lecture 02 - 05 Oct 21.pptx
Lecture 02 - 05 Oct 21.pptxLecture 02 - 05 Oct 21.pptx
Lecture 02 - 05 Oct 21.pptxHammadRao5
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithmsijsrd.com
 
EthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxEthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxWijdenBenothmen1
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryptionMizi Mohamad
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindAndreas Czakaj
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...IJECEIAES
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...IJCSIS Research Publications
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Password based encryption
Password based encryptionPassword based encryption
Password based encryptionSachin Tripathi
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageShakas Technologies
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 

Similar to White-Box HMAC. Make your cipher secure to white-box attacks. (20)

White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviroment
 
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
 
Lecture 02 - 05 Oct 21.pptx
Lecture 02 - 05 Oct 21.pptxLecture 02 - 05 Oct 21.pptx
Lecture 02 - 05 Oct 21.pptx
 
Hash
HashHash
Hash
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
 
EthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxEthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptx
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryption
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Password based encryption
Password based encryptionPassword based encryption
Password based encryption
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
Cryptography
CryptographyCryptography
Cryptography
 
Moein
MoeinMoein
Moein
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 

More from yalegko

SD-WAN Internet Census
SD-WAN Internet CensusSD-WAN Internet Census
SD-WAN Internet Censusyalegko
 
So Your WAF Needs a Parser
So Your WAF Needs a ParserSo Your WAF Needs a Parser
So Your WAF Needs a Parseryalegko
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depthyalegko
 
[ISC] Docker + Swarm
[ISC] Docker + Swarm[ISC] Docker + Swarm
[ISC] Docker + Swarmyalegko
 
Covert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersCovert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersyalegko
 
Covert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersCovert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersyalegko
 
Include and extend in Ruby
Include and extend in RubyInclude and extend in Ruby
Include and extend in Rubyyalegko
 
Not a children in da web
Not a children in da webNot a children in da web
Not a children in da webyalegko
 

More from yalegko (8)

SD-WAN Internet Census
SD-WAN Internet CensusSD-WAN Internet Census
SD-WAN Internet Census
 
So Your WAF Needs a Parser
So Your WAF Needs a ParserSo Your WAF Needs a Parser
So Your WAF Needs a Parser
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
 
[ISC] Docker + Swarm
[ISC] Docker + Swarm[ISC] Docker + Swarm
[ISC] Docker + Swarm
 
Covert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersCovert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headers
 
Covert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headersCovert timing channels using HTTP cache headers
Covert timing channels using HTTP cache headers
 
Include and extend in Ruby
Include and extend in RubyInclude and extend in Ruby
Include and extend in Ruby
 
Not a children in da web
Not a children in da webNot a children in da web
Not a children in da web
 

Recently uploaded

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 

Recently uploaded (20)

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 

White-Box HMAC. Make your cipher secure to white-box attacks.

  • 1. Denis Kolegov, Nikita Oleksov, Oleg Broslavsky Tomsk State University Information Security and Cryptography Department White-Box HMAC Make your cryptography secure to white-box attacks May 17-18, Moscow
  • 2. Attacker is assumed to have: Zero visibility on code during execution External information, such as plaintext or ciphertext Considered secure as long as the cipher has no cryptographic weaknesses 2
  • 3. Attacker is assumed to have: Partial physical access to the cryptographic key as a result of the cipher leaking side-channel information  Electromagnetic radiation analysis  Current/power consumption analysis  Operation timing analysis 3
  • 4. Attacker is assumed to have: Full visibility — inputs, outputs, memory (using debuggers), and intermediate calculations Access to the algorithms while watching how they are carried out Traditional cryptography is not secure when running in a white-box model 4
  • 5. Digital Rights Management Systems  The end-user is then able to purchase some type of premium content (e.g., new GoT season)  The content arrives at the user’s device encrypted, and is decrypted by the software as it is viewed  A malicious end-user may attempt to extract cryptographic keys from the software and then use them to redistribute content outside the DRM system 5
  • 6. Client-side web application  Web application forms some client-side queries to the backend  A malicious user may attempt to form malicious queries and exploit some backend vulnerabilities Common case W/ white-box crypto in JS 6
  • 7. Generate for every key a fixed implementation, that will contain hard-coded key Hide hardcoded key so, that encrypt and decrypt operations maintain sensitive data without revealing any portions of the key Make the key extraction difficult or even impracticable 7
  • 8. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) 8
  • 9. 9
  • 10. The Advanced Encryption Standard (AES) is a specification for the encryptionof electronic data established by the U.S. National Institute of Standards and Technology (NIST) 10 All that functions could be easily implemented using substitution tables
  • 12. More information can be found in §4 of A Tutorial on White-box AES by James Muir For more security Chow suggest to apply to the state in every round invertible mixing bijections and external encodings 12
  • 13. Client-side web application.  Web application forms some client-side queries to the backend  A malicious user may attempt to form malicious queries and exploit some backend vulnerabilities Common case W/ white-box crypto in JS We need keyed-hashes! 13
  • 14. 2 common ways to build a keyed-hash Use a block cipher Use HMAC scheme  Easy to use: just turn on CBC-MAC mode  Mb slower than pure hash  Possibly short block size  Easy to compute  Lots of possible hashes  Fast 14
  • 15. HMACK(m) = hash[(K ⊕ opad) || h(K ⊕ ipad || m)] Construction scheme: Common hash calculation scheme: 15
  • 16. Each round of hash changes inner hash variables. Saving its’ states give us a possibility to continue hash calculations >>> import md5 >>> m =md5.new() >>> m.update("Nobody inspects") >>> m.update(" the spammish repetition") >>> m.digest() 'xbbdx9cx83xddx1exa5xc9xd9xdexc9xa1x8dxf0xffxe9‘ >>> md5.new("Nobody inspects the spammish repetition").digest() 'xbbdx9cx83xddx1exa5xc9xd9xdexc9xa1x8dxf0xffxe9' Gives the same as 16
  • 17. Both keyed parts are located at the first hash block HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)] 17
  • 18. HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)] IV f K ⊕ opad SO IV f K ⊕ ipad Si Save inner states of hashing algorithm after the first block for the key padded with opad and with ipad 18
  • 19. Si f m So f h(K ⊕ ipad || m) hmac HMACK(m) = h [(K ⊕ opad) || h(K ⊕ ipad || m)] Common hash- function realization Hard-coded states used as IV 19
  • 20. Implementation of such white-box HMAC scheme using any cryptographic of hash function requires only minimal changes in hash function code and no changes in the common template 20 Si So
  • 21. https://github.com/tsu-iscd/jcrypto Implementation of White-box AES128-CTR and HMAC-SHA256 in JavaScript language  RFC 4231 test vectors  NIST test vectors  Another custom tests (e.g. jsSHA test vectors) 21