Software Tamper Resistance Based on White-Box SMS4 Implementation
In software protection, we’ve always faced the problem that an attacker is assumed to have full control over the target software and its execution. This is similar to the attack model in white-box cryptography, which aims to provide robust and secure implementations of cryptographic schemes against white-box attacks. In this paper, we propose our tamper-resistance technique, Siren, that uses white-box implementation to make software tamper resistant. We interpret the binary of software code as lookup table and incorporate these tables into the underlying white-box SMS4 implementation. In addition, we prove that Siren has good performance in security, and show the lower space complexity and higher efficiency. Finally, we present CBC-Siren, a white-box encryption scheme using CBC mode, which can provide protection to code with flexible size.
KeywordsWhite-box cryptograpyh Software Tamper resistance SMS4 CBC
This work was supported by National Natural Science Foundation of China (No. 61702331, 61472251, U1536101, 71774111, 61972249, 61972248), China Postdoctoral Science Foundation (No. 2017M621471). National Cryptography Development Fund (NO. MMJJ20170105) and Science and Technology on Communication Security Laboratory. The authors are very grateful to the anonymous referees for their valuable comments and suggestions, helping them to improve the quality of this paper.
- 1.Collberg, C., Low, D., Thomborson, C.: Breaking abstractions and unstructuring data structures. In: Proceedings of the 1998 International Conference on Computer Languages (Cat. No. 98CB36225), pp. 28–38. IEEE (1998)Google Scholar
- 3.Lach, J., Mangione-Smith, W.H., Kahng, A.B.: Watermarking techniques for intellectual property protection. In: Proceedings of the 35th annual Design Automation Conference, pp. 776–781. ACM (1998)Google Scholar
- 4.Ma, H., Lu, K.: Software watermarking using return-oriented programming. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 369–380. ACM (2015)Google Scholar
- 10.Xiao, Y., Lai, X.: White-box cryptography and implementations of SMS4. In: Proceedings of the 2009 CACR Annual Meeting, vol. 34. Science Press, Beijing (2009)Google Scholar
- 12.Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_4CrossRefGoogle Scholar
- 15.Michiels, W., Gorissen, P.: Mechanism for software tamper resistance: an application of white-box cryptography. In: Proceedings of the 2007 ACM Workshop on Digital Rights Management, pp. 82–89. ACM (2007)Google Scholar