SlideShare una empresa de Scribd logo

White-box Cryptography -BayThreat 2013

Nick Sullivan
Nick Sullivan

In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.

TecnologíaEducación
1 de 27
Descargar para leer sin conexión
BayThreat December 6th, 2013 ! Nick Sullivan @grittygrease White-box Cryptography What do you do when they’re in your server room?
My Background • Systems Engineering at CloudFlare • Cryptography at Apple • Threat analysis at Symantec • M.Sc. in Cryptography • Undergraduate Pure Mathematics !2
What this talk is about • Introduction to white-box cryptography • Why we need this now more than ever • Key concepts for implementations • Steps for the future — with an announcement !3
Let’s talk about physical access • If an attacker has physical access, they have everything, right? • Cold Boot, Evil Maid, Jailbreak, etc. • It only takes time ! • Solution: Lock it up! !4
Let’s talk about physical access • What about servers? • Where are modern servers kept? • Your own data center? • A “physically secure” co-location facility? • On a virtual machine in the cloud? • On a globally-distributed CDN? • Under which national jurisdiction? !5
Server Breaches Happen • How long does it take to get your secrets? • Reverse engineering skill of attacker • Diminishing cost to attacker as skills and tools accumulate ! • Wouldn’t it be great if there was a computational burden placed on the attacker for every new secret? • You could rotate your secrets on a fixed schedule !6
Standard Crypto Model (Black-box) Alice Bob Eve adversary icons: Sam Small !7
Side-channel Attacks (Grey-box) Alice Bob Eve adversary icons: Sam Small !8
White-box threat model Eve Alice Bob adversary icons: Sam Small !9
White-box threat model Aleve Bob adversary icons: Sam Small !10
White-box Cryptography • Cryptographic implementations that hide the key from everyone • Attackers on the wire • Attackers outside the house • Attackers inside the house (evil maids included) !11
White-box cryptography • Protection against key extraction in the strongest possible threat model • Secures keys, not data • White-box attackers no better off than black-box attackers !12
For Example • Digital Rights Management • The key protecting streams from Spotify, Netflix, etc. • Decryption and consumption of content happens in a controlled way • The attacker is the consumer “Aleve” !13
White-box cryptography • History • Invented in 2002 by Chow et al. • Resurgence in academic attention in last two years — breaks, new constructions • Work in progress • No perfect white-boxes, only relatively strong ones • General function obfuscator is not possible (Barak, 2001) • Ciphers are not proven to be impossible to obfuscate !14
What does it get you? • Attackers cannot transform the key into a known form • Algorithm or code has to be lifted or leveraged • Prevents BORE (break once run everywhere) attacks • Can’t plug into standard cryptography libraries • Nation-state attackers use specialized hardware • Traitor tracing • You can rotate keys on a schedule since cost to break is bounded !15
Which algorithms? • Symmetric Key Cryptography • DES • AES ! • Public Key Cryptography? • RSA (maybe?) • ECC (maybe?) !16
Example Implementation • 128-bit AES • 16 byte key, 16 byte message block • What about replacing implementation with a lookup table? • Map from input to output indexed by order • Lookup table has minimal information about structure of algorithm — black box • 2^128 possible inputs of size 128bit • Storage of 5 x 10^27 terabytes — too much !17
Example Implementation • AES Internals • SubBytes — Byte-wise substitution • ShiftRows — Permutation of bytes • MixColumns — Linear combination of bytes • AddRoundKeys — XOR a piece of the key !18
AES !19
Example Implementation • AddRoundKey, SubBytes • Can be merged into one operation — byte-wise lookup table called a T-box • MixColumns • Linear combination — byte-wise lookup table for constants • Nibble-wise lookup tables for linear factors • Lots of lookup tables can be combined !20
Internal Encoding • Composition of functions • Chaining random lookup tables ! ! ! ! ! ! !21
White-box compiler • Inputs • White box description • Random seed • Key value 4663900 • Output • Implementation of encryption/decryption for given key !22
Costs • Key size — Pre-scheduling causes key inflation • Memory cost — Large lookup tables • Performance cost — 5-10x in some cases • Engineering cost — Integration, other anti-tampering techniques !23
In the industry • Mostly licensed for digital rights management — $$$ • Practical breaks (marcan42, Alberto Battistello, Phrack Magazine) ! • No commercial grade open source implementation • An affordable solution is needed !24
Introducing Open WhiteBox !25
Introducing Open WhiteBox • Group of individuals working to make white box cryptography accessible to the public • Open source white box compiler (using LLVM) • Working towards implementation of best current academic proposals • Initial focus on server-side applications ! • Participate in the conversation on Twitter @OpenWhiteBox !26
Questions? BayThreat December 6th, 2013 ! Nick Sullivan @grittygrease @OpenWhiteBox !27

Recomendados

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris
 
Block chain
Block chainBlock chain
Block chainTejashBansal2
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 

Recomendados

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris
 
Block chain
Block chainBlock chain
Block chainTejashBansal2
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
Mo and Tao 魔与道
Mo and Tao 魔与道Mo and Tao 魔与道
Mo and Tao 魔与道Austin Chou
 
SDN and Security: some real-world experience
SDN and Security: some real-world experienceSDN and Security: some real-world experience
SDN and Security: some real-world experienceAPNIC
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
Putting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning MapPutting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning MapChen-Yu Tsai
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Cryptography
CryptographyCryptography
CryptographySri Manakula Vinayagar Engineering College
 
Modern Networking Hacking
Modern Networking HackingModern Networking Hacking
Modern Networking HackingGreater Noida Institute Of Technology
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_darkNikita Abdullin
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
The Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial FootprintsThe Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial Footprintsk3vb0t
 
CNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologyCNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologySam Bowne
 
The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remanijaxconf
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling SoftwareAbdelmonaim Remani
 

Más contenido relacionado

La actualidad más candente

Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
Mo and Tao 魔与道
Mo and Tao 魔与道Mo and Tao 魔与道
Mo and Tao 魔与道Austin Chou
 
SDN and Security: some real-world experience
SDN and Security: some real-world experienceSDN and Security: some real-world experience
SDN and Security: some real-world experienceAPNIC
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
Putting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning MapPutting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning MapChen-Yu Tsai
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
The Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial FootprintsThe Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial Footprintsk3vb0t
 
CNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologyCNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologySam Bowne
 

La actualidad más candente (20)

Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
 
Mo and Tao 魔与道
Mo and Tao 魔与道Mo and Tao 魔与道
Mo and Tao 魔与道
 
SDN and Security: some real-world experience
SDN and Security: some real-world experienceSDN and Security: some real-world experience
SDN and Security: some real-world experience
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
Putting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning MapPutting Taiwan on the kernel.org Keysigning Map
Putting Taiwan on the kernel.org Keysigning Map
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Cryptography
CryptographyCryptography
Cryptography
 
Modern Networking Hacking
Modern Networking HackingModern Networking Hacking
Modern Networking Hacking
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
The Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial FootprintsThe Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial Footprints
 
CNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologyCNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis Methodology
 

Similar a White-box Cryptography -BayThreat 2013

The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remanijaxconf
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling SoftwareAbdelmonaim Remani
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagBeau Bullock
 
Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014John Davies
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
In Memory Databases: A Real Time Analytics Solution
In Memory Databases: A Real Time Analytics SolutionIn Memory Databases: A Real Time Analytics Solution
In Memory Databases: A Real Time Analytics SolutionAdaryl "Bob" Wakefield, MBA
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDaveEdwards12
 
Cryptanalysis in the Time of Ransomware
Cryptanalysis in the Time of RansomwareCryptanalysis in the Time of Ransomware
Cryptanalysis in the Time of RansomwareMark Mager
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterJohn Adams
 

Similar a White-box Cryptography -BayThreat 2013 (20)

The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remani
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling Software
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
Network security basics
Network security basicsNetwork security basics
Network security basics
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
 
Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
In Memory Databases: A Real Time Analytics Solution
In Memory Databases: A Real Time Analytics SolutionIn Memory Databases: A Real Time Analytics Solution
In Memory Databases: A Real Time Analytics Solution
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Cryptanalysis in the Time of Ransomware
Cryptanalysis in the Time of RansomwareCryptanalysis in the Time of Ransomware
Cryptanalysis in the Time of Ransomware
 
WEEK-01.pdf
WEEK-01.pdfWEEK-01.pdf
WEEK-01.pdf
 
Outsourced database
Outsourced databaseOutsourced database
Outsourced database
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling Twitter
 

Último

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

White-box Cryptography -BayThreat 2013

  • 1. BayThreat December 6th, 2013 ! Nick Sullivan @grittygrease White-box Cryptography What do you do when they’re in your server room?
  • 2. My Background • Systems Engineering at CloudFlare • Cryptography at Apple • Threat analysis at Symantec • M.Sc. in Cryptography • Undergraduate Pure Mathematics !2
  • 3. What this talk is about • Introduction to white-box cryptography • Why we need this now more than ever • Key concepts for implementations • Steps for the future — with an announcement !3
  • 4. Let’s talk about physical access • If an attacker has physical access, they have everything, right? • Cold Boot, Evil Maid, Jailbreak, etc. • It only takes time ! • Solution: Lock it up! !4
  • 5. Let’s talk about physical access • What about servers? • Where are modern servers kept? • Your own data center? • A “physically secure” co-location facility? • On a virtual machine in the cloud? • On a globally-distributed CDN? • Under which national jurisdiction? !5
  • 6. Server Breaches Happen • How long does it take to get your secrets? • Reverse engineering skill of attacker • Diminishing cost to attacker as skills and tools accumulate ! • Wouldn’t it be great if there was a computational burden placed on the attacker for every new secret? • You could rotate your secrets on a fixed schedule !6
  • 7. Standard Crypto Model (Black-box) Alice Bob Eve adversary icons: Sam Small !7
  • 11. White-box Cryptography • Cryptographic implementations that hide the key from everyone • Attackers on the wire • Attackers outside the house • Attackers inside the house (evil maids included) !11
  • 12. White-box cryptography • Protection against key extraction in the strongest possible threat model • Secures keys, not data • White-box attackers no better off than black-box attackers !12
  • 13. For Example • Digital Rights Management • The key protecting streams from Spotify, Netflix, etc. • Decryption and consumption of content happens in a controlled way • The attacker is the consumer “Aleve” !13
  • 14. White-box cryptography • History • Invented in 2002 by Chow et al. • Resurgence in academic attention in last two years — breaks, new constructions • Work in progress • No perfect white-boxes, only relatively strong ones • General function obfuscator is not possible (Barak, 2001) • Ciphers are not proven to be impossible to obfuscate !14
  • 15. What does it get you? • Attackers cannot transform the key into a known form • Algorithm or code has to be lifted or leveraged • Prevents BORE (break once run everywhere) attacks • Can’t plug into standard cryptography libraries • Nation-state attackers use specialized hardware • Traitor tracing • You can rotate keys on a schedule since cost to break is bounded !15
  • 16. Which algorithms? • Symmetric Key Cryptography • DES • AES ! • Public Key Cryptography? • RSA (maybe?) • ECC (maybe?) !16
  • 17. Example Implementation • 128-bit AES • 16 byte key, 16 byte message block • What about replacing implementation with a lookup table? • Map from input to output indexed by order • Lookup table has minimal information about structure of algorithm — black box • 2^128 possible inputs of size 128bit • Storage of 5 x 10^27 terabytes — too much !17
  • 18. Example Implementation • AES Internals • SubBytes — Byte-wise substitution • ShiftRows — Permutation of bytes • MixColumns — Linear combination of bytes • AddRoundKeys — XOR a piece of the key !18
  • 20. Example Implementation • AddRoundKey, SubBytes • Can be merged into one operation — byte-wise lookup table called a T-box • MixColumns • Linear combination — byte-wise lookup table for constants • Nibble-wise lookup tables for linear factors • Lots of lookup tables can be combined !20
  • 21. Internal Encoding • Composition of functions • Chaining random lookup tables ! ! ! ! ! ! !21
  • 22. White-box compiler • Inputs • White box description • Random seed • Key value 4663900 • Output • Implementation of encryption/decryption for given key !22
  • 23. Costs • Key size — Pre-scheduling causes key inflation • Memory cost — Large lookup tables • Performance cost — 5-10x in some cases • Engineering cost — Integration, other anti-tampering techniques !23
  • 24. In the industry • Mostly licensed for digital rights management — $$$ • Practical breaks (marcan42, Alberto Battistello, Phrack Magazine) ! • No commercial grade open source implementation • An affordable solution is needed !24
  • 26. Introducing Open WhiteBox • Group of individuals working to make white box cryptography accessible to the public • Open source white box compiler (using LLVM) • Working towards implementation of best current academic proposals • Initial focus on server-side applications ! • Participate in the conversation on Twitter @OpenWhiteBox !26
  • 27. Questions? BayThreat December 6th, 2013 ! Nick Sullivan @grittygrease @OpenWhiteBox !27