White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment.

What Does “White-Box” Mean?
In penetration testing, white-box testing is where the testers (or attackers) have access to the source code and internal workings of the system.

Passing a “white-box” test is harder and requires a higher standard of security than a “black-box” test where the attacker only gets a look at the system from the outside. #whitebox #hackingCLICK TO TWEET
White-box cryptography is appropriately named because attackers have access to the compiled code where the keys exist. The difficult problem that it aims to solve is how to keep those keys safe while using them in execution.

Kerckhoffs’s Principle
Kerckhoffs’s principle revolutionized the way we think about cryptography. It states that we should allow the attacker to know everything about a crypto implementation, except the key. If a cryptosystem can stand up to that level of scrutiny it will be the better for it.

White-box crypto kind-of takes this one step further. That is, we technically give the attacker access to the key, we just hide/encrypt it well enough that they can’t find it.

How Does It Work?
In order to secure a program using white-box cryptography, we assume the attacker has complete access to the system. This includes:

Access to executable binary
Access to execution memory
CPU call intercepts
In order to successfully hide the keys given this scenario, according to Brecht Wyseur, we can take the following steps assuming we are trying to white-box a block cipher:

Partial Evaluation: When performing an operation, we alter the operation based on the key. For example, in the substitution phase of a block cipher, we would change the lookup table to be dependent on the key. Note that if someone were to see this table, they could derive the key (solved in step 3)
Tabularizing: Transform all other operations to also use lookup tables. This is possible because lookup tables can describe any function.
Randomization and Delinearization: We create an encoded chain of lookup tables that has the same functionality as the original chain, but hides the key. Now, using this new chain, we have an obfuscated algorithm. For reading on the details of this operation, see here.

#cryptography #security #crypto #cryptography #white-box

(Very) Basic Intro To White-Box Cryptography
1.25 GEEK