Scribd
Upload
73 views13 pages

White-Box Cryptography: Louie Carl R. Mandapat Larry Aumentado Mit, Uplb Internet Security

White-box cryptography aims to securely perform encryption and decryption even when an attacker can observe and alter code execution. Standard cryptography assumes trusted endpoints, but white-box cryptography addresses threats where keys may be visible. It seeks to encrypt or decrypt content without revealing keys or data, even under complete transparency. This is challenging as attackers can freely observe operations and alter code.

Uploaded by

Lee Mandapat
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
73 views13 pages

White-Box Cryptography: Louie Carl R. Mandapat Larry Aumentado Mit, Uplb Internet Security

White-box cryptography aims to securely perform encryption and decryption even when an attacker can observe and alter code execution. Standard cryptography assumes trusted endpoints, but white-box cryptography addresses threats where keys may be visible. It seeks to encrypt or decrypt content without revealing keys or data, even under complete transparency. This is challenging as attackers can freely observe operations and alter code.

Uploaded by

Lee Mandapat
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

WHITE-BOX CRYPTOGRAPHY

Click to edit Master subtitle style

LOUIE CARL R. MANDAPAT LARRY AUMENTADO MIT, UPLB INTERNET SECURITY


7/28/12

OVERVIEW
1
Introduction The Need for WBC (White-box Cryptography) Black Box Cryptography White Box Cryptography Implementation Conclusion

7/28/12

INTRODUCTION
2
Traditionally, cryptography has offered a means of

communicating sensitive (secret, confidential or private) information while making it unintelligible to everyone except for the message recipient.

7/28/12

THE NEED FOR WBC


3
Popular industry standard ciphers like AES were not

designed to operate in environments where their execution could be observed

7/28/12

THE NEED FOR WBC


4
In fact, standard cryptographic models assume that

endpoints, PC and hardware protection tokens for example, are to be trusted. If those endpoints reside in a potentially hostile environment then the cryptographic keys may be directly visible to attackers monitoring the application execution while attempting to extract the keys either embedded or generated by the application from memory.

7/28/12

THE NEED FOR WBC


5
The White Box Challenge

The notion of keeping valuable information such as licensing and other trade secrets hidden while operating in a fully transparent environment poses various challenges:
How to encrypt or decrypt content without directly revealing any portion of the key and or the data?

How

to perform strong encryption mechanisms knowing that

hackers can observe and or alter the code during execution?


7/28/12

BLACK BOX CRYPTOGRAPHY


6
assumes that the attacker has no physical access to

the Key (algorithm performing the encryption or decryption) or any internal workings, rather can only observe external information and behavior.

7/28/12

BLACK BOX CRYPTOGRAPHY


7
consists of either the plaintext (input) or the

ciphertext (output) of the system while assuming zero visibility on code execution and dynamic encryption operations.

7/28/12

WHITE BOX CRYPTOGRAPHY


8
Handles far more severe threats while assuming

hackers have full visibility and control over the whole operation.

7/28/12

WHITE BOX CRYPTOGRAPHY


9
Hackers can freely observe dynamic code execution

and internal algorithm details are completely visible and alterable at will.

7/28/12

IMPLEMENTATION
5

7/28/12

CONCLUSION
6

7/28/12

THANK YOU

7/28/12

You might also like