Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).

# Design of white-box encryption schemes for mobile applications security

1 CARAMBA - Cryptology, arithmetic : algebraic methods for better algorithms
Inria Nancy - Grand Est, LORIA - ALGO - Department of Algorithms, Computation, Image and Geometry
Abstract : Today mobile devices are an integral part of our lives with the development of applications. In addition to smart phones, which are increasingly powerful, other devices such as connected objects may have to handle data that must remain secret. For example, the authentication of a connected object in a network requires the existence of a secret" held by the object. In the case of mobile applications, the emergence of payment applications allowing contactless payment from the telephone or banking applications poses serious security challenges. The need to secure applications is therefore essential both for users wishing to access a service without risking their goods and for service providers who have a financial interest in it. Thus, cryptography is used to protect these various mobile applications. In this context, we wish to meet this need with both a software and hardware approach to secure cryptography on open and exposed platforms. The aim of this thesis is to verify the security of software implementations of cryptographic algorithms in the white-box model and to propose techniques to reinforce this security in a mobile environment. The white-box model or white-box attacks context is opposed to the traditional black-box model and refers to a context in which an attacker controls an execution environment and has access to software implementations of cryptographic algorithms. Once a secret key is revealed, the security of the encryption scheme is no longer valid. In this context, the last line of defense is the implementation itself: the secret key is hidden in the code so that it cannot be distinguished or extracted. Many studies have been conducted on White-Box Cryptography and have led to proposals for white-box implementations of standardized algorithms such as the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard). These algorithms are of particular interest due to their wide deployment. Unfortunately these proposals have revealed vulnerabilities and do not guarantee the confidentiality of the secret key. In this thesis, we are first interested in the reasons why not all proposed implementations allow to hide'' the secret key sufficiently. We will make a detailed study of the techniques used as well as the possible attacks. Secondly, we propose new techniques to counter these attacks and study the cost of these techniques in terms of code size and performance. Another approach in White-Box Cryptography is to design algorithms that can be proved to be resistant to key extraction. This new approach involves proposing security notions adapted to the white-box model. In particular, the main problem is to ensure that the implementation of the cryptographic algorithm cannot be copied and executed in another environment. This attack called "code lifting" (code copying) is equivalent to extracting the secret key. One solution proposed in the literature is to increase the size of the code in order to increase the space complexity of the attack. We propose a solution to this problem by defining an encryption scheme that can be implemented in a white-box and that uses a physical device called Physically Unclonable Function (PUF). A PUF refers to a physical device with unique and unclonable characteristics that can be used to identify it. Thus, a PUF can be seen as the fingerprint (in the biometric sense) of a device. The PUF will be used in our scheme as a means of identifying the execution environment of a cryptographic algorithm and will generate a key specific to a given device.
Keywords :
Document type :
Theses
Complete list of metadata

Cited literature [129 references]

https://hal.univ-lorraine.fr/tel-02949394
Contributor : Thèses UL Connect in order to contact the contributor
Submitted on : Friday, September 25, 2020 - 3:33:06 PM
Last modification on : Friday, February 4, 2022 - 3:34:17 AM
Long-term archiving on: : Thursday, December 3, 2020 - 6:04:08 PM

### File

DDOC_T_2020_0060_RASOAMIARAMAN...
Files produced by the author(s)

### Identifiers

• HAL Id : tel-02949394, version 1

### Citation

Sandra Rasoamiaramanana. Design of white-box encryption schemes for mobile applications security. Cryptography and Security [cs.CR]. Université de Lorraine, 2020. English. ⟨NNT : 2020LORR0060⟩. ⟨tel-02949394⟩

Record views