DWB-AES：基于AES的动态白盒实现方法

王滨; 陈思; 陈加栋; 王星

doi:10.11959/j.issn.1000-436x.2021020

您当前的位置：

首页 >

文章列表页 >

DWB-AES：基于AES的动态白盒实现方法

学术通信 | 更新时间：2024-06-05

- DWB-AES：基于AES的动态白盒实现方法
- DWB-AES: an implementation of dynamic white-box based on AES
- 通信学报 2021年42卷第2期页码：177-186
- 作者机构：
  
  1. 浙江大学电气工程学院，浙江杭州 310058
  2. 中国电科集团52所海康威视网络与信息安全实验室，浙江杭州 310053
- 作者简介：
  
  [ "王滨（1978- ），男，山东泗水人，博士，浙江大学研究员，主要研究方向为智能终端安全、物联网安全、密码学等。" ]
  [ "陈思（1993- ），女，河南商丘人，中国电科集团52所工程师，主要研究方向为物联网安全、密码学及其应用。" ]
  [ "陈加栋（1988- ），男，江苏高邮人，中国电科集团52所高级工程师，主要研究方向为信息安全、硬件安全等。" ]
  [ "王星（1985- ），男，山西太原人，浙江大学在站博士后，中国电科集团52所高级工程师，主要研究方向为机器学习与物联网安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFB2100400);国家电网公司总部科技基金资助项目(5700-202019187A-0-0-00)
- DOI：10.11959/j.issn.1000-436x.2021020
  中图分类号： TP393
- 网络出版日期：2021-02，
  
  纸质出版日期：2021-02-25
- 稿件说明：
移动端阅览
王滨, 陈思, 陈加栋, 等. DWB-AES：基于AES的动态白盒实现方法[J]. 通信学报, 2021,42(2):177-186.

Bin WANG, Si CHEN, Jiadong CHEN, et al. DWB-AES: an implementation of dynamic white-box based on AES[J]. Journal on communications, 2021, 42(2): 177-186.
王滨, 陈思, 陈加栋, 等. DWB-AES：基于AES的动态白盒实现方法[J]. 通信学报, 2021,42(2):177-186. DOI： 10.11959/j.issn.1000-436x.2021020.

Bin WANG, Si CHEN, Jiadong CHEN, et al. DWB-AES: an implementation of dynamic white-box based on AES[J]. Journal on communications, 2021, 42(2): 177-186. DOI： 10.11959/j.issn.1000-436x.2021020.

摘要

物联网设备因资源受限，需要兼具安全性、灵活性的轻量级密码模块保障安全，白盒密码能够满足物联网设备的安全需求。在常见的白盒密码实现方法中，往往密钥和查找表是绑定的，因此每次更换密钥都需要重新生成并更换查找表，这在实际应用中不够灵活。为了解决该问题，提出了一种基于 AES 的动态白盒实现方法，即DWB-AES。该方法通过改变轮与轮之间的边界，将加解密过程的所有操作均通过查找表来实现，并对表和密钥分别进行混淆，使整个加解密过程不会暴露密钥信息，且每次更换密钥时不需要更换查找表，所以DWB-AES更加灵活和实用。通过对DWB-AES的安全性分析表明，DWB-AES具有较高的白盒多样性和白盒含混度，且能够有效地抵御BGE和Mulder等常见的白盒攻击方法。

Abstract

The resources of IoT devices are limited.Therefore

security

flexibility and lightweight cryptographic modules are required.The idea of white-box cryptography can meet the needs of IoT devices.In common AES white-box implementations

keys are bound to look up tables.So the look up tables must be changed when the keys are changed.It is not flexible enough in practical applications.To solve this problem

a dynamic white-box implementation method for AES

which was called DWB-AES

was proposed.By changing the boundary between rounds

all operations of the encryption and decryption process were performed by looking up the tables

and the tables and the keys were respectively confused

so that the entire encryption and decryption process did not expose the key information.The look up tables need not to be changed every time when the keys changed

which was more practical.The security analysis of DWB-AES shows that the DWB-AES has higher white-box diversity and ambiguous

it can resist BGE attack and Mulder attack.

关键词

Keywords

references

CHOW S , EISEN P A , JOHNSON H , et al . White-box cryptography and an AES implementation [C ] // Selected Areas in Cryptography . Berlin:Springer , 2003 : 250 - 270 .

CHOW S , EISEN P , JOHNSON H , et al . A white-box DES implementation for DRM applications [C ] // ACM Workshop on Digital Rights Management . New York:ACM Press , 2003 : 1 - 5 .

JACOB M , BONEH D , FELTEN E . Attacking an obfuscated cipher by injecting faults [C ] // Digital Rights Management . Berlin:Springer , 2003 : 16 - 31 .

GOUBIN L , MASEREEL J M , QUISQUATER M . Cryptanalysis of white box DES implementations [J ] . Lecture Notes in Computer Science , 2007 , 4876 : 278 - 295 .

BILLET O , GILBERT H , ECH-CHATBI C . Cryptanalysis of a white box AES implementation [C ] // Selected Areas in Cryptography . Berlin:Springer , 2005 : 227 - 240 .

XIAO Y , LAI X . A secure implementation of white-box aes [C ] // The 2nd International Conference on Computer Science and Its Applications . Piscataway:IEEE Press , 2009 : 1 - 6 .

MULDER DE Y , ROELSE P , PRENEEL B . Cryptanalysis of the Xiao-Lai white-box AES implementation [C ] // Selected Areas in Cryptography . Berlin:Springer , 2013 : 34 - 49 .

LUO R , LAI X J , YOU R . A new attempt of white-box AES implementation [C ] // 2014 International Conference on Security,Pattern Analysis,and Cybernetics . Piscataway:IEEE Press , 2014 : 423 - 429 .

KARROUMI M , . Protecting white-box AES with dual ciphers [C ] // Information Security and Cryptology-ICISC 2010 . Berlin:Springer , 2011 : 278 - 291 .

MULDER DE Y . White-box cryptography:analysis of white-box AES implementations [D ] . Belgium:KU Leuven , 2014 .

BIRYUKOV A , BOUILLAGUET C , KHOVRATOVICH D . Cryptographic schemes based on the ASASA structure:black-box,white-box,and public-key [C ] // Advances in Cryptology—ASIACRYPT 2014 . Berlin:Springer , 2014 : 63 - 84 .

BOGDANOV A , ISOBE T . White-box cryptography revisited:space-hard ciphers [C ] // The 22nd ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2015 : 1058 - 1069 .

KARROUMI M , . Protecting white-box AES with dual ciphers [C ] // Proceedings of the 13th International Conference on Information Security and Cryptology . Berlin:Springer , 2011 : 278 - 291 .

XU T , LIU F , WU C . A white-box AES-like implementation based on key-dependent substitution-linear transformations [J ] . Multimedia Tools and Applications , 2018 , 77 ( 14 ): 18117 - 18137 .

姚思 , 陈杰 . SM4 算法的一种新型白盒实现 [J ] . 密码学报 , 2020 , 7 ( 3 ): 358 - 374 .

YAO S , CHEN J . A new method for white-box implementation of SM4 algorithm [J ] . Journal of Cryptologic Research , 2020 , 7 ( 3 ): 358 - 374 .

FUKUSHIMA K , HIDANO S , KIYOMOTO S . White-box implementation of stream cipher [C ] // The 3rd International Conference on Information Systems Security and Privacy .[S.n.:s.l. ] , 2017 : 263 - 269 .

BAI K , WU C . A secure white-box SM4 implementation [J ] . Security and Communications Networks , 2016 , 9 ( 10 ): 996 - 1006 .

BAI K P , WU C K , ZHANG Z F . Protect white-box AES to resist table composition attacks [J ] . IET Information Security , 2018 , 12 ( 4 ): 305 - 313 .

BIRYUKOV A , CANNIERE DE C , BRAEKEN A , et al . A toolbox for cryptanalysis:linear and affine equivalence algorithms [C ] // Advances in Cryptology-EUROCRYPT 2003 . Berlin:Springer , 2003 : 33 - 50 .

浏览量

471

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

积分攻击改进——随机线性区分与密钥恢复攻击

新的抵抗鬼峰的关联矩阵差分能量分析

基于Lanczos核的实时图像插值算法

针对AES和CLEFIA的改进Cache踪迹驱动攻击