Hiding your White-Box Designs is Not Enough

March 16, 2016 (at 10:30 a.m.) in Attack & Research

Although all current scientific white-box publications are academically broken, there is still a large number of companies which sell "secure" white-box products based on unknown designs and relying on additional code obfuscation countermeasures. A new approach to assess the security of white-box implementations is presented which requires neither knowledge about the inner white-box design nor any reverse engineering effort. The differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community.

Philippe Teuwen

Philippe Teuwen (@doegox) is Security Researcher at Quarkslab, France. He's one of the libnfc maintainers and gave about 16 workshops on RFID & NFC security and privacy issues at Troopers, Hack.lu, Brucon, RFIDsec, Hackito Ergo Sum, RMLL, etc. along with talks on other security topics such as Wi-Fi Protected Setup, EMV-CAP for eBanking, eVoting, reverse-engineering, Smartcard fault injection simulation, White-Box cryptanalysis etc. He's in the editorial team of the International Journal of PoC||GTFO and loves playing CTFs.