Yang Shi (Tongji University), Tianchen Gao (Tongji University), Yimin Li (Tongji University), Jiayao Gao (Tongji University), Kaifeng Huang (Tongji University)

Encryption algorithms face various key-extraction attacks, prompting a variety of defensive works under different threat models. Among these, the white-box threat model has the strongest adversarial scenario, where attackers have full access to and control over the cryptographic implementation and its execution environment. However, prior white-box encryption designs primarily protected a single key-dependent table, enabling white-box and side-channel attacks to recover the key. Based on our observation, fuzzing the boundaries of these tables can make attacks ineffective. Thus, we proposed WBSLT, a novel design framework for tabulated white-box implementations of substitution-linear transformation (SLT) ciphers. WBSLT protects key-embedded tables with linear and nonlinear transformations and partially leaves each component’s computation to the next component to mitigate single key-dependent table breach. To further defend against differential computation analysis and differential fault analysis, the framework integrates masking, shuffling and external encoding. Theoretical analysis indicates its immunity to various attacks. Experimental results validate the practicality of WBSLT across multiple computing platforms, showing efficient encryption performance and reasonable memory consumption.

View More Papers

Analysis of the Security Design, Engineering, and Implementation of...

Alan T. Sherman (University of Maryland, Baltimore County (UMBC)), Jeremy J. Romanik Romano (University of Maryland, Baltimore County (UMBC)), Edward Zieglar (University of Maryland, Baltimore County (UMBC)), Enis Golaszewski (University of Maryland, Baltimore County (UMBC)), Jonathan D. Fuchs (University of Maryland, Baltimore County (UMBC)), William E. Byrd (University of Alabama at Birmingham)

Read More

OSAVRoute: Advancing Outbound Source Address Validation Deployment Detection with...

Shuai Wang (Zhongguancun Laboratory), Ruifeng Li (Zhongguancun Laboratory), Li Chen (Zhongguancun Laboratory), Dan Li (Tsinghua University), Lancheng Qin (Zhongguancun Laboratory), Qian Cao (Zhongguancun Laboratory)

Read More

Continuous User Behavior Monitoring using DNS Cache Timing Attacks

Hannes Weissteiner (Graz University of Technology, Graz, Austria), Roland Czerny (Graz University of Technology, Graz, Austria), Simone Franza (Graz University of Technology, Graz, Austria), Stefan Gast (Graz University of Technology, Graz, Austria), Johanna Ullrich (University of Vienna, Vienna, Austria), Daniel Gruss (Graz University of Technology, Graz, Austria)

Read More