White-Box Cryptography

Degree: Master
Contact Person:Thomas Eisenbarth

Field of Research

Cryptographic services ensure security in a broad range of applications, including set-top boxes, PCs, smart devices, digital rights management (DRM) systems, or client software running in the cloud. Often, these systems are entirely software-based and can become vulnerable to advanced attackers.

White-box cryptography is intended to be secure even if the adversary has full access to the implementation, i.e. the adversary can analyze and execute the binary code and observe or even manipulate every memory access. Several approaches have been proposed and many have been broken. Yet, due to the great need of secure code in insecure environments, especially in embedded and IoT applications, white-box crypto is widely used.

Project Scope

In this project, we explore which security guarantees can be achieved by current white-box techniques. There are also several new attack methods on white-box implementations that have overcome several deployed solutions. Understanding why those attacks succeed and how they can be prevented is part of this project.

An important role for deployed white box implementation comes from code obfuscation methods. Their role in securing white-box implementations will also be explored in this project.

Why me?

This project is for you if you are interested in using and improving your skills in:

  • Symmetric cryptography and cryptanalysis
  • Reverse engineering
  • Code obfuscation

Working on this project can provide the opportunity to publish at a Tier 1 or 2 venue in Computer Security and Cryptography.