Kryptografie v nedůvěryhodném prostředí – Bc. Martin Těhan, MSc

Abstract:

Tradiˇcn´ı model, ve kter´em jsou bezpeˇcnostn´ı n´astroje pouˇz´ıv´any d°uvˇeryhodn ´ymi stranami za ´uˇcelem ochrany jejich vz´ajemn´e komunikace, jiˇz nedosta ˇcuje k pops´an´ı vztah °u v modern´ı informaˇcn´ı spoleˇcnosti. Napˇr´ıklad nˇekter´e aplikace Spr´avy digit´aln´ıch pr´av (DRM) vyˇzaduj´ı, aby kryptografick ´e operace byly prov´adˇeny na stranˇe potencion´alnˇe neˇcestn´eho uˇzivatele. V t´eto diplomov´e pr´aci se vˇenujeme ˇsifr´am, kter´e si kladou za c´ıl b´ yt bezpeˇcn´e i v prostˇred´ı tzv. transparentn´ı skˇr´ınky (white-box), ve kter´e by pro ´ utoˇcn´ıka mˇelo b´ yt nemoˇzn´e z´ıskat tajn ´y kl´ıˇc, pˇrestoˇze m´a pln´y pˇr´ıstup k implementaci i vˇsem instanc´ım dan´e ˇsifry. Pot´e, co shrneme souˇcasn´y stav jak na poli navrhov´an´ı ˇsifer [5] [12] [13], tak i jejich kryptoanal´yzy [18] [4] [43], pˇredstav´ıme vlastn´ı implementaci upraven´e ˇsifry Blowfish. Nejprve zd°uvodn´ıme, proˇc je p°uvodn´ı ˇsifra, kter´a obsahuje sˇc´ıtan´ı modulo 232, nevhodn´a k implementaci v transparentn´ım modelu. Po nahrazen´ı sˇc´ıtan´ı operac´ı xor a diskuzi, proˇc tento krok neovlivn´ı bezpeˇcnost samotn´e ˇsifry, uk´aˇzeme modifikovanou Blowfish, jej´ıˇz kaˇzd´a runda je representov´ana 16 na kl´ıˇci z´avisl ´ymi S-Boxy (T-Boxy) a jednou smˇeˇsovac´ı bijekc´ı. ˇSifra je implementov ´ana jako s´ıˇt 210-ˇr´adkov´ych vyhled´avac´ıch tabulek jejichˇz celkov´a velikost je pˇribliˇznˇe 12 MB. …moreless

Abstract:

A traditional security model in which two honest parties want to securely communicate over untrustworthy channel is no longer sufficient to fully capture modern information society. Applications such as Digital Right Management systems (DRM) require cryptographic operations to be performed at potentially malicious sites. In this thesis we focus on ciphers which are meant to be secure in whitebox attack context, i.e. an attacker should not be able to learn the key even by observing and/or modifying the implementation and execution of the cipher. First, we summarize existing efforts in the field, both in algorithm making [5] [12] [13] and cryptanalysis [18] [4] [43]. Second, we propose a new white-box implementation of slightly modified Blowfish cipher. We argue that addition modulo 232 in Blowfish F function effectively precludes secure white-box implementation and suggest that it is replaced with xor. After a brief discussion why this step does not compromise the cipher, we present modified white-box Blowfish where each round is represented by 16 keyed S-Boxes (T-Boxes) and one mixing bijection. The implementation consists of series of look-up tables with 210 rows. Total size of them is roughly 12 MB. …moreless