[en] Software obfuscation is a powerful tool to protect the intellectual property or secret keys inside programs. Strong software obfuscation is crucial in the context of untrusted execution environments (e.g., subject to malware infection) or to face potentially malicious users trying to reverse-engineer a sensitive program. Unfortunately, the state-of-the-art of pure software-based obfuscation (including white-box cryptography) is either insecure or infeasible in practice. This work introduces OBSCURE, a versatile framework for practical and cryptographically strong software obfuscation relying on a simple stateless secure element (to be embedded, for example, in a protected hardware chip or a token). Based on the foundational result by Goyal et al. from TCC 2010, our scheme enjoys provable security guarantees, and further focuses on practical aspects, such as efficient execution of the obfuscated programs, while maintaining simplicity of the secure element. In particular, we propose a new rectangular universalization technique, which is also of independent interest. We provide an implementation of OBSCURE taking as input a program source code written in a subset of the C programming language. This ensures usability and a broad range of applications of our framework. We benchmark the obfuscation on simple software programs as well as on cryptographic primitives, hence highlighting the possible use cases of the framework as an alternative to pure software-based white-box implementations.
Disciplines :
Computer science
Author, co-author :
Mercadier, Darius; Google, Munich, Germany
Nguyen, Viet Sang; Université Jean Monnet, Saint-Étienne, France
Rivain, Matthieu; CryptoExperts, Paris, France
UDOVENKO, Aleksei ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Cryptolux
External co-authors :
yes
Language :
English
Title :
OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element
Publication date :
12 March 2024
Event name :
Conference on Cryptographic Hardware and Embedded Systems (CHES)
Event organizer :
International Association for Cryptologic Research (IACR)
Event place :
Halifax, Canada
Event date :
September 4-7, 2024
Audience :
International
Journal title :
IACR Transactions on Cryptographic Hardware and Embedded Systems
ANR - Agence Nationale de la Recherche FNR - Fonds National de la Recherche DFG - Deutsche Forschungsgemeinschaft
Funding text :
This work was done while the authors were at CryptoExperts. This work was partially supported by the French ANR-AAPG2019 SWITECH project. The fourth author was partially supported by the Luxembourg National Research Fund’s (FNR) and the German Research Foundation’s (DFG) joint project APLICA (C19/IS/13641232). We are very grateful to Pascal Paillier for generating the discretized neural network used in our benchmark (as reported in Appendix C). We would also like to thank the anonymous reviewers of TCHES for their fruitful comments that helped us improve the paper.
[AES01] Advanced Encryption Standard (AES). National Institute of Standards and Technology, NIST FIPS PUB 197, U.S. Department of Commerce, November 2001.
[AFGH05] Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. In NDSS 2005. The Internet Society, February 2005.
[Aga18] Abien Fred Agarap. Deep learning using rectified linear units (ReLU). CoRR, abs/1803.08375, 2018.
[AGKS20] Masaud Y. Alhassan, Daniel Günther, Ágnes Kiss, and Thomas Schneider. Efficient and scalable universal circuits. Journal of Cryptology, 33(3):1216–1271, July 2020.
[AJX+ 19] Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee. OBFUSCURO: A commodity obfuscation engine on intel SGX. In Proceedings 2019 Network and Distributed System Security Symposium. Internet Society, 2019.
[Bar16] Boaz Barak. Hopes, fears, and software obfuscation. Commun. ACM, 59(3):88–96, feb 2016.
[BBdS+ 21] Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, Qingju Wang, and Alex Biryukov. Schwaemm and Esch: lightweight authenticated encryption and hashing using the Sparkle permutation family. version v1.2. NIST Lightweight Cryptography Finalists, 2021.
[BCD+ 19] Zhenzhen Bao, Avik Chakraborti, Nilanjan Datta, Jian Guo, Mridul Nandi, Thomas Peyrin, and Kan Yasuda. PHOTON-beetle authenticated encryption and hash family. NIST Lightweight Cryptography Finalists, 2019.
[Ben64] V. E. Beneš. Permutation groups, complexes, and rearrangeable connecting networks. The Bel l System Technical Journal, 43(4):1619–1640, 1964.
[Ben22] Eli Bendersky. pycparser v2.21, 2022.
[Ber20] Daniel J. Bernstein. Verified fast formulas for control bits for permutation networks. Cryptology ePrint Archive, Report 2020/1493, 2020. https://eprint.iacr.org/2020/1493.
[BGEC04] Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi. Cryptanalysis of a white box AES implementation. In Helena Handschuh and Anwar Hasan, editors, SAC 2004, volume 3357 of LNCS, pages 227–240. Springer, Heidelberg, August 2004.
[BGI+ 01] Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 1–18. Springer, Heidelberg, August 2001.
[BGK+ 19] Andrey Bogdanov, Louis Goubin, Stefan Kölbl, Pascal Paillier, Matthieu Rivain, Elmar Tischhauser, and Junwei Wang. CHES 2019 Capture The Flag Challenge. The WhibOx Contest, 2nd Edition, 2019. https://whibox.io/contests/2019/.
[BHMT16] Joppe W. Bos, Charles Hubain, Wil Michiels, and Philippe Teuwen. Differential computation analysis: Hiding your white-box designs is not enough. In Benedikt Gierlichs and Axel Y. Poschmann, editors, CHES 2016, volume 9813 of LNCS, pages 215–236. Springer, Heidelberg, August 2016.
[BR05] Mihir Bellare and Phillip Rogaway. Introduction to modern cryptography, 2005. Course Notes.
[BU18] Alex Biryukov and Aleksei Udovenko. Attacks and countermeasures for white-box designs. In Thomas Peyrin and Steven Galbraith, editors, ASI-ACRYPT 2018, Part II, volume 11273 of LNCS, pages 373–402. Springer, Heidelberg, December 2018.
[CAC+ 81] Gregory J Chaitin, Marc A Auslander, Ashok K Chandra, John Cocke, Martin E Hopkins, and Peter W Markstein. Register allocation via coloring. Computer languages, 6(1):47–57, 1981.
[CEJv03] Stanley Chow, Philip A. Eisen, Harold Johnson, and Paul C. van Oorschot. White-box cryptography and an AES implementation. In Kaisa Nyberg and Howard M. Heys, editors, SAC 2002, volume 2595 of LNCS, pages 250–270. Springer, Heidelberg, August 2003.
[CEJvO02] Stanley Chow, Philip A. Eisen, Harold Johnson, and Paul C. van Oorschot. A white-box DES implementation for DRM applications. In Digital Rights Management Workshop, volume 2696 of Lecture Notes in Computer Science, pages 1–15. Springer, 2002.
[DEMS21] Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer. Ascon v1.2: Lightweight authenticated encryption and hashing. J. Cryptol., 34(3):33, 2021.
[Den12] Li Deng. The MNIST database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine, 29(6):141–142, 2012.
[DLPR14] Cécile Delerablée, Tancrède Lepoint, Pascal Paillier, and Matthieu Rivain. White-box security notions for symmetric encryption schemes. In Tanja Lange, Kristin Lauter, and Petr Lisonek, editors, SAC 2013, volume 8282 of LNCS, pages 247–264. Springer, Heidelberg, August 2014.
[FVBG17] Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. IRON: Functional encryption using Intel SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, page 765–782, New York, NY, USA, 2017. Association for Computing Machinery.
[FYDX21] Shufan Fei, Zheng Yan, Wenxiu Ding, and Haomeng Xie. Security vulnerabilities of SGX and countermeasures: A survey. ACM Comput. Surv., 54(6), jul 2021.
[GIS+ 10] Vipul Goyal, Yuval Ishai, Amit Sahai, Ramarathnam Venkatesan, and Akshay Wadia. Founding cryptography on tamper-proof hardware tokens. In Daniele Micciancio, editor, TCC 2010, volume 5978 of LNCS, pages 308–326. Springer, Heidelberg, February 2010.
[GRW20] Louis Goubin, Matthieu Rivain, and Junwei Wang. Defeating state-of-the-art white-box countermeasures. IACR TCHES, 2020(3):454–482, 2020. https://tches.iacr.org/index.php/TCHES/article/view/8597.
[HB15] Máté Horváth and Levente Buttyán. The birth of cryptographic obfuscation – a survey. Cryptology ePrint Archive, Paper 2015/412, 2015. https://eprint. iacr.org/2015/412.
[JLS21] Aayush Jain, Huijia Lin, and Amit Sahai. Indistinguishability Obfuscation from Wel l-Founded Assumptions, page 60–73. Association for Computing Machinery, New York, NY, USA, 2021.
[KGP+ 21] Stefan Kölbl, Louis Goubin, Pascal Paillier, Matthieu Rivain, Aleksei Udovenko, and Junwei Wang. CHES 2021 Capture The Flag Challenge. The WhibOx Contest, 3nd Edition, 2021. https://whibox.io/contests/2021/.
[KS16] Ágnes Kiss and Thomas Schneider. Valiant’s universal circuit is practical. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part I, volume 9665 of LNCS, pages 699–728. Springer, Heidelberg, May 2016.
[LHM+ 15] Chang Liu, Austin Harris, Martin Maas, Michael Hicks, Mohit Tiwari, and Elaine Shi. Ghostrider: A hardware-software system for memory trace oblivious computation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, AS-PLOS ’15, page 87–101, New York, NY, USA, 2015. Association for Computing Machinery.
[LRD+ 14] Tancrède Lepoint, Matthieu Rivain, Yoni De Mulder, Peter Roelse, and Bart Preneel. Two attacks on a white-box AES implementation. In Tanja Lange, Kristin Lauter, and Petr Lisonek, editors, SAC 2013, volume 8282 of LNCS, pages 265–285. Springer, Heidelberg, August 2014.
[LYZ+ 21] Hanlin Liu, Yu Yu, Shuoyao Zhao, Jiang Zhang, Wenling Liu, and Zhenkai Hu. Pushing the limits of valiant’s universal circuits: Simpler, tighter and more compact. In Tal Malkin and Chris Peikert, editors, CRYPTO 2021, Part II, volume 12826 of LNCS, pages 365–394, Virtual Event, August 2021. Springer, Heidelberg.
[MLS+ 13] Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, page 311–324, New York, NY, USA, 2013. Association for Computing Machinery.
[NFR+ 17] Kartik Nayak, Christopher W. Fletcher, Ling Ren, Nishanth Chandran, Satya V. Lokam, Elaine Shi, and Vipul Goyal. HOP: hardware makes obfuscation practical. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26-March 1, 2017. The Internet Society, 2017.
[PCY+ 17] Emmanuel Prouff, Chen-Mou Cheng, Bo-Yin Yang, Thomas Baignères, Matthieu Finiasz, Pascal Paillier, and Matthieu Rivain. CHES 2017 Capture The Flag Challenge. The WhibOx Contest, 2017. https://whibox.io/contests/2017/.
[PS99] Massimiliano Poletto and Vivek Sarkar. Linear scan register allocation. ACM Transactions on Programming Languages and Systems (TOPLAS), 21(5):895– 913, 1999.
[RBBK01] Phillip Rogaway, Mihir Bellare, John Black, and Ted Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Michael K. Reiter and Pierangela Samarati, editors, ACM CCS 2001, pages 196–205. ACM Press, November 2001.
[SS17] Peter Schwabe and Ko Stoffelen. All the AES you need on Cortex-M3 and M4. In Roberto Avanzi and Howard Heys, editors, Selected Areas in Cryptography – SAC 2016, pages 180–194, Cham, 2017. Springer International Publishing.
[SW14] Amit Sahai and Brent Waters. How to use indistinguishability obfuscation: deniable encryption, and more. In David B. Shmoys, editor, 46th ACM STOC, pages 475–484. ACM Press, May/June 2014.
[Val76] Leslie G. Valiant. Universal circuits (preliminary report). In Proceedings of the Eighth Annual ACM Symposium on Theory of Computing, STOC ’76, page 196–203, New York, NY, USA, 1976. Association for Computing Machinery.
[WH21] Hongjun Wu and Tao Huang. TinyJAMBU: A family of lightweight authenticated encryption algorithms (version 2). NIST Lightweight Cryptography Finalists, 2021.
[ZYZL19] Shuoyao Zhao, Yu Yu, Jiang Zhang, and Hanlin Liu. Valiant’s universal circuits revisited: An overall improvement and a lower bound. In Steven D. Galbraith and Shiho Moriai, editors, ASIACRYPT 2019, Part I, volume 11921 of LNCS, pages 401–425. Springer, Heidelberg, December 2019.
