Mar 23, 2015
Solutions in mobile payment and content protection often heavily rely on software to provide security. The open nature of the devices running these solutions, such as smartphones, tablets and set-top-boxes, make the software vulnerable to attacks since the attacker has complete control over the platform and software implementation. White-Box Cryptography (WBC) aims to protect cryptographic assets on such open systems, even when attackers have complete control over the platform and software implementation.
White-box cryptography turns a keyed cryptographic algorithm into an unintelligible program with the same functionality. The white-box secure program can then be executed in an untrusted environment without fear of exposing the underlying keys. The code itself is tamper-proof, just as a secure element.
Cryptography is increasingly deployed in applications that are executed on open devices (such as PCs, tablets or smartphones). The open nature of these systems makes the software extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself. This means that an attacker can easily analyse the binary code of the application, and the corresponding memory pages during execution.
The attacker can intercept system calls, tamper with the binary and its execution and use any kind of attack tool such as debuggers, emulators, etc. Such an attack context is denoted as the white-box attack context.