Biblio
Filters: Author is Bao, Zhejing [Clear All Filters]
A White-Box SM4 Implementation by Introducing Pseudo States Applied to Edge IoT Agents. 2022 4th Asia Energy and Electrical Engineering Symposium (AEEES). :154–160.
.
2022. With the widespread application of power Internet of Things (IoT), the edge IoT agents are often threatened by various attacks, among which the white-box attack is the most serious. The white-box implementation of the cryptography algorithm can hide key information even in the white-box attack context by means of obfuscation. However, under the specially designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, by introducing pseudo states, a new white-box implementation of SM4 algorithm is proposed. The encryption and decryption processes are implemented in the form of matrices and lookup tables, which are obfuscated by scrambling encodings. The introduction of pseudo states could complicate the obfuscation, leading to the great improvement in the security. The number of pseudo states can be changed according to the requirements of security. Through several quantitative indicators, including diversity, ambiguity, the time complexity required to extract the key and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, compared with the existing schemes under similar memory occupation.
A Nonlinear White-Box SM4 Implementation Applied to Edge IoT Agents. 2021 IEEE 5th Conference on Energy Internet and Energy System Integration (EI2). :3358–3363.
.
2021. With the rapid development of power Internet of Things (IoT), the ubiquitous edge agents are frequently exposed in a risky environment, where the white-box attacker could steal all the internal information by full observation of dynamic execution of the cryptographic software. In this situation, a new table-based white-box cryptography implementation of SM4 algorithm is proposed to prevent the attacker from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, in order to make our implementation more practical in the resource-constrained edge IoT agent, elaborate design is proposed to make some tables reusability, leading to less memory occupation while guaranteeing the security. The validity and security of the proposed implementation will be illustrated through several evaluation indicators.