Funded by STW (HTSM)
Duration: September 2016 - September 2020
Contact: Wil Michiels
In electronic devices there is a trend to implement even more functionality in software instead of hardware. Software has the advantage of being less costly, more scalable, easier to personalize and easier to update. This trend exists also for security-sensitive functionality. For instance, payment schemes are increasingly running on the host CPU of a mobile phone instead of in secure hardware. A critical question now becomes how to hide secret data and algorithms in software that is running on a fully open platform. The challenge here is that an attacker should be assumed to have full access to and full control over the execution environment. This question is particularly relevant for cryptographic keys. For hardware implementations, the protection of keys is a well studied topic, and evaluation labs are well able to judge the security level of an implementation. For software, however, the evaluation of such solutions, called white-box implemetations, is still in is infancy and evaluation labs are not yet able to rate their security level. This project aims to improve our knowledge of white-box cryptography and white-box attacks to the point where certification of software security becomes meaningful.