You are looking at a specific version 20090425:125117 of this paper. See the latest version.

Paper 2008/087

Towards a Theory of White-Box Security

Amir Herzberg and Haya Shulman and Amitabh Saxena and Bruno Crispo

Abstract

Program hardening for secure execution in remote untrusted environment is an important yet elusive goal of security, with numerous attempts and efforts of the research community to produce secure solutions. Obfuscation is the prevailing practical technique employed to tackle this issue. Unfortunately, no provably secure obfuscation techniques currently exist. Moreover, Barak et. al., showed that not all programs can be obfuscated. Theoretical research exhibits provably secure albeit inefficient constructions, e.g. using tools from encrypted domain. We present a rigorous approach to software execution in remote environment based on a new white box primitive, the White Box Remote Program Execution (WBRPE), whose security specifications include confidentiality and integrity of both the local and the remote hosts. WBRPE can be used for many applications, e.g. grid computing, digital rights management, mobile agents. We then present a construction of a specific program such that if there exists a secure WBRPE for that program, then there is a secure WBRPE for any program, reducing its security to the underlying WBRPE primitive. The security of WBRPE construction is established by reduction among two white box primitives and it introduces new techniques of programs manipulation.

Note: Updated the contact author.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. 24th IFIP International Information Security Conference
Keywords
obfuscationwhite box securityprovable security
Contact author(s)
haya shulman @ gmail com
History
2009-04-25: revised
2008-02-28: received
See all versions
Short URL
https://ia.cr/2008/087
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.