Software tamper resistance based on white-box SMS4 implementation

Abstract

In software protection, we’ve always faced the problem that an attacker is assumed to have full control over the target software and its execution. This is similar to the attack model in white-box cryptography, which aims to provide robust and secure implementations of cryptographic schemes against white-box attacks. In this paper, we propose our tamper-resistance technique, Siren, that uses white-box implementation to make software tamper resistant. We interpret the binary of software code as lookup table and incorporate these tables into the underlying white-box SMS4 implementation. In addition, we prove that Siren has good performance in security, and show the lower space complexity and higher efficiency. Finally, we present CBC-Siren, a white-box encryption scheme using CBC mode, which can provide protection to code with flexible size.