The Internet provides users with convenient and ubiquitous access to digital content. Because the Internet is a powerful distribution channel, many user devices strive to directly access the Internet. The user devices may include a personal computer, laptop computer, set-top box, Internet enabled media player, mobile telephone, smart phone, tablet, mobile hotspot, or any other device that is capable of accessing the Internet. The use of the Internet as a distribution medium for copyrighted content creates the compelling challenge to secure the interests of the content provider. Increasingly, user devices operate using a processor loaded with suitable software to render (playback) digital content, such as audio and/or video. Control of the playback software is one way to enforce the interests of the content owner including the terms and conditions under which the content may be used. Previously many user devices were closed systems. Today more and more platforms are partially open. Some users may be assumed to have complete control over and access to the hardware and software that provides access to the content and a large amount of time and resources to attack and bypass any content protection mechanisms. As a consequence, content providers must deliver content to legitimate users across a hostile network to a community where not all users or user devices can be trusted.
Cryptographic algorithms are typically designed with the black attack model in mind. This means that the attacker is assumed to have only access to the input/output behavior of the algorithm. In practice, however, an attacker typically has access to more information. The attacker may, for instance, have access to side-channel information on the execution of the algorithm. In this case, the attack model is referred to as being grey-box. In the most extreme case, called the white-box attack model, an attacker may even have full access to and full control over the execution environment running the algorithm.
In the white-box attack model, secure software applications may be called upon to carry out various functions such as, for example, cryptographic functions used to protect and authenticate digital content. In order to counter attacks, these algorithms have to be obfuscated (hidden) in order to prevent reverse engineering and modification of the algorithm or prohibit obtaining the user-specific secure information. Accordingly, the functions of the secure software application may be carried out by various functions as defined by the instruction set of the processor implementing the secure software. For example, one way to obscure these functions is by the use of lookup tables.
Content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted. In some cases the user devices may have a hardware cryptographic solution to assist in the distribution of content. Even though this hardware solution may only allow observation of the input and output, it may also be possible as described above for an attacker to gain access to side channel information that allows the attacker to defeat the cryptographic function.
The situation where a hardware cryptographic solution is not possible has led to the development of white-box cryptography. In the white-box cryptography scenario it is assumed that the user has complete control of the hardware and software that provides access to the content, and an unlimited amount of time and resources to attack and bypass any content protection mechanisms. The secure software code that enforces the terms and conditions under which the content may be used should be tamper resistant. Digital rights management is a common application of secure software applications. The general approach in digital rights management for protected content distributed to user devices is to encrypt the digital content using for example, DES (Data Encryption Standard), AES (Advanced Encryption Standard), or using other known encryption schemes, and to use decryption keys to recover the digital content. These decryption keys must be protected to prevent unauthorized access to protected material.
In the digital right management scenario, the attacker has complete control of the software enforcing the management and access to the protected content. Accordingly, the attacker can modify software and also seek to obtain cryptographic keys used to encrypt the protected content. Such keys may be found by analyzing the software
Both white-box and grey-box implementations of cryptographic functions are subject to side-channel attacks. Such attacks may successful in defeating the cryptographic functions.