Field
This disclosure relates generally to electronic device security and more specifically to protecting against a relay attack in a white-box implementation.
Related Art
White-box implementations are software implementations of cryptographic algorithms in which the key is hidden from an attacker. Unlike a black-box implementation where the attacker only has access to the inputs and outputs, in a white-box implementation the attacker is assumed to have full access to and full control over the implementation. White-box cryptography is the discipline of deriving secure white-box implementations and its goal is sometimes referred to as “hiding keys in full sight”.
Even if a white-box implementation achieves its goal of hiding the key perfectly, this still leaves an attacker the option to misuse the functionality of the key. This means that an attacker who wants to illegitimately decrypt a message, does not do this by first extracting the key, but by using the cryptographic implementation. To illustrate this, consider the following relay attack on a mobile payment application. The victim has a mobile device, such as a smart phone, on which a payment application is installed together with its credentials. It is now profitable for the attacker to perform a payment using his own smart phone with the credentials that are stored on the victim's phone. The attacker may be able to extract the credentials from the victim's phone for use on the attacker's phone. Another way to use the victim's credentials is to relay the communication between the attacker's phone and the reader via the victim's phone. This is called a relay attack. For the relay attack to work, the attacker must be able to hide the relay attack from the reader and the victim's phone. The victim's payment application unwittingly uses its secret credentials to compute the output that the reader requires in order for the attacker to complete the transaction through the victim's phone.
One way to make the relay attack more difficult is to carefully limit the range of the wireless connection so that the attacker's phone has to be located very close the victim's phone. What is needed is a way to make a relay attack more difficult for an attacker in a white box implementation.