Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
Each variant is encrypted with a different key. In order to prevent an adversary from decrypting each variant, traps are introduced. Traps contain code that, when decrypted, forces the dongle to lock itself.
Note that the dongle is used only for determining the address of the next variant and for decrypting variant keys. The dongle has a state storage for detecting illegal sequences of variants which, like traps, causes the dongle to lock itself. This prevents replay attacks, since the hacker cannot go back to any previous point of the program without running it all over again.
The wrapper functions are moved |
into the dongle. In addition, the |
dongle has a state storage for |
detecting |
illegal |
sequences |
of |
variants. |
|
|
|
4.2 SECURITY GUARANTEE AND ASSUMPTIONS
The security goal is to prevent a hacker from constructing a copy of a protected program that can be executed without a dongle. The following will reveal how the Blurry Box scheme meets this security goal.
One attack strategy would run the program and store all variants that are decrypted during the program’ s execution. This type of attack is called a Copy-and-Paste attack. If the program is sufficiently complex, it is not feasible to retrieve all variants with this strategy, because a hacker using only a Copy-and-Paste strategy would have to run the program for an impractically large set of input values.
Hackers therefore need to find a way to go beyond Copy-and-Paste attacks. If a hacker does come up with additional variants given already decrypted ones, he could completely bypass the protection. This is where the assumption becomes important that a hacker has almost none of
IIC Journal of Innovation- 11-