IIC Journal of Innovation 3rd Edition | Page 13

Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
the domain knowledge necessary to create the program code . Neither should the hacker be able to learn the inner workings of the software . The latter is called the assumption of the inherent complexity of program code , which can be formalized as follows : Given a subset of variants , a hacker should not be able to create additional ones .
Not all programs allow for creating variants with the above-mentioned security property .
For instance , a simple program such as “ Hello World ” does not have this property and cannot be protected by the Blurry Box scheme . Only programs that are sufficiently complex can be protected effectively . Note that not the whole program has to fulfill this requirement ; it suffices if only a part of it is sufficiently complex . Typically , this complex part is exactly the critical part that needs to be protected . Programs that meet this requirement include video games , raster graphics editors , and feedback control systems .
In accordance with the principles of modern cryptography , the security of the Blurry Box scheme can be proven rigorously based on falsifiable assumptions . To this end , a mathematical security model was conceived that is tailored to this setting . In this model , security is not an absolute factor , but defined by comparison . More specifically , security is defined by comparing every conceivable attack on the Blurry Box scheme with the mentioned Copy-and-Paste attack . This definition is reasonable , since Copy-and-Paste attacks cannot be prevented , but become practically infeasible and therefore not a security concern . It can be proven that no attack strategy can do better than the Copy-and-Paste strategy .
Formally , this means that , for every attack strategy , there exists a Copy-and-Paste attack that retrieves the same number of variants with the same number of dongle calls . The proof is based on three assumptions :
1 ) The security of the encryption scheme ( IND-CCA2 security ) 7 , 2 ) The security of the dongle ( the key is not extractable ) and 3 ) The assumption on the inherent complexity of the program code .
IND-CCA2 security is a well-established security notion for encryption schemes . Intuitively , an encryption scheme is IND-CCA2 secure if no adversary can gain any information about a plaintext by analyzing a corresponding ciphertext , even if he can decrypt other arbitrary ciphertexts . The encryption scheme in the Blurry Box scheme has to be IND-CCA2 secure , because a hacker – analyzing the ( encrypted ) program code – has access to the dongle that contains the secret key .
4.3 CORRECTNESS
The protected program has the same functionality as the original , as each mechanism preserves the functionality of the original program . This holds for variant encryption : By design , each variant yields the same values as the original function block for restricted input sets . All variants
7
Katz , Jonathan , and Yehuda Lindell , “ Introduction to modern cryptography ,” CRC press , 2014
- 12 - June 2016