Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
RSA cryptosystem. These problems usually are stated with a parameter for their scale, used mostly to indicate the key length.
The term“ hard to solve” has a specific meaning in cryptography: The problem is not only difficult, but its difficulty grows exponentially as the scale increases. For state-of-the-art cryptosystems, for example, RSA encryption with 2048 bit keys 3, these scales are high enough to make finding solutions practically impossible, even given all the computation power in the world.
Additionally, cryptography has evolved from statements like“ this looks random” into a science with exact definitions and rigorous proofs based on mathematical concepts, mostly from algebra, number theory, and probability theory. Such proofs always use the abstract concept of an attacker, without defining one specific strategy. Similar to the concept of known or chosen plaintext attacks, defining the attacker usually results in a stronger notion of security – assuming security can still be proven and the proof is correct.
Therefore, it is common practice to publish a new cryptographic system with a proof and exact description of security properties. Abiding by Kerckhoffs’ Principle, this does not compromise the security of the system, because the security of each instance depends on the cryptographic keys. Publication is considered very important, because only it can establish that Kerckhoffs’ Principle applies, and everyone can validate the proof.
3. COPY PROTECTION
Companies are interested in preventing the unauthorized reproduction of software and intellectual property. Over the years, various methods have been designed, but a hidden conflict remains: Software should be able to operate unhindered by the protection methods. At the same time, the protection methods should make it difficult to reproduce or recreate the software.
3.1 COMMON PRACTICE AND THE ARMS RACE
In the past, most copy protection relied on security through obscurity. The reason for this is that to run an algorithm, it has to be available to regular users. At best, these mechanisms can make it more difficult to analyze a program, but not on the scale required for a cryptographically hard problem. An example of this is code obfuscation, which increases the effort to analyze and reverse-engineer the algorithm, but does not make it practically impossible.
Therefore, copy protection schemes and the closely related digital rights management are usually only secure for some time, until an attacker determines the method, and security through obscurity fails. Once an attack is published, developers go on to release the next version of their schemes. However, this results in an arms race between the developers of software protection and the people trying to break it.
3
Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 4, NIST, 01 / 2016
- 8- June 2016