Abstract
Practical software hardening schemes, as well as practical encryption schemes, e.g., AES, are heuristic and do not rely on provable security. One technique to enhance security is robust combiners. An algorithm C is a robust combiner for specification S, e.g., privacy, if for any two implementations X and Y , of a cryptographic scheme, the combined scheme C(X, Y ) satisfies S provided either X or Y satisfy S.
We present the first robust combiners for software hardening, specifically for White-Box Remote Program Execution (WBRPE) [10]. WBRPE is a software hardening technique that is employed to protect execution of programs in remote, hostile environment. WBRPE provides a software only platform allowing secure execution of programs on untrusted, remote hosts, ensuring privacy of the program, and of the inputs to the program, as well as privacy and integrity of the result of the computation.
Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of reductions and code manipulation.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. In: SP 2001: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, vol. 2. IEEE Computer Society, Los Alamitos (2001)
Boneh, D., Boyen, X.: On the impossibility of efficiently combining collision resistant hash functions
Cachin, C., Camenisch, J., Kilian, J., Muller, J.: One-round secure computation and secure autonomous mobile agents. In: Automata, Languages and Programming, pp. 512–523 (2000), http://citeseer.ist.psu.edu/article/cachin00oneround.html
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. University of Auckland Technical Report, 170 (1997)
Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES–the Advanced Encryption Standard. Springer, Heidelberg (2002)
Even, S., Goldreich, O.: On the power of cascade ciphers. In: Chaum, D. (ed.) Proc. CRYPTO 1983, pp. 43–50. Plenum Press, New York (1984)
Fischlin, M., Lehmann, A.: Multi-Property Preserving Combiners for Hash Functions
Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On robust combiners for oblivious transfer and other primitives. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005)
Herzberg, A., Shulman, H., Saxena, A., Crispo, B.: Towards a theory of white-box security. In: Proceedings of Emerging Challenges for Security, Privacy and Trust: 24th Ifip Tc 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, p. 342. Springer, Heidelberg (2009)
Herzberg, A.: Folklore, practice and theory of robust combiners. Cryptology ePrint Archive, Report 2002/135 (2002), http://eprint.iacr.org/
Meier, R., Przydatek, B.: On robust combiners for private information retrieval and other primitives. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 555–569. Springer, Heidelberg (2006)
Mitchell, C., et al.: Trusted Computing. Trusted computing, p. 1 (2005)
Spalka, A., Cremers, A.B., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by Trojan Horse programs. In: Proceedings of the 16th International Conference on Information Security: Trusted Information: The New Decade Challenge, pp. 403–419 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Herzberg, A., Shulman, H. (2010). Robust Combiners for Software Hardening. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-13869-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13868-3
Online ISBN: 978-3-642-13869-0
eBook Packages: Computer ScienceComputer Science (R0)