Mohamed Karroumi

Protecting white-box AES with dual ciphers

In order to protect AES software running on untrusted platforms, Chow et al. (2002) designed a white-box implementation. However, Billet et al. (2004) showed that the secret key can be extracted with a time complexity of 230. In this paper, we present an improved whitebox implementation of AES. We use dual ciphers to modify the state and key representations in each round as well as two of the four classical AES operations, SubBytes and MixColumns. We show that, with 61200 possible dual ciphers the complexity of Billet et al. attack is raised to 291. Interestingly, our white-box implementation does not require more memory space than that of Chow et al. implementation.

Addition with Blinded Operands

The masking countermeasure is an efficient method to protect cryptographic algorithms against Differential Power Analysis (DPA) and similar attacks. For symmetric cryptosystems, two techniques are commonly used: Boolean masking and arithmetic masking. Conversion methods have been proposed for switching from Boolean masking to arithmetic masking, and conversely. The way conversion is applied depends on the combination of arithmetic and Boolean/logical operations executed by the underlying cryptographic algorithm.

Memory-efficient fault countermeasures

An efficient countermeasure against fault attacks for a right-to-left binary exponentiation algorithm was proposed by Boscher, Naciri and Prouff (WISTP, 2007). This countermeasure was later generalized by Baek (Int. J. Inf. Sec., 2010) to the 2w -ary right-to-left algorithms for any

Laundering and Repackaging of Multimedia Content in Content Distribution Systems

w \geqslant 1

Methods and devices for a chained encryption mode

(the case w =1 corresponding to the method of Boscher, Naciri and Prouff). In this paper, we modify theses algorithms, devise new coherence relations for error detection, and reduce the memory requirements without sacrificing the performance or the security. In particular, a full register (in working memory) can be gained compared to previous implementations. As a consequence, the implementations described in this paper are particularly well suited to applications for which memory is a premium. This includes smart-card implementations of exponentiation-based cryptosystems.

Method and device for secured entry of personal data

Content distribution systems enable the secure distribution of multimedia content. At the same time, and sometimes more importantly, they should also disable the illegal [re-]distribution of multimedia content. This paper identifies different types of attacks on current systems: laundering attacks and repackaging attacks. The attacks are described generically so that they may apply to most systems used for distributing protected content to set of users. First hints to prevent such attacks are also discussed.