2023 Volume 31 Pages 88-96
Device authentication is essential between network-connected Internet of Things (IoT) devices and the systems connected to them to prevent security threats, such as leakage and tampering of information. However, there are cases where IoT devices with limited manufacturing costs do not have secure key storages. As cryptographic communication and authentication using symmetric keys may suffer from various attack opportunities, such devices should be secured against the white-box adversary, which can fully access the executing environment and the memory.
In this study, we propose two secure encryption schemes in the white-box model. The proposed scheme utilizes a space-hard cipher and physically unclonable function (PUF) in a hybrid manner to prevent key extraction and code lifting attacks in the white-box model. In this scheme, the security is maintained at the same level similar to that of the Even-Mansour cipher by periodically changing the whitening key without updating the key of the space-hard cipher, even after the space-hard cipher is stolen by code lifting attacks. Therefore, this scheme can achieve a significant level of security against key extraction and code lifting by low-cost updating only the whitening keys.
