This study presents a groundbreaking approach to the ever-evolving challenge of ransomware detection. A lot of detection methods predominantly rely on pinpointing high-entropy blocks, which is a hallmark of the encryption techniques commonly employed in ransomware. These blocks, typically difficult to recover, serve as key indicators of malicious activity. So far, many neutralization techniques have been introduced so that ransomware utilizing standard encryption can effectively bypass these entropy-based detection systems. However, these have limited capabilities or require relatively high computational costs. To address these problems, we introduce a new concept <i>entropy sharing</i>. This method can be seamlessly integrated with every type of cryptographic algorithm and is also composed of lightweight operations, masking the high-entropy blocks undetectable. In addition, the proposed method cannot be easily nullified, contrary to simple encoding methods, without knowing <i>the order of shares</i>. Our findings demonstrate that <i>entropy sharing</i> can effectively bypass entropy-based detection systems. Ransomware utilizing such attack methods can cause significant damage, as they are difficult to detect through conventional detection methods.

Power analysis poses a significant threat to the security of cryptographic algorithms, as it can be leveraged to recover secret keys. While various software-based countermeasures exist to mitigate this non-invasive attack, they often involve a trade-off between time and space constraints. Techniques such as masking and shuffling, while effective, can noticeably impact execution speed and rely heavily on run-time random number generators. On the contrary, internally encoded implementations of block ciphers offer an alternative approach that does not rely on run-time random sources, but it comes with the drawback of requiring substantial memory space to accommodate lookup tables. Internal encoding, commonly employed in white-box cryptography, suffers from a significant security limitation as it does not effectively protect the secret key against statistical analysis. To overcome this weakness, this paper introduces a secure internal encoding method for an AES implementation. By addressing the root cause of vulnerabilities found in previous encoding methods, we propose a balanced encoding technique that aims to minimize the problematic correlation with key-dependent intermediate values. We analyze the potential weaknesses associated with the balanced encoding and present a method that utilizes complementary sets of lookup tables. In this approach, the size of the lookup tables is approximately 512KB, and the number of table lookups is 1,024. This is comparable to the table size of non-protected white-box AES-128 implementations, while requiring only half the number of lookups. By adopting this method, our aim is to introduce a non-masking technique that mitigates the vulnerability to statistical analysis present in existing internally-encoded AES implementations.

This study presents a groundbreaking approach to the ever-evolving challenge of ransomware detection. A lot of detection methods predominantly rely on pinpointing high-entropy blocks, which is a hallmark of the encryption techniques commonly employed in ransomware. These blocks, typically difficult to recover, serve as key indicators of malicious activity. So far, many neutralization techniques have been introduced so that ransomware utilizing standard encryption can effectively bypass these entropy-based detection systems. However, these have limited capabilities or require relatively high computational costs. To address these problems, we introduce a new concept <i>entropy sharing</i>. This method can be seamlessly integrated with every type of cryptographic algorithm and is also composed of lightweight operations, masking the high-entropy blocks undetectable. In addition, the proposed method cannot be easily nullified, contrary to simple encoding methods, without knowing <i>the order of shares</i>. Our findings demonstrate that <i>entropy sharing</i> can effectively bypass entropy-based detection systems. Ransomware utilizing such attack methods can cause significant damage, as they are difficult to detect through conventional detection methods.

Power analysis poses a significant threat to the security of cryptographic algorithms, as it can be leveraged to recover secret keys. While various software-based countermeasures exist to mitigate this non-invasive attack, they often involve a trade-off between time and space constraints. Techniques such as masking and shuffling, while effective, can noticeably impact execution speed and rely heavily on run-time random number generators. On the contrary, internally encoded implementations of block ciphers offer an alternative approach that does not rely on run-time random sources, but it comes with the drawback of requiring substantial memory space to accommodate lookup tables. Internal encoding, commonly employed in white-box cryptography, suffers from a significant security limitation as it does not effectively protect the secret key against statistical analysis. To overcome this weakness, this paper introduces a secure internal encoding method for an AES implementation. By addressing the root cause of vulnerabilities found in previous encoding methods, we propose a balanced encoding technique that aims to minimize the problematic correlation with key-dependent intermediate values. We analyze the potential weaknesses associated with the balanced encoding and present a method that utilizes complementary sets of lookup tables. In this approach, the size of the lookup tables is approximately 512KB, and the number of table lookups is 1,024. This is comparable to the table size of non-protected white-box AES-128 implementations, while requiring only half the number of lookups. By adopting this method, our aim is to introduce a non-masking technique that mitigates the vulnerability to statistical analysis present in existing internally-encoded AES implementations.

To enhance security in the semiconductor industry's globalized production, the Defense Advanced Research Projects Agency (DARPA) proposed an authentication protocol under the Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program. This protocol integrates a secure hardware root-of-trust, known as a dielet, into integrated circuits (ICs). The SHIELD protocol, combined with the Advanced Encryption Standard (AES) in counter mode, named CTR-SHIELD, targets try-and-check attacks. However, CTR-SHIELD is vulnerable to desynchronization attacks on its counter blocks. To counteract this, we introduce the DTR-SHIELD protocol, where DTR stands for double counters. DTR-SHIELD addresses the desynchronization issue by altering the counter incrementation process, which previously solely relied on truncated serial IDs. Our protocol adds a new AES encryption step and requires the dielet to transmit an additional 100 bits, ensuring more robust security through active server involvement and message verification.

ABSTRACT Quantum computing environments make block ciphers susceptible to exhaustive key search attacks utilizing Grover's algorithm. However, such quantum‐based attacks remain impractical unless the targeted cipher is directly implemented on a quantum platform. Moreover, their efficiency significantly depends on the quantum circuit design and optimization of the block cipher in question. The cost of a quantum circuit implementation is typically measured by two main metrics: the number of qubits and the circuit depth ( T ‐depth). For most block ciphers, the S‐box is the principal factor contributing to increased T ‐depth and additional qubit requirements. This paper presents a method for generating quantum circuits directly from lookup tables of S‐boxes applicable to arbitrary block ciphers. We illustrate our approach using quantum circuit implementations of the PRESENT and DES ciphers as practical examples. Our proposed method is expected to efficiently implement arbitrary S‐boxes by employing polynomial evaluation, thus balancing time–space complexity.

ABSTRACT The most critical aspect of building a key management system is establishing a secure key storage mechanism. Hardware‐based methods for implementing secure key storage are often costly and lack flexibility. This paper proposes a software‐based approach to create a secure key storage. To achieve this, the encoded round keys are connected to a white‐box key scheduling implementation. Specifically, we demonstrate a technique for generating lookup tables for white‐box cryptography that takes the encoded round keys as input. Using this technique, we show that the confidentiality of the secret key can be maintained from the key storage to the lookup table generation for white‐box cryptography.

ABSTRACT The evolution of connected and autonomous vehicles (CAVs) and software‐defined vehicles (SDVs) accelerates the transition of in‐vehicle networks to automotive Ethernet (AE)‐centric zonal architectures to satisfy higher bandwidth and scalability requirements. However, this transition introduces increasing security challenges in automotive electronic control units (ECUs). In particular, as the medium for live video streaming migrates from point‐to‐point low‐voltage differential signaling (LVDS) to switched AE, secure video transmission becomes significant for ECUs with limited CPU resources. Existing SRTP/AES configurations are not tailored to raw‐format live video over AE and can exceed CPU budgets, motivating a lightweight, implementation‐ready solution. Therefore, this research proposes a lightweight encryption scheme for raw‐format live video streaming over AE, implemented by integrating a reduced‐round AES‐ICM into a GStreamer/libsrtp pipeline. The evaluation on a testbed demonstrates that the proposed scheme outperforms a conventional encryption scheme in terms of CPU overhead, throughput, latency, and frame rate, offering practical guidance for CPU‐constrained ECUs in AE‐centric architectures.

ABSTRACT In order‐preserving encryption, it was discovered that utilising a hypergeometric probability distribution exposed information about half of the plaintext bits and their respective distances. To address this vulnerability, mutable order‐preserving encoding was introduced as a solution, but it still suffered from revealing the plaintext distribution and exhibiting high correlation. In an effort to overcome these limitations, Lee and Jho proposed a multi‐tree approach that utilises the binary tree invariant and its inverse, resulting in increased complexity for client operations. In this paper, we propose a novel multi‐tree approach to mutable order‐preserving encoding that, by introducing a secret offset at the client side, not only simplifies the server‐side structure but also reduces overall system complexity. To validate the effectiveness of our approach, we conducted comprehensive experiments using the TPC‐C benchmark dataset, evaluating encoding time and query performance across varying data scales. The results demonstrate that our scheme achieves 36% higher encoding efficiency compared to existing multi‐tree methods.

White-box cryptographic implementations often use masking and shuffling as countermeasures against key extraction attacks. To counter these defenses, higher-order Differential Computation Analysis (HO-DCA) and its variants have been developed. These methods aim to breach these countermeasures without needing reverse engineering. However, these non-invasive attacks are expensive and can be thwarted by updating the masking and shuffling techniques. This paper introduces a simple binary injection attack, aptly named clear & return, designed to bypass advanced masking and shuffling defenses employed in white-box cryptography. The attack involves injecting a small amount of assembly code, which effectively disables run-time random sources. This loss of randomness exposes the unprotected lookup value within white-box implementations, making them vulnerable to simple statistical analysis. In experiments targeting open-source white-box cryptographic implementations, the attack strategy of hijacking entries in the Global Offset Table (GOT) or function calls shows effectiveness in circumventing run-time countermeasures.

Abstract This paper introduces a novel software‐based approach to enhancing stack smashing protection in C/C++ applications, specifically targeting return‐oriented programming attacks, which remain a significant threat to firmware and software security. Traditional canary‐based protections are vulnerable to brute‐force and format string attacks. Additionally, many stack protection mechanisms require access to the source code or recompilation, complicating the security of existing binaries. This paper proposes a new method, aptly named , that modifies the canary‐based protection mechanism by altering the code responsible for canary insertion and verification. This change ensures the integrity of the return address while maintaining the original code size, allowing for seamless interoperability without the need for recompilation or additional hardware. The approach can be automated using a Python script, which modifies existing canary‐based binaries with only 26 bytes of machine code on the 86‐64 platform. Moreover, this approach can be easily adapted to other platforms, including 86 and ARM64.