SDSRS: A Novel White-Box Cryptography Scheme for Securing Embedded Devices in IIoT

Yang Shi, Wujing Wei, Fangguo Zhang, Xiapu Luo, Zongjian He, Hongfei Fan

Research output: Journal article publicationJournal articleAcademic researchpeer-review

3 Citations (Scopus)

Abstract

In this article, with the rapid development of industrial Internet of Things, a large number of embedded devices, such as sensors and tag readers, have been widely deployed for gathering and sending data. These devices are commonly unreliable and vulnerable to many threats, because they are located in unattended areas which are vulnerable to device capture attacks. Such environments can be regarded as white-box attack contexts, in which the adversary has total visibility and full control of the implementations. White-box cryptography (WBC) aims to protect implementations of symmetric encryption algorithms in white-box attack contexts. Unfortunately, existing WBC schemes are vulnerable to various attacks, and most of them are insufficiently secure in strict white-box attack contexts. Based on the investigation of existing designs and the corresponding cryptanalysis, we propose a novel design approach for securing WBC schemes, which is named state-dependent selectable random substitutions (SDSRS). It uses SDSRSs to defeat various related white-box cryptanalytic approaches. With special considerations for IIoT systems, such as high performance for supporting real-time applications and small block size for fitting industrial protocols, a concrete WBC scheme designed with the proposed approach has been provided. Our theoretical analysis shows that the proposed scheme is secure. Additionally, experimental results indicate that the scheme performs well in practice, and it is significantly efficient in time and energy consumptions compared with existing secure white-box cryptographic schemes.

Original languageEnglish
Article number8770091
Pages (from-to)1602-1616
Number of pages15
JournalIEEE Transactions on Industrial Informatics
Volume16
Issue number3
DOIs
Publication statusPublished - Mar 2020

Keywords

  • Data security
  • embedded devices
  • industrial Internet of Things (IIoT)
  • software security
  • white-box cryptography

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Information Systems
  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this