Unboxing the White-Box

Unboxing the White-Box

White Papers

Typical threat modeling applied in cryptography involves a malicious third party attempting to access either the keys used for protecting the content or the protected content itself. In this model, which we refer as the “black-box” model, the attacker is assumed to be able to observe and alter the ciphertext, without having access to the systems performing cryptographic operations.

 

In some cases, the threat model is augmented with the attacker’s ability to interact with the systems performing the crypto operation, via observation or alteration of system parts and processes. We refer to this model as the “gray-box” model, in which the attacker has access to the system, but they are still not allowed to access the key or to tamper with the cryptographic algorithm and its implementation.

 

The digitalization of goods and services has allowed the economy to transit to a new Internet era, in which immaterial goods are digitalized and exchanged over the Internet. Payments are performed by means of cryptographic processes based on delivered payment keys. The digital nature of such goods and services allows for an infinite number of copies. For this reason, the associated business models rely not so much on the availability of the good but in the authorization to actually use it. A user who has access to the goods might not be able to “consume” the good unless authorized by the selling party.

 

For this model to work, a user must be given access to the purchased goods but not the keys protecting the content. On the other hand, the user could be the attacker, having the interest and the motivation for obtaining wider and more extended access to the purchased goods, bypassing the security implemented.

 

The black-box and gray-box threat models are insufficient for describing such a context. Both models rely on having two friendly parties communicating, while the attacker is none of the parties. In the described scenario, instead, the attacker can be one of the communicating parties, which must have limited and controlled access to the provided goods or service. This explains the need for a different threat model, which we will refer to as “white-box” model.