Security Analyst, eShard
Guillaume Vinet is a senior security analyst in embedded devices security. He spends several years assessing the security of smart cards (banking applications, electronic passports, Integrated Circuit) or point-of-sale (POS).
His areas of expertise comprise reverse engineering of android applications and White-Box Cryptography (WBC), performing either security analyses or trainings. He has presented at various conferences including SSTIC or Whibox 2019.
“Breaking practical White-Box Cryptography”
White-Box Cryptography (WBC) enables to perform cryptographic operations without relying on a hardware component, but only on its software implementation. The goal is to keep the secret key safe when being executed in an untrusted environment, where it is reasonable to assume that an attacker has a total access to the software binary.
Once the WBC binary has been extracted, different techniques were exploited to retrieve the secret key like cryptanalysis or reverse engineering. [Bos et al., 2016] and [Bos et al., 2017] demonstrated that mimicking Hardware Side Channel Analysis or Fault Injection Attacks was another efficient way to tackle WBC.
This presentation will introduce our remote hardwear.io training entitled “Breaking practical White-Box Cryptography” that will take place from the 27th to the 30th of January 2021:
• Learn White-Box Theory and the way to tackle it in a glimpse with Side Channel Analysis or Fault Injection Attacks.
• Break them with open-source tools.
• Learn binary emulation with Unicorn.
• Fun & challenging implementation.
• WBC embedded in an Android Application.
• WBC in ARM64 native libraries with real countermeasures (device binding, emulation detection).
• WBC protected against memory access tracing or single fault injection.