Design and evaluation of a novel White-box encryption scheme for resource-constrained IoT devices

Along with significant benefits to the end-users, the Internet-of-Things (IoT) technology also brings unprecedented security challenges. IoT requires many embedded and resource-constrained devices that are usually deployed in an insecure and remote environment. This is where a White-box (WB) attack paradigm, where the attacker has complete control over the execution environment, comes into the picture. Accordingly, the possible capture of these devices makes the entire built-in cryptosystem visible to the adversary. Thus, the adversary gains complete control over the system and can potentially hinder the used cryptographic implementation. A White-box cryptographic (WBC) encryption scheme is employed to counter such WB attacks. Accordingly, we provide a scheme for hiding the private key used in the Elliptic curve encryption scheme considering the WB attack context. Precisely, we use Residue Number System (RNS)-based lookup tables to hide the private key. To show the practicality of the proposed scheme, we deploy it over a widely adopted Message Queuing Telemetry Transport for Sensor Networks (MQTT-SN) protocol. Further, we discuss the WB security goals and analyze the security and performance of the proposed scheme using the Cooja simulator. We demonstrate the feasibility of the proposed approach by comparing it with the traditional Elliptic curve encryption scheme over parameters like end-to-end delay, network throughput, average power consumption, and computational time. The obtained simulation results show that the proposed scheme provides a consistent computational cost and network efficiency, which is practical in deployments demanding a higher level of security.