Research And Implementation Of White Box Security Technology In Mobile Applications

With the rapid development of mobile phone and the growing popularity of mobile Internet,the mobile payment system based on NFC without networking,is gradually improving. Meanwhile,more and more smart phones have been equipped with NFC module due to the promotion of Apple pay in China. The operating system of Android 4.4 has supported the HCE technology, which is emulating a virtual card using the application on host. Therefore, the form of mobile payment has been enriched. However, when the application communicates with the security element,or the application is emulated as a smart card, the secret key about payment should be stored either in the program or in the file. The platform of mobile phone especially for Android is an open environment,the attacker can easily get the information about secret key through debugging process or analyzing the memory. Thus, it is necessary to hide the key.White-Box cipher is a kind of confusion cryptography for the white box environment. It is mainly divided into two categories, one is based on the query box proposed by Chow, the other is based on the polynomial confusion proposed by Bringer. The core of the Chow’s is to convert the algorithm to the look-up table, in order to confuse the key with all boxes. The main idea of the Bringer’s is to convert the algorithm to the polynomial system, for the purpose of hiding the key in the equations. Therefore, the white-Box cipher will be a great choice for the confusion of the key, we can use it to solve our problem.The main works of this thesis are as follows:1. Studies the card emulation mode with SE, find the security problem when the application is communicating with secure element. 2. Focuses on two white-Box cipher algorithms, one based on the look-up table and the other based on the polynomial system. analyzes the framework of the two white box cryptography, as well as the application program.3.Presents an scheme of how to make the white-Box components, implements the algorithm with C language as well as the test of the program. Put forward the idea of the way to construct the polynomial system of AES and the confusion of the system,the implementation and test of the algorithm is similar to the chow’s did.4.Comes up with a new idea, which combine the self-modified state machine and chow’s white-Box encyption, to solve the problem. At last,the new algorithm is applied to apps of Android system, in order to establish the secure channel between the app and secure element of SD card.