WBSLT: A Framework for White-Box Encryption Based on Substitution-Linear Transformation Ciphers

includes smart city solutions from Samsara [5] , smart home systems from companies like Google [6], Samsung [7] and Apple [8] , Teladoc Health's smart healthcare and health monitoring products [9], as well as industrial IoT deployments [10] and connected vehicles [11] . The common underlying communication protocols, including LoRaWAN [12], Zigbee [13] , and Bluetooth Low Energy (BLE) [14] , all leverage AES as their core encryption mechanism to ensure secure data transmission and storage in data centers. Unlike Wi-Fi or cellular networks, which are typically equipped with high-performance devices having sufficient computing power to support complex encryption algorithms and frequent key renewal, typical IoT devices are resourceconstrained. So, they usually do not support frequent key renewal and rely on pre-shared keys for encryption. A significant vulnerability then arises when IoT devices are deployed in potentially insecure environments where attackers have full control over the device. In such scenarios, attackers can extract encryption keys, thereby compromising all data encrypted with the same key. For example, Butun et al. [15] indicate that an attacker with full access to a device running LoRaWAN v1.1 can extract AES keys due to the explicit exposure of key-related information during the Over-the-Air Activation (OTAA) key distribution process. And Camurati et al. [16] demonstrate that AES keys used in BLE can be extracted using Simple Power Analysis (SPA), exploiting the direct exposure of key material through physical access. In both cases, the key is compromised due to its direct exposure to the attacker with full control. Tournier et al. [17] also note that gateways control the network and handle all data transmission in common IoT topologies. Therefore, preventing key exposure in the gateways is more important. White-box cryptography addresses this issue by transforming cryptographic operations into protected lookup tables, preventing direct exposure of secret keys, thereby enhancing security in these vulnerable IoT ecosystems.