Protecting software running in a malicious computer is the objective. Closely related to antitampering techniques are obfuscation techniques, which make code difficult to understand or analyze and therefore, challenging to modify meaningfully. Tamper proofing is to code as encryption is to data. David aucsmith is the chief scientist and federal practice lead for darklight, a company specializing in. Tamper resistant software by integritybased encryption. Making software tamper resistant is the challenge for software protection. Fifth smart card research and advanced application. Attackers may try to carry out buffer overflow attacks to look for the right of entry to systems access to system. Tamper resistant software design and implementation david. Since the seminal work of aucsmith, a great deal of research.
A survey on software protection techniques against various attacks. Obfuscation, checksums and much more when software has been made tamper proof, it is protected against reverse engineering and modifications. Tamper resistant software through dynamic integrity checking. Security, tamper resistant software, software protection. A generic attack on hashingbased software tamper resistance submitted by glenn wurster. In this lab course, students will first learn about the state of the art in software based and hardwareaided tamper proofing fields. Tamper resistant devices or features are common on packages to deter package or product tampering. Omit last half of page 322, all of pages 3234, first half of page 325, page 328 below integrity verification protocol, all of pages 329331.
The university of auckland compsci 725 fc lectures. A secure and robust approach to software tamper resistance. Tamper resistant software through dynamic integrity checking ping wang. Software tamper resistance through dynamic program monitoring brian blietz, akhilesh tyagi dept. Abstract software security and protection plays an important role in software engineering. Software tamper resistance mechanisms have increasingly assumed significance as a technique to prevent unintended uses of software. Bibliography i intend to keep a collection of links at the books web page.
One process monitor process, mprocess is designed explicitly to monitor the control flow of the main program process pprocess. Tampering occurs when an attacker makes unauthorized changes to a computer software program such as overcoming password access, copy protection or timeout algorithms. The compilation phase compiles the software into two co. Overcoming trial version software cracking using a. Pappas, editors, human vision and electrtonic imaging ii, volume 3016, san jose, ca, usa, february 1997.
David aucsmith is a senior computer scientist and technology leader currently working as the chief scientist and federal practice manager for. Extended results 1 hardwareassisted circumvention of. This paper describes a two instructionstream twoprocess model for tamper resistance. The measures involved can be passive such as obfuscation to make reverse engineering difficult or active tamper detection techniques which aim to make a program malfunction or not operate at all if modified. A taxonomy of software integrity protection techniques. The second group, code obfuscation, protects the software from reverse engineering attacks. Hardwareassisted circumvention of selfhashing software tamper resistance p. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. Microservices expose a wider attack surface, exhibit a more dynamic behaviour and change more rapidly, which make security a. The present invention relates generally to computer software, and more specifically, to a method and system of making computer software resistant to tampering and reverse engineering. Anti tamper software or tamperresistant software is software which makes it harder for an attacker to modify it. International workshop on information hiding, 1996. A thorough investigation on software protection techniques.
Software tamper resistance through dynamic program monitoring. Tamper resistance and hardware security partii security, computer laboratory, 03 february 2014 why do we need hardware security. Obfuscation, watermarking, and tamperproofing for software protection, jasvir nagra, christian collberg, pearson education, jul 24, 2009. Lncs 3320 tamper resistant software by integritybased encryption. Such selfhashing is the basis of aucsmith s original proposal for tamper resistant software 12. Theft of service attacks on service providers satellite tv, electronic meters, access cards, software protection dongles access. Watermarking, tamper proofing, and obfuscation tools for software protection abstract.
Leviton releases decora smart wifi tamperresistant outlet. A survey on software protection techniques global journal of. Cited on pages 456 and 562 difficult to read and impossible for mere mortals like myself to comprehend. Later on, the participating students in groups of two will apply the acquired knowledge in practice hands on by implementing a selected set of the software based measures. Two new attacks on authentication protocols, in ieee transactions on software engineering, v 23 no 3 mar 1997, pp 185186. Software engineering for security proceedings of the. Considerable attempts have been made to enhance the security of the computer systems. The author wishes to canadas national sciences and engineering research council nserc for their. Adequate protection of digital copies of multimedia content both audio and video is a prerequisite to the distribution of this content over networks. The center for education and research in information assurance and security cerias is currently viewed as one of the worlds leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure. All participants of this lab must fillin a disclaimer and hand it to the instructors in original hardcopy form, before the end of the first lab session. This paper was originally published in the proceedings of.
Similarly, aucsmith 5 presents a practical obfuscation method designed not to leak information. The latter technique relies on trusted tamper proof hardware with limited capability. Lncs 3320 tamper resistant software by integritybased. On dependable and secure computing 1 hardwareassisted circumvention of selfhashing software tamper resistance p. Hardwareassisted circumvention of selfhashing software tamper. Domestic and international researches of webpages tamper resistant technologies and products have following major issues. Architectural support for copy and tamper resistant software. Software engineering for security acm digital library. Tampering refers to making unauthorized changes to software, such as bypassing password checks, which are of benefit to the tamperer or of detriment to the provider or vendor of the software. Since any device or system can be foiled by a person with sufficient knowledge, equipment, and time, the term tamperproof is a misnomer unless some limitations on the tampering partys resources is explicit or assumed. We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses.
Their protection scheme relies on a complex network of software guards which mutually verify each others integrity and. In this paper, we present and explore a methodology. Reverse engineering is a process in which an attacker utilizes offensive tools to dis. Software tamper resistance through dynamic program.
Attackers may try to carry out buffer overflow attacks to look for the. Thus, tampering does not denote arbitrary destructive changes, such. Tamper resistance ranges from simple features like screws with special drives, more complex devices that render themselves inoperable or encrypt all data transmissions between individual chips, or use of materials needing special tools and knowledge. Obfuscation 2,3 is a major example and it attempts to thwart reverse engineering by making it hard to understand the behavior of a program. Protecting the reliability of software platforms, particularly in unmanaged customer computing systems is a tough task. Watermarking, tamperproofing, and obfuscation tools for. The software tamper resistance technique presented in this paper is an application of whitebox cryptography in the sense that the technique makes the correct operation of the whitebox implementation of a block cipher dependent on the integrity of software. Studies cyber security cyber warfare and cybercrime. Modern compression algorithms allow substantial bitrate reduction while maintaining highfidelity.
An implementation, proceedings of the first international workshop on information hiding, p. The present invention relates to a method and system of making computer software resistant to tampering and reverse engineering. To our knowledge, aucsmith 2 was the first to introduce the. Furthermore, it appears that for nearly all systems currently on the market, a successful attack on one particular instance of the drm software immediately applies to all instances of the software. This approach comprises of one or more program alterations that alter a program in such a. In 96 aucsmith 1 introduced a scheme to implement tamper resistant software. Watermarking, tamperproofing, and obfuscation computer science. Use the link below to share a fulltext version of this article with your friends and colleagues. Osa intellectual property protection systems and digital.
Keywords tamper proofing, integrity protection, taxonomy, software protection, soft. Development of technology for the prevention of soft ware piracy is. An implementation, in information hiding workshop, rj anderson ed, lncs 1174, pp. Revisiting software protection carleton university. Code mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it.
David aucsmith, university of washington, applied physics laboratory, faculty member. Appealing aspects of this approach to software tamper resistance include the promise of being able to verify the integrity of software. Tamper proofing is a combination of many techniques. That is, if an attacker modies the software, the whitebox imple. Software piracy, reverse engineering, and tampering are the problems. For white hawks way of tamper proofing, the use of a computer is essential. In hiding information hiding, first international workshop, volume 1174, pages 317333. Webpages tamper resistant products are mainly developed based on software. These three types of attack software piracy, malicious reverse engineering, and.
Secure routing with tamper resistant module for mobile ad hoc networks joohan song, vincent wong and victor leung department of electrical and computer engineering the university of british columbia 2356 main mall, vancouver, bc, canada v6t 1z4 email. Until recently digital audio and video content has been protected by its size. David aucsmith is a senior computer scientist and technology leader currently working as the chief scientist and federal practice manager for darklight and as a senior principal research. Appealing aspects of this approach to software tamper resistance include the. Tamperproofing, conceptually, is a methodology used to hinder, deter or detect unauthorised access to a device or circumvention of a security system. It is essentially tamper resistance implemented in the software domain. Stubblebine, techniques for trusted software engineering, proceedings of the 20th international conference on software engineering, p.
1047 384 311 975 1369 1490 579 609 1010 627 270 701 1652 740 421 1626 1142 1247 1323 882 246 964 1273 93 1248 556 442 975 885