CSc 466/566 [5mm] Computer Security [5mm] 7 : Cryptography ...
CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will...
Transcript of CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will...
![Page 1: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/1.jpg)
CSc 466/566
Computer Security
13 : Man-At-The-End — IntroductionVersion: 2012/03/27 13:34:22
Department of Computer ScienceUniversity of Arizona
Copyright c© 2012 Christian Collberg
Christian Collberg
1/74
![Page 2: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/2.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
. 2/74
![Page 3: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/3.jpg)
Surreptitious Software
Protect the secrets contained within computer programs.
Prevent others from exploiting the intellectual effort investedin producing a piece of software.
For example,
software fingerprinting — trace software pirates,code obfuscation — make it more difficult to reverse engineera program,tamperproofing — make it harder to remove a license check.
. 3/74
![Page 4: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/4.jpg)
Surreptitious Software
The fundamental questions in this field are
is it possible to hide a secret in a piece of software?
. 4/74
![Page 5: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/5.jpg)
Surreptitious Software
The fundamental questions in this field are
is it possible to hide a secret in a piece of software?and, is it possible to protect this secret from modification?
There’s always a time-dimension : how long can we protectthe secret?
. 4/74
![Page 6: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/6.jpg)
Surreptitious Software
The fundamental questions in this field are
is it possible to hide a secret in a piece of software?and, is it possible to protect this secret from modification?
There’s always a time-dimension : how long can we protectthe secret?
There’s always an economic dimension: how valuable is thesecret (to us, and to the adversary)?
. 4/74
![Page 7: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/7.jpg)
Surreptitious Software
The fundamental questions in this field are
is it possible to hide a secret in a piece of software?and, is it possible to protect this secret from modification?
There’s always a time-dimension : how long can we protectthe secret?
There’s always an economic dimension: how valuable is thesecret (to us, and to the adversary)?
There’s always a performance dimension: how muchslower/larger are you willing to let your program grow, tomake it harder to crack?
. 4/74
![Page 8: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/8.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!
. 5/74
![Page 9: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/9.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!cryptography — but we don’t assume the key is hidden!
. 5/74
![Page 10: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/10.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!cryptography — but we don’t assume the key is hidden!software engineering — but we try to make programs hard tounderstand!
. 5/74
![Page 11: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/11.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!cryptography — but we don’t assume the key is hidden!software engineering — but we try to make programs hard tounderstand!steganogrphy — but for programs, not media!
. 5/74
![Page 12: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/12.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!cryptography — but we don’t assume the key is hidden!software engineering — but we try to make programs hard tounderstand!steganogrphy — but for programs, not media!compiler research — but we make programs slower and larger!
Why????
. 5/74
![Page 13: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/13.jpg)
Why?
We borrow from
security research — but we don’t protect against malware!cryptography — but we don’t assume the key is hidden!software engineering — but we try to make programs hard tounderstand!steganogrphy — but for programs, not media!compiler research — but we make programs slower and larger!
Why????
There are real-world problems that don’t fit neatly intotraditional computer security and cryptography research, butwhich are interesting none-the-less.
. 5/74
![Page 14: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/14.jpg)
Techniques
Software watermarking
embed a unique identifier into your program,use to fight piracy,trace beta copies leaked by partner companies.
. 6/74
![Page 15: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/15.jpg)
Techniques
Software watermarking
embed a unique identifier into your program,use to fight piracy,trace beta copies leaked by partner companies.
Code obfuscation
use to protect a novel algorithm.
. 6/74
![Page 16: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/16.jpg)
Techniques
Software watermarking
embed a unique identifier into your program,use to fight piracy,trace beta copies leaked by partner companies.
Code obfuscation
use to protect a novel algorithm.
Birthmarking
identify your code “reused” by competitor.
. 6/74
![Page 17: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/17.jpg)
Techniques
Software watermarking
embed a unique identifier into your program,use to fight piracy,trace beta copies leaked by partner companies.
Code obfuscation
use to protect a novel algorithm.
Birthmarking
identify your code “reused” by competitor.
Tamperproofing
prevent pirate from removing license checks,prevent music pirate from hacking DRM system.
. 6/74
![Page 18: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/18.jpg)
Strengths and weaknesses
None of these techniques are fool-proof.
Our secret will eventually be discovered by a sufficientlydetermined hacker.
. 7/74
![Page 19: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/19.jpg)
Strengths and weaknesses
None of these techniques are fool-proof.
Our secret will eventually be discovered by a sufficientlydetermined hacker.
All we can hope is to can slow down our adversaries.
Our goal is to slow them down enough:
they give up on cracking our code because it’s too painful, orby the time they’ve cracked our code, we’ve already made aprofit.
. 7/74
![Page 20: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/20.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
. 8/74
![Page 21: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/21.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.
. 8/74
![Page 22: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/22.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.obfuscate the code
. 8/74
![Page 23: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/23.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.obfuscate the codesoftware tamperproofing
. 8/74
![Page 24: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/24.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.obfuscate the codesoftware tamperproofingall of the above!
. 8/74
![Page 25: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/25.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.obfuscate the codesoftware tamperproofingall of the above!
Still, eventually, the box will be cracked.
Maybe by then, you’ve made your $1,000,000!
. 8/74
![Page 26: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/26.jpg)
Pay TV
Personalized set-top boxes.
A cracker hacks open the box, extracts the code, disassemblesit, find the unique indentifier, sells it over the web.
How do you counter his?
tamperproof smart cards.obfuscate the codesoftware tamperproofingall of the above!
Still, eventually, the box will be cracked.
Maybe by then, you’ve made your $1,000,000!Automatically updatable security.
. 8/74
![Page 27: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/27.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
. 9/74
![Page 28: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/28.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
Intertrust holds many DRM-related patents, including patentson obfuscation and tamperproofing (Microsoft licensed this for$440M.)
. 9/74
![Page 29: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/29.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
Intertrust holds many DRM-related patents, including patentson obfuscation and tamperproofing (Microsoft licensed this for$440M.)
Microsoft uses PreEmptive Solutions’ obfuscator in VisualStudio.
. 9/74
![Page 30: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/30.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
Intertrust holds many DRM-related patents, including patentson obfuscation and tamperproofing (Microsoft licensed this for$440M.)
Microsoft uses PreEmptive Solutions’ obfuscator in VisualStudio.
Arxan sells a tamperproofing system invented by PurdueUniversity researchers.
. 9/74
![Page 31: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/31.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
Intertrust holds many DRM-related patents, including patentson obfuscation and tamperproofing (Microsoft licensed this for$440M.)
Microsoft uses PreEmptive Solutions’ obfuscator in VisualStudio.
Arxan sells a tamperproofing system invented by PurdueUniversity researchers.
Apple holds an obfuscation patent, perhaps intended toprotect iTunes?
. 9/74
![Page 32: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/32.jpg)
Who uses Surreptitious Software?
Microsoft owns several software watermarking,obfuscation,and birthmarking patents.
Intertrust holds many DRM-related patents, including patentson obfuscation and tamperproofing (Microsoft licensed this for$440M.)
Microsoft uses PreEmptive Solutions’ obfuscator in VisualStudio.
Arxan sells a tamperproofing system invented by PurdueUniversity researchers.
Apple holds an obfuscation patent, perhaps intended toprotect iTunes?
Intel spun off a company, Convera, to explore theirtamperproofing algorithm for DRM.
. 9/74
![Page 33: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/33.jpg)
Who uses Surreptitious Software?
Cloakware , which holds patents on HLwhitebox cryptography,how to hide cryptographic algorithms and keys in computercode. Sold for $72.5M to pay-TV company Irdeto.
. 10/74
![Page 34: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/34.jpg)
Who uses Surreptitious Software?
Cloakware , which holds patents on HLwhitebox cryptography,how to hide cryptographic algorithms and keys in computercode. Sold for $72.5M to pay-TV company Irdeto.
Skype’s VoIP client is highly obfuscated and tamperproofed.Sold to eBay for $2.6 billion in 2005.
. 10/74
![Page 35: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/35.jpg)
Who uses Surreptitious Software?
Cloakware , which holds patents on HLwhitebox cryptography,how to hide cryptographic algorithms and keys in computercode. Sold for $72.5M to pay-TV company Irdeto.
Skype’s VoIP client is highly obfuscated and tamperproofed.Sold to eBay for $2.6 billion in 2005.
The military wants to protect embedded software!
. 10/74
![Page 36: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/36.jpg)
Who uses Surreptitious Software?
Cloakware , which holds patents on HLwhitebox cryptography,how to hide cryptographic algorithms and keys in computercode. Sold for $72.5M to pay-TV company Irdeto.
Skype’s VoIP client is highly obfuscated and tamperproofed.Sold to eBay for $2.6 billion in 2005.
The military wants to protect embedded software!
Bad guys want to protect malware!
. 10/74
![Page 37: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/37.jpg)
Academic Research
Some, like me, come from a compiler and programminglanguages background. We work on practical codetransformation algorithms.
. 11/74
![Page 38: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/38.jpg)
Academic Research
Some, like me, come from a compiler and programminglanguages background. We work on practical codetransformation algorithms.
Some come from cryptography, typically work on fundamentalissues, such as “what can be obfuscated?”
. 11/74
![Page 39: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/39.jpg)
Academic Research
Some, like me, come from a compiler and programminglanguages background. We work on practical codetransformation algorithms.
Some come from cryptography, typically work on fundamentalissues, such as “what can be obfuscated?”
Some come from media watermarking, computer security,software engineering,. . .
. 11/74
![Page 40: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/40.jpg)
The military anti-tamper research (AT)
All U.S. Army Project Executive Offices (PEOs) and ProjectManagers (PMs) are now charged with executing Army andDepartment of Defense (DoD) AT policies in the design andimplementation of their systems. Embedded software is at the coreof modern weapon systems and is one of the most criticaltechnologies to be protected. AT provides protection of U.S.technologies against exploitation via reverse engineering. Standardcompiled code with no AT is easy to reverse engineer, so the goalof employed AT techniques will be to make that effort moredifficult. In attacking software, reverse engineers have a wide arrayof tools available to them, including debuggers, decompilers,disassemblers, as well as static and dynamic analysis techniques.AT techniques are being developed to combat the loss of the U.S.technological advantage, but further advances are necessary toprovide useful, effective and varied toolsets to U.S. Army PEOsand PMs.
. 12/74
![Page 41: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/41.jpg)
And then, there’s the. . .
. 13/74
![Page 42: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/42.jpg)
And then, there’s the. . .
. . . the bad guys !
. 13/74
![Page 43: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/43.jpg)
And then, there’s the. . .
. . . the bad guys !
Virus writers use obfuscation to prevent it from beingintercepted by virus scanners.
. 13/74
![Page 44: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/44.jpg)
And then, there’s the. . .
. . . the bad guys !
Virus writers use obfuscation to prevent it from beingintercepted by virus scanners.
Hiding root kits requires obfuscation.
. 13/74
![Page 45: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/45.jpg)
What’s the goal of this research?
Invent algorithms
slow down our adversariesadd little computational overhead
. 14/74
![Page 46: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/46.jpg)
What’s the goal of this research?
Invent algorithms
slow down our adversariesadd little computational overhead
Devise evaluation techniques
algorithm A will force a hacker to use T extra time, adding O
amount of overhead, oralgorithm A produces code that is faster/smaller/harder tocrack than algorithm B.
. 14/74
![Page 47: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/47.jpg)
What’s the goal of this research?
Invent algorithms
slow down our adversariesadd little computational overhead
Devise evaluation techniques
algorithm A will force a hacker to use T extra time, adding O
amount of overhead, oralgorithm A produces code that is faster/smaller/harder tocrack than algorithm B.
Theoretical advances
what can be protected?what cannot be protected?
. 14/74
![Page 48: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/48.jpg)
What’s the goal of this research?
Invent algorithms
slow down our adversariesadd little computational overhead
Devise evaluation techniques
algorithm A will force a hacker to use T extra time, adding O
amount of overhead, oralgorithm A produces code that is faster/smaller/harder tocrack than algorithm B.
Theoretical advances
what can be protected?what cannot be protected?
Research still in its infancy!
. 14/74
![Page 49: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/49.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
What is Software Protection? 15/74
![Page 50: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/50.jpg)
Scenario: Malicious reverse engineering
AliceM
P
Alice’s program contains a valuable trade secret (a cleveralgorithm or design).
What is Software Protection? 16/74
![Page 51: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/51.jpg)
Scenario: Malicious reverse engineering
Alice BobM
P
Alice’s program contains a valuable trade secret (a cleveralgorithm or design).
What is Software Protection? 16/74
![Page 52: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/52.jpg)
Scenario: Malicious reverse engineering
BobAliceM
P
M
Alice’s program contains a valuable trade secret (a cleveralgorithm or design).
Bob, a rival developer, extracts and incorporates module Minto his own program (code lifting).
What is Software Protection? 16/74
![Page 53: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/53.jpg)
Scenario: Malicious reverse engineering
Alice BobM
P
MM
Q
Alice’s program contains a valuable trade secret (a cleveralgorithm or design).
Bob, a rival developer, extracts and incorporates module Minto his own program (code lifting).
Computer games industry: stealing 3rd party modules forgraphics/physics/. . . .
What is Software Protection? 16/74
![Page 54: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/54.jpg)
Scenario: Software piracy
Alice P
Alice is a software developer.
What is Software Protection? 17/74
![Page 55: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/55.jpg)
Scenario: Software piracy
Alice Bob
P
P
Alice is a software developer.
Bob buys one copy of Alice’s program.
What is Software Protection? 17/74
![Page 56: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/56.jpg)
Scenario: Software piracy
Alice BobP
P
P
P
Alice is a software developer.
Bob buys one copy of Alice’s program.
Bob illegally sells copies to his friends.
What is Software Protection? 17/74
![Page 57: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/57.jpg)
Scenario: Digital rights management (DRM)
Alice
A DRM media player contains cryptographic keys that unlockand play encrypted music files.
What is Software Protection? 18/74
![Page 58: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/58.jpg)
Scenario: Digital rights management (DRM)
mediaEncrypted
Alice Bob
A DRM media player contains cryptographic keys that unlockand play encrypted music files.
What is Software Protection? 18/74
![Page 59: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/59.jpg)
Scenario: Digital rights management (DRM)
Software Player
media
Crypto keys
EncryptedAlice Bob
A DRM media player contains cryptographic keys that unlockand play encrypted music files.
What is Software Protection? 18/74
![Page 60: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/60.jpg)
Scenario: Digital rights management (DRM)
Software Player
Cleartext mediaCrypto keys
Encryptedmedia
Alice Bob
A DRM media player contains cryptographic keys that unlockand play encrypted music files.
What is Software Protection? 18/74
![Page 61: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/61.jpg)
Scenario: Digital rights management (DRM)
Software Player
Cleartext mediaCrypto keys
Encryptedmedia
Carol
Alice Bob
A DRM media player contains cryptographic keys that unlockand play encrypted music files.
What is Software Protection? 18/74
![Page 62: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/62.jpg)
Scenario: Mobile agent attack
Alice
Alice’s mobile shopping agent visits on-line stores to find thebest deal for a CD.
What is Software Protection? 19/74
![Page 63: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/63.jpg)
Scenario: Mobile agent attack
Mobile Shopping
Agent
Best price: $9.95Best vendor: CD4You.com
Alice
Alice’s mobile shopping agent visits on-line stores to find thebest deal for a CD.
What is Software Protection? 19/74
![Page 64: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/64.jpg)
Scenario: Mobile agent attack
Mobile Shopping
CDBob.com
Agent
Best price: $9.95Best vendor: CD4You.com
BobAlice
Alice’s mobile shopping agent visits on-line stores to find thebest deal for a CD.
What is Software Protection? 19/74
![Page 65: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/65.jpg)
Scenario: Mobile agent attack
Mobile Shopping
Mobile Shopping
Best vendor: CDBob.comBest price: $12.95
AgentCDBob.com
Best vendor: CD4You.comBest price: $9.95
Agent
BobAlice
Alice’s mobile shopping agent visits on-line stores to find thebest deal for a CD.
Bob manipulates the agent’s code such that it returns hishigher price as the best one.
What is Software Protection? 19/74
![Page 66: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/66.jpg)
Scenario: Grid computing
inputsConfidentialAlice
P
What is Software Protection? 20/74
![Page 67: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/67.jpg)
Scenario: Grid computing
Super−computer
inputsConfidentialAlice
BobP
Alice buys cycles from Bob’s supercomputer.
What is Software Protection? 20/74
![Page 68: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/68.jpg)
Scenario: Grid computing
Super−computer
resultsConfidential
inputsConfidentialAlice
BobP
Alice buys cycles from Bob’s supercomputer.
What is Software Protection? 20/74
![Page 69: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/69.jpg)
Scenario: Grid computing
Super−computer
Confidentialinputs
Confidentialresults
Confidentialinputs
BobAlice
P P
Alice buys cycles from Bob’s supercomputer.
Bob snoops on confidential data/algorithms or tampers withAlice’s program.
What is Software Protection? 20/74
![Page 70: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/70.jpg)
Scenario: License check tampering
......
abort()if (today()>"Aug 17")
Alice
P
What is Software Protection? 21/74
![Page 71: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/71.jpg)
Scenario: License check tampering
......
abort()if (today()>"Aug 17")
Alice BobP
What is Software Protection? 21/74
![Page 72: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/72.jpg)
Scenario: License check tampering
......
abort()if (today()>"Aug 17")
......
if (false)abort()
Alice Bob
P
P
Bob removes license checks to be able to run the programwhenever he wants.
What is Software Protection? 21/74
![Page 73: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/73.jpg)
Scenario: License check tampering
if (today()>"Aug 17")abort()
......
......
if (false)abort()
Alice BobP
PP′
Bob removes license checks to be able to run the programwhenever he wants.
Alice protects her program so that it won’t run after beingtampered with.
What is Software Protection? 21/74
![Page 74: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/74.jpg)
Scenario: Protocol discovery
Call minutes
Alice Bob
P
Alice sells voice-over-IP call minutes.
What is Software Protection? 22/74
![Page 75: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/75.jpg)
Scenario: Protocol discovery
Call minutes
mySkype!
Alice Bob
P P′
Alice sells voice-over-IP call minutes.
Bob examines the VoIP client to discover proprietary protocolsto build his own rival client.
What is Software Protection? 22/74
![Page 76: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/76.jpg)
Scenario: Protecting networked computer games
Alice
P
What is Software Protection? 23/74
![Page 77: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/77.jpg)
Scenario: Protecting networked computer games
BobAlice
P
What is Software Protection? 23/74
![Page 78: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/78.jpg)
Scenario: Protecting networked computer games
Alice BobP
P
What is Software Protection? 23/74
![Page 79: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/79.jpg)
Scenario: Protecting networked computer games
Cached data
BobAlice
P
P
What is Software Protection? 23/74
![Page 80: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/80.jpg)
Scenario: Protecting networked computer games
Cached data
BobAlice
P
P
What is Software Protection? 23/74
![Page 81: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/81.jpg)
Scenario: Protecting networked computer games
Cached data
Alice BobP
P
What is Software Protection? 23/74
![Page 82: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/82.jpg)
Scenario: Protecting Internet infrastructure
Alice Bob
Ensure well-behaved TCP window flow control.
What is Software Protection? 24/74
![Page 83: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/83.jpg)
Scenario: Protecting Internet infrastructure
TCP−Client
windowSz++if (congestion)
Window
windowSz=4
TCP−Client
windowSz++if (congestion)
Window
windowSz=4
BobAlice
Ensure well-behaved TCP window flow control.
What is Software Protection? 24/74
![Page 84: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/84.jpg)
Scenario: Protecting Internet infrastructure
TCP−Client
windowSz++if (congestion)
Window
windowSz=4
if (false)windowSz++
Window
TCP−Client
windowSz=4
BobAlice
Ensure well-behaved TCP window flow control.
What is Software Protection? 24/74
![Page 85: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/85.jpg)
Scenario: Wireless sensor networks
AliceBob
Sensor networks are common in military scenarios.
What is Software Protection? 25/74
![Page 86: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/86.jpg)
Scenario: Wireless sensor networks
Wifi
CPUCode
Sensor
Radioactivity?Chemicals?Troup movements?
AliceBob
Sensor networks are common in military scenarios.
What is Software Protection? 25/74
![Page 87: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/87.jpg)
Scenario: Wireless sensor networks
Radioactivity?Chemicals?Troup movements?
Sensor
Wifi
CPUCode
bad
bad
AliceBob
Sensor networks are common in military scenarios.
The enemy can intercept/analyze/modify sensors.
What is Software Protection? 25/74
![Page 88: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/88.jpg)
Scenario: Advanced Metering Infrastructure
Smart Meter
DistributionControl CenterElectrical Grid
Selective black-outs, consumers can adjust usage based oncurrent costs, small-scale energy production. . .
What is Software Protection? 26/74
![Page 89: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/89.jpg)
Scenario: Advanced Metering Infrastructure
Smart Meter
Electrical GridDistributionControl Center
Selective black-outs, consumers can adjust usage based oncurrent costs, small-scale energy production. . .
What is Software Protection? 26/74
![Page 90: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/90.jpg)
Scenario: Advanced Metering Infrastructure
HACKED!
Electrical Grid
Smart Meter
DistributionControl Center
Selective black-outs, consumers can adjust usage based oncurrent costs, small-scale energy production. . .
What is Software Protection? 26/74
![Page 91: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/91.jpg)
Scenario: Advanced Metering Infrastructure
DistributionControl CenterElectrical Grid
HACKED!Smart Meter
HACKED!
HACKED!
HACKED!
Selective black-outs, consumers can adjust usage based oncurrent costs, small-scale energy production. . .
What is Software Protection? 26/74
![Page 92: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/92.jpg)
Scenario: Advanced Metering Infrastructure
Discon
nect
Electrical Grid
Smart Meter
HACKED!
Disconnect
Disconnect
Disconnect
Disconnect
DistributionControl Center
HACKED!
HACKED!
HACKED!
Selective black-outs, consumers can adjust usage based oncurrent costs, small-scale energy production. . .
What if a smart kid hacker sent out 5 million disconnect
commands?
What is Software Protection? 26/74
![Page 93: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/93.jpg)
Scenario: Protecting military software
Alice Bob
The military and intelligence communities would like to beable to track the whereabouts of classified software.
What is Software Protection? 27/74
![Page 94: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/94.jpg)
Scenario: Protecting military software
BobAlice
The military and intelligence communities would like to beable to track the whereabouts of classified software.
In 2001, an EP-3 spy/reconnaissance plane landed on HainanIsland in China after a collision. The crew was unable todestroy all equipment.
What is Software Protection? 27/74
![Page 95: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/95.jpg)
Scenario: Protecting military software
BobAlice
P
The military and intelligence communities would like to beable to track the whereabouts of classified software.
In 2001, an EP-3 spy/reconnaissance plane landed on HainanIsland in China after a collision. The crew was unable todestroy all equipment.
Much Air Force anti-tamper funding.
What is Software Protection? 27/74
![Page 96: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/96.jpg)
Scenario: Protecting medical records
Medicalrecordsdatabase
Alice
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 97: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/97.jpg)
Scenario: Protecting medical records
Medicalrecordsdatabase
Confidentialmedical data
Ek(brittney.pdf)Bob
Alice
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 98: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/98.jpg)
Scenario: Protecting medical records
recordsdatabase
Medical
medical dataConfidential
Ek(brittney.pdf)Bob
Alice
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 99: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/99.jpg)
Scenario: Protecting medical records
recordsMedical
database
medical dataConfidential
Alice Ek(brittney.pdf)Bob
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 100: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/100.jpg)
Scenario: Protecting medical records
allow(nothing)
elsif (role="janitor")
allow(read|write)
allow(read)elsif (role="nurse")
if (role="doctor")
Medicalrecordsdatabase
medical dataConfidential
Ek(brittney.pdf)Bob C
Alice
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 101: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/101.jpg)
Scenario: Protecting medical records
Medicalrecordsdatabase
allow(nothing)
if (role="doctor")
elsif (role="nurse")allow(read)
allow(read|write)
readelsif (role="janitor")
medical dataConfidential
AliceC
Ek(brittney.pdf)Bob
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 102: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/102.jpg)
Scenario: Protecting medical records
allow(read|write)
readelsif (role="janitor")
Medicalrecordsdatabase
allow(nothing)
if (role="doctor")
elsif (role="nurse")allow(read)
medical dataConfidential
CBobAlice Ek(brittney.pdf)
Medical records must be protected from improper access andimproper modification .
Records are stored on one secure site, accessed from multiple(sometimes mobile) devices.
What is Software Protection? 28/74
![Page 103: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/103.jpg)
Scenario: Software plagiarism
Student Bob copies a piece of Alice’s program Q:
P
Carol BobAlice
RQ
Q′
What is Software Protection? 29/74
![Page 104: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/104.jpg)
Scenario: Software plagiarism
Student Bob copies a piece of Alice’s program Q:
P
Carol BobAlice
RQ
Q′
Who has copied from whom?
similarity
(
Q,
P
Q′
)
= 80%
similarity
(
Q,
R
)
= 20%
similarity
(
P
Q′ ,
R
)
= 10%
What is Software Protection? 29/74
![Page 105: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/105.jpg)
Scenario: Software forensics
Who wrote programS
?
BobAlice Carol
Q1
Q2
P1
P2R2
R1
What is Software Protection? 30/74
![Page 106: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/106.jpg)
Scenario: Software forensics
Who wrote programS
?
BobAlice Carol
Q1
Q2
P1
P2R2
R1
Trace a malware author by comparing his programming styleto those of known viruses.
What is Software Protection? 30/74
![Page 107: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/107.jpg)
Scenario: Software forensics
Who wrote programS
?
BobAlice Carol
Q1
Q2
P1
P2R2
R1
Trace a malware author by comparing his programming styleto those of known viruses.
Extract features likely to identify each programmer:
similarity(
f (Alice), f (S
))
= 20%
similarity(
f (Bob), f (S
))
= 80%
similarity(
f (Carol), f (S
))
= 10%
What is Software Protection? 30/74
![Page 108: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/108.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Protection tools 31/74
![Page 109: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/109.jpg)
Protection Tools
Protection ToolP
We build tools to protect P against attack.
Protection tools 32/74
![Page 110: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/110.jpg)
Protection Tools
Protection Tool
P′
P
We build tools to protect P against attack.
Protection tools 32/74
![Page 111: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/111.jpg)
Protection Tools
Protection ToolP
P′
We build tools to protect P against attack.
Protection tools 32/74
![Page 112: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/112.jpg)
Protection Tools
Protection Tool
BobP′
P
We build tools to protect P against attack.
Protection tools 32/74
![Page 113: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/113.jpg)
Protection Tools
Protection Tool
BobP′
P
We build tools to protect P against attack.
Protection tools 32/74
![Page 114: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/114.jpg)
Protection Tools
3. Apply transformation4. Done?
Protection Tool
2. Select transformation1. Select code
BobP′
P
We build tools to protect P against attack.
Protection tools 32/74
![Page 115: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/115.jpg)
Protection Tools
3. Apply transformation4. Done?
2. Select transformation1. Select code
transformationsProtection
Protection Tool
Bob
P
P′
We build tools to protect P against attack.
Look, we’re building a compiler !
Protection tools 32/74
![Page 116: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/116.jpg)
Protection Tools
3. Apply transformation4. Done?
Protection Tool
2. Select transformation1. Select code
transformationsProtectionProgram
analysis
BobP′
P
We build tools to protect P against attack.
Look, we’re building a compiler !
Protection tools 32/74
![Page 117: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/117.jpg)
Protection Tools
Protection Tool
2. Select transformation1. Select code
3. Apply transformation4. Done?
Assets toprotect
Desired levelof protection
Acceptableoverhead
transformationsProtectionProgram
analysis
Bob
P
P′
We build tools to protect P against attack.
Look, we’re building a compiler !
Optimize for security, not speed! Programs will be larger,slower. . .
Protection tools 32/74
![Page 118: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/118.jpg)
Attack Strategies
Attack Strategy
BobP′
The adversary has full access to P ′.
Protection tools 33/74
![Page 119: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/119.jpg)
Attack Strategies
....DesignKeysAlgorithms
Attack Strategy
Bob PP′
The adversary has full access to P ′.
Protection tools 33/74
![Page 120: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/120.jpg)
Attack Strategies
Attack Strategy
....DesignKeysAlgorithms2. Modify
1. Analyze
3. Test4. Did it work?
Bob PP′
The adversary has full access to P ′.
Protection tools 33/74
![Page 121: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/121.jpg)
Attack Strategies
Attack Strategy
3. Test4. Did it work?
analysisDynamic
analysisStatic
AlgorithmsKeysDesign....
1. Analyze2. Modify
BobP′
P
The adversary has full access to P ′.He has static analysis tools: disassemblers, decompilers,slicers, . . .And dynamic analysis tools: debuggers, tracers, emulators, . . .
Protection tools 33/74
![Page 122: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/122.jpg)
Attack Strategies
Attack Strategy
3. Test4. Did it work?
analysisDynamic
analysisStatic
AlgorithmsKeysDesign....
1. Analyze2. Modify
BobP′
P
The adversary has full access to P ′.He has static analysis tools: disassemblers, decompilers,slicers, . . .And dynamic analysis tools: debuggers, tracers, emulators, . . .And infinite energy and patience!
Protection tools 33/74
![Page 123: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/123.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Attack and Defense 34/74
![Page 124: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/124.jpg)
Attack models
Attack model: your assumptions about the adversary’s abilitiesand the strategies that he’ll use to attack your system.
Attack and Defense 35/74
![Page 125: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/125.jpg)
Attack models
Attack model: your assumptions about the adversary’s abilitiesand the strategies that he’ll use to attack your system.
For example:
the adversary cannot find the secret cryptographic key
Attack and Defense 35/74
![Page 126: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/126.jpg)
Attack models
Attack model: your assumptions about the adversary’s abilitiesand the strategies that he’ll use to attack your system.
For example:
the adversary cannot find the secret cryptographic keythe adversary won’t try to tamper with the tamperproofsmartcard.
Attack and Defense 35/74
![Page 127: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/127.jpg)
Attack models
Attack model: your assumptions about the adversary’s abilitiesand the strategies that he’ll use to attack your system.
For example:
the adversary cannot find the secret cryptographic keythe adversary won’t try to tamper with the tamperproofsmartcard.
The adversary will try to think of ways to attack that are not
in your model!
Attack and Defense 35/74
![Page 128: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/128.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Code Obfuscation 36/74
![Page 129: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/129.jpg)
Code obfuscation
To obfuscate a program means to
transform it into a form that is more difficult for an
adversary to understand or change than the original
code.
Code Obfuscation 37/74
![Page 130: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/130.jpg)
Code obfuscation
To obfuscate a program means to
transform it into a form that is more difficult for an
adversary to understand or change than the original
code.
Vague definition of difficult:
The obfuscated program requires more human time,
more money, or more computing power to analyze
than the original program.
Code Obfuscation 37/74
![Page 131: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/131.jpg)
Code obfuscation — Example obfuscated code
public class C {
static Object get0(Object [] I) {
Integer I7 , I6 , I4 , I3; int t9 , t8;
I7=new Integer (9);
for (;;) {
if ((( Integer )I[0]). intValue ()%(( Integer )I[1]). intValue ()==0)
{t9=1; t8 =0;} else {t9 =0; t8 =0;}
I4=new Integer (t8);
I6=new Integer (t9);
if (( I4.intValue ()^ I6.intValue ())!=0)
return new Integer ((( Integer )I[1]). intValue ());
else {
if (((( I7.intValue ()+ I7.intValue ()* I7. intValue ())%2!=0)?0:1)
return new Integer (0);
I3=new Integer ((( Integer )I[0]). intValue ()%
(( Integer )I[1]). intValue ());
I[0]= new Integer ((( Integer )I[1]). intValue ());
I[1]= new Integer (I3.intValue ());
}
}
}
Code Obfuscation 38/74
![Page 132: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/132.jpg)
Code obfuscation — Example original code
public class C {
static int gcd (int x, int y) {
int t;
while (true ) {
boolean b = x % y == 0;
if (b) return y;
t = x % y; x = y; y = t;
}
}
}
An obfuscation tool turns the original code into obfuscatedcode.
We want obfuscating transformations that make the programas hard to understand as possible.
Code Obfuscation 39/74
![Page 133: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/133.jpg)
Obfuscation Tool
2. Select transformation
analysisProgram
Acceptableoverhead
Preciouscode
ObfuscationLevel
4. Done?3. Apply transformation
Obfuscation Tool
1. Select code
transformationsObfuscating
P
P′
Code Obfuscation 40/74
![Page 134: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/134.jpg)
Types of obfuscation
1 Abstraction transformations
Destroy module structure, classes, functions, etc.!
Code Obfuscation 41/74
![Page 135: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/135.jpg)
Types of obfuscation
1 Abstraction transformations
Destroy module structure, classes, functions, etc.!
2 Data transformations
Replace data structures with new representations!
Code Obfuscation 41/74
![Page 136: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/136.jpg)
Types of obfuscation
1 Abstraction transformations
Destroy module structure, classes, functions, etc.!
2 Data transformations
Replace data structures with new representations!
3 Control transformations
Destroy if-, while-, repeat-, etc.!
Code Obfuscation 41/74
![Page 137: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/137.jpg)
Types of obfuscation
1 Abstraction transformations
Destroy module structure, classes, functions, etc.!
2 Data transformations
Replace data structures with new representations!
3 Control transformations
Destroy if-, while-, repeat-, etc.!
4 Dynamic transformations
Make the program change at runtime!
Code Obfuscation 41/74
![Page 138: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/138.jpg)
Obfuscation example: original program
✞ ☎
i n t main ( ) {i n t y = 6 ;y = foo ( y ) ;bar ( y , 4 2 ) ;
}✝ ✆
✞ ☎
i n t f oo ( i n t x ) {return x ∗7 ;
}✝ ✆
✞ ☎
void bar ( i n t x , i n t z ) {i f ( x==z )
p r i n t f ( ”%i \n” , x ) ;}
✝ ✆
Code Obfuscation 42/74
![Page 139: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/139.jpg)
Obfuscation example: After abstraction transformation
✞ ☎
i n t main ( ) {i n t y = 6 ;y = fooba r ( y , 9 9 , 1 ) ;f ooba r ( y , 4 2 , 2 ) ;
}✝ ✆✞ ☎
i n t f ooba r ( i n t x , i n t z , i n t s ) {i f ( s==1)
return x ∗7 ;e l s e i f ( s==2)
i f ( x==z )p r i n t f ( ”%i \n” , x ) ;
}✝ ✆
It appears as if main calls the same function twice!Code Obfuscation 43/74
![Page 140: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/140.jpg)
Obfuscation example: After data transformation
✞ ☎
i n t main ( ) {i n t y = 12;y = fooba r ( y , 9 9 , 1 ) ;f ooba r ( y , 3 6 , 2 ) ;
}✝ ✆✞ ☎
i n t f ooba r ( i n t x , i n t z , i n t s ) {i f ( s==1)
return ( x ∗37)%51;e l s e i f ( s==2)
i f ( x==z ) {i n t x2=x∗x % 51 , x3=x2∗x % 51;i n t x4=x2∗x2 % 51 , x8=x4∗x4 % 51;i n t x11=x8∗x3 % 51 ; p r i n t f ( ”%i \n” , x11 ) ;
}}
✝ ✆Code Obfuscation 44/74
![Page 141: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/141.jpg)
Obfuscation example: After control transformation
✞ ☎
i n t f ooba r ( i n t x , i n t z , i n t s ) {char ∗ next = && c e l l 0 ;i n t r e tV a l = 0 ;
c e l l 0 : nex t = ( s==1)?&& c e l l 1 :&& c e l l 2 ; goto ∗ nextc e l l 1 : r e tV a l=(x ∗37)%51; goto end ;c e l l 2 : nex t = ( s==2)?&& c e l l 3 :&&end ; goto ∗ next ;c e l l 3 : nex t = ( x==z)?&& c e l l 4 :&&end ; goto ∗ next ;c e l l 4 : {
i n t x2=x∗x % 51 , x3=x2∗x % 51;i n t x4=x2∗x2 % 51 , x8=x4∗x4 % 51;i n t x11=x8∗x3 % 51;p r i n t f ( ”%i \n” , x11 ) ; goto end ;
}end : return r e tV a l ;
✝ ✆
Code Obfuscation 45/74
![Page 142: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/142.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Black Hat Code Obfuscation 46/74
![Page 143: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/143.jpg)
Black hat code obfuscation
Even bad guys can use obfuscation!1 Protecting viruses from virus scanners.2 Protecting misbehaving electronic voting code from discovery
...
ObfuscatorPayload Payload
ObfuscatorPayload’Obfuscator’
Bob AliceP
Q
V
R
V
P′
V′
Q′
Black Hat Code Obfuscation 47/74
![Page 144: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/144.jpg)
Black Hat Code Obfuscation
Even bad guys can use obfuscation!1 Protecting viruses from virus scanners.2 Protecting misbehaving electronic voting code from discovery
Here’s a program to tally the votes for American Idol:
✞ ☎
% cat votes−ca s t . t x ta l i c ea l i c eboba l i c edm i t r ibobz eb ra
✝ ✆
✞ ☎
% java Vot ing < votes−ca s t . t x tTota l : 7I n v a l i d : 1a l i c e : 3bob : 2c h a r l e s : 0dm i t r i : 1
✝ ✆
Black Hat Code Obfuscation 48/74
![Page 145: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/145.jpg)
public class Voting {
final int INVALID_VOTE = -1;
int invalidVotes , totalVotes = 0;
String [] candidates = {"alice" , "bob " , "charles ", "dmitri "};
int [] tally = new int [ candidates .length ];
BufferedReader in = null ; BufferedWriter log = null;
![Page 146: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/146.jpg)
public class Voting {
final int INVALID_VOTE = -1;
int invalidVotes , totalVotes = 0;
String [] candidates = {"alice" , "bob " , "charles ", "dmitri "};
int [] tally = new int [ candidates .length ];
BufferedReader in = null ; BufferedWriter log = null;
public Voting () {
in = new BufferedReader(new InputStreamReader(System .in ));
}
![Page 147: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/147.jpg)
public class Voting {
final int INVALID_VOTE = -1;
int invalidVotes , totalVotes = 0;
String [] candidates = {"alice" , "bob " , "charles ", "dmitri "};
int [] tally = new int [ candidates .length ];
BufferedReader in = null ; BufferedWriter log = null;
public Voting () {
in = new BufferedReader(new InputStreamReader(System .in ));
}
public String readVote () {
try { return in.readLine ();}
catch (Exception e) { return null ;}
}
![Page 148: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/148.jpg)
public class Voting {
final int INVALID_VOTE = -1;
int invalidVotes , totalVotes = 0;
String [] candidates = {"alice" , "bob " , "charles ", "dmitri "};
int [] tally = new int [ candidates .length ];
BufferedReader in = null ; BufferedWriter log = null;
public Voting () {
in = new BufferedReader(new InputStreamReader(System .in ));
}
public String readVote () {
try { return in.readLine ();}
catch (Exception e) { return null ;}
}
public boolean isValidTime ( Date today ) {
SimpleDateFormat time = new SimpleDateFormat("HH");
int hour24 = Integer .decode (time.format ( today )). intValue ();
return !( hour24 < 9 || hour24 > 21);
}
![Page 149: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/149.jpg)
public int decodeVote (String input ) {
for(int i=0; i < candidates .length ; i++)
if( candidates [i]. equals (input )) return i;
return INVALID_VOTE;
}
![Page 150: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/150.jpg)
public int decodeVote (String input ) {
for(int i=0; i < candidates .length ; i++)
if( candidates [i]. equals (input )) return i;
return INVALID_VOTE;
}
public void logVote (Date date , int vote) throws Exception {
if (log == null)
log = new BufferedWriter(new FileWriter ("log.txt"));
log.write("TIME: "+ date+" VOTE : "+vote );
}
![Page 151: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/151.jpg)
public int decodeVote (String input ) {
for(int i=0; i < candidates .length ; i++)
if( candidates [i]. equals (input )) return i;
return INVALID_VOTE;
}
public void logVote (Date date , int vote) throws Exception {
if (log == null)
log = new BufferedWriter(new FileWriter ("log.txt"));
log.write("TIME: "+ date+" VOTE : "+vote );
}
public void printSummary() {
System .out .println ("Total :"+ totalVotes +
"\nInvalid :"+invalidVotes);
for ( int i=0; i < candidates .length ; i++)
System .out.println ("Votes for "+ candidates [i] +": "+tally[i]
}
![Page 152: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/152.jpg)
public void go() {
while ( true ) {
String input = readVote ();
int vote = 0;
if ( input == null)break ;
try {
Date today = new Date ();
if ( isValidTime (today )) vote = decodeVote (input );
else vote = INVALID_VOTE;
logVote (today , vote);
} catch(Exception e) {}
totalVotes ++;
if (vote == INVALID_VOTE) invalidVotes++;
else tally[vote ]++;
}
printSummary();
}
![Page 153: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/153.jpg)
public void go() {
while ( true ) {
String input = readVote ();
int vote = 0;
if ( input == null)break ;
try {
Date today = new Date ();
if ( isValidTime (today )) vote = decodeVote (input );
else vote = INVALID_VOTE;
logVote (today , vote);
} catch(Exception e) {}
totalVotes ++;
if (vote == INVALID_VOTE) invalidVotes++;
else tally[vote ]++;
}
printSummary();
}
public static void main(String args []) {
Voting voting = new Voting (); voting .go();
}
}
![Page 154: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/154.jpg)
public boolean isValidTime (Date today ) {
...
int hour24 = Integer .decode (time.format (today )). intValue ();
...
}
public void go () {
...
try {
Date today = new Date ();
if ( isValidTime (today )) vote = decodeVote (input );
else vote = INVALID_VOTE;
logVote (today , vote);
} catch (Exception e) {}
...
}
![Page 155: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/155.jpg)
public boolean isValidTime (Date today ) {
...
int hour24 = Integer .decode (time.format (today )). intValue ();
...
}
public void go () {
...
try {
Date today = new Date ();
if ( isValidTime (today )) vote = decodeVote (input );
else vote = INVALID_VOTE;
logVote (today , vote);
} catch (Exception e) {}
...
}
Numbers that start with zero are interpreted as octal.
Unexpected number-format exception between 8am and9:59am!
Alice gets all votes between 9 and 9:59!
![Page 156: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/156.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Tamperproofing 60/74
![Page 157: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/157.jpg)
Tamperproofing
abort()
max_seats=2max_execs=3max_date="Aug 17"if (users>max_seats ||
execs>max_execs ||date>max_date)
BobAlice
P′
P
Tamperproofing makes the program useless to Bob if he triesto modify it!
Necessary for1 digital rights management systems,2 license checking code
Tamperproofing 61/74
![Page 158: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/158.jpg)
Two phases of tamperproofing
Tamperproofing has to do two things:1 detect tampering2 respond to tampering
Tamperproofing 62/74
![Page 159: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/159.jpg)
Two phases of tamperproofing
Tamperproofing has to do two things:1 detect tampering2 respond to tampering
Essentially:
if (tampering-detected()) abort
but this is too unstealthy!
Tamperproofing 62/74
![Page 160: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/160.jpg)
Two phases of tamperproofing
Tamperproofing has to do two things:1 detect tampering2 respond to tampering
Essentially:
if (tampering-detected()) abort
but this is too unstealthy!
Detection:1 has the code been changed?2 are variables in an OK state?
Tamperproofing 62/74
![Page 161: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/161.jpg)
Two phases of tamperproofing
Tamperproofing has to do two things:1 detect tampering2 respond to tampering
Essentially:
if (tampering-detected()) abort
but this is too unstealthy!
Detection:1 has the code been changed?2 are variables in an OK state?
Response:1 refuse to run,2 crash randomly,3 phone home, . . .
Tamperproofing 62/74
![Page 162: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/162.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Software watermarking 63/74
![Page 163: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/163.jpg)
Software Piracy
Alice P
Software watermarking 64/74
![Page 164: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/164.jpg)
Software Piracy
BobAlice P
Bob buys one copy of Alice’s program.
Software watermarking 64/74
![Page 165: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/165.jpg)
Software Piracy
Alice Bob
P
P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.
Software watermarking 64/74
![Page 166: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/166.jpg)
Software Piracy
Alice BobP
P
P
P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.
Software watermarking 64/74
![Page 167: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/167.jpg)
Software Piracy
Alice P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.
Software watermarking 64/74
![Page 168: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/168.jpg)
Software Piracy
Bob’s!
Bob’s!
Alice Bob
P
P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.⇒ Alicewatermarks/fingerprints her program.
Software watermarking 64/74
![Page 169: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/169.jpg)
Software Piracy
Bob’s!Bob’s!
Bob’s!
Bob’s!
BobAlice
P
P
P
P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.⇒ Alicewatermarks/fingerprints her program.
Software watermarking 64/74
![Page 170: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/170.jpg)
Software Piracy
Bob’s!Bob’s!
Bob’s!
Bob’s!
Bob’s!
BobAlice
P
P
P
P
Bob buys one copy of Alice’s program.Bob illegally sells copies to his friends.⇒ Alicewatermarks/fingerprints her program.Alice uses the fingerprint to trace the program back to Bob.Alice’s lawyer sues for software piracy!
Software watermarking 64/74
![Page 171: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/171.jpg)
Watermarking API
A watermarking system consists of two functions embed andextract:
Embed
key
4242
key
42P’ Extract
P
Software watermarking 65/74
![Page 172: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/172.jpg)
Watermarking API
A watermarking system consists of two functions embed andextract:
42Extract
key
42P’
P
Embed
key
42
Attack
Bob wants destroy the mark before reselling the object!
Disturb the extract function so that Alice can no longer getthe mark.Example: Bob can obfuscate the program to destroy the mark!
Software watermarking 65/74
![Page 173: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/173.jpg)
Trivial static watermark
Embed the watermark as string constants included in thesource of a program:
✞ ☎
pub l i c c l a s s F i bona c c i {S t r i n g c o p y r i g h t = ” Copy r i gh t c©
Alice” ;pub l i c i n t f i b o n a c c i ( i n t n ) {
i f ( n <= 2 )return 1 ;
e l s e
return f i b ( n − 1 ) + f i b ( n − 2 ) ;}
}✝ ✆
Software watermarking 66/74
![Page 174: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/174.jpg)
Attacks against software watermarks — Rewrite attack
Alice has to assume that Bob will try to destroy her marksbefore trying to resell the program!
One attack will always succeed. . .
Software watermarking 67/74
![Page 175: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/175.jpg)
Attacks against software watermarks — Rewrite attack
Alice has to assume that Bob will try to destroy her marksbefore trying to resell the program!
One attack will always succeed. . .
42 Extract ?AttackRewrite P’’P’
Ideally, this is the only effective attack.
Software watermarking 67/74
![Page 176: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/176.jpg)
Attacks against software watermarks — Additive attack
Bob can also add his own watermarks to the program:
11
42P’
AttackAdditive P’’
422319 Extract ?
An additive attack can help Bob to cast doubt in court as towhose watermark is the original one.
Software watermarking 68/74
![Page 177: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/177.jpg)
Attacks against software watermarks — Distortive attack
A HLdistortive attack applies semantics-preservingtransformations to try to disturb Alice’s recognizer:
transformations
P’’ ?Distortive
preservingSemantics−
P’42 Extract42Attack
Software watermarking 69/74
![Page 178: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/178.jpg)
Attacks against software watermarks — Distortive attack
A HLdistortive attack applies semantics-preservingtransformations to try to disturb Alice’s recognizer:
transformations
P’’ ?Distortive
preservingSemantics−
P’42 Extract42Attack
Transformations: code optimizations, obfuscations,. . .
Software watermarking 69/74
![Page 179: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/179.jpg)
Attacks against software watermarks — Collusive attack
Bob buys two differently marked copies and compare them todiscover the location of the fingerprint:
AttackP2
17
P1
42 P’’ExtractCollusive ?
Software watermarking 70/74
![Page 180: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/180.jpg)
Attacks against software watermarks — Collusive attack
Bob buys two differently marked copies and compare them todiscover the location of the fingerprint:
AttackP2
17
P1
42 P’’ExtractCollusive ?
Alice should apply a different set of obfuscations to eachdistributed copy, so that comparing two copies of the sameprogram will yield little information.
Software watermarking 70/74
![Page 181: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/181.jpg)
Outline
1 .2 What is Software Protection?3 Protection tools4 Attack and Defense5 Code Obfuscation6 Black Hat Code Obfuscation7 Tamperproofing8 Software watermarking9 Discussion
Discussion 71/74
![Page 182: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/182.jpg)
Basic Principles: Defense in Depth
As in real life, we don’t rely on just one means of protection.
Discussion 72/74
![Page 183: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/183.jpg)
Basic Principles: Defense in Depth
As in real life, we don’t rely on just one means of protection.
To protect your car, you1 lock it;2 put on a bar across the steering wheel;3 install a vehicle tracking system. . .
Discussion 72/74
![Page 184: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/184.jpg)
Basic Principles: Defense in Depth
As in real life, we don’t rely on just one means of protection.
To protect your car, you1 lock it;2 put on a bar across the steering wheel;3 install a vehicle tracking system. . .
We call this defense in depth .
Discussion 72/74
![Page 185: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/185.jpg)
Basic Principles: Defense in Depth
As in real life, we don’t rely on just one means of protection.
To protect your car, you1 lock it;2 put on a bar across the steering wheel;3 install a vehicle tracking system. . .
We call this defense in depth .
To protect a program, you
watermark it to protect against piracy;obfuscate it to protect against reverse engineering;tamperproof it to protect against modification;and, you apply several differentwatermarking/obfuscation/tamperproofing algorithms!
Discussion 72/74
![Page 186: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/186.jpg)
Basic Principles: Renewability
As in real life no protection lasts forever!
Discussion 73/74
![Page 187: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/187.jpg)
Basic Principles: Renewability
As in real life no protection lasts forever!
When thieves get better, you1 buy better locks!2 buy thicker doors!3 buy a bigger gun!
Discussion 73/74
![Page 188: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/188.jpg)
Basic Principles: Renewability
As in real life no protection lasts forever!
When thieves get better, you1 buy better locks!2 buy thicker doors!3 buy a bigger gun!
We call this renewability .
Discussion 73/74
![Page 189: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/189.jpg)
Basic Principles: Renewability
As in real life no protection lasts forever!
When thieves get better, you1 buy better locks!2 buy thicker doors!3 buy a bigger gun!
We call this renewability .
To protect a program, you
monitor the abilites of your attacker;be one step head of your attacker;upgrade your defenses before an attack;constantly invent newwatermarking/obfuscation/tamperproofing algorithms!
Discussion 73/74
![Page 190: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/190.jpg)
Basic Principles: Diversity
Make every1 distributed copy of a program different!2 instance of a software protection different!
Discussion 74/74
![Page 191: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/191.jpg)
Basic Principles: Diversity
Make every1 distributed copy of a program different!2 instance of a software protection different!
We call this diversity .
Discussion 74/74
![Page 192: CSc 466/566 Computer Security 13 : Man-At-The …collberg/Teaching/466-566/...Our secret will eventually be discovered by a sufficiently determined hacker. All we can hope is to can](https://reader033.fdocuments.in/reader033/viewer/2022060316/5f0c1d187e708231d433ce71/html5/thumbnails/192.jpg)
Basic Principles: Diversity
Make every1 distributed copy of a program different!2 instance of a software protection different!
We call this diversity .
Harder for the adversary to build scripted attacks .
Discussion 74/74