Presentation is loading. Please wait.

Presentation is loading. Please wait.

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler"— Presentation transcript:

1 18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler ceccato@fbk.eu

2 18/03/2007 Obfuscation2 Traditional computer security  Most computer security research: Protect the integrity of a benign host (and its data) from attacks by malicious client programs  Basis of the Java security model Downloaded applet or virus infested application Restrict the actions that the client is allowed to perform  Software isolation A program is not able to write outside of a designated area (sandbox)

3 18/03/2007 Obfuscation3 More recent computer security  Interest in mobile agents changed the view of computer security Benign client code being threatened by host on which it has downloaded/installed  Defend a client is much more difficult than defend a host. To defend the host all is needed is to restrict the client Once the client code is in the host, the host can use any technique to violate its integrity.  Software piracy  Reverse Engineering  Software tampering

4 4 Problem 1: Malicious Reverse Engineering  Valuable piece of code is extracted from an application and incorporated into competitor’s code.

5 18/03/2007 Obfuscation5 Problem 2: Software piracy  Illegal copy ad resale of applications  12 billion $ per year, major concern for everyone who sells software  Solution used in the past: Dongle (it is weak and it annoys customers)

6 18/03/2007 Obfuscation6 Problem 3: Software tampering  E-commerce application programs contain encryption keys or other secret information. Pirates who are able to extract, modify, or otherwise tamper with this information can incur significant financial losses to the intellectual property owner.

7 7 Problem 1: Malicious Reverse Engineering  Valuable piece of code is extracted from an application and incorporated into competitor’s code.

8 8 Scenario Customer Charles Pirate Bob Author Alice IP Program Social Tools Advertising Legal Tools DMCA Technological Tools Obfuscation Watermarking Tamperproofing

9 18/03/2007 Obfuscation9 IP In A Program public class Fibonacci { Hashtable memo = new Hashtable(); public int fib ( int n ) { if ( !memo.contains(n) ) if ( n <= 2 ) memo.put(n,1); else memo.put(n, fib( n - 1 ) + fib( n - 2 )); return memo.get(n); }

10 10 Obfuscation  Obfuscation transforms a program into a new program which: Has the same semantics Is harder to reverse engineer

11 18/03/2007 Obfuscation11 Example public class Fibonacci { public int fib ( int n ) { if ( n <= 2 ) return 1; else return fib( n - 1 ) + fib( n - 2 ); }

12 18/03/2007 Obfuscation12 Example: Obfuscation public class x {public int x ( int x ) { return x <=2 ? 1 : x(x-1)+x(x-2); }}

13 18/03/2007 Obfuscation13 Problem 2: Software piracy  Illegal copy ad resale of applications  12 billion $ per year, major concern for everyone who sells software  Solution used in the past: Dongle (it is weak and it annoys customers)

14 14 Watermarking ID  Watermarking transforms a program into a new program which: Has the same semantics Contains some additional robust identifier

15 18/03/2007 Obfuscation15 Watermarking

16 18/03/2007 Obfuscation16 Example: Watermarking public class Fibonacci { String watermark = “Authored by Alice”; public int fibonacci ( int n ) { if ( false ) println ( “Authored by Alice” ); if ( n<=2 ) return 1; else return fib ( n - 1 ) + fib ( n - 2 ); }

17 18/03/2007 Obfuscation17 Example: Watermarking public class Fibonacci { public int fib ( int n ) { if ( opaque predicate ) println ( “Authored by Alice” ); if ( n<=2 ) return 1; else return fib ( n - 1 ) + fib ( n - 2 ); }

18 18/03/2007 Obfuscation18 Watermarking Embed a structure W into a program p such that:  W is easy to locate and extract from P  Embedding W in P does not affect performances (cheap)  Embedding W does not change statistical properties of P (static/dynamic stealth)  W has a mathematical property that allow to argue that its presence in P is the result of a deliberate action (e.g. product of two prime numbers)

19 18/03/2007 Obfuscation19 Additive attack:  Add a second watermark to program P.  Attack is effective if it is impossible to recover temporal precedence between watermarks.

20 18/03/2007 Obfuscation20 Distortive attack:  applying semantic-preserving transformations such that: W can not be recognized P is still useful for the attacker

21 18/03/2007 Obfuscation21 Collusive attack:  Attacker buys sever copy of program P, each one with a different fingerprint.  By comparing the different copy of P, fingerprint is located  Fingerprint can removed/modified

22 18/03/2007 Obfuscation22 Problem 3: Software tampering  E-commerce application programs contain encryption keys or other secret information. Pirates who are able to extract, modify, or otherwise tamper with this information can incur significant financial losses to the intellectual property owner.

23 23 Tamper-proofing trigger  Tamper-proofing transforms a program into a new program which: Has the same semantics on expected input “Explodes” on when even slightly modified or on unexpected input

24 18/03/2007 Obfuscation24 Example: Tamper-proofing public class Fibonacci { public int fibonacci ( int n ) { String encrypted = “0x10 0x21 0x11 0xa2 0x22 0x91 0x21 0x13 0xaf 0xff 0xef 0x48 0x12 0xa2 0x22 0x00…”; int key = “mykey”; Method decrypted = D (encrypted, key); return decrypted.invoke( n ); }

Download ppt "18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler"

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler
1 Final remarks Mariano Ceccato FBK - Fondazione Bruno Kessler

1 Final remarks Mariano Ceccato FBK - Fondazione Bruno Kessler
Tree Recursion Traditional Approach. Tree Recursion Consider the Fibonacci Number Sequence: Time: 0 1 2 3 4 5 6 7 8 0, 1, 1, 2, 3, 5, 8, 13, 21,... /

Tree Recursion Traditional Approach. Tree Recursion Consider the Fibonacci Number Sequence: Time: , 1, 1, 2, 3, 5, 8, 13, 21,... /
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
White-Box Cryptography

White-Box Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Software-based Code Attestation for Wireless Sensors.

Software-based Code Attestation for Wireless Sensors.
N-Secure Fingerprinting for Copyright Protection of Multimedia

N-Secure Fingerprinting for Copyright Protection of Multimedia
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
The Darknet and the Future of Content Distribution by Shruthi B Krishnan.

The Darknet and the Future of Content Distribution by Shruthi B Krishnan.

Similar presentations

Ads by Google