ArticlePDF Available

Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection

Authors:

Abstract

We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamper-proofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.
Download/
Install
Benign host
Malicious client
program/applet program/applet
Malicious host
Benign client
Download/
Install
copies
Make illegal
copy
Buy one Resell
module
Reuse Sell
copy
Buy one
Resell
content
media
Extract
container
Modify
Receive
digital
container
theSong: WAV
}
PlaySong() {
pay($0.05)
play(theSong)
theSong: WAV
theSong: WAV
}
PlaySong() {
pay($0.01)
play(theSong)
W
W
SS
(a) (b) (c)
g.Merge(f) g.Delete()
f.Split(g)
g.Move()
f.Insert()
F
(d)
(f) (e)
F
(c)
(b)
(a)
WW1
W1
W
W
WW’ W’
F1
F2
2: 22:
48:
1:
... source code, or its dynamic behaviour, i.e. the sequence of states traversed during its evaluation, while maintaining the program's original behavior. Obfuscation has numerous applications including software protection [3], digital watermarking [4] and cryptographic application such as public key encryption, secure signatures, zero knowledge proofs [8,12], etc. Research on obfuscation historically followed two main directions, one empirical and one theoretical. ...
... Figure 2 illustrates how an if statement can be translated to a predicate form. The semantics of the if statement implies that 1 and 2 should only be executed if condition is true, 3 is only executed if is false and is true, and 4 should only be executed if both and are false. This is represented in predicate form with explicit variables and boolean operations, including the "!" characte to represent logical negation and "&&" is used to denote logical conjunction (logical AND). ...
Preprint
Obfuscation of computer programs has historically been approached either as a practical but \textit{ad hoc} craft to make reverse engineering subjectively difficult, or as a sound theoretical investigation unfortunately detached from the numerous existing constraints of engineering practical systems. In this paper, we propose \textit{instruction decorrelation} as a new approach that makes the instructions of a set of real-world programs appear independent from one another. We contribute: a formal definition of \textit{instruction independence} with multiple instantiations for various aspects of programs; a combination of program transformations that meet the corresponding instances of instruction independence against an honest-but-curious adversary, specifically random interleaving and memory access obfuscation; and an implementation of an interpreter that uses a trusted execution environment (TEE) only to perform memory address translation and memory shuffling, leaving instructions execution outside the TEE. These first steps highlight the practicality of our approach. Combined with additional techniques to protect the content of memory and to hopefully lower the requirements on TEEs, this work could potentially lead to more secure obfuscation techniques that could execute on commonly available hardware.
... Attackers use various tools to extract these assets [2]. Obfuscation techniques protect programs by complicating reverse engineering, thus deterring attacks [3,4]. These techniques, applied at the code level, conceal important elements while maintaining functionality [5]. ...
Article
Full-text available
Malicious reverse engineering of software has served as a valuable technique for attackers to infringe upon and steal intellectual property. We can employ obfuscation techniques to protect against such attackers as useful tools to safeguard software. Applying obfuscation techniques to source code can prevent malicious attackers from reverse engineering a program. However, the ambiguity surrounding the protective efficacy of these source code obfuscation tools and techniques presents challenges for users in evaluating and comparing the varying degrees of protection provided. This paper addresses these issues and presents a methodology to quantify the effect of source code obfuscation. Our proposed method is based on three main types of data: (1) the control flow graph, (2) the program path, and (3) the performance overhead added to the process—all of which are derived from a program analysis conducted by human experts and automated tools. For the first time, we have implemented a tool that can quantitatively evaluate the quality of obfuscation techniques. Then, to validate the effectiveness of the implemented framework, we conducted experiments using four widely recognized commercial and open-source obfuscation tools. Our experimental findings, based on quantitative values related to obfuscation techniques, demonstrate that our proposed framework effectively assesses obfuscation quality.
Article
Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 571 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks and formulate a number of concrete recommendations for improving the evaluations reported in future research papers.
Article
In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.