- by FaaDoOEngineers.

com

S . D EE P TH I K A
0 5 4 8 1 A1 2 2 4
I I I - I V/ I T

M AI L - I D:

s s _ d e e p t h i k a s @ ya h o o . c o m
s o wji _ 1 2 2 7 @ ya ho o . c o m

M .S O WJ AN Y A
05481A1227
I I I - I V/ I T

- by FaaDoOEngineers.com
ABSTRACT
W e i d e n t i f y t h r e e t yp e s o f a t t a c k o n t h e i n t e l l e c t u a l p r o p e r t y
contained in software and three corresponding technical defenses.
A defense against reverse engineering is obfuscation, a process
that renders software unintelligible but still functional. A defense
against software piracy is watermarking, a process that makes it
possible to determine the origin of software. A defense against
tampering is tamper-proofing, so that unauthorized modifications
to software will result in nonfunctional code. We briefly survey
t h e a v a i l a b l e t e c h n o l o g y f o r e a c h t yp e o f d e f e n s e .

Wh a t i s wa t e r ma r k i n g ?
Originally used to identify paper quality
Anti-counterfeiting of paper money
Extended to other forms of hidden information.

Definitions:
Work: specific song, video, image, tex t, etc.
Watermarking: practice of imperceptibly altering a work to
embed a message about that work.

WA T E R M AR KI N G G OA L S :
verify the owner of a digital image
detect forgeries of an original image
identify illegal copies of the image
Prevent unauthorized distribution.

- by FaaDoOEngineers.com

1 BACKGROUNDMALICIOUS CLIENTS VS. MALICIOUS

HOSTS
U n t i l r e c e n t l y, m o s t c o m p u t e r s e c u r i t y r e s e a r c h w a s c o n c e r n e d
with protecting the integrity of a benign host and its data from
attacks from malicious client programs (Fig. 1a). This assumption
of a benign host is present in Neumann's influential taxon omy of
computer-related risks, in which the job of a security expert is to
d e s i g n a n d a d m i n i s t e r c o m p u t e r s ys t e m s t h a t w i l l f u l f i l l c e r t a i n
stringent security requirements most of the time .
To defend itself and its data against a malicious client, a host
w i l l t yp i c a l l y r e s t r i c t t h e a c t i o n s t h a t t h e c l i e n t i s a l l o w e d t o
perform.
A r e c e n t s u r g e o f i n t e r e s t i n m o b i l e a g e n t s ys t e m s h a s c a u s e d
researchers to focus attention on a fundamentally different
view of securit y. See (Fig. 1b), illustrating a benign cli ent
code being threatened by the host on which it

has been

downloaded or installed. A malicious host attack typically

takes the form of intellectual property violations. The client
c o d e m a y c o n t a i n t r a d e s e c r e t s o r c o p yr i g h t e d m a t e r i a l t h a t ,
should the integrity of the client be violated, will incur
financial losses to the owner of the client. We will next
consider three malicious-host attack scenarios.

1 .1 M a l i c i o u s Hos t At t a c k s

- by FaaDoOEngineers.com
P i r a c y i s a m a j o r c o n c e r n f o r a n yo n e w h o s e l l s s o f t w a r e . O u r
goal in this paper is to make piracy more difficult. We note that
software piracy is socially acceptable in settings that encourage a
belief in insiders' entitlement, price discrimination, cooperation
i s m o r e i m p o r t a n t t h a n c o p yr i g h t , o r t r a d i t i o n a l C o n f u c i a n e t h i c s .
Threats have recently become more of a concern since, more and
more, programs are distribute d in easily decompilable format
rather than native binary code.
A related threat is software tampering. Many mobile agents and
e-commerce application programs mus t, by their very nature,
c o n t a i n e n c r yp t i o n k e ys o r o t h e r s e c r e t i n f o r m a t i o n . P i r a t e s w h o
are

able

to

information

extract,
can

m o d i f y,

incur

or

otherwise

significant

tamper

financial

with

losses

to

this
the

intellectual property owner.

T h e s e t h r e e t yp e s o f a t t a c k ( s o f t w a r e p i r a c y, m a l i c i o u s r e v e r s e
engineering, and tampering) are illustrated in Fig. 2

In Fig. 2a, Bob makes copies of an application he

halegally purchased from Alice and illegally sells them
to unsuspecting customers.

- by FaaDoOEngineers.com

In Fig. 2b , Bob deco mpiles and reverse engineers an

application he has bought from Alice in order to reuse
one of her modules in his own program.

(also

I n F i g . 2 c , f i n a l l y, B o b r e c e i v e s a d i g i t a l c o n t a i n e r
known

as

C r yp t o l o p e

and

DigiBox)

from

Alice,

consisting of some digit al media content as well as code that

transfers a certain amount of electronic money to Alice's
account whenever the media is played. Bob can attempt to
tamper with the digital container either to modify the amount
that he has to pay or to ex tract the medi a content itself. In the
latter case, Bob can continue to enjoy the content for free or
e v e n r e s e l l i t t o a t h i r d p a r t y.

2 . W AT E R M ARK I NG
Watermarking embeds a secret message into a cover message.
I n m e d i a w a t e r m a r k i n g , t h e s e c r e t i s u s u a l l y a c o p yr i g h t n o t i c e
and

the cover a digital image or an audio or video production.

Watermarking an object discourages intellectual property theft

or, when such theft has occurred, allows us to prove ownership.
Software watermarking problem as follows :
Embed a structure W (the watermark) into a program P such
that:

W can be reliably located and extracted from P attacks.

W is large (the embedding has a high data rate).

Embedding W

into P

does

not

adversely affect

the

performance of P (the embedding is che ap).

Embedding W into P does not change any statistical

p r o p e r t i e s o f P ( t h e e m b e d d i n g i s s t e a l t h y) .

Any software watermarking technique will exhibit a tradeoff between resilience, data rate, cost, and stealth. It should
be noted that there are two possib le interpretations of
s t e a l t h , s t a t i c s t e a l t h a n d d yn a m i c s t e a l t h . A w a t e r m a r k i s
s t a t i c a l l y s t e a l t h y i f a s t a t i c a n a l ys i s r e v e a l s n o s t a t i s t i c a l
differences

between

the

original

and

the

watermarked

- by FaaDoOEngineers.com
p r o g r a m . S i m i l a r l y , t h e w a t e r m a r k i s d yn a m i c a l l y s t e a l t h y
if an execution trace of the program reveal s no differences.

Fig:3

Assume the following scenario: Alice watermarks a program

P with watermark W and key K and then sells P to Bob.
Before Bob can sell P on to Douglas, he must ensure that
the watermark has been rendered useless or else
Alice will be able to prove that her program has been
stolen.
Fig. 3 illustrates the kinds of dewater marking attacks
available to Bob:

In Fig. 3a, Bob launches an additive attack b y adding

his

own

program

watermark
P0.

This is

W1
an

to

Alice's

w atermarked

effective attack

if

it

is

impossible to detect that Alice's mark temporally

precedes Bob's.

In Fig. 3b, Bob launches a distortive attack on Alice's

watermarked program P0. A distortive attack applies a
sequence

of

semantics-preserving

transformations

uniformly over the entire program, in the hope that a.

the

distorted

watermark

W0

can

no

longer

be

recognized and b. the distorted program P00 does not

become so degraded (i.e., slow or large) that it no
longer has any value to Bob.

- by FaaDoOEngineers.com

In Fig. 3c, Bob buys several copies of Alice's program

P, each with a different fingerprint (serial number) F.
By comparing the different copies of the program,
Bob is able to locate the fingerprints and can then
easily remove them.

3 .2 S t a t i c Wa t e r ma r k i n g Te c h n i q u e s
Software

watermarks

come

in

two

flavors,

static

and

d yn a m i c . S t a t i c w a t e r m a r k s a r e s t o r e d i n t h e a p p l i c a t i o n
executable

itself;

whereas,

d yn a m i c

watermarks

are

c o n s t r u c t e d a t r u n t i m e a n d s t o r e d i n t h e d yn a m i c s t a t e o f
the program. While static watermarks have been around for
a l o n g t i m e , d yn a m i c m a r k s w e r e o n l y i n t r o d u c e d r e c e n t l y .
Moskowitz and Cooperman and Davidson and
M yh r v o l d a r e t w o t e c h n i q u e s r e p r e s e n t a t i v e o f t yp i c a l s t a t i c
watermarks. Moskowitz and Cooperman des cribe a static
data

watermarking

embedded

in

an

method
image

in

using

which
one

the

of

the

watermark

is

many media

watermarking algorithms. This image is then stored in the

s t a t i c d a t a s e c t i o n o f t h e p r o g r a m . D a v i d s o n a n d M yh r v o l d
describe a static code wa termark in which a fingerprint is
encoded in the basic block sequence of a program's control
flow graphs.
To detect the watermark of Venkatesan et. al., the extractor
needs to
A. reconstructs the control flow graph of the watermarked
program,
B. identify which of the nodes of the control flow graph
belong to the watermark graph (or, at least identify most of
these nodes), and
C. reconstructs the watermark graph itself.

- by FaaDoOEngineers.com

3 .3 D yn a mi c Wa t e r ma r k i n g T e c h n i q u e s
T h e r e a r e t h r e e k i n d s o f d yn a m i c w a t e r m a r k s . I n e a c h c a s e ,
the mark is recognized by running the watermarked program
with a predetermined input sequence. This highly unusual
input makes the application enter a state which represents
the watermark.
T h e r e a r e t h r e e d yn a m i c w a t e r m a r k i n g t e c h n i q u e s :
Easter Egg Watermarks. The defining characteristic of an
Easter

Egg

sequence

is

watermark
entered,

is
it

that,

when

performs

the

some

special
action

input

that

is

immediately perceptible by the user .

Execution

Trace

watermarks

produces

Watermarks .
no

special

Execution
output.

Trace

Instead,

the

watermark is embedded within the trace (either instructions

or addresses, or both) of the program as it is being run with
the special input I.
Data Structure Watermarks. Data Structure watermark s do
not generate any output. Rather, the watermark becomes
embedded within the state of the program as it is being run
with the special input I.

4 T AM PE R - P RO O FI NG
There are many situations where we would like to stop a
one from executing our program if it has been altered in any
w a y. F o r e g , a p r o g r a m P s h o u l d n o t b e a l l o w e d t o r u n i f

- by FaaDoOEngineers.com
1) P is watermarked and the code that builds the mark has
been altered, 2) A virus has been attached to P, or 3) P is
an e-commerce application and the security-sensitive part
of its code has been modified. To prevent such tampering
attacks we can add tamper -proofing code to our program.
This code should
a) detect if the program has been altered and b) cause the
program to fail when tampering is evident.
I d e a l l y, d e t e c t i o n a n d f a i l u r e s h o u l d b e w i d e l y d i s p e r s e d i n
time

and

space

to

confuse

potential

attacker.

Simpleminded Tamper-proofing code like if (tampered-with

())i=1/0 is unacceptable, for example, because it is easily
defeated by locating the point of failure and then reversing
the test of the detection code.
T h e r e a r e t h r e e p r i n c i p a l w a ys t o d e t e c t t a m p e r i n g :
1. We can examine the executable program itself to see if it
is identical to the original one. To speed up the test, a
message-digest algorithm can be used.
2. We can examine the validity of intermediate results
produced by the program. This technique is known

as

program (or result) checking and has been touted as an

alternative to program verification and testing.
3.

We

can

encrypt

the

executable,

thereby

prevent ing

a n yo n e f r o m m o d i f y i n g i t s u c c e s s f u l l y u n l e s s t h e y a r e a b l e
t o d e c r yp t i t . T h e d e c r yp t i o n r o u t i n e s m u s t b e p r o t e c t e d
from

reverse-engineering

by

hardware

means,

by

obfuscation, or both.
T a m p e r - p r o o f i n g o f t yp e - s a f e d i s t r i b u t i o n f o r m a t s
s u c h a s J a v a b yt e c o d e i s m o r e d i f f i c u l t t h a n t a m p e r proofing assembly code.

4 .1 T a mp e r - P r o o f i n g Vi r u s e s
Virus writers employ many obfuscation -like techniques to
protect a virus from detection and tamper -proofing-like

- by FaaDoOEngineers.com
techniques to protect it from being easily removed from the
infected host program. So -called armored viruses add extra
c o d e t o a v i r u s t o m a k e i t d i f f i c u l t t o a n a l yz e . P o l ym o r p h i c
viruses generate new versions of themselves as part of the
infection process.

References:
[1] 4C Entity, Content Protection System Architecture, revision 0.81 available
http://www.4centity.com/data/tech/cpsa/ cpsa081.pdf, Aug. 2001.
[2] A. Deutsch, Interprocedural May-Alias Analysis for Pointers: Beyond kLimiting, Proc. SIGPLAN Conf. Programming Language
[3] IBM, Cryptolopes, http://www.ibm.com/software/security/ cryptolope/.
[4] InterTrust, Digital Rights Management, http://www.intertrust.com/de/ .