Professional Documents
Culture Documents
com
S . D EE P TH I K A
0 5 4 8 1 A1 2 2 4
I I I - I V/ I T
M AI L - I D:
s s _ d e e p t h i k a s @ ya h o o . c o m
s o wji _ 1 2 2 7 @ ya ho o . c o m
M .S O WJ AN Y A
05481A1227
I I I - I V/ I T
- by FaaDoOEngineers.com
ABSTRACT
W e i d e n t i f y t h r e e t yp e s o f a t t a c k o n t h e i n t e l l e c t u a l p r o p e r t y
contained in software and three corresponding technical defenses.
A defense against reverse engineering is obfuscation, a process
that renders software unintelligible but still functional. A defense
against software piracy is watermarking, a process that makes it
possible to determine the origin of software. A defense against
tampering is tamper-proofing, so that unauthorized modifications
to software will result in nonfunctional code. We briefly survey
t h e a v a i l a b l e t e c h n o l o g y f o r e a c h t yp e o f d e f e n s e .
Wh a t i s wa t e r ma r k i n g ?
Originally used to identify paper quality
Anti-counterfeiting of paper money
Extended to other forms of hidden information.
Definitions:
Work: specific song, video, image, tex t, etc.
Watermarking: practice of imperceptibly altering a work to
embed a message about that work.
WA T E R M AR KI N G G OA L S :
verify the owner of a digital image
detect forgeries of an original image
identify illegal copies of the image
Prevent unauthorized distribution.
- by FaaDoOEngineers.com
has been
1 .1 M a l i c i o u s Hos t At t a c k s
- by FaaDoOEngineers.com
P i r a c y i s a m a j o r c o n c e r n f o r a n yo n e w h o s e l l s s o f t w a r e . O u r
goal in this paper is to make piracy more difficult. We note that
software piracy is socially acceptable in settings that encourage a
belief in insiders' entitlement, price discrimination, cooperation
i s m o r e i m p o r t a n t t h a n c o p yr i g h t , o r t r a d i t i o n a l C o n f u c i a n e t h i c s .
Threats have recently become more of a concern since, more and
more, programs are distribute d in easily decompilable format
rather than native binary code.
A related threat is software tampering. Many mobile agents and
e-commerce application programs mus t, by their very nature,
c o n t a i n e n c r yp t i o n k e ys o r o t h e r s e c r e t i n f o r m a t i o n . P i r a t e s w h o
are
able
to
information
extract,
can
m o d i f y,
incur
or
otherwise
significant
tamper
financial
with
losses
to
this
the
- by FaaDoOEngineers.com
(also
I n F i g . 2 c , f i n a l l y, B o b r e c e i v e s a d i g i t a l c o n t a i n e r
known
as
C r yp t o l o p e
and
DigiBox)
from
Alice,
2 . W AT E R M ARK I NG
Watermarking embeds a secret message into a cover message.
I n m e d i a w a t e r m a r k i n g , t h e s e c r e t i s u s u a l l y a c o p yr i g h t n o t i c e
and
Embedding W
into P
does
not
adversely affect
the
Any software watermarking technique will exhibit a tradeoff between resilience, data rate, cost, and stealth. It should
be noted that there are two possib le interpretations of
s t e a l t h , s t a t i c s t e a l t h a n d d yn a m i c s t e a l t h . A w a t e r m a r k i s
s t a t i c a l l y s t e a l t h y i f a s t a t i c a n a l ys i s r e v e a l s n o s t a t i s t i c a l
differences
between
the
original
and
the
watermarked
- by FaaDoOEngineers.com
p r o g r a m . S i m i l a r l y , t h e w a t e r m a r k i s d yn a m i c a l l y s t e a l t h y
if an execution trace of the program reveal s no differences.
Fig:3
own
program
watermark
P0.
This is
W1
an
to
Alice's
w atermarked
effective attack
if
it
is
of
semantics-preserving
transformations
distorted
watermark
W0
can
no
longer
be
- by FaaDoOEngineers.com
3 .2 S t a t i c Wa t e r ma r k i n g Te c h n i q u e s
Software
watermarks
come
in
two
flavors,
static
and
d yn a m i c . S t a t i c w a t e r m a r k s a r e s t o r e d i n t h e a p p l i c a t i o n
executable
itself;
whereas,
d yn a m i c
watermarks
are
c o n s t r u c t e d a t r u n t i m e a n d s t o r e d i n t h e d yn a m i c s t a t e o f
the program. While static watermarks have been around for
a l o n g t i m e , d yn a m i c m a r k s w e r e o n l y i n t r o d u c e d r e c e n t l y .
Moskowitz and Cooperman and Davidson and
M yh r v o l d a r e t w o t e c h n i q u e s r e p r e s e n t a t i v e o f t yp i c a l s t a t i c
watermarks. Moskowitz and Cooperman des cribe a static
data
watermarking
embedded
in
an
method
image
in
using
which
one
the
of
the
watermark
is
many media
- by FaaDoOEngineers.com
3 .3 D yn a mi c Wa t e r ma r k i n g T e c h n i q u e s
T h e r e a r e t h r e e k i n d s o f d yn a m i c w a t e r m a r k s . I n e a c h c a s e ,
the mark is recognized by running the watermarked program
with a predetermined input sequence. This highly unusual
input makes the application enter a state which represents
the watermark.
T h e r e a r e t h r e e d yn a m i c w a t e r m a r k i n g t e c h n i q u e s :
Easter Egg Watermarks. The defining characteristic of an
Easter
Egg
sequence
is
watermark
entered,
is
it
that,
when
performs
the
some
special
action
input
that
is
Trace
watermarks
produces
Watermarks .
no
special
Execution
output.
Trace
Instead,
the
4 T AM PE R - P RO O FI NG
There are many situations where we would like to stop a
one from executing our program if it has been altered in any
w a y. F o r e g , a p r o g r a m P s h o u l d n o t b e a l l o w e d t o r u n i f
- by FaaDoOEngineers.com
1) P is watermarked and the code that builds the mark has
been altered, 2) A virus has been attached to P, or 3) P is
an e-commerce application and the security-sensitive part
of its code has been modified. To prevent such tampering
attacks we can add tamper -proofing code to our program.
This code should
a) detect if the program has been altered and b) cause the
program to fail when tampering is evident.
I d e a l l y, d e t e c t i o n a n d f a i l u r e s h o u l d b e w i d e l y d i s p e r s e d i n
time
and
space
to
confuse
potential
attacker.
as
We
can
encrypt
the
executable,
thereby
prevent ing
a n yo n e f r o m m o d i f y i n g i t s u c c e s s f u l l y u n l e s s t h e y a r e a b l e
t o d e c r yp t i t . T h e d e c r yp t i o n r o u t i n e s m u s t b e p r o t e c t e d
from
reverse-engineering
by
hardware
means,
by
obfuscation, or both.
T a m p e r - p r o o f i n g o f t yp e - s a f e d i s t r i b u t i o n f o r m a t s
s u c h a s J a v a b yt e c o d e i s m o r e d i f f i c u l t t h a n t a m p e r proofing assembly code.
4 .1 T a mp e r - P r o o f i n g Vi r u s e s
Virus writers employ many obfuscation -like techniques to
protect a virus from detection and tamper -proofing-like
- by FaaDoOEngineers.com
techniques to protect it from being easily removed from the
infected host program. So -called armored viruses add extra
c o d e t o a v i r u s t o m a k e i t d i f f i c u l t t o a n a l yz e . P o l ym o r p h i c
viruses generate new versions of themselves as part of the
infection process.
References:
[1] 4C Entity, Content Protection System Architecture, revision 0.81 available
http://www.4centity.com/data/tech/cpsa/ cpsa081.pdf, Aug. 2001.
[2] A. Deutsch, Interprocedural May-Alias Analysis for Pointers: Beyond kLimiting, Proc. SIGPLAN Conf. Programming Language
[3] IBM, Cryptolopes, http://www.ibm.com/software/security/ cryptolope/.
[4] InterTrust, Digital Rights Management, http://www.intertrust.com/de/ .