Friday, March 30, 2012

Software Tamper Resistance


One of the methods to provide tamper resistance capabilities to a software is code obfuscation. It is a process designed to change the software in order to make the software more difficult to reverse engineering while semantically equivalent to the original program. The technique is used both by “white hat” security specialist to protect Intellectual Property and to “deter the cracking of licensing and DRM schemes” (Victor, D 2008), as well as “black hat” as a protection technique to avoid detection (signature based) by anti-virus engines. Victor D. (2008) lists a number of techniques used to obfuscate the code including just-in-time decryption, polymorphic encryption, timing check, layer anti-debugging logic and binary code morphing. Moreover, Bai Zhongying and Quin Jiancheng (2009) successfully applied obfuscation principals in web environment creating prototypes of JavaScript and HTML obfuscation tools. An additional advance technique, self-modifying code, was proposed by Nokos Mavgoriannopoilos (n.d.) whereby the software mutates its own code in order to make it difficult to “make attacks [on the code] more expensive” (Nikos Mavrogiannopoulos, Nessim, K, & Bart, P n.d.).
While usage of obfuscation techniques become widely acceptable, Preda, M, & Giacobazzi, R (2009) raise a question of effectiveness of code obfuscation techniques - “it is hard to compare different obfuscating transformations with respect to their resilience to attacks and this makes it difficult to understand which technique is better to use in a given scenario” (Preda, M, & Giacobazzi, R. 2009) due to absence of theoretical research to formalize the metric of code obfuscation.
ProGuard “is a free Java class file shrinker, optimizer, obfuscator, and preverifier” (Eric Laforune, 2011). While advantages of the tool are easy integration into commonly used Integrated Development Environments (IDE) as well as ant tasks, and additional functionality such as optimizer and code shrieker, its obfuscation capabilities are limited to code morphing. More advance techniques, or combination of a number of obfuscation techniques such as flow obfuscation and string encryption could potentially (see previous paragraph discussing the lack of metric to measure the effectiveness of code obfuscation) exponentially increase the effort required to reverse engineer the code.

Bibliography

  • Bai Zhongying; Qin Jiancheng; 2009 , "Webpage Encryption Based on Polymorphic Javascript Algorithm," Information Assurance and Security, 2009. IAS '09. Fifth International Conference on , vol.1, no., pp.327-330, 18-20 Aug. 2009
    doi: 10.1109/IAS.2009.39
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5284075&isnumber=5282964
  • Eric Lafortune, 2011. “ProGuard” [online]. Available from: http://proguard.sourceforge.net/ (accessed: March 30, 2012).
  • Nikos Mavrogiannopoulos, Nessim, K, & Bart, P n.d., 'A taxonomy of self-modifying code for obfuscation', Computers & Security, ScienceDirect, EBSCOhost, viewed 29 March 2012.
  • Preda, M, & Giacobazzi, R 2009, 'Semantics-based code obfuscation by abstract interpretation', Journal Of Computer Security, 17, 6, pp. 855-908, Academic Search Complete, EBSCOhost, viewed 29 March 2012.
  • Ross J. Anderson, 2008. “A Guide to Building Dependable Distributed Systems”. 2nd Edition. Wiley Publishing.
  • Victor, D 2008, 'Obfuscation: Obfuscation – how to do it and how to crack it', Network Security, 2008, pp. 4-7, ScienceDirect, EBSCOhost, viewed 29 March 2012.

No comments:

Post a Comment