Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Slides:

Advertisements

Similar presentations

Rob Farraher Ken Pickering Lim Vu

Advertisements

More Efficient Generation of Plane Triangulations Shin-ichi Nakano Takeaki Uno Gunma University National Institute of JAPAN Informatics, JAPAN 23/Sep/2003.

Robust Invisible Watermarking of Volume Data Y. Wu 1, X. Guan 2, M. S. Kankanhalli 1, Z. Huang 1 NUS Logo 12.

H Mar-01 Clark Thomborson Software Security CompSci 725 Handout 12: Student Presentations, Watermarking & Obfuscation Clark Thomborson University.

Techniques for Software Watermarking and Fingerprinting Prof. Clark Thomborson Presentation at Tsinghua University 17 th March 2010.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Introduction to Watermarking Anna Ukovich Image Processing Laboratory (IPL)

Information Hiding: Watermarking and Steganography

Technical Aspects of Digital Rights Management

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

1 A Functional Taxonomy for Software Watermarking Jas Nagra, Clark Thomborson University of Auckland Christian Collberg University of Arizona.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

Digital Watermarking for Multimedia Security R. Chandramouli MSyNC:Multimedia Systems, Networking, and Communications Lab Stevens Institute of Technology.

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

Watermarking Technology Ishani Vyas CS590 Winter 2008.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Digital Watermarking Parag Agarwal

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Watermarking University of Palestine Eng. Wisam Zaqoot May 2010.

Robert Krenn January 21, 2004 Steganography Implementation & Detection.

Self-Protecting Mobile Agents Lee Badger Brian Matt Steven Kiernan Funded by both ITS and Active Networks Programs NAI Labs, Network Associates, Inc. 17.

By : Vladimir Novikov. Digital Watermarking? Allows users to embed SPECIAL PATTERN or SOME DATA into digital contents without changing its perceptual.

Digital Steganography

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Multimedia Copyright Protection Technologies M. A. Suhail, I. A. Niazy

Digital Watermarking Simg-786 Advanced Digital Image Processing Team 1.

Digital Watermarking Sapinkumar Amin Guided By: Richard Sinn.

Technical Seminar Presentation-2004 Presented by : ASHOK KUMAR SAHOO (EI ) NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented By Ashok Kumar.

Russell Taylor. How the law supports Copyright Copyright Designs and Patents Act 1988 Copyright arises when an individual or organisation creates a work,

Yarmouk university Hijjawi faculty for engineering technology Computer engineering department Primary Graduation project Document security using watermarking.

Digital image processing is the use of computer algorithms to perform image processing on digital images which is a subfield of digital signal processing.

Russell Taylor. How the law supports Copyright Copyright Designs and Patents Act 1988 Copyright arises when an individual or organisation creates a work,

Copyright 2000, Odyssey Research Associates, Inc. SL Semantic Data Integrity DARPA Program Review Cornell Business & Technology Park 33 Thornwood.

Software Watermarking Imran Ali CSEP 590TU. What is software watermarking? Embed a secret into software which can be retrieved on demand Embed a secret.

Applying Digital Watermarking Technology to Control CD copying BY CHAYAN RATTANAVIJAI.

1 影像偽裝術的最新發展 Chair Professor Chin-Chen Chang Feng Chia University National Chung Cheng University National Tsing Hua University.

1 Experience With Software Watermarking Author: Jens Palsberg et al. Presenter: Charles He “Embedding Watermarking in dynamic data structures … can be.

STEGANOGRAPHY AND DIGITAL WATERMARKING KAKATIYA INSTITUTE OF TECHNOLOGY AND SCIENCES,WARANGAL.

Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

A Generic Approach to Automatic Deobfuscation of Executable Code Paper by Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, Saumya Debray.

Fingerprinting Text in Logical Markup Languages Christian D. Jensen G.I. Davida and Y. Frankel (Eds.): Proc. Information Security Conference 2001, Lecture.

Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.

Code Obfuscation Tool for Software Protection. Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification.

Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer.

Text2PTO: Modernizing Patent Application Filing A Proposal for Submitting Text Applications to the USPTO.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Out of site… Out of Mind. By Fred A. DuBrock COSC-356 Steganography.

By: U.Aruna M.Shanthi Priya Allows users to embed special pattern or some data into digital contents without changing its perceptual quality. When data.

IMAGE AUTHENTICATION TECHNIQUES Based on Automatic video surveillance (AVS) systems Guided by: K ASTURI MISHRA PRESENTED BY: MUKESH KUMAR THAKUR REG NO:

1 Digital Water Marks. 2 History The Italians where the 1 st to use watermarks in the manufacture of paper in the 1270's. A watermark was used in banknote.

Hardware Protection Against Software Piracy

Ikhwannul Kholis Universitas 17 Agustus 1945 Jakarta

Technical Aspects of Digital Rights Management

Applying Digital Watermarking Technology to Control CD copying

Watermarking with Side Information

Recent Developments on Multimedia and Secure Networking Technologies

Encryption, Cryptography, and Steganography:

Software Watermarking Deterring Software Piracy

Methods for Software Protection

MULTIMEDIA WATERMARKING IN ENHANCING DIGITAL SECURITY

Parag Agarwal Digital Watermarking Parag Agarwal

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Recent Developments on Multimedia and Secure Networking Technologies

Presentation transcript:

wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer Science Tech Report 170 University of Auckland 4 February 2000

wmobf.2 1/5/00 Clark Thomborson Watermarking and Fingerprinting Image, audio, video, text… Visible or invisible marks Fragile or robust Watermarking 1. Discourages theft 2. Allows us to prove theft Fingerprinting 3. Allows us to trace violators Watermark: a secret message embedded into a cover message.

wmobf.3 1/5/00 Clark Thomborson Watermarking Variants The watermark may be visible and robust (difficult to remove), providing a proof of ownership. The watermark may be fragile (obliterated by any modification), proving authenticity.  The watermark may be invisible and robust, providing proof of ownership and security from theft. Fingerprinting is a variant of watermarking in which we put a unique customer-ID in each object we distribute. Piracy can be detected if we discover duplicate fingerprints, and these fingerprints identify the (witting or unwitting) source of the distribution.

wmobf.4 1/5/00 Clark Thomborson Our Desiderata for WMs Watermarks should be stealthy -- difficult for an adversary to locate. Watermarks should be resilient to attack -- resisting attempts at removal even if they are located. Watermarks should have a high data-rate -- so that we can store a meaningful message without significantly increasing the size of the object.

wmobf.5 1/5/00 Clark Thomborson Attacks on Watermarks Subtractive attacks: remove the WM without damaging the cover. Additive attacks: add a new WM without revealing “which WM was added first”. Distortive attacks: modify the WM without damaging the cover. Collusive attacks: examine two fingerprinted objects, or a watermarked object and its unwatermarked cover; find the differences; construct a new object without a recognisable mark.

wmobf.6 1/5/00 Clark Thomborson Defenses for Software Watermarks Obfuscation: we can modify the software so that a reverse engineer will have great difficulty figuring out how to reproduce the cover without also reproducing the WM. Tamperproofing: we can add integrity-checking code that (almost always) renders it unusable if the object is modified.

wmobf.7 1/5/00 Clark Thomborson Classification of SW Watermarks Static code watermarks are stored in the section of the executable that contains instructions. Static data watermarks are stored in other sections of the executable.  Dynamic data watermarks are stored in a program’s execution state. Such watermarks are resilient to distortive (obfuscation) attacks.

wmobf.8 1/5/00 Clark Thomborson Dynamic Watermarks Easter Eggs are revealed to any end-user who types a special input sequence. Execution Trace Watermarks are carried (steganographically) in the instruction execution sequence of a program, when it is given a special input.  Data Structure Watermarks are built (steganographically) by a program, when it is given a special input sequence (possibly null).

wmobf.9 1/5/00 Clark Thomborson Easter Eggs The watermark is visible -- if you know where to look! Not resilient, once the secret is out. See

wmobf.10 1/5/00 Clark Thomborson Our Goals for Dynamic DS WMs Stealth. Our WM should “look like” other structures created by the cover (search trees, hash tables, etc.) Resiliency. Our WM should have some properties that can be checked, stealthily and quickly at runtime, by tamperproofing code (triangulated graphs, biconnectivity, …) Data Rate. We would like to encode 100-bit WMs, or 1000-bit fingerprints, in a few KB of data structure. Our fingerprints may be 1000-bit integers that are products of two primes.

wmobf.11 1/5/00 Clark Thomborson Permutation Graphs (Harary) The WM is High data rate: lg(n!)  lg(n/e) bits per node. High stealth, low resiliency (?) Tamperproofing may involve storing the same permutation in another data structure. What if an adversary changes the node labels?  Node labels may be obtained from node positions on another list.

wmobf.12 1/5/00 Clark Thomborson Oriented Trees Represent as “parent- pointer trees” There are oriented trees on n nodes, with c = 0.44 and  = 2.956, so the data rate is lg(  )/2  0.8 bits/node. 1:2:22: 48: A few of the 48 trees for n = 7 Could you “hide” this data structurein the code for a compiler? For a word processor?

wmobf.13 1/5/00 Clark Thomborson Planted Plane Cubic Trees One root node (in-degree 1). Trivalent internal nodes, with rotation on edges. We add edges to make all nodes trivalent, preserving planarity and distinguishing the root. Simple enumeration (Catalan numbers). Data rate is ~2 bits per leaf node. Excellent tamperproofing. n = 1 n = 2 n = 3 n = 4

wmobf.14 1/5/00 Clark Thomborson Open Problems in Watermarking We can easily build a “recogniser” program to find the WM and therefore demonstrate ownership… but can we release this recogniser to the public without compromising our watermarks? Can we design a “partial recogniser” that preserves resiliency, even though it reveals the location of some part of our WM?

wmobf.15 1/5/00 Clark Thomborson State of the Art in SW Watermarking First dynamic DS watermarks installed in Recognition SW being developed. Ongoing search for graph structures that are suitable for carrying fingerprints. Requirements: –easily enumerable –low outdegree (but high data rate) –quickly-checked properties (for tamperproofing)

wmobf.16 1/5/00 Clark Thomborson Software Obfuscation Many authors, websites and even a few commercial products offer “automatic obfuscation” as a defense against reverse engineering. Existing products generally operate at the lexical level of software, for example by removing or scrambling the names of identifiers. We seem to have been the first (in 1997) to use “opaque predicates” to obfuscate the control structure of software.

wmobf.17 1/5/00 Clark Thomborson Opaque Predicates {A; B }  A B pTpT T F “always true” A B P?P? T F “indeterminate” B’ A B PTPT T F “tamperproof” B bug (“always false” is not shown)

wmobf.18 1/5/00 Clark Thomborson if (f == g) then ? Static alias analysis is intractable, so a de-obfuscator must use dynamic analysis to remove our opaque predicates.

wmobf.19 1/5/00 Clark Thomborson Conclusion New art in software obfuscation can make it more difficult for pirates to defeat standard tamperproofing mechanisms, or to engage in other forms of reverse engineering. New art in software watermarking can embed “ownership marks” in software, that will be very difficult for anyone to remove. Much more R&D is required before robust obfuscating and watermarking tools are easy to use and readily available to software developers.