Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacking an obfuscated cipher by injecting faults

Published byCassandra Boone Modified over 6 years ago

Similar presentations

Presentation on theme: "Attacking an obfuscated cipher by injecting faults"— Presentation transcript:

1 Attacking an obfuscated cipher by injecting faults
Matthias Jacob Dan Boneh Edward Felten 2002 ACM Workshop on Digital Rights Management Presented by Mike Stay

2 Summary This paper introduces the concept of tamper resistance as a new way to measure the strength of obfuscation algorithms and shows how tampering can be used to defeat a commercial obfuscator.

3 “To make so confused as to be difficult to understand”
Obfuscation “To make so confused as to be difficult to understand” Code is supposed to be so confusing that it’s hard to figure out: Data: decryption key, for instance How to manipulate it: get rid of nag screens, DRM, etc. What it’s doing: algorithm is trade secret

4 Previous Taxonomy Collberg et al: Potency – confusing a human
Resilience – confusing a computer Cost – time / space overhead Stealth – if you can’t find it, you can’t attack it

5 Previous Taxonomy Collberg et al: Potency – confusing a human
Resilience – confusing a computer Cost – time / space overhead Stealth – if you can’t find it, you can’t attack it This paper: Tamper Resistance – how well it resists attempts to break the system by changing data or code

6 Improving Tamper Resistance
Local checking: check each intermediate result or instruction with a checksum Global checking: interleave many copies of the same algorithm and take the median value. Self-checking: obfuscate the checker and have it check itself as well. Custom obfuscation: different for each user

7 Criticism Human-consumable content Countermeasures
If you just consider the problem of decrypting data while protecting a secret key, public key crypto solves it; but neither system is any good at preventing attacks that just sniff the soundboard. Countermeasures The suggested countermeasures for tamper resistance are ad hoc, with no security proof. Custom obfuscation is very impractical: you can’t burn 1000 CDs with your product all at once

8 Good stuff Proof that finding a key is NP-complete:
Given a decryption circuit D(p, k) and an obfuscated decryption circuit O(p), simply let O(p) = 1 and find k such that D(k) = 1. But that’s exactly SAT, the canonical NP-complete problem. Building functions that are hard like that is what modern cryptography is all about. No one knows, for instance, a k for which SHA1(k) = 0.

9 What if we could obfuscate any size data?
Trapdoor block cipher: a block cipher that works like a public-key cipher, but much faster. Secure Turing machine: data becomes a one-time pad for hiding the state of the computation using two-player protocols.

10 Question: What other countermeasures can you think of to protect software against tampering?

Download ppt "Attacking an obfuscated cipher by injecting faults"

Similar presentations

Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.

Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.
White-Box Cryptography

White-Box Cryptography
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.
Software-based Code Attestation for Wireless Sensors.

Software-based Code Attestation for Wireless Sensors.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.

Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t 50700480 Nguy ễ n Hoàng Nh ậ t Đông 50700542 Nguy ễ n Duy C ườ ng 50700287 1.

DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.
Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.

Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Similar presentations

Ads by Google