Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Published byBartholomew Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer."— Presentation transcript:

1 wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer Science Tech Report 170 University of Auckland 4 February 2000

2 wmobf.2 1/5/00 Clark Thomborson Watermarking and Fingerprinting Image, audio, video, text… Visible or invisible marks Fragile or robust Watermarking 1. Discourages theft 2. Allows us to prove theft Fingerprinting 3. Allows us to trace violators Watermark: a secret message embedded into a cover message.

3 wmobf.3 1/5/00 Clark Thomborson Watermarking Variants The watermark may be visible and robust (difficult to remove), providing a proof of ownership. The watermark may be fragile (obliterated by any modification), proving authenticity.  The watermark may be invisible and robust, providing proof of ownership and security from theft. Fingerprinting is a variant of watermarking in which we put a unique customer-ID in each object we distribute. Piracy can be detected if we discover duplicate fingerprints, and these fingerprints identify the (witting or unwitting) source of the distribution.

4 wmobf.4 1/5/00 Clark Thomborson Our Desiderata for WMs Watermarks should be stealthy -- difficult for an adversary to locate. Watermarks should be resilient to attack -- resisting attempts at removal even if they are located. Watermarks should have a high data-rate -- so that we can store a meaningful message without significantly increasing the size of the object.

5 wmobf.5 1/5/00 Clark Thomborson Attacks on Watermarks Subtractive attacks: remove the WM without damaging the cover. Additive attacks: add a new WM without revealing “which WM was added first”. Distortive attacks: modify the WM without damaging the cover. Collusive attacks: examine two fingerprinted objects, or a watermarked object and its unwatermarked cover; find the differences; construct a new object without a recognisable mark.

6 wmobf.6 1/5/00 Clark Thomborson Defenses for Software Watermarks Obfuscation: we can modify the software so that a reverse engineer will have great difficulty figuring out how to reproduce the cover without also reproducing the WM. Tamperproofing: we can add integrity-checking code that (almost always) renders it unusable if the object is modified.

7 wmobf.7 1/5/00 Clark Thomborson Classification of SW Watermarks Static code watermarks are stored in the section of the executable that contains instructions. Static data watermarks are stored in other sections of the executable.  Dynamic data watermarks are stored in a program’s execution state. Such watermarks are resilient to distortive (obfuscation) attacks.

8 wmobf.8 1/5/00 Clark Thomborson Dynamic Watermarks Easter Eggs are revealed to any end-user who types a special input sequence. Execution Trace Watermarks are carried (steganographically) in the instruction execution sequence of a program, when it is given a special input.  Data Structure Watermarks are built (steganographically) by a program, when it is given a special input sequence (possibly null).

9 wmobf.9 1/5/00 Clark Thomborson Easter Eggs The watermark is visible -- if you know where to look! Not resilient, once the secret is out. See www.eeggs.com

10 wmobf.10 1/5/00 Clark Thomborson Our Goals for Dynamic DS WMs Stealth. Our WM should “look like” other structures created by the cover (search trees, hash tables, etc.) Resiliency. Our WM should have some properties that can be checked, stealthily and quickly at runtime, by tamperproofing code (triangulated graphs, biconnectivity, …) Data Rate. We would like to encode 100-bit WMs, or 1000-bit fingerprints, in a few KB of data structure. Our fingerprints may be 1000-bit integers that are products of two primes.

11 wmobf.11 1/5/00 Clark Thomborson Permutation Graphs (Harary) The WM is 1-3-5-6-2-4. High data rate: lg(n!)  lg(n/e) bits per node. High stealth, low resiliency (?) Tamperproofing may involve storing the same permutation in another data structure. What if an adversary changes the node labels? 1 3 5 6 2 4  Node labels may be obtained from node positions on another list.

12 wmobf.12 1/5/00 Clark Thomborson Oriented Trees Represent as “parent- pointer trees” There are oriented trees on n nodes, with c = 0.44 and  = 2.956, so the data rate is lg(  )/2  0.8 bits/node. 1:2:22: 48: A few of the 48 trees for n = 7 Could you “hide” this data structurein the code for a compiler? For a word processor?

13 wmobf.13 1/5/00 Clark Thomborson Planted Plane Cubic Trees One root node (in-degree 1). Trivalent internal nodes, with rotation on edges. We add edges to make all nodes trivalent, preserving planarity and distinguishing the root. Simple enumeration (Catalan numbers). Data rate is ~2 bits per leaf node. Excellent tamperproofing. n = 1 n = 2 n = 3 n = 4

14 wmobf.14 1/5/00 Clark Thomborson Open Problems in Watermarking We can easily build a “recogniser” program to find the WM and therefore demonstrate ownership… but can we release this recogniser to the public without compromising our watermarks? Can we design a “partial recogniser” that preserves resiliency, even though it reveals the location of some part of our WM?

15 wmobf.15 1/5/00 Clark Thomborson State of the Art in SW Watermarking First dynamic DS watermarks installed in 1999. Recognition SW being developed. Ongoing search for graph structures that are suitable for carrying fingerprints. Requirements: –easily enumerable –low outdegree (but high data rate) –quickly-checked properties (for tamperproofing)

16 wmobf.16 1/5/00 Clark Thomborson Software Obfuscation Many authors, websites and even a few commercial products offer “automatic obfuscation” as a defense against reverse engineering. Existing products generally operate at the lexical level of software, for example by removing or scrambling the names of identifiers. We seem to have been the first (in 1997) to use “opaque predicates” to obfuscate the control structure of software.

17 wmobf.17 1/5/00 Clark Thomborson Opaque Predicates {A; B }  A B pTpT T F “always true” A B P?P? T F “indeterminate” B’ A B PTPT T F “tamperproof” B bug (“always false” is not shown)

18 wmobf.18 1/5/00 Clark Thomborson if (f == g) then ? Static alias analysis is intractable, so a de-obfuscator must use dynamic analysis to remove our opaque predicates.

19 wmobf.19 1/5/00 Clark Thomborson Conclusion New art in software obfuscation can make it more difficult for pirates to defeat standard tamperproofing mechanisms, or to engage in other forms of reverse engineering. New art in software watermarking can embed “ownership marks” in software, that will be very difficult for anyone to remove. Much more R&D is required before robust obfuscating and watermarking tools are easy to use and readily available to software developers.

Download ppt "Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer."

Similar presentations

Rob Farraher Ken Pickering Lim Vu

Rob Farraher Ken Pickering Lim Vu
More Efficient Generation of Plane Triangulations Shin-ichi Nakano Takeaki Uno Gunma University National Institute of JAPAN Informatics, JAPAN 23/Sep/2003.

More Efficient Generation of Plane Triangulations Shin-ichi Nakano Takeaki Uno Gunma University National Institute of JAPAN Informatics, JAPAN 23/Sep/2003.
Robust Invisible Watermarking of Volume Data Y. Wu 1, X. Guan 2, M. S. Kankanhalli 1, Z. Huang 1 NUS Logo 12.

Robust Invisible Watermarking of Volume Data Y. Wu 1, X. Guan 2, M. S. Kankanhalli 1, Z. Huang 1 NUS Logo 12.
H12.1 15-Mar-01 Clark Thomborson Software Security CompSci 725 Handout 12: Student Presentations, Watermarking & Obfuscation Clark Thomborson University.

H Mar-01 Clark Thomborson Software Security CompSci 725 Handout 12: Student Presentations, Watermarking & Obfuscation Clark Thomborson University.
Techniques for Software Watermarking and Fingerprinting Prof. Clark Thomborson Presentation at Tsinghua University 17 th March 2010.

Techniques for Software Watermarking and Fingerprinting Prof. Clark Thomborson Presentation at Tsinghua University 17 th March 2010.
Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.
Introduction to Watermarking Anna Ukovich Image Processing Laboratory (IPL)

Introduction to Watermarking Anna Ukovich Image Processing Laboratory (IPL)
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
Technical Aspects of Digital Rights Management

Technical Aspects of Digital Rights Management
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.
1 A Functional Taxonomy for Software Watermarking Jas Nagra, Clark Thomborson University of Auckland Christian Collberg University of Arizona.

1 A Functional Taxonomy for Software Watermarking Jas Nagra, Clark Thomborson University of Auckland Christian Collberg University of Arizona.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
Digital Watermarking for Multimedia Security R. Chandramouli MSyNC:Multimedia Systems, Networking, and Communications Lab Stevens Institute of Technology.

Digital Watermarking for Multimedia Security R. Chandramouli MSyNC:Multimedia Systems, Networking, and Communications Lab Stevens Institute of Technology.
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Watermarking Technology Ishani Vyas CS590 Winter 2008.

Watermarking Technology Ishani Vyas CS590 Winter 2008.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.
2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Similar presentations

Ads by Google