INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY

Transcription

1 INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY VERSION 2.2 OCTOBER 2001 SUMMARY Software is easy to tamper with and reverse engineer so unprotected software deployed on malicious hosts can t be trusted by corporations and service providers. Cloakware has developed an innovative security technology that converts ordinary software into Tamper Resistant Software (TRS). With Cloakware/TRS technology, software can now be deployed on suspicious hosts and be trusted to perform the functions it was designed to perform and to conceal proprietary algorithms and secrets including cryptographic keys embedded in the software., 2001

2 INTRODUCTION A fundamental security limitation faced by designers of corporate and Internet applications is that software is easy to tamper with (to change the intended functionality of the software) and to reverse engineer (to determine how the software works and to discover proprietary algorithms and secrets). This means that software deployed in hostile environments, like the Internet, on platforms you can t control cannot always be trusted to perform the intended functions or to conceal confidential or proprietary information and algorithms. Cloakware has developed an innovative security technology that converts ordinary software into tamper-resistant software (TRS). In its cloaked form, software is highly resistant to tampering attacks unauthorized modifications to the software result in non-functional code and very difficult to reverse engineer using sophisticated code analysis techniques and tools including debuggers. Cloakware/TRS technology enables applications and new architectures, protects intellectual property, lowers the cost of security and administration, and improves user convenience. This white paper provides an introduction to Cloakware/TRS technology, describes how it works and discusses implementation considerations. Figure 1. Tampering and Reverse Engineering Attacks on Software Original Program Tampered Program If CEO (transfer funds) else (reject) Tampering Attack If anyone (transfer funds) else (reject) Secret Key Proprietary Algorithm Reverse- Engineering Attack Secret Key Proprietary Algorithm Reverse Engineering Outputs Secret Key Proprietary Algorithm If CEO (transfer funds) else (reject) 2

3 CLOAKWARE/TRS TECHNOLOGY Cloakware/TRS is a patent-pending software security technology that is the first technology to provide a high degree of protection against both tampering and reverse engineering without constraining portability and ease of use. Cloakware/TRS technology uses functionality preserving code transformations implemented using a one-way program translation tool or Encoder (refer to Figure 1). Source code is input to the Encoder, which converts the code into a tamper-resistant or cloaked form. The cloaked code has the same functionality as the original program, but has the property that it is very difficult to reverse engineer or tamper with. The cloaked program executes on any open computing platform without special hardware or software. An attacker can still "see" the bits and bytes that make up the program but it is extremely difficult to extract information about what the program does or to tamper with the program. Figure 2. The Cloakware/TRS Encoder Other Application Other Application Security Sensitive Application - secret keys - algorithms - branches Cloakware Encoder Cloaked Source Host Computer Object Commercial Compiler The code transformations performed by the Encoder can be optimized for the security requirements of specific applications and fall into four categories: Data flow These are code transformations that conceal variables and operations primarily to defend against reverse engineering attacks. They also make tampering attacks more difficult by substantially increasing the level of difficulty to understand a program. Control flow These code transformations are applied to program control flow to defend against tampering attacks such as branch jamming. 3

4 Mass data These transformations conceal large arrays and data structures to prevent reverse engineering and tampering. White box cryptography (WBC) These transformations are specific to cryptographic ciphers and enable key hiding within the cipher. Specialized transformations are require to protect cryptographic algorithms since they are very well studied and are subject to a whole class of attacks that other algorithms are not exposed to. Hence, crypto algorithms require very specific transformations to protect them against reverse engineering attacks intended to uncover cryptographic keys. During the Encoding process, randomness is injected into the code transformations. Hence, a single program can be transformed into multiple cloaked instances of the program. Each cloaked instance has the same functionality but looks different to an attacker attempting to tamper with or reverse engineer the program. This capability is the key to developing applications that resist global or automated attacks and to refreshing the security of software applications. We look at how this capability can be leveraged later in this white paper. THREAT MODEL AND SECURITY Cloakware/TRS technology converts software into a form that takes a sophisticated attacker months rather than minutes or hours to penetrate. One of the fundamental assumptions underlying this is the threat model for cloaked software. Unlike many software protection technologies, our threat model assumes that an attacker has access to our patents and complete access to the software executing on an open platform with this the attacker is able to see the data flow and control flow with the most sophisticated debugging and hacking tools. The second assumption has to do with the class of attacker we are trying to defend software against. Attackers can be classified by a number of schemes 1&2. We have adapted these to fit the context of Cloakware/TRS: Class I: Class I attackers are often very intelligent but they lack the inside knowledge of Cloakware/TRS to mount a new or novel attack. They may have access to only moderately sophisticated equipment. They often try to take advantage of an existing weakness in the system, rather than try to create one. Unless there is a known weakness to exploit, they are not usually a threat. Class II: Class II attackers have substantial mathematical skill sets in areas such as geometric combinatorics, statistics, signal processing, number theory and optimization theory. They have all of the knowledge assumed by the above Threat Model. This class of attackers has access to sophisticated tools for analysis, including emulators, and is comprised of highly skilled programmers. Class III (funded organizations): Class III attackers are organizationally funded tiger teams of Class II and above attackers. They have access to specialists in any of the necessary areas of mathematical expertise. They also have the latest in tools and computing machinery. They can design new and innovative attacks on TRS and exploit even the smallest weakness. Currently, we estimate that it would take Class II and Class III attackers months to penetrate a cloaked program compared to minutes or hours for an unprotected program. In support of our security claims, 1 R. Anderson and M. Kuhn, Low Cost Attacks on Tamper Resistant Devices, Proceedings of Security Protocols, 5 tth International Workshop, Paris, France, April7-9, 1997, pp Also available in PDF form at 2 D.G. Abraham, G.M. Dolan, G.P. Double and J.V. Stevens, Transaction Security System, IBM Systems Journal Volume 30, Number 2, 1991, pp

5 we have worked with academic researchers to establish a theoretical basis for the security of TRS 3 & 4 We have also established practical proof points of this security through work with Class III attackers. Cloakware is also continuously advancing this security level through the development of new code transformations and through an open security review process by working with academic researchers, and by presenting the technology at security conferences and workshops. LEVERAGING CLOAKED INSTANCES Cloakware/TRS has two important features that enable the development of systems that resist global or automated attacks and aid in refreshing the security of an application on an ongoing basis: The Cloakware Encoder can be configured to automatically produce hundreds, thousands or millions of different cloaked instances of a software program. The Encoder applies different transformations to each instance of the software. Each cloaked instance is functionally equivalent but is transformed differently by the Cloakware Encoder. Developing an attack against a cloaked instance of a program would take substantial time and effort for a sophisticated attacker. Developing an automated attack against a large number of cloaked instances of a program would be extremely difficult because each instance looks different to the attacker and it is unlikely that an attacker would not have direct access to each cloaked instance of the program. When designed into the appropriate system architecture, these capabilities of the Cloakware Encoder can substantially increase the resistance of the system to global attacks (attacks that can be automated and compromise the entire security of the system). Another advantage of this capability is that the cloaked instances of a program or security sub-system in a larger application (for example a content protection or DRM system) can now be refreshed continuously to stay ahead of attackers or to prevent attacks on vulnerabilities that may be discovered over time. History has taught those in the security industry that no security technology is bulletproof. Biology has taught us that diversity and the ability to evolve ensure survival of a species. Cloakware/TRS brings the benefits of diversity and ability to evolve to secure applications. 3 4 A. Shokurov, Preliminary Report on Measures of Resistance of Data Encodings, Technical Report, May 9, 200. Available in PDF form at Vladimir Zakharov. On the Complexity of Cloaked Program Analysis. Available in PDF form by contacting Cloakware at info@cloakware.com. 5

6 Figure 3. Defending Agains Application Tampering & reverse engineering attack Cloaked Instance Security Sensitive Application Targeted Encoder Application Cloaked Instance Automated Attacks Application Cloaked Instance IMPLEMENTATION CONSIDERATIONS For application and system designers interested in using Cloakware/TRS technology, there are several important considerations that affect implementation: expansion Program complexity Protocol design Diversity and renewability (discussed above) Expansion Encoding software results in code expansion meaning the cloaked software is larger in size than the input software. This can be dealt with in two ways. First, only the critical components of a program are cloaked such that the overall code expansion is a small percentage. For example, assume the critical security function, prior to cloaking, takes up 100 Kbytes of a program that is 1 Mbyte in size and that cloaking triples the size of the cloaked portion of the program. As shown in figure 3, the result will be an overall program that is 1.2 Mbytes in size a 20% increase over the unprotected program. Secondly, the Encoder has controls that can be adjusted for a specific application to optimize the security/size/runtime performance of the cloaked code. Figure 4. Expansion a) Before Cloaking Size = 1 MB b) After Cloaking Total increase = 20% 300 k 900k 100k 900k 6

7 Program Complexity Regardless of the degree of cloaking applied to an application, the cloaked portion of the code should be large enough and/or complex enough to make a black box attack infeasible. Otherwise, an attacker could simply monitor the code input and output and write new code to mimic the behavior of the cloaked program. Protocol Design Often Cloakware/TRS technology is a critical element of a total solution but not the entire solution. Applications that leverage TRS often depend on cryptographic protocols for secure communications between trusted software components or they may rely on system calls. The security protocols at the boundary of the cloaked portion of the program must be given careful consideration to ensure overall system security. For example, Cloakware/TRS technology alone cannot guarantee the integrity of system calls, such as checking the system clock. If the security of an application depends on system calls, it is possible for an attacker to spoof the operating system and return values that could cause the protocol to fail. This is more of a system design issue. Cloakware has substantial experience in implementing TRS in secure systems and can assist partners and customers in designing a secure system that makes optimal use of TRS and other security technologies and protocols. 7

8 CONCLUSION Software is easy to tamper with and reverse engineer so software deployed on suspicious hosts cannot be trusted to perform the intended functions or to conceal proprietary information and algorithms without some form of protection. Cloakware has developed an innovative security technology that converts ordinary software into TRS. Cloakware/TRS technology is based on a family of compiler-derived techniques and the innovative application of mathematical principles to prevent reverse engineering and tampering of software. The technology is implemented in the form of an encoder or program translation tool that converts normal software into TRS. This changes the rules for application and system designers since TRS can be deployed on suspicious hosts and be trusted to perform the functions it was designed to perform and to resist reverse engineering attacks. Implementation of TRS in a system requires consideration of code expansion produced by the encoder, program complexity and protocol design. Cloakware has expertise in TRS technology and applications and can assist partners and customers in the implementation of TRS technology to yield secure systems., 2001 This document is provided as is with no warranties, expressed or implied, including but not limited to any implied warranty of merchantability, fitness for a particular purpose, or freedom from infringement. may have patents or pending patent applications, trademarks, copyrights or other intellectual property rights that relate to the described subject matter. The furnishing of this document does not provide any license, expressed or implied, by estoppels or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. assumes no responsibility for error or omissions in this document; nor does Cloakware Corporation make any commitment to update the information contained herein. This document is subject to change without notice. 8