INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY

Similar documents
White-Box Cryptography State of the Art. Paul Gorissen

HP Fortify Software Security Center

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Intel Analysis of Speculative Execution Side Channels

Applying Context to Web Authentication

C1: Define Security Requirements

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Achieve deeper network security

Recommendations for LXI systems containing devices supporting different versions of IEEE 1588

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Security. Communication security. System Security

EXECUTIVE BRIEF: WHY NETWORK SANDBOXING IS REQUIRED TO STOP RANSOMWARE

Security Enhancements

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Network Security Issues and Cryptography

Product Security Program

La Science du Secret sans Secrets

Windows 10 IoT Core Azure Connectivity and Security

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Secure Development Lifecycle

Teradata and Protegrity High-Value Protection for High-Value Data

Network Working Group. Category: Standards Track NIST November 1998

Intel Authoring Tools for UPnP* Technologies

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Make security part of your client systems refresh

IT SECURITY FOR NONPROFITS

Trustwave Managed Security Testing

Automated Attack Framework for Test & Evaluation (AAFT)

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

IBM Security Network Protection Solutions

Machine-Based Penetration Testing

Ten Reasons to Optimize a Processor

TRUE SECURITY-AS-A-SERVICE

Introduction to PCI Express Positioning Information

Building Secure Systems: Problems and Principles. Dennis Kafura

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA DISTRIBUTED CREDENTIAL PROTECTION

Fast Incident Investigation and Response with CylanceOPTICS

MILITARY ANTI-TAMPERING SOLUTIONS USING PROGRAMMABLE LOGIC

Security and Privacy in RFID Evolving Application Spaces for Edge Security

Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO

Carbon Black PCI Compliance Mapping Checklist

BIG DATA INDUSTRY PAPER

THALES DATA THREAT REPORT

ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES

Enhance your Cloud Security with AMD EPYC Hardware Memory Encryption

CS408 Cryptography & Internet Security

Secure Programming for Fun and Profit

The definitive guide to selecting the right ADC for the digital transformation era

Request for Comments: K. Norrman Ericsson June 2006

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Machine-Based Penetration Testing

Best practices in IT security co-management

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

The Shortcut Guide To. Protecting Against Web Application Threats Using SSL. Dan Sullivan

Request for Comments: 3566 Category: Standards Track Intel September The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec

Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn

Comprehensive Database Security

ARM Security Solutions and Numonyx Authenticated Flash

Why the cloud matters?

THE POWER AND RISK OF MOBILE. White paper

Correlation and Phishing

DDoS MITIGATION BEST PRACTICES

Evaluating Tokenization Systems

Maximizing System x and ThinkServer Performance with a Balanced Memory Configuration

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Category: Informational March Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME

Security: The Key to Affordable Unmanned Aircraft Systems

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

SECURING DEVICES IN THE INTERNET OF THINGS

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Cryptography and Network Security

The Mimecast Security Risk Assessment Quarterly Report May 2017

Defend Against the Unknown

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Technological foundation

Security of Block Ciphers Beyond Blackbox Model

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Network Working Group Request for Comments: December 2004

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

LET S ENCRYPT SUBSCRIBER AGREEMENT

Vulnerability of Certain Stream Ciphers Based on k-normal Boolean Functions

Topics. Ensuring Security on Mobile Devices

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Trusted Computing Group

Certification Report

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS

Q: Are power supply attacks in scope for SSITH? A: The hacker team will not have physical access to the power supply.

Protecting the Client

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Transcription:

INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY VERSION 2.2 OCTOBER 2001 SUMMARY Software is easy to tamper with and reverse engineer so unprotected software deployed on malicious hosts can t be trusted by corporations and service providers. Cloakware has developed an innovative security technology that converts ordinary software into Tamper Resistant Software (TRS). With Cloakware/TRS technology, software can now be deployed on suspicious hosts and be trusted to perform the functions it was designed to perform and to conceal proprietary algorithms and secrets including cryptographic keys embedded in the software., 2001

INTRODUCTION A fundamental security limitation faced by designers of corporate and Internet applications is that software is easy to tamper with (to change the intended functionality of the software) and to reverse engineer (to determine how the software works and to discover proprietary algorithms and secrets). This means that software deployed in hostile environments, like the Internet, on platforms you can t control cannot always be trusted to perform the intended functions or to conceal confidential or proprietary information and algorithms. Cloakware has developed an innovative security technology that converts ordinary software into tamper-resistant software (TRS). In its cloaked form, software is highly resistant to tampering attacks unauthorized modifications to the software result in non-functional code and very difficult to reverse engineer using sophisticated code analysis techniques and tools including debuggers. Cloakware/TRS technology enables applications and new architectures, protects intellectual property, lowers the cost of security and administration, and improves user convenience. This white paper provides an introduction to Cloakware/TRS technology, describes how it works and discusses implementation considerations. Figure 1. Tampering and Reverse Engineering Attacks on Software Original Program Tampered Program If CEO (transfer funds) else (reject) Tampering Attack If anyone (transfer funds) else (reject) Secret Key Proprietary Algorithm Reverse- Engineering Attack Secret Key Proprietary Algorithm Reverse Engineering Outputs Secret Key Proprietary Algorithm If CEO (transfer funds) else (reject) 2

CLOAKWARE/TRS TECHNOLOGY Cloakware/TRS is a patent-pending software security technology that is the first technology to provide a high degree of protection against both tampering and reverse engineering without constraining portability and ease of use. Cloakware/TRS technology uses functionality preserving code transformations implemented using a one-way program translation tool or Encoder (refer to Figure 1). Source code is input to the Encoder, which converts the code into a tamper-resistant or cloaked form. The cloaked code has the same functionality as the original program, but has the property that it is very difficult to reverse engineer or tamper with. The cloaked program executes on any open computing platform without special hardware or software. An attacker can still "see" the bits and bytes that make up the program but it is extremely difficult to extract information about what the program does or to tamper with the program. Figure 2. The Cloakware/TRS Encoder Other Application Other Application Security Sensitive Application - secret keys - algorithms - branches Cloakware Encoder Cloaked Source Host Computer Object 10110100101110101010 10000011110001000101 11100001111000010111 00000111110000111111 11100000000001111111 11111000000000110101 01010011110001111010 10100111001010101001 01010010001010101011 01110101 Commercial Compiler The code transformations performed by the Encoder can be optimized for the security requirements of specific applications and fall into four categories: Data flow These are code transformations that conceal variables and operations primarily to defend against reverse engineering attacks. They also make tampering attacks more difficult by substantially increasing the level of difficulty to understand a program. Control flow These code transformations are applied to program control flow to defend against tampering attacks such as branch jamming. 3

Mass data These transformations conceal large arrays and data structures to prevent reverse engineering and tampering. White box cryptography (WBC) These transformations are specific to cryptographic ciphers and enable key hiding within the cipher. Specialized transformations are require to protect cryptographic algorithms since they are very well studied and are subject to a whole class of attacks that other algorithms are not exposed to. Hence, crypto algorithms require very specific transformations to protect them against reverse engineering attacks intended to uncover cryptographic keys. During the Encoding process, randomness is injected into the code transformations. Hence, a single program can be transformed into multiple cloaked instances of the program. Each cloaked instance has the same functionality but looks different to an attacker attempting to tamper with or reverse engineer the program. This capability is the key to developing applications that resist global or automated attacks and to refreshing the security of software applications. We look at how this capability can be leveraged later in this white paper. THREAT MODEL AND SECURITY Cloakware/TRS technology converts software into a form that takes a sophisticated attacker months rather than minutes or hours to penetrate. One of the fundamental assumptions underlying this is the threat model for cloaked software. Unlike many software protection technologies, our threat model assumes that an attacker has access to our patents and complete access to the software executing on an open platform with this the attacker is able to see the data flow and control flow with the most sophisticated debugging and hacking tools. The second assumption has to do with the class of attacker we are trying to defend software against. Attackers can be classified by a number of schemes 1&2. We have adapted these to fit the context of Cloakware/TRS: Class I: Class I attackers are often very intelligent but they lack the inside knowledge of Cloakware/TRS to mount a new or novel attack. They may have access to only moderately sophisticated equipment. They often try to take advantage of an existing weakness in the system, rather than try to create one. Unless there is a known weakness to exploit, they are not usually a threat. Class II: Class II attackers have substantial mathematical skill sets in areas such as geometric combinatorics, statistics, signal processing, number theory and optimization theory. They have all of the knowledge assumed by the above Threat Model. This class of attackers has access to sophisticated tools for analysis, including emulators, and is comprised of highly skilled programmers. Class III (funded organizations): Class III attackers are organizationally funded tiger teams of Class II and above attackers. They have access to specialists in any of the necessary areas of mathematical expertise. They also have the latest in tools and computing machinery. They can design new and innovative attacks on TRS and exploit even the smallest weakness. Currently, we estimate that it would take Class II and Class III attackers months to penetrate a cloaked program compared to minutes or hours for an unprotected program. In support of our security claims, 1 R. Anderson and M. Kuhn, Low Cost Attacks on Tamper Resistant Devices, Proceedings of Security Protocols, 5 tth International Workshop, Paris, France, April7-9, 1997, pp. 125-136. Also available in PDF form at http://www.cl.cam.ac.uk/~mgk25/tamper2.pdf 2 D.G. Abraham, G.M. Dolan, G.P. Double and J.V. Stevens, Transaction Security System, IBM Systems Journal Volume 30, Number 2, 1991, pp 206-229. 4

we have worked with academic researchers to establish a theoretical basis for the security of TRS 3 & 4 We have also established practical proof points of this security through work with Class III attackers. Cloakware is also continuously advancing this security level through the development of new code transformations and through an open security review process by working with academic researchers, and by presenting the technology at security conferences and workshops. LEVERAGING CLOAKED INSTANCES Cloakware/TRS has two important features that enable the development of systems that resist global or automated attacks and aid in refreshing the security of an application on an ongoing basis: The Cloakware Encoder can be configured to automatically produce hundreds, thousands or millions of different cloaked instances of a software program. The Encoder applies different transformations to each instance of the software. Each cloaked instance is functionally equivalent but is transformed differently by the Cloakware Encoder. Developing an attack against a cloaked instance of a program would take substantial time and effort for a sophisticated attacker. Developing an automated attack against a large number of cloaked instances of a program would be extremely difficult because each instance looks different to the attacker and it is unlikely that an attacker would not have direct access to each cloaked instance of the program. When designed into the appropriate system architecture, these capabilities of the Cloakware Encoder can substantially increase the resistance of the system to global attacks (attacks that can be automated and compromise the entire security of the system). Another advantage of this capability is that the cloaked instances of a program or security sub-system in a larger application (for example a content protection or DRM system) can now be refreshed continuously to stay ahead of attackers or to prevent attacks on vulnerabilities that may be discovered over time. History has taught those in the security industry that no security technology is bulletproof. Biology has taught us that diversity and the ability to evolve ensure survival of a species. Cloakware/TRS brings the benefits of diversity and ability to evolve to secure applications. 3 4 A. Shokurov, Preliminary Report on Measures of Resistance of Data Encodings, Technical Report, May 9, 200. Available in PDF form at http://www.cloakware.com. Vladimir Zakharov. On the Complexity of Cloaked Program Analysis. Available in PDF form by contacting Cloakware at info@cloakware.com. 5

Figure 3. Defending Agains Application Tampering & reverse engineering attack Cloaked Instance Security Sensitive Application Targeted Encoder Application Cloaked Instance Automated Attacks Application Cloaked Instance IMPLEMENTATION CONSIDERATIONS For application and system designers interested in using Cloakware/TRS technology, there are several important considerations that affect implementation: expansion Program complexity Protocol design Diversity and renewability (discussed above) Expansion Encoding software results in code expansion meaning the cloaked software is larger in size than the input software. This can be dealt with in two ways. First, only the critical components of a program are cloaked such that the overall code expansion is a small percentage. For example, assume the critical security function, prior to cloaking, takes up 100 Kbytes of a program that is 1 Mbyte in size and that cloaking triples the size of the cloaked portion of the program. As shown in figure 3, the result will be an overall program that is 1.2 Mbytes in size a 20% increase over the unprotected program. Secondly, the Encoder has controls that can be adjusted for a specific application to optimize the security/size/runtime performance of the cloaked code. Figure 4. Expansion a) Before Cloaking Size = 1 MB b) After Cloaking Total increase = 20% 300 k 900k 100k 900k 6

Program Complexity Regardless of the degree of cloaking applied to an application, the cloaked portion of the code should be large enough and/or complex enough to make a black box attack infeasible. Otherwise, an attacker could simply monitor the code input and output and write new code to mimic the behavior of the cloaked program. Protocol Design Often Cloakware/TRS technology is a critical element of a total solution but not the entire solution. Applications that leverage TRS often depend on cryptographic protocols for secure communications between trusted software components or they may rely on system calls. The security protocols at the boundary of the cloaked portion of the program must be given careful consideration to ensure overall system security. For example, Cloakware/TRS technology alone cannot guarantee the integrity of system calls, such as checking the system clock. If the security of an application depends on system calls, it is possible for an attacker to spoof the operating system and return values that could cause the protocol to fail. This is more of a system design issue. Cloakware has substantial experience in implementing TRS in secure systems and can assist partners and customers in designing a secure system that makes optimal use of TRS and other security technologies and protocols. 7

CONCLUSION Software is easy to tamper with and reverse engineer so software deployed on suspicious hosts cannot be trusted to perform the intended functions or to conceal proprietary information and algorithms without some form of protection. Cloakware has developed an innovative security technology that converts ordinary software into TRS. Cloakware/TRS technology is based on a family of compiler-derived techniques and the innovative application of mathematical principles to prevent reverse engineering and tampering of software. The technology is implemented in the form of an encoder or program translation tool that converts normal software into TRS. This changes the rules for application and system designers since TRS can be deployed on suspicious hosts and be trusted to perform the functions it was designed to perform and to resist reverse engineering attacks. Implementation of TRS in a system requires consideration of code expansion produced by the encoder, program complexity and protocol design. Cloakware has expertise in TRS technology and applications and can assist partners and customers in the implementation of TRS technology to yield secure systems., 2001 This document is provided as is with no warranties, expressed or implied, including but not limited to any implied warranty of merchantability, fitness for a particular purpose, or freedom from infringement. may have patents or pending patent applications, trademarks, copyrights or other intellectual property rights that relate to the described subject matter. The furnishing of this document does not provide any license, expressed or implied, by estoppels or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. assumes no responsibility for error or omissions in this document; nor does Cloakware Corporation make any commitment to update the information contained herein. This document is subject to change without notice. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback