Abstract
In recent years, many have suggested to apply encryption in the domain of software protection against malicious hosts. However, little information seems to be available on the implementation aspects or cost of the different schemes. This paper tries to fill the gap by presenting our experience with several encryption techniques: bulk encryption, an on-demand decryption scheme, and a combination of both techniques. Our scheme offers maximal protection against both static and dynamic code analysis and tampering. We validate our techniques by applying them on several benchmark programs of the CPU2006 Test Suite. And finally, we propose a heuristic which trades off security versus performance, resulting in a decrease of the runtime overhead.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
Bellare, M., Rogaway, P., Wagner, D.: The eax mode of operation: A two-pass authenticated-encryption scheme optimized for simplicity and efficiency. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Cappaert, J., Kisserli, N., Schellekens, D., Preneel, B.: Self-encrypting code to protect against analysis and tampering. In: 1st Benelux Workshop on Information and System Security (WISSec 2006) (2006)
Chang, H., Atallah, M.J.: Protecting software codes by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)
Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.: Oblivious hashing: a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report #148, Department of Computer Science, The University of Auckland (1997)
De Sutter, B., Van Put, L., Chanet, D., De Bus, B., De Bosschere, K.: Link-time compaction and optimization of arm executables. ACM Transactions on Embedded Computing Systems 6(1) (2007)
Giffin, J.T., Christodorescu, M., Kruger, L.: Strengthening software self-checksumming via self-modifying code. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSA 2005), pp. 23–32. IEEE Computer Society Press, Los Alamitos (2005)
Horne, B., Matheson, L.R., Sheehan, C., Tarjan, R.E.: Dynamic Self-Checking Techniques for Improved Tamper Resistance 2320, 141–159 (2001)
Howard, M., LeBlanc, D.C.: Writing Secure Code, 2nd edn. Microsoft Press (2002)
Klimov, A., Shamir, A.: Cryptographic applications of T-functions. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 248–261. Springer, Heidelberg (2004)
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 290–299 (2003)
Low, D.: Java Control Flow Obfuscation. Master’s thesis, University of Auckland, New Zealand (1998)
Mehta, N., Clowes, S.: Shiva – ELF Executable Encryptor. Secure Reality, http://www.securereality.com.au/
Menez, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Rogaway, P., Bellare, M., Black, J.: Ocb: A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security (TISSEC) 6(3), 365–403 (2003)
Shamir, A., van Someren, N.: Playing “Hide and Seek” with Stored Keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM conference on Computer and communications security (CCS 2007), pp. 541–551. ACM Press, New York (2007)
SPEC – Standard Performance Evaluation Corporation. SPEC CPU (2006), http://www.spec.org/cpu2006/
Tan, G., Chen, Y., Jakubowski, M.H.: Delayed and controlled failures in tamper-resistant software. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 216–231. Springer, Heidelberg (2007)
Tygar, J.D., Yee, B.: Dyad: A system for using physically secure coprocessors. In: IP Workshop Proceedings (1994)
van Oorschot, P.C., Somayaji, A., Wurster, G.: Hardware-assisted circumvention of self-hashing software tamper resistance. IEEE Transactions on Dependable and Secure Computing 2(2), 82–92 (2005)
Viega, J., Messier, M.: Secure Programming Cookbook for C and C++. O’Reilly Media, Inc (2003)
Wroblewski, G.: General Method of Program Code Obfuscation. PhD thesis, Wroclaw University of Technology, Institute of Engineering Cybernetics (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cappaert, J., Preneel, B., Anckaert, B., Madou, M., De Bosschere, K. (2008). Towards Tamper Resistant Code Encryption: Practice and Experience. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-79104-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79103-4
Online ISBN: 978-3-540-79104-1
eBook Packages: Computer ScienceComputer Science (R0)