Skip to main content
SpringerLink
Log in

Embedded Software Security through Key-Based Control Flow Obfuscation

  • Conference paper
Security Aspects in Information Technology (InfoSecHiComNet 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7011))

Included in the following conference series:

Abstract

Protection against software piracy and malicious modification of software is proving to be a great challenge for resource-constrained embedded systems. In this paper, we develop a non-cryptographic, key-based, control flow obfuscation technique, which can be implemented by computationally efficient means, and is capable of operating with minimal hardware support. The scheme is based on matching a series of expected keys in sequence, similar to the unlocking process in a combination lock, and provides high levels of resistance to static and dynamic analyses. It is capable of protecting embedded software against both piracy as well as non-self-replicating malicious modifications. Simulation results on a set of MIPS assembly language programs show that the technique is capable of providing high levels of security at nominal computational overhead and about 10% code-size increase.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Turley, J.: The two percent solution, http://www.embedded.com/story/OEG20021217S0039

  2. Gwennap, L., Byrne, J.: A Guide to High-Speed Embedded Processors. The Linley Group (2008)

    Google Scholar 

  3. Dube, R.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)

    Google Scholar 

  4. Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: design challenges. ACM Transactions on Embedded Computing Systems 3(3), 461–491 (2004)

    Article  Google Scholar 

  5. Kerckhoff, A.: La cryptographie militaire. Journal des Sciences Militaires IX, 5–38 (1883)

    Google Scholar 

  6. Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Barak, B.: Can we obfuscate programs?, http://www.math.ias.edu/~boaz/Papers/obf_informal.html

  8. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Conference on Advances in Cryptology (2001)

    Google Scholar 

  9. Collberg, C., Thomborson, C., Low, D.: Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In: ACM Symposium on Principles of Programming Languages (1998)

    Google Scholar 

  10. Collberg, C., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation – Tools for Software Protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)

    Article  Google Scholar 

  11. Collberg, C., Thomborson, C., Low, D.: Breaking abstractions and unstructuring data structures. In: International Conference on Computer Languages (1998)

    Google Scholar 

  12. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: ACM Conference on Computer and Communications Security (2003)

    Google Scholar 

  13. Hou, T.W., Chen, H.Y., Tsai, M.H.: Three control flow obfuscation methods for Java software. IEE Proceedings 153(2), 80–86 (2006)

    Article  Google Scholar 

  14. Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. White, S.R., Comerford, L.: ABYSS: An architecture for software protection. IEEE Transactions on Software Engineering 16(6), 619–629 (1990)

    Article  Google Scholar 

  16. Dallas Semiconductor, Dallas DS5240 Secure Microcontroller, http://datasheets.maxim-ic.com/en/ds/DS5240.pdf

  17. Trusted Computing Group, Trusted Platform Module: Design Principles, http://www.trustedcomputinggroup.org/resources/tpm_main_specification

  18. Trusted Computing Group, TCG Mobile Trusted Module Specification, http://www.trustedcomputinggroup.org/files/resource_files/87852F33-1D093519AD0C0F141CC6B10D/Revision_6-tcg-mobile-trusted-module-1_0.pdf

  19. Leavitt Communications, Will proposed standard make mobile phones more secure?, http://www.leavcom.com/ieee_dec05.htm

  20. Joepgen, H.G., Krauss, S.: Software by means of the protprog method. Elektronik 42(17), 52–56 (1993)

    Google Scholar 

  21. Schulman, A.: Examining the Windows AARD detection code. Dr. Dobbs Journal 18(9), 42, 448, 89 (1993)

    Google Scholar 

  22. Jakubowski, M.H., Saw, C.W., Venkatesan, R.: Tamper-tolerant software: Modeling and implementation. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 125–139. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  24. Lie, D., et al.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices 35(11), 168–177 (2000)

    Article  Google Scholar 

  25. Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on VLSI 14(12), 1295–1308 (2006)

    Article  Google Scholar 

  26. Fiskiran, A.M., Lee, R.B.: Runtime execution monitoring (REM) to detect and prevent malicious code execution. In: IEEE International Conference on Computer Design (2004)

    Google Scholar 

  27. Zhuang, X., Zhang, T., Lee, H.S., Pande, S.: Hardware assisted control flow obfuscation for embedded processors. In: ACM International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (2004)

    Google Scholar 

  28. Chakraborty, R.S., Bhunia, S.: HARPOON: An obfuscation-based SoC design methodology for hardware protection. IEEE Transactions on CAD 28(10), 1493–1502 (2009)

    Article  Google Scholar 

  29. Chakraborty, R.S., Bhunia, S.: RTL hardware IP protection using key-based control and data flow obfuscation. In: VLSI Design (2010)

    Google Scholar 

  30. Copeland, B.J. (ed.): The Essential Turing: Seminal Writings in Computing, Logic, Philosophy, Artificial Intelligence, and Artificial Life Plus the Secrets of Enigma. Oxford University Press, Oxford (2004)

    MATH  Google Scholar 

  31. Dube, R.B.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)

    Google Scholar 

  32. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. ch. 22. MIT Press, Cambridge (2001)

    MATH  Google Scholar 

  33. The Boomerang Decompiler Project, Boomerang: A general, open source, retargetable decompiler of machine code programs, http://boomerang.sourceforge.net

  34. Larus, J.: SPIM: A MIPS32 simulator, http://pages.cs.wisc.edu/~larus/spim.html

  35. Balakrishnan, A., Schulze, C.: Code obfuscation literature survey, http://pages.cs.wisc.edu/~arinib/writeup.pdf

  36. Patterson, D.A., Hennessy, J.L.: Computer Organization and Design: The Hardware/Software Interface (Appendix A), 4th edn. Morgan Kaufmann Publishers, San Francisco (2009)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, West Bengal, 721302, India

    Rajat Subhra Chakraborty

  2. Department of Electrical Engineering and Computer Science, Case Western Reserve University, Cleveland, OH, 44106, USA

    Seetharam Narasimhan & Swarup Bhunia

Authors
  1. Rajat Subhra Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seetharam Narasimhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Swarup Bhunia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technicolor, Security & Content Protection Labs, 1 avenue de Belle Fontaine, 35576, Cesson-Sévigné Cedex, France

    Marc Joye

  2. Department of Computer Science and Engineering, Indian Institute of Technology, 721302, Kharagpur, West Bengal, India

    Debdeep Mukhopadhyay

  3. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, BS8 1UB, Bristol, UK

    Michael Tunstall

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chakraborty, R.S., Narasimhan, S., Bhunia, S. (2011). Embedded Software Security through Key-Based Control Flow Obfuscation. In: Joye, M., Mukhopadhyay, D., Tunstall, M. (eds) Security Aspects in Information Technology. InfoSecHiComNet 2011. Lecture Notes in Computer Science, vol 7011. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24586-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24586-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24585-5

  • Online ISBN: 978-3-642-24586-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation