Abstract
Protection against software piracy and malicious modification of software is proving to be a great challenge for resource-constrained embedded systems. In this paper, we develop a non-cryptographic, key-based, control flow obfuscation technique, which can be implemented by computationally efficient means, and is capable of operating with minimal hardware support. The scheme is based on matching a series of expected keys in sequence, similar to the unlocking process in a combination lock, and provides high levels of resistance to static and dynamic analyses. It is capable of protecting embedded software against both piracy as well as non-self-replicating malicious modifications. Simulation results on a set of MIPS assembly language programs show that the technique is capable of providing high levels of security at nominal computational overhead and about 10% code-size increase.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Turley, J.: The two percent solution, http://www.embedded.com/story/OEG20021217S0039
Gwennap, L., Byrne, J.: A Guide to High-Speed Embedded Processors. The Linley Group (2008)
Dube, R.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: design challenges. ACM Transactions on Embedded Computing Systems 3(3), 461–491 (2004)
Kerckhoff, A.: La cryptographie militaire. Journal des Sciences Militaires IX, 5–38 (1883)
Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)
Barak, B.: Can we obfuscate programs?, http://www.math.ias.edu/~boaz/Papers/obf_informal.html
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Conference on Advances in Cryptology (2001)
Collberg, C., Thomborson, C., Low, D.: Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In: ACM Symposium on Principles of Programming Languages (1998)
Collberg, C., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation – Tools for Software Protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)
Collberg, C., Thomborson, C., Low, D.: Breaking abstractions and unstructuring data structures. In: International Conference on Computer Languages (1998)
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: ACM Conference on Computer and Communications Security (2003)
Hou, T.W., Chen, H.Y., Tsai, M.H.: Three control flow obfuscation methods for Java software. IEE Proceedings 153(2), 80–86 (2006)
Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
White, S.R., Comerford, L.: ABYSS: An architecture for software protection. IEEE Transactions on Software Engineering 16(6), 619–629 (1990)
Dallas Semiconductor, Dallas DS5240 Secure Microcontroller, http://datasheets.maxim-ic.com/en/ds/DS5240.pdf
Trusted Computing Group, Trusted Platform Module: Design Principles, http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Trusted Computing Group, TCG Mobile Trusted Module Specification, http://www.trustedcomputinggroup.org/files/resource_files/87852F33-1D093519AD0C0F141CC6B10D/Revision_6-tcg-mobile-trusted-module-1_0.pdf
Leavitt Communications, Will proposed standard make mobile phones more secure?, http://www.leavcom.com/ieee_dec05.htm
Joepgen, H.G., Krauss, S.: Software by means of the protprog method. Elektronik 42(17), 52–56 (1993)
Schulman, A.: Examining the Windows AARD detection code. Dr. Dobbs Journal 18(9), 42, 448, 89 (1993)
Jakubowski, M.H., Saw, C.W., Venkatesan, R.: Tamper-tolerant software: Modeling and implementation. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 125–139. Springer, Heidelberg (2009)
Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
Lie, D., et al.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices 35(11), 168–177 (2000)
Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on VLSI 14(12), 1295–1308 (2006)
Fiskiran, A.M., Lee, R.B.: Runtime execution monitoring (REM) to detect and prevent malicious code execution. In: IEEE International Conference on Computer Design (2004)
Zhuang, X., Zhang, T., Lee, H.S., Pande, S.: Hardware assisted control flow obfuscation for embedded processors. In: ACM International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (2004)
Chakraborty, R.S., Bhunia, S.: HARPOON: An obfuscation-based SoC design methodology for hardware protection. IEEE Transactions on CAD 28(10), 1493–1502 (2009)
Chakraborty, R.S., Bhunia, S.: RTL hardware IP protection using key-based control and data flow obfuscation. In: VLSI Design (2010)
Copeland, B.J. (ed.): The Essential Turing: Seminal Writings in Computing, Logic, Philosophy, Artificial Intelligence, and Artificial Life Plus the Secrets of Enigma. Oxford University Press, Oxford (2004)
Dube, R.B.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. ch. 22. MIT Press, Cambridge (2001)
The Boomerang Decompiler Project, Boomerang: A general, open source, retargetable decompiler of machine code programs, http://boomerang.sourceforge.net
Larus, J.: SPIM: A MIPS32 simulator, http://pages.cs.wisc.edu/~larus/spim.html
Balakrishnan, A., Schulze, C.: Code obfuscation literature survey, http://pages.cs.wisc.edu/~arinib/writeup.pdf
Patterson, D.A., Hennessy, J.L.: Computer Organization and Design: The Hardware/Software Interface (Appendix A), 4th edn. Morgan Kaufmann Publishers, San Francisco (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chakraborty, R.S., Narasimhan, S., Bhunia, S. (2011). Embedded Software Security through Key-Based Control Flow Obfuscation. In: Joye, M., Mukhopadhyay, D., Tunstall, M. (eds) Security Aspects in Information Technology. InfoSecHiComNet 2011. Lecture Notes in Computer Science, vol 7011. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24586-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-24586-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24585-5
Online ISBN: 978-3-642-24586-2
eBook Packages: Computer ScienceComputer Science (R0)