Skip to main content
SpringerLink
Log in

A robust software watermarking framework using shellcode

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Watermarks have long been applied to ensure the authenticity of media contents. Computer software is an intellectual outcome in the digital domain. Therefore, it has to face all the common threats like illegal redistribution, copying, misuse through malicious modification. However, the majority of the existing software watermarking techniques are suffering from the limitations of existing robustness notions and lack of resilience from a variety of attacks. In this paper, we proposed a novel robust software watermarking scheme based on “shellcode”. It is a small piece of code generally used as the payload in the exploitation of a software vulnerability. It consists of a list of carefully arranged machine instructions, executed through injecting into a running application. Shellcode serves as the backbone of our proposed watermarking scheme. It is used to achieve both covert communication (steganography), and deterrence (watermarking) process in the proposed watermarking technique. Such a combination gives more robustness and security to the whole process. In this paper, we introduce ShellMark as a proof of concept to illustrate the shellcode based software watermarking technique. We compared and tested ShellMark with already existing software watermarking techniques, and it showed that ShellMark is resilient to most of the well known watermarking attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. www.hex-rays.com/products/ida/debugger/

  2. www.hopperapp.com/

  3. software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool

  4. www.hex-rays.com/products/ida/

References

  1. Abu-Marie W, Gutub A, Abu-Mansour H (2010) Image based steganography using truth table based and determinate array on rgb indicator. Int J Signal Image Process 1(3)

  2. Ahmadoh E, Gutub AA-A (2015) Utilization of two diacritics for arabic text steganography to enhance performance. vol 3

  3. Al-Nofaie S, Fattani M, Gutub A (2016) Capacity improved arabic text steganography technique utilizing ‘kashida’with whitespaces. In: The 3rd international conference on mathematical sciences and computer engineering (ICMSCE2016), pp 38–44

  4. Al-Nofaie SM, Fattani MM, Gutub AA-A (2016) Merging two steganography techniques adjusted to improve arabic text data security. Journal of Computer Science & Computational Mathematics (JCSCM) 6(3):59–65

    Article  Google Scholar 

  5. Alanazi N, Alanizy A, Baghoza N, AlGhamdi M, Gutub A (2018) 3-layer pc text security via combining compression, aes cryptography 2lsb image steganography. J Res Eng Appl Sci 3:118–124, 11

    Google Scholar 

  6. Aljuaid N, Gutub A (2014) 2-leyer security system for hiding sensitive text data on personal computers. Lecture Notes on Information Theory, (2): 151–157, 06

  7. Aljuaid N, Gutub A (2014) Flexible stego-system for hiding text in images of personal computers based on user security priority. In: Proceedings of 2014 international conference on advanced engineering technologies, p 12

  8. Almazrooie M, Samsudin A, Gutub AA-A, Salleh MS, Omar MA, Hassan SA (2018) Integrity verification for digital holy quran verses using cryptographic hash function and compression. Journal of King Saud University - Computer and Information Sciences

  9. Alrehily A, Thayananthan V (2018) Computer security and software watermarking based on return-oriented programming. Int J Comput Net Inf Secur (IJCNIS) 10 (5):28–36

    Google Scholar 

  10. Behera CK, Bhaskari DL (2015) Different obfuscation techniques for code protection. Procedia Comput Sci 70:757–763

    Article  Google Scholar 

  11. Chen Z, Wang Z, Jia C (2017) Semantic-integrated software watermarking with tamper-proofing. Multimed Tools Appl: 1–20

  12. Collberg C, Thomborson C (1999) Software watermarking: models and dynamic embeddings. In: Principles of programming lang. ACM, pp 311–324

  13. Cox IJ, Miller ML, Bloom JA (2000) Watermarking applications and their properties. In: Information technology: coding and computing. IEEE, pp 6–10

  14. Dey A, Bhattacharya S, Chaki N (2018) Software watermarking: progress and challenges. INAE Lett: 1–11

  15. Dey A, Dutta R, Bhattacharya S, Chaki Ns (2019) Shellmark: a robust software watermarking tool. In: Proceedings of the ACM India joint international conference on data science and management of data, CoDS-COMAD ’19. New York, New York, pp 260–264

  16. Djekic P, Loebbecke C (2007) Preventing application software piracy: an empirical investigation of technical copy protections. J Strategic Inf Sys 16(2):173–186

    Article  Google Scholar 

  17. Eight annual bsa and idc global software. http://globalstudy.bsa.org/2010/. (2010)

  18. Fratantonio Y, Kruegel C, Vigna G (2011) Shellzer: a tool for the dynamic analysis of malicious shellcode. In: International workshop on recent advances in intrusion detection. Springer, pp 61–80

  19. Gupta G, Pieprzyk J (2006) A low-cost attack on branch-based software watermarking schemes. In: Digital watermarking. Springer, pp 282–293

  20. Gutub A (2010) Pixel indicator technique for rgb image steganography. Journal of Emerging Technologies in Web Intelligence 2:02

    Google Scholar 

  21. Gutub A, Mohammad Fattani M (2007) A novel arabic text steganography method using letter points and extensions. International Journal of Computer, Electrical, Automation, Control and Information Engineering 1:502–505, 01

    Google Scholar 

  22. Gutub A, Al-Qahtani A, Tabakh A (2009) Triple-a: secure rgb image steganography based on randomization. In: 2009 IEEE/ACS international conference on computer systems and applications, pp 400–403

  23. Gutub A, Al-Haidari F, Al-Kahsah KM, Hamodi J (2010) E-text watermarking: utilizing ’kashida’ extensions in arabic language electronic writing. Journal of Emerging Technologies in Web Intelligence 2:48–55, 02

    Google Scholar 

  24. Gutub AA, Ghouti LM, Elarian YS, Awaideh SM, Alvi AK (2010) Utilizing diacritic marks for arabic text steganography. Kuwait Journal of Science & Engineering (KJSE) 37(1):89–109

    Google Scholar 

  25. Gutub AA-A, Al-Alwani W, Mahfoodh AB (2010) Improved method of arabic text steganography using the extension ’kashida’character. Bahria University Journal of Information & Communication Technology 3(1):68–72

    Google Scholar 

  26. Hamilton J, Danicic S (2011) A survey of static software watermarking. In: World congress on internet security. IEEE, pp 100–107

  27. Hosseinzadeh S, Rauti S, Laurén S, Mäkelä J-M, Holvitie J, Hyrynsalmi S, Leppänen V (2018) Diversification and obfuscation techniques for software security: a systematic literature review. Inf Softw Technol 104:72–93

    Article  Google Scholar 

  28. Khan F, Gutub A (2007) Message concealment techniques using image based steganography

  29. Li M, Chen X, Li X, Ma B, Vitanyi PMB (2004) The similarity metric. IEEE Trans Inf Theory 50(12):3250–3264

    Article  MathSciNet  Google Scholar 

  30. Lim H-I, Park H, Choi S, Han T (2008) Detecting theft of java applications via a static birthmark based on weighted stack patterns. IEICE Trans Inf Sys E91.D (9):2323–2332

    Article  Google Scholar 

  31. Lim H-I, Park H, Choi S, Han T (2009) A method for detecting the theft of java programs through analysis of the control flow information. Inf Softw Technol 51 (9):1338–1350

    Article  Google Scholar 

  32. Mishra A, Kumar R, Chakrabarti P (2008) A method-based whole-program watermarking scheme for java class files. J Article

  33. Myles G, Collberg C (2005) K-gram based software birthmarks. In: Proceedings of the 2005 ACM symposium on applied computing, SAC ’05. ACM, New York, pp 314–318

  34. Pizzolante R, Castiglione A, Carpentieri B, De Santis A, Palmieri F, Castiglione A (2018) On the protection of consumer genomic data in the internet of living things. Comput Secur 74:384–400

    Article  Google Scholar 

  35. Seizing opportunity through license compliance. http://globalstudy.bsa.org/2016/. (2015)

  36. Sha Z, Jiang H, Xuan A (2009) Software watermarking algorithm by coefficients of equation. In: Genetic and evolutionary computing. Springer, pp 410–413

  37. Shirali-Shahreza M, Shirali-Shahreza S (2008) Software watermarking by equation reordering. In: Information and communication technologies: from theory to applications, (ICTTA 2008). IEEE

  38. Sion R, Atallah M, Prabhakar S (2002) On watermarking numeric sets. In: Digital watermarking. Springer, pp 130–146

  39. Stern JP, Hachez G, Koeune F, Quisquater J-J (2000) Robust object watermarking: application to code. In: Information hiding. Springer, pp 368–378

  40. Tamada H, Okamoto K, Nakamura M, Monden A, Matsumoto K-I (2004) Dynamic software birthmarks to detect the theft of windows applications. In: Future software technology, vol 20

  41. Tamada H, Nakamura M, Monden A, Matsumoto K-I (2005) Java birthmarks - detecting the software theft. IEICE Trans Inf Syst E88-D(9):2148–2158

    Article  Google Scholar 

  42. Wang Y, Gong D, Lu B, Xiang F, Liu F (2018) Exception handling-based dynamic software watermarking. IEEE Access 6:8882–8889

    Article  Google Scholar 

  43. Willison R, Siponen MT (2008) Software piracy: original insights from a criminological perspective. In: 41st Hawaii international conference on systems science (HICSS-41), p 266

  44. Yong-Xia Z, Ge Z (2010) Md5 research. In: 2010 second international conference on multimedia and information technology, vol 2, pp 271–273

  45. Zhu WF (2007) Concepts and techniques in software watermarking and obfuscation. PhD thesis, ResearchSpace@ Auckland

  46. Zhu W, Thomborson C, Wang F-Y (2005) A survey of software watermarking. In: Intelligence and security informatics. Springer, pp 454–458

Download references

Funding

This study was funded by TCS Research Scholar Program (granted to Ayan Dey) and TEQIP Phase-III project (granted to the University of Calcutta).

Author information

Authors and Affiliations

  1. A. K. Choudhury School of I.T., University of Calcutta, Kolkata, India

    Ayan Dey & Shibashis Ghosh

  2. Environmental Informatics, Department of Environmental Research and Innovation (ERIN), Luxembourg Institute of Science & Technology (LIST), Esch-sur-Alzette, Luxembourg

    Sukriti Bhattacharya

  3. Department of Computer Science and Engg., University of Calcutta, Kolkata, India

    Nabendu Chaki

Authors
  1. Ayan Dey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shibashis Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sukriti Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nabendu Chaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ayan Dey.

Ethics declarations

Conflict of interests

The authors declare that they have no conflict of interest.

Additional information

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dey, A., Ghosh, S., Bhattacharya, S. et al. A robust software watermarking framework using shellcode. Multimed Tools Appl 79, 2555–2576 (2020). https://doi.org/10.1007/s11042-019-08372-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-019-08372-9

Keywords

Search

Navigation