Refereed PaperMethods for preventing unauthorized software distribution
Introduction
Today’s technology allows software providers to sell instances of their software programs either on disks or over the Internet. Unfortunately, it is not easy to safeguard the software from unauthorized installation. If a program is delivered to customers unprotected, it may be obtained and installed by others, thus denying the software development company an opportunity to collect payments from all users.
Various methods can be employed to prevent an unauthorized use, or, as it is often called, ‘pirated’ use of computer software. These methods vary in their strength. Often the choice of the protection methodology depends on the assumptions on how sophisticated and skilled the potential attackers are.
In this paper we are assuming that there can be two kinds of adversaries. One attacker is the average buyer and user of personal or business software. He or she is knowledgeable about the most common operations involving files. So, copying a piece of software is certainly within the realms of the user’s capabilities. On the other hand, this average user is not skillful enough to explore and modify the inside of the executable version of a computer program or to find values and commands that direct the execution of various portions of the code.
Another kind of attacker that we must consider is a sophisticated hacker who can monitor a line and can read and intercept any information flowing unprotected over the Internet. These attackers are also skillful programmers who can analyze the software, locate any data of interest to them and also write and execute any programs, even the most complicated ones. The only thing that such an attacker lacks is the physical possession of a disk, if the distributed software was located on a disk when it was sold. Or, in some cases, these attackers may find it impossible to properly identify themselves to a server since the identification data may contain the serial number of a computing device they are using.
In the next section we give a detail description of the proposed method. This is followed by a discussion of our method’s advantages.
Section snippets
The algorithm
Here we show in detail the algorithm for protecting software from unauthorized installation. We can assume that the user buys software on a disk or downloads it from the Internet — although our method is not limited to protecting software under these circumstances.
The software code consists of two parts. One part is in an unencrypted format and is executed first. The second part is encrypted and cannot be installed on the user’s computer without being decrypted first. The value of the key K
An alternate solution
Let us assume here that the software code may be received on a read-only storage medium. For example, the software code could be received on a CD and the user’s client computer may have only a capability to read information stored on the CD but not write information on the CD. If the software code is received on a read-only storage medium, then it would not be possible to re-encrypt the decrypted software P and write it back on the CD.
The above-mentioned potential difficulty is specifically
A possible solution
Here we consider a case when the client encryption software provides a kind of ‘failsafe’ mechanism to ensure that re-encrypted value of P are actually written back on the storage medium by the system.
In this case, a first block of encrypted data is read from the storage medium and decrypted. The decrypted block is saved until the entire decrypted software P has been recovered. However, rather than waiting until all of P has been recovered and then re-encrypting P and storing the re-encrypted P
Crush recovery
It is important to address a possibility of a system crash. If the re-encrypted version of P is written on the storage medium, as described above, then the crash of the client’s machine will result in the loss of synchronization between the server and the client. Hence the new A_new value that the server will send to the client next time a request to install the software arrives, will not lead to the calculation of the correct decryption key.
To answer this problem we propose that the original
Can privacy be guaranteed
There is the issue of privacy that needs to be addressed when any solution is proposed. A user may wish to stay anonymous, that is, he or she may buy a CD with an encrypted copy of software in a store and not be willing to disclose his or her identity to the vendor of this software. If this becomes a concern, the software provider can slightly modify the algorithm that we proposed in the main algorithm presented in this paper.
The first step in the solution that we presented in this paper
Advantages of the proposed scheme
The following are the most important advantages of the proposed scheme.
- •
This scheme does not require any prior setup shared or public keys on the client and server machines.
- •
It is simple and scalable.
- •
No specialized hardware is required.
- •
The scheme is purely algorithmic.
- •
It relies on the strength of the cryptographic hash function, a well-tested structure.
- •
The secret value used to encrypt the software is distributed between the software vendor and the recipient of a given software copy.
- •
Even if an
Uncited references
[2], [3]
Dr. Mohammad Peyravian
Dr. Mohammad Peyravian is a Network Processing Architect with IBM Microelectronics. He received a Ph.D. in Electrical Engineering from the Georgia Institute of Technology in 1992. His interests include networking, network processors, security, and cryptography. He has published over 40 journal and conference papers and has over 30 patents.
References (3)
- Schneier, B., 1996. Applied Cryptography, 2nd edition, John Wiley & Sons Inc,...
Cited by (5)
Preventing application software piracy: An empirical investigation of technical copy protections
2007, Journal of Strategic Information SystemsCoexistence of Deepfake Defenses: Addressing the Poisoning Challenge
2024, IEEE AccessArchitecture of the License Software Manager using Blockchain technology
2022, Mathematical Modeling and ComputingSoftware piracy prevention through digital rights management systems
2005, Proceedings - Seventh IEEE International Conference on E-Commerce Technology, CEC 2005
Dr. Mohammad Peyravian
Dr. Mohammad Peyravian is a Network Processing Architect with IBM Microelectronics. He received a Ph.D. in Electrical Engineering from the Georgia Institute of Technology in 1992. His interests include networking, network processors, security, and cryptography. He has published over 40 journal and conference papers and has over 30 patents.
Dr. Allen Roginsky
Dr. Allen Roginsky is a Security Architect with IBM Global Services. His professional career includes 17 years in networking and information systems security at IBM. Dr. Roginsky's interests include public key cryptography and its applications. He holds several patents and has authored more than a dozen papers in this field. He received his Ph.D. in Statistics from the University of North Carolina in 1989.
Mr. Nevenko Zunic
Mr. Nevenko Zunic is an Executive Consultant for the Security and Privacy Practice of IBM Global Services. He has over twenty years of development experience in processor design, software and hardware design management, security technology development, security certifications, and cryptography. He has submitted over 30 patent applications and has published numerous articles in industry publications.