There are many options available to software developers to reduce the risk of software piracy and malicious use of their code. The following document explores the advantages and drawbacks of several protection strategies including Code Signing (Digital Signing), Software Obfuscation, Anti-Tampering, Software Protection Dongles, Cloud License Location, and White-box Cryptography. We hope this article is useful in exploring some of the many options available to protect your intellectual property.
Code Signing, also known as Digital Signing, is the process of digitally signing executables and scripts to assure the client OS (and therefore the user) that the software is genuine. Code Signing does nothing to assure the software developer that their code has not been tampered with in the field. The process employs the use of a cryptographic signature and certificate to validate authenticity.
Code Signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some programming languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other metadata about an object.
If your software is a stand-alone application, the signature is checked at the operating system level at first launch. If your software is a plug-in or add on, it may be checked by the host application as it loads. Code Signing is a good first step to protecting your software, however it should not be your only defense as it is susceptible to a number of work arounds. For example, if the system or host is compromised, the signature check may be ignored or removed. Without effective application protection (which is a subject covered later in this document), software protected exclusively with Code Signing be easily cracked and shared.
In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans/hacker, and their tools to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in the industry.
There are several advantages of automated code obfuscation that have made it popular and widely useful across many platforms. On some platforms (such as Java, Android, and .NET) a decompiler can reverse-engineer source code from an executable or library. A main advantage of automated code obfuscation is that it helps protect the trade secrets (intellectual property) contained within software by making reverse-engineering a program difficult and economically unfeasible. Other advantages might include helping to protect licensing mechanisms.
Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "man-in-the-middle". For run-time interpreted languages like Javascript, many publishers perform source text compression - renaming variables and methods to a single character and removing white space. Done to speed up loading, it has a side effect of some obfuscation.
While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible. Some obfuscation techniques have been analysed enough to make automated de-obfuscation possible. Further, implemented poorly, obfuscation has the potential to bloat the size of your code significantly, and also provide clues to a skilled hacker as to where your sensitive IP can be found. Security by obscurity (obfuscation) does not alone provide long lasting robust software protection.
The goal of tamper proofing is to protect your code from being modified and used in a way you have not intended. Tamper proofing is designed to fail gracefully at run-time, and not offer any clues as to why the modified code fails to operate. It does not stop a user from examining or extracting code from your executable. Effective tamper proofing makes software dynamic analysis very difficult. A motivated malicious actor given unlimited resources and time will eventually be able to crack tamper proofed code. But months of false positives and dead ends will hopefully deter them from targeting your code and extracting anything of value for their efforts. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. Though both of code bloat and performance impacts can be mitigated through the use of advanced automation technologies. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.
Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the computer program code and behavior. Examples include: installing rootkits and backdoors, disabling security monitoring, subverting authentication, malicious code injection for the purposes of data theft, or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of software piracy, code interference to extract data or algorithm, and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.
Anti-tamper protection can be applied either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as malware scanners and anti-virus applications. Internal anti-tampering is used to turn an application into its own security system, and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as cyclic redundancy checksums, anti-debugging measures, encryption, or obfuscation. Some anti-tamper software uses white-box cryptography, so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.
Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, anti-cheating in games, military, license management software, and digital rights management (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal developer effort. Malicious software itself can and has been observed using anti-tampering techniques, for example the Mariposa botnet.
A software protection dongle (commonly known as a dongle or key) is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.
In software protection, dongles are two-interface security tokens with transient data flow with a pull communication that reads security data from the dongle. In the absence of these dongles, certain software may run only in a restricted mode, or not at all. There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to make this hard to crack. For example, a simple implementation might define a function to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".
Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute program instructions which may be input to the cryptoprocessor only in encrypted form.
Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which are widely used in extremely rigid security requirement environments such as military and banking.
The PACE Anti-Piracy iLok is a robust security product that runs code. Not merely a dongle with a digital identifier or secret. The iLok is an active security device that leverages both hardware and software encryption, public key private key infrastructure (PKI), and digital signing in conjunction with application protection tools that are used to protect the software.
Modern cloud licensing solutions are as secure, and in some cases more secure, than traditional dongle systems, as the cloud provides a secure active security component. Cloud-based software licensing also removes the risk of lost or damaged dongles and computers. You can rest assured that the licenses activated to the modern cloud-based software license solutions will not be cloned, hacked, or tampered with.
License checks that are performed by the client software still need to be secured against reverse engineering and modification; otherwise, they can be identified and disabled by hackers.
White-box cryptography is a necessary building block in any overall software security strategy. It is a cornerstone in the protection of cryptographic primitives in applications that run on potentially hostile execution platforms, such as on PC’s, Tablets, or Smartphones, and white-box cryptography is a key component of DRM and software licensing solutions.
The underlying idea of white-box cryptography is to merge the key and the crypto algorithm code into a new, transformed code. The key is effectively hidden in the code and cannot be easily separated. White-box cryptography implementations of symmetric block ciphers, like AES and DES, are available as commercial products. Additionally, some white-box cryptography suppliers offer implementations of algorithms such as hashes, RSA, and Elliptic Curve Cryptography, with the capability to combine multiple algorithms without disclosing the intermediate values, as well as tools to build unique White-box implementations on-demand.
For more information on how PACE can help you protect your software, contact us today.
