Visible to the public Software Tamper Resistance

SoS Newsletter- Advanced Book Block

 
SoS Logo

Software Tamper Resistance

Software tampering and reverse engineering of code create financial concern for software developers, as well as introducing access for malicious injections.  The three articles cited here from 2014 address code obfuscation, AES and fault analysis.

 

Yoshikawa, M.; Goto, H.; Asahi, K., "Error Value Driven Fault Analysis Attack," Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2014 15th IEEE/ACIS International Conference on, pp. 1, 4, June 30 2014-July 2 2014. doi: 10.1109/SNPD.2014.6888689 The advanced encryption standard (AES) has been sufficiently studied to confirm that its decryption is computationally impossible. However, its vulnerability against fault analysis attacks has been pointed out in recent years. To verify the vulnerability of electronic devices in the future, into which cryptographic circuits have been incorporated, fault analysis attacks must be thoroughly studied. The present study proposes a new fault analysis attack method which utilizes the tendency of an operation error due to a glitch. The present study also verifies the validity of the proposed method by performing evaluation experiments using FPGA.
Keywords:  cryptography; field programmable gate arrays; AES; advanced encryption standard; cryptographic circuits; error value driven fault analysis attack method; Ciphers; Circuit faults; Encryption; Equations; Field programmable gate arrays; Standards; Error value; Fault analysis attacks; Side-channel attack; Tamper resistance (ID#: 15-3656)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6888689&isnumber=6888665

 

Ketenci, S.; Ulutas, G.; Ulutas, M., "Detection of Duplicated Regions In Images Using 1D-Fourier Transform," Systems, Signals and Image Processing (IWSSIP), 2014 International Conference on, pp.171,174, 12-15 May 2014 Large number of digital images and videos are acquired, stored, processed and shared nowadays. High quality imaging hardware and low cost, user friendly image editing software make digital mediums vulnerable to modifications. One of the most popular image modification techniques is copy move forgery. This tampering technique copies part of an image and pastes it into another part on the same image to conceal or to replicate some part of the image. Researchers proposed many techniques to detect copy move forged regions of images recently. These methods divide image into overlapping blocks and extract features to determine similarity among group of blocks. Selection of the feature extraction algorithm plays an important role on the accuracy of detection methods. Column averages of 1D-FT of rows is used to extract features from overlapping blocks on the image. Blocks are transformed into frequency domain using 1D-FT of the rows and average values of the transformed columns form feature vectors. Similarity of feature vectors indicates possible forged regions. Results show that the proposed method can detect copy pasted regions with higher accuracy compared to similar works reported in the literature. The method is also more resistant against the Gaussian blurring or JPEG compression attacks as shown in the results.
Keywords: Fourier transforms; feature extraction; frequency-domain analysis ;image recognition;1D-Fourier transform; Gaussian blurring; JPEG compression attacks; copy move forged region detection; digital images; digital mediums; duplicated region detection; feature extraction algorithm; feature vector similarity; frequency domain; high quality imaging hardware; image modification techniques; overlapping blocks; tampering technique; user friendly image editing software; Authentication; Digital images; Image coding; Resistance; Copy move forgery; Fourier transform; Gaussian Blurring (ID#: 15-3657)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6837658&isnumber=6837609

 

Kulkarni, A.; Metta, R., "A New Code Obfuscation Scheme for Software Protection," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.409, 414, 7-11 April 2014 doi: 10.1109/SOSE.2014.57 IT industry loses tens of billions of dollars annually from security attacks such as tampering and malicious reverse engineering. Code obfuscation techniques counter such attacks by transforming code into patterns that resist the attacks. None of the current code obfuscation techniques satisfy all the obfuscation effectiveness criteria such as resistance to reverse engineering attacks and state space increase. To address this, we introduce new code patterns that we call nontrivial code clones and propose a new obfuscation scheme that combines nontrivial clones with existing obfuscation techniques to satisfy all the effectiveness criteria. The nontrivial code clones need to be constructed manually, thus adding to the development cost. This cost can be limited by cloning only the code fragments that need protection and by reusing the clones across projects. This makes it worthwhile considering the security risks. In this paper, we present our scheme and illustrate it with a toy example.
Keywords: computer crime; reverse engineering; software engineering; systems re-engineering; IT industry; code fragment cloning; code obfuscation scheme; code patterns; code transformation; malicious reverse engineering; nontrivial code clones; security attacks; software protection; tampering; Cloning; Complexity theory; Data processing; Licenses; Resistance; Resists; Software (ID#: 15-3658)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830939&isnumber=6825948


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.