Back

Back

Back

Back

The outline of this presentation consists of different research activities which COSIC is contributing to the Re-TRUST project. We focus on techniques to be researched on for in work package 2 and work package 3, due to the fact that they provide the highest scientific challenges. For work package 2, software-based tamper resistance methods, we focus on methods to increase reverse-engineering complexity (task 2.4) such as code obfuscation and white-box cryptography. Additionally we present some approaches feasible for this project. For work package 3, HW/SW-based tamper resistance, we present several possible research tracks, each having their trade-off between cost, performance, flexibility and security. We highlight the use of a Trusted Platform Module (TPM), Smart Cards and Hardware Devices, together with some approaches which could influence the project's progress in a positive way.

Back

Back

The domain knowledge for the remote entrusting (RE-TRUST) paradigm is still limited and this is particular true as far as the software-based solutions landscape is concerned. Therefore, a prototype was built in order to better understand both the research and the technical challenges. The prototype was designed to operate in a virtual machine and through its implementation we were able to road test the idea of "entrusting by replacement", i.e., the run-time replacement of an authenticity preserving module that is associated to the to-be-protected application.

Back

Software Implemented Hardware Fault Tolerance (SIHFT) is a well-known research field aiming at detecting and possibly correcting transient errors in a software application (i.e. data and/or code corruption) due to environmental stresses. The common fault model used to represent this type of faults is the Single Event Upset (SEU) that consists in a bit flip in one of the memory cells holding data or code of a software applications. Malicious modifications of a software application can be in some way considered as an error induced in the software by an external environmental stress. The main difference is that in this case the error doesn’t appear at random locations but in specific points at aims at bypassing security features embedded in the software. This talk overviews a possible application of SIHFT techniques to the problem of the on-line integrity checking of a software application.

Back

Software authentication is compromised when the behavior of the software is altered, but the authentication functionality is left unchanged. Such a modification of the software requires a deep understanding of the source code and of the way functionalities are implemented in it. Reverse engineering techniques can help malicious programmers identify the authentication functionality and keep it unmodified while they alter the software behavior. Techniques such as feature location and slicing, originally developed to support program comprehension, could be used for malicious purposes as well. While being a potential threat to software authentication, reverse engineering techniques are inherently limited in their capability to automate the process and require deep involvement of experts. With humans in the loop, the time required to complete a reverse engineering iteration increases of several orders of magnitude.
If on one hand source code analysis can be used maliciously to reverse engineer a software system and alter its behavior, the same techniques can be used as countermeasures. Specifically, mutation analysis could be used to improve the strength of the authentication mechanism. Mutation analysis aims at verifying whether a set of artificial changes injected into the code can be detected by the available test suite. If this is not the case, the test suite is considered inadequate with respect to the injected mutations and is expanded. Mutation-adequate tests are potentially able to reveal software changes, when these are similar to those injected into the mutant versions of the software. Periodic execution of mutation-adequate tests can be potentially used to reveal malicious software change as soon as they occur.

Back

The Re-Trust project proposes a remote software entrusting scenario where a remote application A is entrusted by a core of trust C through a module M which is attached to A. M verifies the authenticity of A at run time and it sends to C a sequence of secure tags based on these verifications. C can thus entrust A by checking the secure tags. Module factory F is the part of C that is responsible of periodically replacing module M by new versions, in order to give attackers a limited time slot to succeed. A potential attack based on reverse engineering could be performed by analyzing M and by (semi-)automatically producing a modified version of M such that, when combined with a tampered version of A, produces sequence of secure tags that do not differ from the original sequence, so the tampered version of the A would be entrusted by C.
Reverse engineering attacks are based on the possibility to locate both the tag core functionalities inside module M and the information used by those functionalities (e.g., secret keys). Metrics and indicators of reverse engineering complexity might be defined, for instance based on the notion of coupling between the base application functionalities and the authentication functionality. This consists in measuring how much the authentication logic is separated and distinguishable from the application business logic, so as to estimate the time required to (semi-)automatically locate them and complete the reverse engineering activity. Moreover, it is also important to understand the degree of independence of two successive versions of modules provided by the module factory. This consists in measuring how much information extracted from an expired module can be reused to attack a fresh module.
Eventually, it is important to evaluate how hard and time consuming it could be to feed automatic program transformation techniques with the information (semi-)automatically provided by reverse engineering attacks to successfully tamper with the original application A and module M. Attack strategies based on reverse engineering will be studied and implemented in order to evaluate the vulnerability of the remote software entrusting approach on actual scenarios.

Back

Back

Back

A variety of software-based software protection techniques now rely on software-based integrity checks. These integrity checks range from simple checksums over a sequence of instructions to more sophisticated techniques which aim to detect the presence of debuggers or emulators. There has already been at least one publication illustrating how to defeat integrity checks based on self-hashing. In this talk we will examine software-based integrity checks and how they are being used in current software protection techniques. The overall goal of this examination is to begin a discussion on the strength of software-based integrity checks and whether they provide a suitable level of protection.

Back

The outline of this presentation consists of different research activities which COSIC is contributing to the Re-TRUST project. We focus on techniques to be researched on for in work package 2 and work package 3, due to the fact that they provide the highest scientific challenges. For work package 2, software-based tamper resistance methods, we focus on methods to increase reverse-engineering complexity (task 2.4) such as code obfuscation and white-box cryptography. Additionally we present some approaches feasible for this project. For work package 3, HW/SW-based tamper resistance, we present several possible research tracks, each having their trade-off between cost, performance, flexibility and security. We highlight the use of a Trusted Platform Module (TPM), Smart Cards and Hardware Devices, together with some approaches which could influence the project's progress in a positive way.

Back

The talk is devoted to the analysis of tasks to be solved in the RE-TRUST Project by the SPIIRAS team and considering the team research background and achievements. The following research directions are outlined: modeling and simulation of computer attacks, modeling and simulation of cyberwarfare, security analysis of computer networks, intrusion detection, deception systems and honeynets, security policy specification and checking, security protocols analysis.

Back

Back

Back