Dynamic Self-Checking Techniques for Improved Tamper Resistance

Abstract: Abstract. We describe a software self-checking mechanism designed to improve the tamper resistance of large programs. The mechanism consists of a number of testers that redundantly test for changes in the executable code as it is running and report modifications. The mechanism is built to be compatible with copy-specific static watermarking and other tamper-resistance techniques. The mechanism includes several innovations to make it stealthy and more robust.

“…Our guards, which modify code depending on other code, offer several advantages over the software guards proposed by Chang and Attalah [4] and the those from Horne et al [9]:…”

“…If one would change a program at random places one could no longer guarantee the correct working of the application after modification. Several papers present the idea of self-verifying code [4,9] that is able to detect any changes to critical code. These schemes, however, do not protect against analysis of code.…”

“…The security of the scheme relies partially on hiding the obfuscated guard code and the complexity of the guard network. Horne et al [9] discuss a related concept called 'testers', small hash functions that verify the program at run time. These testers can be combined with embedded software watermarks to result in a unique, watermarked, self-checking program.…”

“…However, crashing is not very user-friendly. In the case of software guards [4,9], detection of tampering could be handled more technically by triggering another routine that for example exits the program after a random time, calls repair code that fixes the modified code (or a hybrid scheme, which involves both techniques), warns the owner about the malicious attempt through a hidden channel, . .…”

Towards Tamper Resistant Code Encryption: Practice and Experience

“…Our guards, which modify code depending on other code, offer several advantages over the software guards proposed by Chang and Attalah [4] and the those from Horne et al [9]:…”

“…If one would change a program at random places one could no longer guarantee the correct working of the application after modification. Several papers present the idea of self-verifying code [4,9] that is able to detect any changes to critical code. These schemes, however, do not protect against analysis of code.…”

“…The security of the scheme relies partially on hiding the obfuscated guard code and the complexity of the guard network. Horne et al [9] discuss a related concept called 'testers', small hash functions that verify the program at run time. These testers can be combined with embedded software watermarks to result in a unique, watermarked, self-checking program.…”

“…However, crashing is not very user-friendly. In the case of software guards [4,9], detection of tampering could be handled more technically by triggering another routine that for example exits the program after a random time, calls repair code that fixes the modified code (or a hybrid scheme, which involves both techniques), warns the owner about the malicious attempt through a hidden channel, . .…”

Towards Tamper Resistant Code Encryption: Practice and Experience

“…Numerous protection schemes have been proposed to address this issue including watermarking, tamper-resistance, and obfuscation [16]. Tamper resistance allows a program to validate its own integrity and to cease operation if it has been modified [17]- [19]. Watermarking incorporates a developer signature into a program to detect intellectual property theft and reuse [20], [21].…”

A flexible design flow for software IP binding in commodity FPGA

Annotated Bibliography