Abstract
We study the strength of certain obfuscation techniques used to protect software from reverse engineering and tampering. We show that some common obfuscation methods can be defeated using a fault injection attack, namely an attack where during program execution an attacker injects errors into the program environment. By observing how the program fails under certain errors the attacker can deduce the obfuscated information in the program code without having to unravel the obfuscation mechanism. We apply this technique to extract a secret key from a block cipher obfuscated using a commercial obfuscation tool and draw conclusions on preventing this weakness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Craver, S.A., Wu, M., Liu, B., Stubblefield, A., Swartzlander, B., Wallach, D.S., Dean, D., Felten, E.W.: Reading between the lines: Lessons from the SDMI challenge. In: Proceedings of the 10th USENIX Security Symposium (2001)
CSS (2002), http://www.dvdcca.org/css
Intertrust (2002), http://www.intertrust.com
Microsoft Windows Media Technologies (2002), http://www.microsoft.com/windows/windowsmedia
Adobe EBooks (2002), http://www.adobe.com/epaper/ebooks
Abraham, D.G., Dolan, G.M., Double, G.P., Stevens, J.V.: Transaction Security System. IBM Systems Journal 30, 206–229 (1991)
Dallas Semiconductor: Soft Microcontroller Data Book (1993)
Trusted Computing Platform Alliance (2002), http://www.trustedpc.org
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Shamir, A., van Someren, N.: Playing ‘hide and seek’ with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Microsoft Corporation: World Intellectual Property Organization, WO 02/01327 A2 (2002)
Cloakware Corporation: World Intellectual Property Organization, WO 00/77596 A1 (2000)
Intertrust Corporation: US Patent Office, US 6,157,721 (2000)
Intel Corporation: US Patent Office, US 6,205,550 (2000)
RetroGuard Java Obfuscator (2002), http://www.retrologic.com
Chow, S., Johnson, H., van Oorschot, P.C., Eisen, P.: A White-Box DES Implementation for DRM Applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Schneier, B.: Applied Cryptography. Wiley, Chichester (1994)
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)
Daemen, J., Rijmen, V.: Rijndael for AES. In: NIST (ed.) The Third Advanced Encryption Standard Candidate Conference, pp. 343–347. National Institute for Standards and Technology (2000)
Aucsmith, D.: Tamper-resistant software: An implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
grugq, scut: Armouring the ELF: Binary encryption on the UNIX platform. Phrack Inc. 58 (2001)
Wang, C., Davidson, J., Hill, J., Knight, J.: Protection of software-based survivability mechanisms. In: Proceedings of the 2001 Dependable Systems and Networks, DSN 2001 (2001)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: The 25th Symposium on Principles of Programming Languages (POPL 1998), Association for Computing Machinery (1998), pp. 184–196 (1998)
Steensgaard, B.: Points-to analysis in almost linear time. In: The 23th Symposium on Principles of Programming Languages (POPL 1996), Association for Computing Machinery, pp. 32–41 (1996)
Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1, 323–337 (1992)
Horne, B., Matheson, L., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper-resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002)
Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)
Cesare, S.: Linux anti-debugging techniques (fooling the debugger). Security Focus (2000)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. Journal of the Association for Computing Machinery 43, 431–473 (1996)
Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Attacks on copyright marking systems. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 219–239. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jacob, M., Boneh, D., Felten, E. (2003). Attacking an Obfuscated Cipher by Injecting Faults. In: Feigenbaum, J. (eds) Digital Rights Management. DRM 2002. Lecture Notes in Computer Science, vol 2696. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-44993-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-44993-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40410-1
Online ISBN: 978-3-540-44993-5
eBook Packages: Springer Book Archive