Embedded Software Security through Key-Based Control Flow Obfuscation

  • Rajat Subhra Chakraborty
  • Seetharam Narasimhan
  • Swarup Bhunia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7011)


Protection against software piracy and malicious modification of software is proving to be a great challenge for resource-constrained embedded systems. In this paper, we develop a non-cryptographic, key-based, control flow obfuscation technique, which can be implemented by computationally efficient means, and is capable of operating with minimal hardware support. The scheme is based on matching a series of expected keys in sequence, similar to the unlocking process in a combination lock, and provides high levels of resistance to static and dynamic analyses. It is capable of protecting embedded software against both piracy as well as non-self-replicating malicious modifications. Simulation results on a set of MIPS assembly language programs show that the technique is capable of providing high levels of security at nominal computational overhead and about 10% code-size increase.


Trusted Platform Module Software Piracy Embed Processor Input Argument Execution Cycle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Turley, J.: The two percent solution,
  2. 2.
    Gwennap, L., Byrne, J.: A Guide to High-Speed Embedded Processors. The Linley Group (2008)Google Scholar
  3. 3.
    Dube, R.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)Google Scholar
  4. 4.
    Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: design challenges. ACM Transactions on Embedded Computing Systems 3(3), 461–491 (2004)CrossRefGoogle Scholar
  5. 5.
    Kerckhoff, A.: La cryptographie militaire. Journal des Sciences Militaires IX, 5–38 (1883)Google Scholar
  6. 6.
    Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Barak, B.: Can we obfuscate programs?,
  8. 8.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Conference on Advances in Cryptology (2001)Google Scholar
  9. 9.
    Collberg, C., Thomborson, C., Low, D.: Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In: ACM Symposium on Principles of Programming Languages (1998)Google Scholar
  10. 10.
    Collberg, C., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation – Tools for Software Protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)CrossRefGoogle Scholar
  11. 11.
    Collberg, C., Thomborson, C., Low, D.: Breaking abstractions and unstructuring data structures. In: International Conference on Computer Languages (1998)Google Scholar
  12. 12.
    Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: ACM Conference on Computer and Communications Security (2003)Google Scholar
  13. 13.
    Hou, T.W., Chen, H.Y., Tsai, M.H.: Three control flow obfuscation methods for Java software. IEE Proceedings 153(2), 80–86 (2006)CrossRefGoogle Scholar
  14. 14.
    Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    White, S.R., Comerford, L.: ABYSS: An architecture for software protection. IEEE Transactions on Software Engineering 16(6), 619–629 (1990)CrossRefGoogle Scholar
  16. 16.
    Dallas Semiconductor, Dallas DS5240 Secure Microcontroller,
  17. 17.
    Trusted Computing Group, Trusted Platform Module: Design Principles,
  18. 18.
  19. 19.
    Leavitt Communications, Will proposed standard make mobile phones more secure?,
  20. 20.
    Joepgen, H.G., Krauss, S.: Software by means of the protprog method. Elektronik 42(17), 52–56 (1993)Google Scholar
  21. 21.
    Schulman, A.: Examining the Windows AARD detection code. Dr. Dobbs Journal 18(9), 42, 448, 89 (1993)Google Scholar
  22. 22.
    Jakubowski, M.H., Saw, C.W., Venkatesan, R.: Tamper-tolerant software: Modeling and implementation. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 125–139. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  24. 24.
    Lie, D., et al.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices 35(11), 168–177 (2000)CrossRefGoogle Scholar
  25. 25.
    Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on VLSI 14(12), 1295–1308 (2006)CrossRefGoogle Scholar
  26. 26.
    Fiskiran, A.M., Lee, R.B.: Runtime execution monitoring (REM) to detect and prevent malicious code execution. In: IEEE International Conference on Computer Design (2004)Google Scholar
  27. 27.
    Zhuang, X., Zhang, T., Lee, H.S., Pande, S.: Hardware assisted control flow obfuscation for embedded processors. In: ACM International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (2004)Google Scholar
  28. 28.
    Chakraborty, R.S., Bhunia, S.: HARPOON: An obfuscation-based SoC design methodology for hardware protection. IEEE Transactions on CAD 28(10), 1493–1502 (2009)CrossRefGoogle Scholar
  29. 29.
    Chakraborty, R.S., Bhunia, S.: RTL hardware IP protection using key-based control and data flow obfuscation. In: VLSI Design (2010)Google Scholar
  30. 30.
    Copeland, B.J. (ed.): The Essential Turing: Seminal Writings in Computing, Logic, Philosophy, Artificial Intelligence, and Artificial Life Plus the Secrets of Enigma. Oxford University Press, Oxford (2004)zbMATHGoogle Scholar
  31. 31.
    Dube, R.B.: Hardware-based Computer Security Techniques to Defeat Hackers. ch. 5. John Wiley and Sons, Chichester (2008)Google Scholar
  32. 32.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. ch. 22. MIT Press, Cambridge (2001)zbMATHGoogle Scholar
  33. 33.
    The Boomerang Decompiler Project, Boomerang: A general, open source, retargetable decompiler of machine code programs,
  34. 34.
    Larus, J.: SPIM: A MIPS32 simulator,
  35. 35.
    Balakrishnan, A., Schulze, C.: Code obfuscation literature survey,
  36. 36.
    Patterson, D.A., Hennessy, J.L.: Computer Organization and Design: The Hardware/Software Interface (Appendix A), 4th edn. Morgan Kaufmann Publishers, San Francisco (2009)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Rajat Subhra Chakraborty
    • 1
  • Seetharam Narasimhan
    • 2
  • Swarup Bhunia
    • 2
  1. 1.Department of Computer Science and EngineeringIndian Institute of TechnologyKharagpurIndia
  2. 2.Department of Electrical Engineering and Computer ScienceCase Western Reserve UniversityClevelandUSA

Personalised recommendations