6,569 research outputs found
White-Box Cryptography: Formal Notions and (Im)possibility Results
A key research question in computer security is whether
one can implement software that offers some protection
against software attacks from its execution platform. While
code obfuscation attempts to hide certain characteristics of
a program P, white-box cryptography specifically focusses
on software implementations of cryptographic primitives
(such as encryption schemes); the goal of a white-box implementation
is to offer a certain level of robustness against
an adversary who has full access to and control over the
implementation of the primitive. Several formal models for
obfuscation have been presented before, but it is not clear if
any of these definitions can capture the concept of white-box
cryptography. In this paper, we discuss the relation between
obfuscation and white-box cryptography, and formalize the
notion of white-box cryptography by capturing the security
requirement using a \u27White-Box Property\u27 (WBP). In
the second part, we present positive and negative results on
white-box cryptography. We show that for interesting programs
(such as encryption schemes, and digital signature
schemes), there are security notions that cannot be satisfied
when adversaries have white-box access, while the notion
is satisfied when the adversary has black-box access to its
functionality. On the positive side, we show that there exists
an obfuscator for a symmetric encryption scheme for which
a useful security notion (such as CPA security) remains satisfied
when an adversary has access to its white-box implementation
Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model
With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack
Obfuscation-based malware update: A comparison of manual and automated methods
Indexación: Scopus; Web of Science.This research presents a proposal of malware classification and its update based on capacity and obfuscation. This article is an extension of [4]a, and describes the procedure for malware updating, that is, to take obsolete malware that is already detectable by antiviruses, update it through obfuscation techniques and thus making it undetectable again. As the updating of malware is generally performed manually, an automatic solution is presented together with a comparison from the standpoint of cost and processing time. The automated method proved to be more reliable, fast and less intensive in the use of resources, specially in terms of antivirus analysis and malware functionality checking times.http://univagora.ro/jour/index.php/ijccc/article/view/2961/112
A Covert Data Transport Protocol
Both enterprise and national firewalls filter network connections. For data
forensics and botnet removal applications, it is important to establish the
information source. In this paper, we describe a data transport layer which
allows a client to transfer encrypted data that provides no discernible
information regarding the data source. We use a domain generation algorithm
(DGA) to encode AES encrypted data into domain names that current tools are
unable to reliably differentiate from valid domain names. The domain names are
registered using (free) dynamic DNS services. The data transmission format is
not vulnerable to Deep Packet Inspection (DPI).Comment: 8 pages, 10 figures, conferenc
Runtime protection via dataflow flattening
Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. Since software may process valuable or sensitive information, many defenses against data analysis and modification have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. By essentialy flattening the dataflow graph of the program, the techniques serve to complicate static dataflow analysis and dynamic data tracking. Our methodology can be viewed as a data-oriented analogue of control-flow flattening techniques. Dataflow flattening is useful in practical scenarios like DRM, information-flow protection, and exploit resistance. Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. Stack-based variables may be migrated to the heap, while pointer accesses and arithmetic may be scrambled and redirected. We evaluate our approach experimentally on the SPEC CPU2006 benchmark suit
Assessment of Source Code Obfuscation Techniques
Obfuscation techniques are a general category of software protections widely
adopted to prevent malicious tampering of the code by making applications more
difficult to understand and thus harder to modify. Obfuscation techniques are
divided in code and data obfuscation, depending on the protected asset. While
preliminary empirical studies have been conducted to determine the impact of
code obfuscation, our work aims at assessing the effectiveness and efficiency
in preventing attacks of a specific data obfuscation technique - VarMerge. We
conducted an experiment with student participants performing two attack tasks
on clear and obfuscated versions of two applications written in C. The
experiment showed a significant effect of data obfuscation on both the time
required to complete and the successful attack efficiency. An application with
VarMerge reduces by six times the number of successful attacks per unit of
time. This outcome provides a practical clue that can be used when applying
software protections based on data obfuscation.Comment: Post-print, SCAM 201
- …