Tamper Resistant Software by Integrity-Based Encryption

Abstract. There are many situations in which it is desirable to protect a piece of software from illegitimate tampering once it gets distributed to the users. Protecting the software code means some level of assurance that the program will execute as expected even if it encounters the illegitimated modifications. We provide the method of protecting software from unauthorized modification. One important technique is an integrity-based encryption, by which a program, while running, checks itself to verify that it has not been modified and conceals some privacy sensitive parts of program

FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems

A Survey on Software Protection Techniques against Various Attacks

Software security and protection plays an important role in software engineering. Considerable attempts have been made to enhance the security of the computer systems because of various available software piracy and virus attacks. Preventing attacks of software will have a huge influence on economic development. Thus, it is very vital to develop approaches that protect software from threats. There are various threats such as piracy, reverse engineering, tampering etc., exploits critical and poorly protected software. Thus, thorough threat analysis and new software protection schemes, needed to protect software from analysis and tampering attacks becomes very necessary. Various techniques are available in the literature for software protection from various attacks. This paper analyses the various techniques available in the literature for software protection. The functionalities and the characteristic features are various software protection techniques have been analyzed in this paper. The main goal of this paper is to analyze the existing software protection techniques and develop an efficient approach which would overcome the drawbacks of the existing techniques

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

SCM : Secure Code Memory Architecture

An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exist no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the flexibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system