US20140365783A1 - Method and system for verifying authenticity of at least part of an execution environment for executing a computer module - Google Patents
Method and system for verifying authenticity of at least part of an execution environment for executing a computer module Download PDFInfo
- Publication number
- US20140365783A1 US20140365783A1 US14/198,564 US201414198564A US2014365783A1 US 20140365783 A1 US20140365783 A1 US 20140365783A1 US 201414198564 A US201414198564 A US 201414198564A US 2014365783 A1 US2014365783 A1 US 2014365783A1
- Authority
- US
- United States
- Prior art keywords
- parameters
- execution environment
- computer program
- program module
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004590 computer program Methods 0.000 claims abstract description 47
- 230000008569 process Effects 0.000 claims abstract description 6
- 230000015654 memory Effects 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 20
- 238000012360 testing method Methods 0.000 description 13
- 238000013507 mapping Methods 0.000 description 10
- 238000013459 approach Methods 0.000 description 9
- 230000008859 change Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 229920001690 polydopamine Polymers 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 230000003936 working memory Effects 0.000 description 2
- 241000197200 Gallinago media Species 0.000 description 1
- 241001025261 Neoraja caerulea Species 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000021615 conjugation Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Definitions
- the invention relates to a method of and a system for verifying authenticity of at least part of an execution environment for executing a computer program module.
- the Internet provides users with convenient and ubiquitous access to digital content. Because of the potential of the Internet as a powerful distribution channel, many consumer electronics (CE) products strive to directly access the Internet or to intemperate with the PC platform—the predominant portal to the Internet.
- CE products include, but are not limited to, digital set top boxes, digital TVs, game consoles, PCs and, increasingly, hand-held devices such as PDAs, mobile phones, and mobile storage and rendering devices, such as Apple's iPod.
- the use of the Internet as a distribution medium for copyrighted content creates the compelling challenge to secure the interests of the content provider. In particular it is required to warrant the copyrights and business models of the content providers.
- CE platforms are operated using a processor loaded with suitable software.
- Such software may include the main part of functionality for rendering (playback) of digital content, such as audio and/or video.
- Control of the playback software is one way to enforce the interests of the content owner including the terms and conditions under which the content may be used.
- CE platforms with the exception of a PC and PDA
- more and more platforms at least partially are open.
- some users may be assumed to have complete control over the hardware and software that provides access to the content and a large amount of time and resources to attack and bypass any content protection mechanisms.
- content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted.
- digital rights management systems use an encryption technique based on block ciphers that process the data stream in blocks using a sequence of encryption/decryption steps, referred to as rounds.
- a round-specific function is performed.
- the round-specific function may be based on a same round function that is executed under control of a round-specific sub-key.
- the round function can be specified using mapping tables or look-up tables. Even if no explicit tables were used, nevertheless frequently tables are used for different parts of the function for efficient execution in software of encryption/decryption functions.
- the computer code accesses or combines table values into the range value of the function.
- Content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted.
- the user In particular for the PC platform, the user must be assumed to have complete control of the hardware and software that provides access to the content, and an unlimited amount of time and resources to attack and bypass any content protection mechanisms.
- the software code that enforces the terms and conditions under which the content may be used must not be tampered with.
- the general approach in digital rights management for protected content distributed to PCs is to encrypt the digital content, for instance DES (Data Encryption Standard), AES (Advanced Encryption Standard), or using the method disclosed in WO9967918, and to use decryption keys.
- DRM digital rights management
- the plug-in enforces the terms and conditions under which the content is to be used. An attacker aiming to remove these terms and conditions may attempt to achieve this through tampering of the program code comprised in the software plug-in.
- Tamper-resistant software is so called because goal-directed tampering with the software is complicated.
- Show 2 disclose methods with 20 the intend to hide the key by a combination of encoding its tables with random bijections representing compositions rather than individual steps, and extending the cryptographic boundary by pushing it out further into the containing application.
- a method comprises verifying authenticity of at least part of an execution environment for executing a computer program module, where the computer program module is operative to cause processing of digital input data in dependence on a plurality of predetermined digital parameters; and the method includes using a predetermined algorithm to derive at least part of one of the plurality of predetermined digital parameters from the at least part of the execution environment.
- the computer program module in its execution depends on the execution environment. Its parameters are at least partially derived from the execution environment. A predetermined algorithm is used to derive such parameters from the execution environment. In this way, it can be assured that with a reasonable degree of probability the program module will only process its input data in a desired way if the verified part of the execution environment has not been tampered with. This gives at least an implied verification of the execution environment. Since the execution output of the program module inherently depends on the execution environment, it is difficult to tamper with that part of the execution environment
- the execution environment may include part of an operating system (e.g. the kernel and/or important libraries), but may also include a virtual machine, such as a Java virtual machine, operating on top of an operating system.
- a change in the verified part of the execution environment may imply a change in the parameters and as such cause a change in the output of the program module. For example, content may be decrypted wrongly. Tampering with the checked part of the execution environment becomes increasingly difficult if the relationship between the parameters is unclear to an attacker.
- the computer program module is only executed if the plurality of parameters meets a predetermined criterion. So, an explicit test may take place, for example by performing a checksum on the parameters. This has the advantage that a user can be warned that the execution environment has been tampered with. Without such a warning, a user may think that the computer program module is faulty since this module may not produce an expected output if its parameters are wrong.
- respective test may be designed, such that the user can be informed which part of the environment is untrustworthy and/or should be replaced. Even if the test itself may be simple (e.g. based on an IF . . . THEN . . .
- the verification is done by performing a run of at least part of the computer program module on predetermined digital input data using the plurality of parameters. It is then verified if the output of the trial-run meets a predetermined criterion. In this situation the parameters itself are not verified but the output produced with the parameters is verified. The output can depend on the entire set of parameters and chosen input data, making it more difficult for a hacker to determine the correct parameters.
- the predetermined digital input data is received from a server as a challenge; and the output of the run is provided to the server, enabling the server to perform the verification.
- a bank may in this way first check if the system is still secure before continuing, e.g. by providing more data and/or software.
- the predetermined algorithm is implemented using computer executable instructions for converting a representation of the execution environment to the at least one parameter.
- a program to perform the representation full flexibility can be achieved. For example, it can be freely determined which part of the execution environment is checked (e.g. which data elements in the environment, which computer executable instructions, etc.) and how that part is represented (e.g. simply copied, hashed, etc.). If so desired, any suitable technique may be used to obfuscate the software implementation of the algorithm.
- (part of) the executable instructions of the execution environment are unified with (part of) the parameter set of the computer software module. More in detail, a part of a bit representation of the plurality of parameters is equal to at least a part of a bit representation of computer executable instructions of the execution environment; and instructions of the computer program module are arranged for, during an execution, using at least one memory address holding the part of the bit representation of the instructions of the execution environment also for reading the equal part of the bit representation of the parameters by reference. So, at least one memory address has a ‘double function’; it is used for storing a (part of) parameter for the software program module and for storing an instruction of the execution environment.
- the executable instructions may be processor instructions, but may equally be other suitable instructions, such as virtual machine instructions or interpreted pseudo-code instructions.
- the virtual machine instructions may for example be Java or SPDC (Self Protecting Digital Content) compliant.
- (part of) the executable instructions of the computer program module are unified with (part of) the parameter set of the computer program module. More in detail, a part of a bit representation of the plurality of parameters is equal to at least a part of a bit representation of computer executable instructions of the computer program module; and wherein the instructions are arranged for, during an execution of the instructions, using at least one memory address holding the part of the bit representation of the instructions also for reading the equal part of the bit representation of the parameters by reference. In this way, the computer program module is also made more tamper-resistant.
- the predetermined algorithm causes at least one data element of the execution environment to be used as one or more or part of the plurality of parameters.
- relevant parameters e.g. constants
- the method is particularly useful if it is used in combination with a computer program module that processes valuable content.
- valuable content may, for example, be financial data (e.g. electronic banking) or digital content (e.g. audio and/or video).
- Valuable content is typically not distributed in a ‘plain-text’ format easily readable/useable by hackers.
- at least a cryptographic operation e.g. encryption, authentication
- encoding operation e.g. compression
- scrambling operation has been performed on at least some of the input parameters.
- the plurality of digital parameters include a representation of at least one of the following: cryptographic data, such as a cryptographic key and/or cryptographic algorithm; digital content encoding/decoding data, such as a coding table and/or coding algorithm; digital content scrambling/descrambling data, such as a scrambling table and/or scrambling algorithm.
- cryptographic data such as a cryptographic key and/or cryptographic algorithm
- digital content encoding/decoding data such as a coding table and/or coding algorithm
- digital content scrambling/descrambling data such as a scrambling table and/or scrambling algorithm.
- the digital input data is digital content that has been encrypted, encoded and/or scrambled under control of a content-specific key; the method including receiving a representation of the content specific key for controlling decryption, decoding and/or descrambling, respectively, and deriving at least part of one of the plurality of predetermined digital parameters from the received representation of the content-specific key.
- the parameters of the computer program module depend on a content-specific key as well as the execution environment, which typically changes less frequently than the content key. As described above, the parameters may also depend on the instructions of the computer program module. In this way a high level of security can be achieved while still maintaining the flexibility of using different content-specific keys and not having to update the computer program module and/or execution environment each time the content key changes.
- the derived part of the digital parameters includes a network of obfuscated look-up tables where at least one table has been obfuscated independence on the at least part of the execution environment and the algorithm is arranged to derive at least one compensating element from the at least part of the execution environment and insert the at least one compensating element in another one of the obfuscated look-up tables such that the network of obfuscated look-up tables is functionally equivalent to the network of look-up tables.
- a white-box implementation of content-specific decryption can be achieved, where freedom in the choice of obfuscating is used to verify that the execution environment is correct.
- the execution environment is at least in part represented in the obfuscated tables. Only with that part of the execution environment being present can during execution the functionality of the original network of tables be achieved. For each content item, a content-specific key (and optionally content specific decryption algorithm) can be made. Only this needs to be distributed for each content item.
- the execution environment can be checked and, if so desired, also the computer program module can be checked. The execution environment and computer program module need only to be distributed once, whereas they can still be verified by being tied together through the obfuscating.
- the parameters include constant values that have some redundancy in them, i.e., it is possible to compensate a change in one parameter by making an appropriate change to another parameter. For example, if certain executable instructions of the execution environment are highly relevant and need to be verified, these instructions can be represented in the parameters (e.g. simply be being unified). Other parameters are then chosen such to compensate for these given parameters in such a way that the implementation provides an equivalent functionality regardless of whether the original parameters (before the change) or the changed parameters are used.
- FIG. 1 shows a block diagram of a system in which the method may be used
- FIG. 2 shows details of the structure of the system
- FIG. 3 shows examples of obfuscated a network of look-up tables.
- FIG. 1 shows a block diagram of an apparatus 110 in which the invention may be used.
- the apparatus 110 may be part of a larger system 100 .
- the apparatus 110 is operated under control of software. Part of its functionality is included in one or more software program modules.
- the apparatus includes a processor 120 .
- the apparatus may in itself be any suitable device, such as a personal computer, a dedicated media player (e.g. DVD, Blu-ray disc player, HD-DVD player), game machine (e.g. X-Box, Playstation). It may also be a portable device, such as a PDA, or smart phone.
- the processor 120 may be any suitable processor, such as a PC-type processor or embedded processor, including a digital signal processor (DSP).
- DSP digital signal processor
- the apparatus may include a working memory 130 , such as RAM, and a non-volatile storage 140 , such as a hard disc, optical storage or flash memory.
- the apparatus includes a computer program module 150 .
- the computer program module 150 When loaded into the processor 120 , the computer program module 150 is operative to cause processing of digital input data 152 in dependence on a plurality of predetermined digital parameters 154 .
- the output of the processing is digital output data 156 .
- the computer program module 150 is loaded in an execution environment 158 .
- Such an environment 158 may include an operating system kernel, libraries (e.g. media decoders, such as an MP3 or MPEG 4 decoder, internet protocols, etc.).
- the execution environment 158 itself is also executed by the processor 120 .
- the module 150 may include a media player as well as DRM-specific plug-ins 10 for managing the digital rights and controlling the decryption/descrambling and/or decoding.
- Such media players may be able to execute, for a specific content format, a respective plug-in for performing the format-specific decoding corresponding to digital content.
- Those content formats may include AVI, DV, Motion JPEG, MPEG-1, MPEG-2, MPEG-4, WMV, Audio CD, MP3, WMA, WAV, AIFF/AIFC, AU, etc.
- a secure plug-in may be used that not only decodes the content but also decrypts and/or descrambles the content. It is a choice of the skilled person if part of such functionality is reused and for that purpose is integrated into the execution environment 158 .
- the module 150 may use a media player from the execution environment and only operate as a plug-in in such media player, e.g. for performing specific operations, such as decryption or decoding.
- the execution environment 158 may provide a virtual machine, such as Java, where the module 150 is code to be interpreted by the virtual machine. In FIG. 1 it is shown that the program module 150 , its parameters 154 and the execution environment 158 are stored in storage 140 .
- the program module 150 and/or its parameters 154 may also be stored elsewhere (e.g. stored on removable optical storage 160 ) or retrieved from outside the apparatus 110 on demand through a communication interface 170 .
- the interface 170 may give access to the internet 172 .
- digital content such as audio and/or video may be downloaded (being the input data 152 ) from a server 174 in the internet.
- the content may be protected through any suitable techniques such as encryption, scrambling, encoding (e.g. compression) so that the content is not available in a ‘plain-text’ form that can directly be used by malicious parties.
- the digital content may also be other digital data, in particular data worth protecting, such as a financial transaction (internet banking), where input is received through a communication network, like the internet, securely processed, and output through the communication network.
- a financial transaction internet banking
- the output may also be supplied through a communication interface, like interface 170 , to outside the apparatus 110 , e.g. to a bank server, like server 174 .
- the computer program module may also be retrieved from outside the apparatus 110 .
- at least part of the computer program module is designed specifically for processing the content.
- the content may have been encrypted using a, preferably, unique key or content-specific key (e.g. each movie is encrypted with a movie-specific key).
- the computer program module may then have been designed so that it can decrypt this content.
- a computer program module specific for that transaction may be provided under responsibility of a bank.
- the module can then process the financial data in a specific (preferably unique) way and may provide as part of the output also its identity.
- Various suitable watermarking techniques exist and may be used for merging such an identity with the output.
- the bank can then verify that a module with that identity has been used.
- the program module 150 , the active part of the execution environment 158 and parameters 154 may be loaded in the working memory 130 .
- the apparatus 110 may also include user input means (not shown), such as a remote control, keyboard, mouse, microphone for speech input, etc. to obtain commands from a user such as to indicate content to be rendered.
- the apparatus 110 may also include user output means (not shown), such as a display 93 and/or speakers for providing information to a user and/or for representing the rendered content.
- a predetermined algorithm is used to derive at least part of one of the plurality of predetermined digital parameters 154 from the at least part of the execution environment 158 .
- the parameters may additionally or alternatively also be derived from other parts, such as the program module 150 itself.
- the complexity of the algorithm determines the number of bits to get a desired level of security. For instance, if the algorithm is based on a cryptographically strong hash that is determined over a main part of the execution environment then using 1024 bits of the parameters may already give a very strong security.
- a part of a parameter a part of several parameters (e.g. the most significant bits of several parameters), one parameter 30 in its entirety, or several parameters in its entirety, or combinations hereof may be used.
- only a small part of the execution environment may be checked (e.g. one or a few highly relevant instructions or constants), or a significant part may be checked (e.g. some relevant libraries). The person skilled in the art can determine which part of the execution environment needs to be checked (e.g. the part with the highest potential of leaking relevant data).
- FIG. 2 illustrates the principle further. Where in the figures same reference numerals are used, they refer to the same items possibly with more detail added.
- a predetermined algorithm 200 is used for deriving at least part of one of the plurality of predetermined digital parameters 154 from the at least part of the execution environment 158 .
- part 210 of the parameters is derived from the execution environment 158 .
- a part 212 of the parameters may be derived from the program module 150 itself, and a part 214 may be derived from separately supplied parameters, such as a content specific decryption key 220 .
- the parameters may be any type of parameters.
- the parameters may be filter settings.
- the parameters may represent key or key-like information.
- the parameters may represent a decoding table.
- the parameters are constants used by the module 150 or the execution environment 158 .
- the network of look-up tables is obfuscated by applying an encoding to the input and output of at least some of the tables.
- These encodings have an influence on the contents of the look-up table; changing the encoding changes the contents of the table in a predictable way.
- the transformation applied to the elements of the look-up table can be realized by appropriately changing the encodings.
- By changing an output encoding particular values may be incorporated in the table.
- input encoding is also referred to as input decoding as it may decode the encoding of data caused by an output encoding of a preceding look-up table.
- a look-up table can be manipulated with most freedom by changing both the input and output encodings. Considering at least three look-up tables when changing allows to change the input and output encodings of at least one table. Such changes may be compensated for by changing encodings of at least two other tables.
- FIG. 3 illustrates a way to make it even more difficult to extract the key.
- Mappings X and Y can be implemented as look-up tables which can be stored in memory, however, when they are stored in memory the values can be read by an attacker.
- Diagram 320 illustrates how the contents of the look-up tables can be obfuscated by using an input encoding F and an output encoding H.
- Look-up tables corresponding to X ⁇ F ⁇ 1 and H ⁇ Y are stored as illustrated instead of X and Y, making it more difficult to extract X and Y.
- X and Y are functions suitable for implementation by means of look-up tables. Likewise a network consisting of more than two functions can be encoded. The actual tables encoding X and Y are obfuscated by combining H ⁇ Y ⁇ G ⁇ 1 in a single look-up table and combining G ⁇ X ⁇ F ⁇ 1 in a single look-up table.
- mapping tables is not required but it is an advantage if they are used.
- the program module 150 will have been designed to use specific predetermined parameter values. According to the invention, those parameters are at least in part derived from the execution environment 158 . Without precaution, the module may not operate correctly using such a derived parameter. The module can easily be designed such that it still generates the desired outcome. For example, if the module was designed to use a parameter (e.g.
- the module 150 may be designed such that it uses a parameter z 3 XOR z 2 (where XOR is a bit-wise exclusive or), where z 3 is loaded as a constant in the parameters 154 and has been pre-computed as being z 1 XOR z 2 .
- the module will then calculate z 3 XOR z 2 and if the execution environment has not been tampered with the algorithm 200 will generate the original value of z 2 .
- the module 150 and/or part of the execution environment 158 may be partially implemented using mapping tables, particularly a network of look-up tables.
- the look-up tables may be obfuscated using output and/or input encodings.
- a first look-up table f(t 1 (x)) in the network of look-up tables has output encoding f.
- a second look-up table t 2 (f ⁇ 1 (x)) in the network of look-up tables has an input decoding f ⁇ 1 .
- the decodings f and f ⁇ 1 may be chosen such that a predetermined word is included in the first look-up table f(t 1 (x)) or the second look-up table t 2 (f ⁇ 1 (x)).
- This feature can be used to verify the execution environment. For example, let the tables t 1 and t 2 represent original (not disclosed) tables of the module 150 . Let processing of the execution environment 158 by the algorithm 200 give the value w. Then the obfuscated first and second tables f(t 1 (x)) and t 2 (f ⁇ 1 (x)) can be determined. Instead of supplying such tables in its entirety as parameters 154 , in the first table the word w can be left out. The algorithm 200 has to generate the word w based on the actual execution environment 158 and insert it at the appropriate place in the first look-up table.
- tables (more in general parameters) of the module 150 are obfuscated using knowledge of the execution environment. As such, the execution environment is verified. If the execution environment is correct, the obfuscated module will perform correctly. Compared to the example of z 1 , z 2 , and z 3 , given above, z 2 can be seen as word w.
- the compensation z 3 does not require an additional parameter but can be incorporated in one of the other tables.
- WO 2006/046187 and WO 2005/060147 of Koninklijke Philips Electronics disclose several methods of obfuscating a network of tables.
- an obfuscating table O and a compensating table C are used.
- At least one original table is obfuscated with table O and at least one of the other original tables is obfuscated with table C.
- the freedom in choosing such table O can be used to represent the execution environment in table O and use table O to obfuscate at least one original table of the program module. The execution environment will then automatically also be represented in the compensating table C.
- one or more elements of these tables may be left unmodified. For example, a certain element may be obfuscated using O but the compensating element in the other table is not compensated with C.
- the algorithm 200 can then construct the missing compensating element of table C based on the actual execution environment, and XOR that over the involved table, so that during execution the compensation is achieved.
- Pi are used for the obfuscation.
- P may be derived from the execution environment.
- the tables obfuscated with P 2i and P 2i+1 may again be only ‘half obfuscated (at least one element of p 2i or of p 2i+1 ) is not used in the sense that the compensating effect in the total network of obfuscated tables is not achieved.
- the algorithm is then used to generate this missing compensating element based on the actual execution environment.
- any part of the execution environment may be verified.
- one or more computer instructions or parts of it may be verified by directly being used as parameters (e.g. the word w mentioned above).
- data e.g. a constant, such as a regional code used in a DVD player
- the algorithm 200 may use the instruction/data as a literal copy, but may also calculate a representation.
- the algorithm calculates a hash of (part of) the execution environment and uses the hash as the basis for a parameter.
- the hash may form the word w. Any suitable hash may be used.
- the computer program module is only executed if the plurality of parameters meets a predetermined criterion.
- a simple test may be performed, such as calculating hash over the parameters 154 and checking if this gives the desired value that has once been pre-computed based on the correct set of parameters. If the test shows that the parameter set is incorrect, the user may be warned. Also separate parts of the parameters, such as parts 210 , 212 and 214 , may be separately tested. In this way detailed information can be given to the user on which part is no longer correct.
- This pre-test is mainly used as warning of the user that the output of the module 150 will probably be incorrect. As such the module may still be executed. In itself it is no problem if a malicious party removes the test, since the real verification is obtained as correct output 156 of the module 150 . Standard obfuscation techniques may be used to make it more difficult for a hacker to find and remove the test.
- a trial-run is performed of at least part of the computer program module 150 on predetermined digital input data 152 using the plurality of parameters 154 and verifying whether an output 156 of the trial-run meets a predetermined criterion.
- the criterion may simply be that the trial run gives the output that has been achieved using an original module 150 , that is executed in an original execution environment 158 with the original algorithm 200 , and the same predetermined digital input data as will be used later on during the test. Again, the test itself may be obfuscated using conventional techniques.
- the predetermined digital input data is received from a server, such as server 174 , as a challenge.
- the output of the run is provided to the server, enabling the server to perform the verification.
- a bank may in this way first check if the system is still secure before continuing, e.g. by providing more data and/or software. The verification needs then not be done (but may also be additionally done) in apparatus 110 .
- the predetermined algorithm 200 is implemented using computer executable instructions for converting a representation of the execution environment 158 to the at least one parameter 154 .
- the algorithm 200 can implement complex operations to obfuscate how the execution environment 158 is represented in the parameters 154 .
- the algorithm 200 may include scrambling, encrypting, compressing, and/or hashing operations.
- the algorithm itself may be obfuscated using any suitable technique, such as white-box techniques as disclosed in Chow 1 and/or Chow 2.
- the algorithm is supplied in combination with the module 150 . As such, the algorithm may also be part of the module 150 .
- the algorithm 200 may form part of an initialization routine of the module 150 that creates at least some of the parameters of the module 150 .
- the algorithm 200 may also be very simple.
- the algorithm could be a set of pointers provided in the module 150 that point to data or instructions in the execution module 158 that are to be used (e.g. copied) as parameters of the module 150 . Any suitable form of pointers may be used, such as absolute value or relative value. Such choices fall within the abilities of a person skilled in the art.
- the predetermined algorithm 200 causes at least one data element of the execution environment to be used as one or more or part of the plurality of parameters.
- the algorithm 200 may be implemented in hardware instead of software.
- computer executable instructions of the execution module 158 and/or module 150 are unified with the parameters 154 . This means that certain bit locations in memory 130 act as a parameter for the module 150 as well as an instruction (of the execution environment 158 or the module 150 ) executed by the processor 120 .
- a unification between a parameter 210 and the execution environment 15 8 has occurred.
- a part of a bit representation of the plurality of parameters 210 is equal to at least a part of a bit representation of computer executable instructions of the execution environment 158 . This means that those instructions of the execution environment are loaded for execution from a same memory location in memory 130 as is used by instructions of the module 150 to retrieve parameters from. It will be appreciated that one or more entire instructions of the execution environment may in this way also be used as parameters. If so desired also only parts of the execution instructions (e.g. operator field, most significant byte, etc.) may be unified with the parameters.
- a unification between a parameter 212 and the module 150 has occurred.
- a part of a bit representation of the plurality of parameters 212 is equal to at least a part of a bit representation of computer executable instructions of the computer program module 150 .
- These instructions are arranged for, during an execution of the instructions, using at least one memory address holding the part of the bit representation of the instructions also for reading the equal part of the bit representation of the parameters by reference.
- there is at least one instruction of the module 150 that is loaded from a certain memory location from which another instruction in the module 150 retrieves a parameter.
- the same principle instead of loading an entire instruction or parameter the same principle also works for parts thereof.
- the plurality of digital parameters include a representation of at least one of the following:
- cryptographic data such as a cryptographic key and/or cryptographic algorithm
- digital content encoding/decoding data such as a coding table and/or coding algorithm
- digital content scrambling/descrambling data such as a scrambling table and/or scrambling algorithm.
- the digital input data 152 is digital content, such as audio/video, that has been encrypted, encoded and/or scrambled under control of a content-specific key.
- the module 150 then causes the processor 120 to convert the digital input data to a plain-text form (or to at least a partially converted form) in which it can be rendered to a user or can be processed further.
- the method includes receiving a representation of the content specific key for controlling decryption, decoding and/or descrambling, respectively. For example, if the content has been encrypted, the apparatus 110 receives a decryption key. It may receive this in any way, e.g. read it from the storage 160 or receive it from a server 174 through the internet 172 .
- the algorithm 200 is then used to derive at least part of one of the plurality of predetermined digital parameters 214 from the received representation of the content-specific key. For example, the content-specific key may simply be used as the parameter part 214 .
- the content-specific key and/or the content-specific decryption algorithm is supplied in a form including a network of obfuscated look-up tables, for example in a way as described above. As indicated there, the obfuscation gives a certain freedom in choosing constants in the tables. Above an example was given where a word w derived from the execution environment 158 could be compensated for in another obfuscated table (and as such in another parameter of module 150 ). In an embodiment, a parameter derived from the execution environment 158 (e.g. word w) is compensated in the obfuscated implementation of the content-specific decryption key/algorithm 220 .
- a parameter derived from the execution environment 158 e.g. word w
- a parameter derived from the execution environment 158 is compensated in the obfuscated implementation of the content-specific decryption key/algorithm 220 .
- Algorithm 200 is then arranged to load the parameter derived from the execution environment 158 (e.g. word w) in the right place in the right obfuscated table.
- the network of obfuscated tables, used as parameters 154 will then compensate each other and perform the originally intended mapping.
- the content-specific decryption is thus obfuscated with the information derived from the execution environment. Only if that part is present in an unmodified form can it be guaranteed that the decryption performs correctly.
- the same principle will also work for content-specific coding and/or scrambling. It will also be appreciated that in a same way the content-specific parameters/algorithm may be obfuscated with information derived from the module 150 (e.g. word w is derived therefrom). It will be appreciated that the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice.
- the program may be in the form of source code, object code, a code intermediate source and object code such as partially compiled form, or in any other form suitable for use in the implementation of the method according to the invention.
- the carrier may be any entity or device capable of carrying the program.
- the carrier may include a storage medium, such as a ROM, for example a CD ROM or a semiconductor memory, or a magnetic recording medium, for example a floppy disc or hard disk.
- a storage medium such as a ROM, for example a CD ROM or a semiconductor memory, or a magnetic recording medium, for example a floppy disc or hard disk.
- the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means.
- the carrier may be constituted by such cable or other device or means.
- the carrier may be an integrated circuit in which the program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant method.
Abstract
Description
- This application is a continuation of application Ser. No. 12/307,942 filed on Jan. 8, 2009 (now pending), which is the National Stage of International Application No. PCT/IB07/52607, filed Jul. 4, 2007, which claims priority to European Patent Application EP 20060117036 (priority no. 06117036.1), filed Jul. 12, 2006, all of which are hereby incorporated by reference in their entirety.
- The invention relates to a method of and a system for verifying authenticity of at least part of an execution environment for executing a computer program module.
- The Internet provides users with convenient and ubiquitous access to digital content. Because of the potential of the Internet as a powerful distribution channel, many consumer electronics (CE) products strive to directly access the Internet or to intemperate with the PC platform—the predominant portal to the Internet. The CE products include, but are not limited to, digital set top boxes, digital TVs, game consoles, PCs and, increasingly, hand-held devices such as PDAs, mobile phones, and mobile storage and rendering devices, such as Apple's iPod. The use of the Internet as a distribution medium for copyrighted content creates the compelling challenge to secure the interests of the content provider. In particular it is required to warrant the copyrights and business models of the content providers. Increasingly, CE platforms are operated using a processor loaded with suitable software. Such software may include the main part of functionality for rendering (playback) of digital content, such as audio and/or video. Control of the playback software is one way to enforce the interests of the content owner including the terms and conditions under which the content may be used. Where traditionally many CE platforms (with the exception of a PC and PDA) used to be closed, nowadays more and more platforms at least partially are open. In particular for the PC platform, some users may be assumed to have complete control over the hardware and software that provides access to the content and a large amount of time and resources to attack and bypass any content protection mechanisms. As a consequence, content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted.
- Typically, digital rights management systems use an encryption technique based on block ciphers that process the data stream in blocks using a sequence of encryption/decryption steps, referred to as rounds. During each round, a round-specific function is performed. The round-specific function may be based on a same round function that is executed under control of a round-specific sub-key. For many encryption systems, the round function can be specified using mapping tables or look-up tables. Even if no explicit tables were used, nevertheless frequently tables are used for different parts of the function for efficient execution in software of encryption/decryption functions. The computer code accesses or combines table values into the range value of the function. Instead of distributing keys, that may be user-specific, it becomes more interesting to distribute user specific algorithms instead of keys for encryption or decryption algorithms. These algorithms, most often functions (mappings), have to be obfuscated (hidden) in order to prevent redesign or prohibit the re-computation of elements that are key-like. On computers, tables accompanied with some computer code often represent these functions.
- Content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted. In particular for the PC platform, the user must be assumed to have complete control of the hardware and software that provides access to the content, and an unlimited amount of time and resources to attack and bypass any content protection mechanisms. The software code that enforces the terms and conditions under which the content may be used must not be tampered with. The general approach in digital rights management for protected content distributed to PCs is to encrypt the digital content, for instance DES (Data Encryption Standard), AES (Advanced Encryption Standard), or using the method disclosed in WO9967918, and to use decryption keys.
- Main areas of vulnerability of digital rights management (DRM) relying on encryption are the software plug-ins which enforce the terms and conditions under which the content may be used, the key distribution and handling, and the execution environment in which the DRM module is executed.
- Typically, the plug-in enforces the terms and conditions under which the content is to be used. An attacker aiming to remove these terms and conditions may attempt to achieve this through tampering of the program code comprised in the software plug-in.
- In relation to key handling, for playback a media player has to retrieve a decryption key from a license database. It then has to store this decryption key somewhere in memory for the decryption of the encrypted content. This leaves an attacker two options for an attack on the key. Firstly, reverse engineering of the license database access function could result in black box software (i.e., the attacker does not have to understand the internal workings of the software function), allowing the attacker to retrieve asset keys from all license databases. Secondly, by observation of the accesses to memory during content decryption, it is possible to retrieve the asset key. In both cases the key is considered to be compromised. Increasingly, keys and part of the decryption algorithm are represented as look-up (mapping) tables forming part of a software implementation. Making software tamper resistant has gained increasingly more attention.
- Tamper-resistant software is so called because goal-directed tampering with the software is complicated. Various techniques for increasing the tamper resistance of software applications exist. Most of these techniques are based on hiding the embedded knowledge of the application by adding a veil of randomness and complexity in both the control and the data path of the software application. The idea behind this is that it becomes more difficult to extract information merely by code inspection. It is therefore more difficult to find the code that, for example, handles access and permission control of the application, and consequently to change it.
- “White-Box Cryptography and an AES Implementation”, by Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot, in Selected Areas in Cryptography: 15 9th Annual International Workshop, SAC 2002, St. John's, Newfoundland, Canada, Aug. 15-16, 2002, referred to hereinafter as “Chow 1”, and “A White-Box DES Implementation for DRM Applications”, by Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. van Oorschot, in Digital Rights Management: ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, Nov. 18, 2002, referred to hereinafter as “Chow 2”, disclose methods with 20 the intend to hide the key by a combination of encoding its tables with random bijections representing compositions rather than individual steps, and extending the cryptographic boundary by pushing it out further into the containing application.
- Whereas so far attention has focused on protecting the keys and the DRM module, it has become clear that it is also important that the execution environment is 25 trustworthy. Much attention was given to this subject when as part of Sony's DRM installation (Extended Copy Protection XCP software) on a PC also some files of Windows XP were replaced in a way that the replacement could not easily be detected (hidden in the so-called root-kit of Windows XP). The replacement unintentionally exposed the PC to certain virus-like attacks. Blue-ray (BD) disc makes it possible to distribute protected content 30 on a disc, together with a DRM software module to be executed on a virtual machine of the BD-player. The DRM software module may be content-specific and include key-like information for decrypting the content in any suitable form. Although certain methods exist for verifying authenticity of software (e.g. using signature schemes and trusted parties), so far software modules usually have to rely on the fact that the execution environment in itself is trustworthy.
- It would be advantageous to have an improved method for verifying authenticity of at least part of an execution environment for executing a computer program module.
- To better address this concern, in a first aspect of the invention a method is presented that comprises verifying authenticity of at least part of an execution environment for executing a computer program module, where the computer program module is operative to cause processing of digital input data in dependence on a plurality of predetermined digital parameters; and the method includes using a predetermined algorithm to derive at least part of one of the plurality of predetermined digital parameters from the at least part of the execution environment.
- According to the invention, the computer program module in its execution depends on the execution environment. Its parameters are at least partially derived from the execution environment. A predetermined algorithm is used to derive such parameters from the execution environment. In this way, it can be assured that with a reasonable degree of probability the program module will only process its input data in a desired way if the verified part of the execution environment has not been tampered with. This gives at least an implied verification of the execution environment. Since the execution output of the program module inherently depends on the execution environment, it is difficult to tamper with that part of the execution environment The execution environment may include part of an operating system (e.g. the kernel and/or important libraries), but may also include a virtual machine, such as a Java virtual machine, operating on top of an operating system. By verifying the execution environment in this way, it can be better avoided that valuable digital data, for example digital content such as audio and/or video, is leaked by a tampered execution environment. It is noted that it is known to perform some form of verification over software modules, e.g. in the form of a checksum, and verifying the outcome. Such techniques are open to various attacks, including trying to skip the test. According to the invention, a change in the verified part of the execution environment may imply a change in the parameters and as such cause a change in the output of the program module. For example, content may be decrypted wrongly. Tampering with the checked part of the execution environment becomes increasingly difficult if the relationship between the parameters is unclear to an attacker.
- According to an aspect of the invention, the computer program module is only executed if the plurality of parameters meets a predetermined criterion. So, an explicit test may take place, for example by performing a checksum on the parameters. This has the advantage that a user can be warned that the execution environment has been tampered with. Without such a warning, a user may think that the computer program module is faulty since this module may not produce an expected output if its parameters are wrong. In an embodiment, for different parts of the execution environment respective test may be designed, such that the user can be informed which part of the environment is untrustworthy and/or should be replaced. Even if the test itself may be simple (e.g. based on an IF . . . THEN . . . ELSE or similar statement) and may be avoided by a person skilled in tampering, in systems where the test has not been tampered with, adequate information can be provided to a user. If so desired, also known techniques may be used for making the test more tamper—IS resistant.
- According to an aspect of the invention, the verification is done by performing a run of at least part of the computer program module on predetermined digital input data using the plurality of parameters. It is then verified if the output of the trial-run meets a predetermined criterion. In this situation the parameters itself are not verified but the output produced with the parameters is verified. The output can depend on the entire set of parameters and chosen input data, making it more difficult for a hacker to determine the correct parameters.
- In an embodiment, the predetermined digital input data is received from a server as a challenge; and the output of the run is provided to the server, enabling the server to perform the verification. For example, a bank may in this way first check if the system is still secure before continuing, e.g. by providing more data and/or software. According to another aspect of the invention, the predetermined algorithm is implemented using computer executable instructions for converting a representation of the execution environment to the at least one parameter. By using a program to perform the representation, full flexibility can be achieved. For example, it can be freely determined which part of the execution environment is checked (e.g. which data elements in the environment, which computer executable instructions, etc.) and how that part is represented (e.g. simply copied, hashed, etc.). If so desired, any suitable technique may be used to obfuscate the software implementation of the algorithm.
- According to an aspect of the invention, (part of) the executable instructions of the execution environment are unified with (part of) the parameter set of the computer software module. More in detail, a part of a bit representation of the plurality of parameters is equal to at least a part of a bit representation of computer executable instructions of the execution environment; and instructions of the computer program module are arranged for, during an execution, using at least one memory address holding the part of the bit representation of the instructions of the execution environment also for reading the equal part of the bit representation of the parameters by reference. So, at least one memory address has a ‘double function’; it is used for storing a (part of) parameter for the software program module and for storing an instruction of the execution environment. So, tampering with this instruction will automatically result in tampering with the parameters, with the risk of causing the program module to no longer perform the desired processing. The executable instructions may be processor instructions, but may equally be other suitable instructions, such as virtual machine instructions or interpreted pseudo-code instructions. The virtual machine instructions may for example be Java or SPDC (Self Protecting Digital Content) compliant.
- According to another aspect of the invention, (part of) the executable instructions of the computer program module are unified with (part of) the parameter set of the computer program module. More in detail, a part of a bit representation of the plurality of parameters is equal to at least a part of a bit representation of computer executable instructions of the computer program module; and wherein the instructions are arranged for, during an execution of the instructions, using at least one memory address holding the part of the bit representation of the instructions also for reading the equal part of the bit representation of the parameters by reference. In this way, the computer program module is also made more tamper-resistant. Tampering with an instruction of the module that is also used as a parameter will thus automatically result in tampering with the parameters, with the risk of causing the program module to no longer perform the desired processing. According to an aspect of the invention, in addition to or as an alternative to representing instructions of the execution environment, the predetermined algorithm causes at least one data element of the execution environment to be used as one or more or part of the plurality of parameters. In this way also relevant parameters (e.g. constants) of the execution environment can be checked. For example, it can be verified if the regional code, such as known from DVD, has not been tampered with.
- According to an aspect of the invention, the method is particularly useful if it is used in combination with a computer program module that processes valuable content. Such valuable content may, for example, be financial data (e.g. electronic banking) or digital content (e.g. audio and/or video). Valuable content is typically not distributed in a ‘plain-text’ format easily readable/useable by hackers. Typically, at least a cryptographic operation (e.g. encryption, authentication), encoding operation (e.g. compression), and/or scrambling operation has been performed on at least some of the input parameters. To this end, the plurality of digital parameters include a representation of at least one of the following: cryptographic data, such as a cryptographic key and/or cryptographic algorithm; digital content encoding/decoding data, such as a coding table and/or coding algorithm; digital content scrambling/descrambling data, such as a scrambling table and/or scrambling algorithm.
- In an embodiment, the digital input data is digital content that has been encrypted, encoded and/or scrambled under control of a content-specific key; the method including receiving a representation of the content specific key for controlling decryption, decoding and/or descrambling, respectively, and deriving at least part of one of the plurality of predetermined digital parameters from the received representation of the content-specific key. So, in this embodiment the parameters of the computer program module depend on a content-specific key as well as the execution environment, which typically changes less frequently than the content key. As described above, the parameters may also depend on the instructions of the computer program module. In this way a high level of security can be achieved while still maintaining the flexibility of using different content-specific keys and not having to update the computer program module and/or execution environment each time the content key changes.
- In an embodiment, the derived part of the digital parameters includes a network of obfuscated look-up tables where at least one table has been obfuscated independence on the at least part of the execution environment and the algorithm is arranged to derive at least one compensating element from the at least part of the execution environment and insert the at least one compensating element in another one of the obfuscated look-up tables such that the network of obfuscated look-up tables is functionally equivalent to the network of look-up tables. In this way a white-box implementation of content-specific decryption can be achieved, where freedom in the choice of obfuscating is used to verify that the execution environment is correct. The execution environment is at least in part represented in the obfuscated tables. Only with that part of the execution environment being present can during execution the functionality of the original network of tables be achieved. For each content item, a content-specific key (and optionally content specific decryption algorithm) can be made. Only this needs to be distributed for each content item. The execution environment can be checked and, if so desired, also the computer program module can be checked. The execution environment and computer program module need only to be distributed once, whereas they can still be verified by being tied together through the obfuscating.
- In a preferred embodiment, the parameters include constant values that have some redundancy in them, i.e., it is possible to compensate a change in one parameter by making an appropriate change to another parameter. For example, if certain executable instructions of the execution environment are highly relevant and need to be verified, these instructions can be represented in the parameters (e.g. simply be being unified). Other parameters are then chosen such to compensate for these given parameters in such a way that the implementation provides an equivalent functionality regardless of whether the original parameters (before the change) or the changed parameters are used.
- These and other aspects of the invention will be elucidated hereinafter by reference to the drawings, wherein
-
FIG. 1 shows a block diagram of a system in which the method may be used; -
FIG. 2 shows details of the structure of the system; and -
FIG. 3 shows examples of obfuscated a network of look-up tables. -
FIG. 1 shows a block diagram of anapparatus 110 in which the invention may be used. Theapparatus 110 may be part of alarger system 100. Theapparatus 110 is operated under control of software. Part of its functionality is included in one or more software program modules. To this end, the apparatus includes aprocessor 120. The apparatus may in itself be any suitable device, such as a personal computer, a dedicated media player (e.g. DVD, Blu-ray disc player, HD-DVD player), game machine (e.g. X-Box, Playstation). It may also be a portable device, such as a PDA, or smart phone. Theprocessor 120 may be any suitable processor, such as a PC-type processor or embedded processor, including a digital signal processor (DSP). The apparatus may include a workingmemory 130, such as RAM, and anon-volatile storage 140, such as a hard disc, optical storage or flash memory. The apparatus includes acomputer program module 150. When loaded into theprocessor 120, thecomputer program module 150 is operative to cause processing ofdigital input data 152 in dependence on a plurality of predetermineddigital parameters 154. The output of the processing isdigital output data 156. To be able to perform such processing, thecomputer program module 150 is loaded in anexecution environment 158. Such anenvironment 158 may include an operating system kernel, libraries (e.g. media decoders, such as an MP3 or MPEG 4 decoder, internet protocols, etc.). Theexecution environment 158 itself (or at least the active part) is also executed by theprocessor 120. If, for example, themodule 150 is a DRM module, themodule 150 may include a media player as well as DRM-specific plug-ins 10 for managing the digital rights and controlling the decryption/descrambling and/or decoding. Such media players may be able to execute, for a specific content format, a respective plug-in for performing the format-specific decoding corresponding to digital content. Those content formats may include AVI, DV, Motion JPEG, MPEG-1, MPEG-2, MPEG-4, WMV, Audio CD, MP3, WMA, WAV, AIFF/AIFC, AU, etc. For digital rights management purposes, a secure plug-in may be used that not only decodes the content but also decrypts and/or descrambles the content. It is a choice of the skilled person if part of such functionality is reused and for that purpose is integrated into theexecution environment 158. For example, themodule 150 may use a media player from the execution environment and only operate as a plug-in in such media player, e.g. for performing specific operations, such as decryption or decoding. It will also be appreciated that theexecution environment 158 may provide a virtual machine, such as Java, where themodule 150 is code to be interpreted by the virtual machine. InFIG. 1 it is shown that theprogram module 150, itsparameters 154 and theexecution environment 158 are stored instorage 140. Theprogram module 150 and/or itsparameters 154 may also be stored elsewhere (e.g. stored on removable optical storage 160) or retrieved from outside theapparatus 110 on demand through acommunication interface 170. For example, theinterface 170 may give access to theinternet 172. For example, digital content such as audio and/or video may be downloaded (being the input data 152) from aserver 174 in the internet. The content may be protected through any suitable techniques such as encryption, scrambling, encoding (e.g. compression) so that the content is not available in a ‘plain-text’ form that can directly be used by malicious parties. The digital content may also be other digital data, in particular data worth protecting, such as a financial transaction (internet banking), where input is received through a communication network, like the internet, securely processed, and output through the communication network. As such, the output may also be supplied through a communication interface, likeinterface 170, to outside theapparatus 110, e.g. to a bank server, likeserver 174. As described above, the computer program module may also be retrieved from outside theapparatus 110. In an embodiment, at least part of the computer program module is designed specifically for processing the content. For example, the content may have been encrypted using a, preferably, unique key or content-specific key (e.g. each movie is encrypted with a movie-specific key). The computer program module may then have been designed so that it can decrypt this content. Similarly, for example, for a financial transaction a computer program module specific for that transaction may be provided under responsibility of a bank. The module can then process the financial data in a specific (preferably unique) way and may provide as part of the output also its identity. Various suitable watermarking techniques exist and may be used for merging such an identity with the output. The bank can then verify that a module with that identity has been used. During execution, theprogram module 150, the active part of theexecution environment 158 andparameters 154 may be loaded in the workingmemory 130. Theapparatus 110 may also include user input means (not shown), such as a remote control, keyboard, mouse, microphone for speech input, etc. to obtain commands from a user such as to indicate content to be rendered. Theapparatus 110 may also include user output means (not shown), such as a display 93 and/or speakers for providing information to a user and/or for representing the rendered content. - According to the invention, a predetermined algorithm is used to derive at least part of one of the plurality of predetermined
digital parameters 154 from the at least part of theexecution environment 158. As will be described in more detail below, the parameters may additionally or alternatively also be derived from other parts, such as theprogram module 150 itself. It will be appreciated that to increase the security it may be desired to derive a higher number of bits of the parameters from the execution environment. It will also be appreciated that the complexity of the algorithm determines the number of bits to get a desired level of security. For instance, if the algorithm is based on a cryptographically strong hash that is determined over a main part of the execution environment then using 1024 bits of the parameters may already give a very strong security. As such only a part of a parameter, a part of several parameters (e.g. the most significant bits of several parameters), one parameter 30 in its entirety, or several parameters in its entirety, or combinations hereof may be used. Similarly, only a small part of the execution environment may be checked (e.g. one or a few highly relevant instructions or constants), or a significant part may be checked (e.g. some relevant libraries). The person skilled in the art can determine which part of the execution environment needs to be checked (e.g. the part with the highest potential of leaking relevant data). -
FIG. 2 illustrates the principle further. Where in the figures same reference numerals are used, they refer to the same items possibly with more detail added. According to the invention apredetermined algorithm 200 is used for deriving at least part of one of the plurality of predetermineddigital parameters 154 from the at least part of theexecution environment 158. InFIG. 2 it is shown thatpart 210 of the parameters is derived from theexecution environment 158. As will be described in more detail below, in embodiments of the invention, also apart 212 of the parameters may be derived from theprogram module 150 itself, and apart 214 may be derived from separately supplied parameters, such as a contentspecific decryption key 220. In itself, the parameters may be any type of parameters. For example, for signal processing of an audio/speech/video signal the parameters may be filter settings. For a cryptographic-like operation (e.g. decryption or authentication) or descrambling the parameters may represent key or key-like information. For decoding, the parameters may represent a decoding table. Typically, the parameters are constants used by themodule 150 or theexecution environment 158. - It is noted that it is known how to represent cryptographic and similar algorithms as one or more (typically a network of) mapping tables to be executed by software. For example,
Chow 1 and Chow 2 describe such an approach for AES and DES, respectively. These tables represent key-like information as well as part of the algorithm. An advantage of using such tables is that time-consuming algorithmic steps are now replaced by a much faster mapping operation (at the cost of using more memory to store the tables). A detailed description of such an approach is also given in the co-pending patent application serial number 061166930 (attorney docket PH005600). In these so-called white-box software implementations of algorithms, it is assumed that a hacker may get access to such tables, for example when loaded intomemory 130. Even if the tables were stored in an encrypted form instorage 140, at a certain moment themodule 150 will have to use the actual decrypted table. In the white-box approach, in principle a malicious party can copy the entire software module and this may work also in another apparatus. Several approaches may be used to discourage this. For example, the tables may be so large that it becomes clumsy to copy them. Another approach is to let the tables represent information traceable to the original user. Any illegal copy can then also be traced back to the original user.Chow 1 and Chow 2 describe several approaches to make sure that the original tables are not available in a plaintext form. Instead these original tables are obfuscated. Preferably, the network of look-up tables is obfuscated by applying an encoding to the input and output of at least some of the tables. These encodings have an influence on the contents of the look-up table; changing the encoding changes the contents of the table in a predictable way. However, it may be difficult for an attacker to unravel the encodings as he only has knowledge of the final look-up table indicative of a mapping whose inputs and outputs have been encoded in a relatively complex way. The transformation applied to the elements of the look-up table can be realized by appropriately changing the encodings. By changing an output encoding, particular values may be incorporated in the table. By changing an input encoding, for example the order in which values appear in the table may be changed. Hereinafter, input encoding is also referred to as input decoding as it may decode the encoding of data caused by an output encoding of a preceding look-up table. - A look-up table can be manipulated with most freedom by changing both the input and output encodings. Considering at least three look-up tables when changing allows to change the input and output encodings of at least one table. Such changes may be compensated for by changing encodings of at least two other tables.
FIG. 3 illustrates a way to make it even more difficult to extract the key. Let X and Ybe two functions. Consider an operation Y∘X=Y(X(c)) (which may also be indicated as Y*X(c)=Y(X(c)), illustrated as diagram 310, where c is an input value, for example a 4-byte state column. However, the approach applies to any type of input value c. Mappings X and Y can be implemented as look-up tables which can be stored in memory, however, when they are stored in memory the values can be read by an attacker. Diagram 320 illustrates how the contents of the look-up tables can be obfuscated by using an input encoding F and an output encoding H. Look-up tables corresponding to X∘F−1 and H∘Y are stored as illustrated instead of X and Y, making it more difficult to extract X and Y. Diagram 330 shows how to add an additional, for example random, bijective function G, such that the intermediate result of the two tables is also encoded. In this case, two tables are stored in memory: X′=G∘X∘F−1 and Y′=H∘Y∘G−1. This is illustrated once more in diagram 340: -
Y′∘X′=(H∘Y∘G−1)∘(G∘X∘F—1)=H∘(Y∘X)∘F−1, - where ∘ denotes function composition as usual (i.e., for any two functions f(x) and g(x), f∘g(x)=f(g(x)) by definition), X and Y are functions suitable for implementation by means of look-up tables. Likewise a network consisting of more than two functions can be encoded. The actual tables encoding X and Y are obfuscated by combining H∘Y∘G−1 in a single look-up table and combining G∘X∘F−1 in a single look-up table. As long as F, G, and/or H remain unknown, the attacker cannot extract information about X and/or Y from the look-up tables, and hence the attacker cannot extract the key that is the basis for X and/or Y. Other algorithms may also be implemented as a (cascade or network of) look-up tables that may be obfuscated in a way similar to the above. The invention is not limited to the exemplary cryptographic algorithms mentioned.
- The advantage of using such tables is that a significant part of the function performed by
module 150 in fact is represented as data; in this case as parameters. As such, a sufficient number of parameters may be present to enable thorough checking of theexecution environment 158. It will be appreciated that the approach can still work if fewer parameters are used. So, using such mapping tables is not required but it is an advantage if they are used. - Normally, the
program module 150 will have been designed to use specific predetermined parameter values. According to the invention, those parameters are at least in part derived from theexecution environment 158. Without precaution, the module may not operate correctly using such a derived parameter. The module can easily be designed such that it still generates the desired outcome. For example, if the module was designed to use a parameter (e.g. constant) z1, and thealgorithm 200 generates a value z2 based on a correct version of theexecution environment 158, then themodule 150 may be designed such that it uses a parameter z3 XOR z2 (where XOR is a bit-wise exclusive or), where z3 is loaded as a constant in theparameters 154 and has been pre-computed as being z1 XOR z2. The module will then calculate z3 XOR z2 and if the execution environment has not been tampered with thealgorithm 200 will generate the original value of z2. Since z3 has been pre-computed as z1 XOR z2, the module thus calculates z3 XOR z2=(z1 XOR z2) XOR z2=z1. In this way, a form of compensation is achieved so that on the one hand themodule 150 during execution effectively uses the original parameters (e.g. z1) and on the other hand other parts can be verified while being expressed as parameters (e.g. z2). In this example, the parameter z3 purely functions as a compensation. - Particularly, if the more advanced techniques of networks of obfuscated tables are used, more freedom is achieved in compensating for having to check parameters derived from for example the
execution environment 158 while still using a correct set of parameters. For example, in an embodiment themodule 150 and/or part of theexecution environment 158 may be partially implemented using mapping tables, particularly a network of look-up tables. - In an embodiment, the look-up tables may be obfuscated using output and/or input encodings. For example a first look-up table f(t1(x)) in the network of look-up tables has output encoding f. A second look-up table t2(f−1(x)) in the network of look-up tables has an input decoding f−1. The input decoding f inverts an effect of the output encoding, for example t2(f−1(f(t1(x))))=t2(t1(x)). A special feature of this is that the decodings f and f−1 may be chosen such that a predetermined word is included in the first look-up table f(t1(x)) or the second look-up table t2(f−1(x)). Let for example t1(x0)=y0. To include the word w in the look-up table, f can be chosen such that f(y0)=w, because in that case f(t1(x))=f(y0)=w. This will put w at position x0 in the first look-up table. To compensate, f−1 is chosen such that f−1(w)=y0.
- This feature can be used to verify the execution environment. For example, let the tables t1 and t2 represent original (not disclosed) tables of the
module 150. Let processing of theexecution environment 158 by thealgorithm 200 give the value w. Then the obfuscated first and second tables f(t1(x)) and t2(f−1(x)) can be determined. Instead of supplying such tables in its entirety asparameters 154, in the first table the word w can be left out. Thealgorithm 200 has to generate the word w based on theactual execution environment 158 and insert it at the appropriate place in the first look-up table. Only if the correct word w is inserted at the correct place in the table, will the combination of the obfuscated tables produce the same output as the combination of the original tables t1 and t2. In this example, tables (more in general parameters) of themodule 150 are obfuscated using knowledge of the execution environment. As such, the execution environment is verified. If the execution environment is correct, the obfuscated module will perform correctly. Compared to the example of z1, z2, and z3, given above, z2 can be seen as word w. By using a network of tables, the compensation z3 does not require an additional parameter but can be incorporated in one of the other tables. - WO 2006/046187 and WO 2005/060147 of Koninklijke Philips Electronics disclose several methods of obfuscating a network of tables. In WO 2006/046187, an obfuscating table O and a compensating table C are used. At least one original table is obfuscated with table O and at least one of the other original tables is obfuscated with table C. The freedom in choosing such table O can be used to represent the execution environment in table O and use table O to obfuscate at least one original table of the program module. The execution environment will then automatically also be represented in the compensating table C. Instead of fully obfuscating an original table fully with O and another fully with C, one or more elements of these tables may be left unmodified. For example, a certain element may be obfuscated using O but the compensating element in the other table is not compensated with C. The
algorithm 200 can then construct the missing compensating element of table C based on the actual execution environment, and XOR that over the involved table, so that during execution the compensation is achieved. - In WO 2005/060147 permutations Pi are used for the obfuscation. Here again, P, may be derived from the execution environment. The tables obfuscated with P2i and P2i+1 may again be only ‘half obfuscated (at least one element of p2i or of p2i+1) is not used in the sense that the compensating effect in the total network of obfuscated tables is not achieved. The algorithm is then used to generate this missing compensating element based on the actual execution environment.
- It will be appreciated that in principle any part of the execution environment may be verified. For example, one or more computer instructions or parts of it may be verified by directly being used as parameters (e.g. the word w mentioned above). The same holds for data (e.g. a constant, such as a regional code used in a DVD player) in the execution environment. The
algorithm 200 may use the instruction/data as a literal copy, but may also calculate a representation. In an embodiment, the algorithm calculates a hash of (part of) the execution environment and uses the hash as the basis for a parameter. For example, the hash may form the word w. Any suitable hash may be used. - In an embodiment according to the invention, the computer program module is only executed if the plurality of parameters meets a predetermined criterion. A simple test may be performed, such as calculating hash over the
parameters 154 and checking if this gives the desired value that has once been pre-computed based on the correct set of parameters. If the test shows that the parameter set is incorrect, the user may be warned. Also separate parts of the parameters, such asparts module 150 will probably be incorrect. As such the module may still be executed. In itself it is no problem if a malicious party removes the test, since the real verification is obtained ascorrect output 156 of themodule 150. Standard obfuscation techniques may be used to make it more difficult for a hacker to find and remove the test. - In an embodiment, instead of or in addition to explicitly verifying the parameter set, a trial-run is performed of at least part of the
computer program module 150 on predetermineddigital input data 152 using the plurality ofparameters 154 and verifying whether anoutput 156 of the trial-run meets a predetermined criterion. The criterion may simply be that the trial run gives the output that has been achieved using anoriginal module 150, that is executed in anoriginal execution environment 158 with theoriginal algorithm 200, and the same predetermined digital input data as will be used later on during the test. Again, the test itself may be obfuscated using conventional techniques. In an embodiment, the predetermined digital input data is received from a server, such asserver 174, as a challenge. The output of the run is provided to the server, enabling the server to perform the verification. For example, a bank may in this way first check if the system is still secure before continuing, e.g. by providing more data and/or software. The verification needs then not be done (but may also be additionally done) inapparatus 110. - In an embodiment, the
predetermined algorithm 200 is implemented using computer executable instructions for converting a representation of theexecution environment 158 to the at least oneparameter 154. In this way, thealgorithm 200 can implement complex operations to obfuscate how theexecution environment 158 is represented in theparameters 154. For example, thealgorithm 200 may include scrambling, encrypting, compressing, and/or hashing operations. The algorithm itself may be obfuscated using any suitable technique, such as white-box techniques as disclosed inChow 1 and/or Chow 2. In an embodiment, the algorithm is supplied in combination with themodule 150. As such, the algorithm may also be part of themodule 150. For example, it may form part of an initialization routine of themodule 150 that creates at least some of the parameters of themodule 150. It will be appreciated that thealgorithm 200 may also be very simple. For example, the algorithm could be a set of pointers provided in themodule 150 that point to data or instructions in theexecution module 158 that are to be used (e.g. copied) as parameters of themodule 150. Any suitable form of pointers may be used, such as absolute value or relative value. Such choices fall within the abilities of a person skilled in the art. Thus, in an embodiment, thepredetermined algorithm 200 causes at least one data element of the execution environment to be used as one or more or part of the plurality of parameters. It will be appreciated that thealgorithm 200 may be implemented in hardware instead of software. - In an aspect of the invention, computer executable instructions of the
execution module 158 and/ormodule 150 are unified with theparameters 154. This means that certain bit locations inmemory 130 act as a parameter for themodule 150 as well as an instruction (of theexecution environment 158 or the module 150) executed by theprocessor 120. - In an embodiment, a unification between a
parameter 210 and the execution environment 15 8 has occurred. A part of a bit representation of the plurality ofparameters 210 is equal to at least a part of a bit representation of computer executable instructions of theexecution environment 158. This means that those instructions of the execution environment are loaded for execution from a same memory location inmemory 130 as is used by instructions of themodule 150 to retrieve parameters from. It will be appreciated that one or more entire instructions of the execution environment may in this way also be used as parameters. If so desired also only parts of the execution instructions (e.g. operator field, most significant byte, etc.) may be unified with the parameters. - In an embodiment, a unification between a
parameter 212 and themodule 150 has occurred. A part of a bit representation of the plurality ofparameters 212 is equal to at least a part of a bit representation of computer executable instructions of thecomputer program module 150. These instructions are arranged for, during an execution of the instructions, using at least one memory address holding the part of the bit representation of the instructions also for reading the equal part of the bit representation of the parameters by reference. Thus there is at least one instruction of themodule 150 that is loaded from a certain memory location from which another instruction in themodule 150 retrieves a parameter. Of course instead of loading an entire instruction or parameter the same principle also works for parts thereof. - In an embodiment, the plurality of digital parameters include a representation of at least one of the following:
- cryptographic data, such as a cryptographic key and/or cryptographic algorithm;
- digital content encoding/decoding data, such as a coding table and/or coding algorithm;
- digital content scrambling/descrambling data, such as a scrambling table and/or scrambling algorithm.
- In a further embodiment, the
digital input data 152 is digital content, such as audio/video, that has been encrypted, encoded and/or scrambled under control of a content-specific key. Themodule 150 then causes theprocessor 120 to convert the digital input data to a plain-text form (or to at least a partially converted form) in which it can be rendered to a user or can be processed further. To this end, the method includes receiving a representation of the content specific key for controlling decryption, decoding and/or descrambling, respectively. For example, if the content has been encrypted, theapparatus 110 receives a decryption key. It may receive this in any way, e.g. read it from thestorage 160 or receive it from aserver 174 through theinternet 172. Thealgorithm 200 is then used to derive at least part of one of the plurality of predetermineddigital parameters 214 from the received representation of the content-specific key. For example, the content-specific key may simply be used as theparameter part 214. - In an embodiment, the content-specific key and/or the content-specific decryption algorithm is supplied in a form including a network of obfuscated look-up tables, for example in a way as described above. As indicated there, the obfuscation gives a certain freedom in choosing constants in the tables. Above an example was given where a word w derived from the
execution environment 158 could be compensated for in another obfuscated table (and as such in another parameter of module 150). In an embodiment, a parameter derived from the execution environment 158 (e.g. word w) is compensated in the obfuscated implementation of the content-specific decryption key/algorithm 220.Algorithm 200 is then arranged to load the parameter derived from the execution environment 158 (e.g. word w) in the right place in the right obfuscated table. The network of obfuscated tables, used asparameters 154, will then compensate each other and perform the originally intended mapping. The content-specific decryption is thus obfuscated with the information derived from the execution environment. Only if that part is present in an unmodified form can it be guaranteed that the decryption performs correctly. - It will be appreciated that the same principle will also work for content-specific coding and/or scrambling. It will also be appreciated that in a same way the content-specific parameters/algorithm may be obfuscated with information derived from the module 150 (e.g. word w is derived therefrom). It will be appreciated that the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice. The program may be in the form of source code, object code, a code intermediate source and object code such as partially compiled form, or in any other form suitable for use in the implementation of the method according to the invention. The carrier may be any entity or device capable of carrying the program. For example, the carrier may include a storage medium, such as a ROM, for example a CD ROM or a semiconductor memory, or a magnetic recording medium, for example a floppy disc or hard disk. Further the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means. When the program is embodied in such a signal, the carrier may be constituted by such cable or other device or means. Alternatively, the carrier may be an integrated circuit in which the program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant method.
- It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. Use of the verb “comprise” and its conjugations does not exclude the presence of elements or steps other than those stated in a claim. The article “a” or “an” preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Claims (18)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/198,564 US20140365783A1 (en) | 2006-07-12 | 2014-03-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
US15/613,309 US20170286685A1 (en) | 2006-07-12 | 2017-06-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06117036.1 | 2006-07-12 | ||
EP06117036 | 2006-07-12 | ||
PCT/IB2007/052607 WO2008007305A2 (en) | 2006-07-12 | 2007-07-04 | Method and system for obfuscating a gryptographic function |
US30794209A | 2009-01-08 | 2009-01-08 | |
US14/198,564 US20140365783A1 (en) | 2006-07-12 | 2014-03-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Related Parent Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/307,942 Continuation US8700915B2 (en) | 2006-07-12 | 2007-07-04 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
PCT/IB2007/052607 Continuation WO2008007305A2 (en) | 2006-07-12 | 2007-07-04 | Method and system for obfuscating a gryptographic function |
US30794209A Continuation | 2006-07-12 | 2009-01-08 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/613,309 Continuation US20170286685A1 (en) | 2006-07-12 | 2017-06-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140365783A1 true US20140365783A1 (en) | 2014-12-11 |
Family
ID=38778139
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/307,942 Active 2030-07-26 US8700915B2 (en) | 2006-07-12 | 2007-07-04 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
US14/198,564 Abandoned US20140365783A1 (en) | 2006-07-12 | 2014-03-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
US15/613,309 Abandoned US20170286685A1 (en) | 2006-07-12 | 2017-06-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/307,942 Active 2030-07-26 US8700915B2 (en) | 2006-07-12 | 2007-07-04 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/613,309 Abandoned US20170286685A1 (en) | 2006-07-12 | 2017-06-05 | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module |
Country Status (5)
Country | Link |
---|---|
US (3) | US8700915B2 (en) |
EP (1) | EP2044723A2 (en) |
JP (1) | JP5113169B2 (en) |
CN (1) | CN101491000B (en) |
WO (1) | WO2008007305A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160246960A1 (en) * | 2015-02-25 | 2016-08-25 | International Business Machines Corporation | Programming code execution management |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008084433A2 (en) * | 2007-01-11 | 2008-07-17 | Koninklijke Philips Electronics N.V. | Tracing copies of an implementation |
EP2188944B1 (en) * | 2007-09-13 | 2019-06-12 | Irdeto B.V. | Combined watermarking and decryption of content |
JP5354914B2 (en) * | 2008-01-18 | 2013-11-27 | 三菱電機株式会社 | Encryption processing device, decryption processing device, and program |
CN102016871B (en) * | 2008-03-05 | 2017-11-07 | 爱迪德技术有限公司 | cryptographic system |
CN101807239A (en) * | 2010-03-29 | 2010-08-18 | 山东高效能服务器和存储研究院 | Method for preventing source code from decompiling |
JP2012084071A (en) | 2010-10-14 | 2012-04-26 | Toshiba Corp | Digital content protection method, decryption method, reproducing device, memory medium and cryptographic device |
KR20120042469A (en) * | 2010-10-25 | 2012-05-03 | 한국전자통신연구원 | Apparatus for protecting contents using binding additional information and encryption key and method thereof |
EP2686806B1 (en) * | 2011-03-15 | 2019-09-11 | Irdeto B.V. | Change-tolerant method of generating an identifier for a collection of assets in a computing environment using a secret sharing scheme |
US8782420B2 (en) * | 2011-07-22 | 2014-07-15 | Netflix, Inc | System and method for obfuscation initiation values of a cryptography protocol |
US8661527B2 (en) | 2011-08-31 | 2014-02-25 | Kabushiki Kaisha Toshiba | Authenticator, authenticatee and authentication method |
JP5275432B2 (en) | 2011-11-11 | 2013-08-28 | 株式会社東芝 | Storage medium, host device, memory device, and system |
JP5112555B1 (en) | 2011-12-02 | 2013-01-09 | 株式会社東芝 | Memory card, storage media, and controller |
JP5204291B1 (en) | 2011-12-02 | 2013-06-05 | 株式会社東芝 | Host device, device, system |
JP5204290B1 (en) | 2011-12-02 | 2013-06-05 | 株式会社東芝 | Host device, system, and device |
JP5100884B1 (en) | 2011-12-02 | 2012-12-19 | 株式会社東芝 | Memory device |
JP5275482B2 (en) | 2012-01-16 | 2013-08-28 | 株式会社東芝 | Storage medium, host device, memory device, and system |
EP2856378B1 (en) * | 2012-05-25 | 2017-12-27 | Koninklijke Philips N.V. | Method, system and device for protection against reverse engineering and/or tampering with programs |
BR112014027816A2 (en) * | 2012-11-07 | 2017-06-27 | Koninklijke Philips Nv | compute device configured to compute a function of one or more inputs, method of constructing a lookup table for an operator that maps bit sequences of an input bit size (k1) to bit sequences of a bit size of output (k2), compiler for compiling a first computer program written in a first computer programming language into a second computer program, method for computing a function of one or more inputs, the inputs having an input bit size ( k), and computer program |
WO2014096117A1 (en) * | 2012-12-21 | 2014-06-26 | Koninklijke Philips N.V. | Computing device configured with a table network |
US9201811B2 (en) | 2013-02-14 | 2015-12-01 | Kabushiki Kaisha Toshiba | Device and authentication method therefor |
US8984294B2 (en) | 2013-02-15 | 2015-03-17 | Kabushiki Kaisha Toshiba | System of authenticating an individual memory device via reading data including prohibited data and readable data |
US9654279B2 (en) * | 2014-03-20 | 2017-05-16 | Nxp B.V. | Security module for secure function execution on untrusted platform |
WO2015149827A1 (en) * | 2014-03-31 | 2015-10-08 | Irdeto B.V. | Obfuscated performance of a predetermined function |
US9641337B2 (en) * | 2014-04-28 | 2017-05-02 | Nxp B.V. | Interface compatible approach for gluing white-box implementation to surrounding program |
US10412054B2 (en) | 2014-06-24 | 2019-09-10 | Nxp B.V. | Method for introducing dependence of white-box implementation on a set of strings |
SG10201405852QA (en) | 2014-09-18 | 2016-04-28 | Huawei Internat Pte Ltd | Encryption function and decryption function generating method, encryption and decryption method and related apparatuses |
DE102014016548A1 (en) * | 2014-11-10 | 2016-05-12 | Giesecke & Devrient Gmbh | Method for testing and hardening software applications |
MX2017006736A (en) * | 2014-11-27 | 2017-10-04 | Koninklijke Philips Nv | Electronic calculating device for performing obfuscated arithmetic. |
CN107005403A (en) * | 2014-12-22 | 2017-08-01 | 皇家飞利浦有限公司 | electronic computing device |
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
US10505709B2 (en) * | 2015-06-01 | 2019-12-10 | Nxp B.V. | White-box cryptography interleaved lookup tables |
US10110566B2 (en) | 2015-07-21 | 2018-10-23 | Baffle, Inc. | Systems and processes for executing private programs on untrusted computers |
US10061905B2 (en) * | 2016-01-26 | 2018-08-28 | Twentieth Century Fox Film Corporation | Method and system for conditional access via license of proprietary functionality |
US11093656B2 (en) * | 2018-11-14 | 2021-08-17 | Irdeto B.V. | Change-tolerant method of generating an identifier for a collection of assets in a computing environment |
CN110048834A (en) * | 2019-03-12 | 2019-07-23 | 深圳壹账通智能科技有限公司 | Dynamic password sending method, device and computer readable storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020161996A1 (en) * | 2001-02-23 | 2002-10-31 | Lawrence Koved | System and method for supporting digital rights management in an enhanced javaTM2 runtime environment |
US20030191942A1 (en) * | 2002-04-03 | 2003-10-09 | Saurabh Sinha | Integrity ordainment and ascertainment of computer-executable instructions |
US20030194085A1 (en) * | 2002-04-12 | 2003-10-16 | Microsoft Corporation | Protection of application secrets |
US20050071653A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Non-linear execution of application program instructions for application program obfuscation |
US20050278793A1 (en) * | 2000-08-28 | 2005-12-15 | Contentguard Holdings, Inc. | Method and apparatus for providing a specific user interface in a system for managing content |
US20060005251A1 (en) * | 2004-06-12 | 2006-01-05 | Microsoft Corporation | Inhibiting software tampering |
US7020772B2 (en) * | 1999-04-06 | 2006-03-28 | Microsoft Corporation | Secure execution of program code |
US20060248353A1 (en) * | 1996-08-12 | 2006-11-02 | Shear Victor H | Systems and methods using cryptography to protect secure computing environments |
US7152243B2 (en) * | 2002-06-27 | 2006-12-19 | Microsoft Corporation | Providing a secure hardware identifier (HWID) for use in connection with digital rights management (DRM) system |
US20070113079A1 (en) * | 2003-11-28 | 2007-05-17 | Takayuki Ito | Data processing apparatus |
US7337324B2 (en) * | 2003-12-01 | 2008-02-26 | Microsoft Corp. | System and method for non-interactive human answerable challenges |
US20080232582A1 (en) * | 2004-03-19 | 2008-09-25 | Gemplus | Method for Dynamically Authenticating Programmes with an Electronic Portable Object |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07129207A (en) * | 1993-10-28 | 1995-05-19 | Fanuc Ltd | Numerical control system |
CN1227859C (en) | 1998-06-25 | 2005-11-16 | 皇家菲利浦电子有限公司 | Synchronous stream cipher |
FR2792141B1 (en) | 1999-04-09 | 2001-06-15 | Bull Cp8 | METHOD FOR SECURING ONE OR MORE ELECTRONIC ASSEMBLIES IMPLEMENTING THE SAME CRYPTOGRAPHIC ALGORITHM WITH SECRET KEY, A USE OF THE METHOD AND THE ELECTRONIC ASSEMBLY |
JP2001103049A (en) * | 1999-09-30 | 2001-04-13 | Hitachi Software Eng Co Ltd | Method of user authentication |
JP4005293B2 (en) * | 2000-02-29 | 2007-11-07 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Computer, control method therefor, recording medium, and transmission medium |
CA2327911A1 (en) * | 2000-12-08 | 2002-06-08 | Cloakware Corporation | Obscuring functions in computer software |
CN1215418C (en) * | 2001-01-09 | 2005-08-17 | 中兴通讯股份有限公司 | Method for preventing attack on alteration of applied system operating in computer |
JP2003050640A (en) * | 2001-08-07 | 2003-02-21 | Matsushita Electric Ind Co Ltd | Method for preventing copy of software |
JP4320013B2 (en) * | 2003-02-26 | 2009-08-26 | 株式会社セキュアウェア | Unauthorized processing determination method, data processing apparatus, computer program, and recording medium |
WO2005060147A1 (en) | 2003-12-11 | 2005-06-30 | Koninklijke Philips Electronics N.V. | Block ciphering system, using permutations to hide the core ciphering function of each encryption round |
US8156488B2 (en) * | 2004-10-20 | 2012-04-10 | Nokia Corporation | Terminal, method and computer program product for validating a software application |
KR101226167B1 (en) * | 2004-10-28 | 2013-01-24 | 이르데토 코포레이트 비.브이. | Method and system for obfuscating a cryptographic function |
WO2007105126A2 (en) | 2006-03-10 | 2007-09-20 | Koninklijke Philips Electronics N.V. | Method and system for obfuscating a cryptographic function |
US20090119221A1 (en) * | 2007-11-05 | 2009-05-07 | Timothy Martin Weston | System and Method for Cryptographically Authenticated Display Prompt Control for Multifunctional Payment Terminals |
-
2007
- 2007-07-04 CN CN2007800262163A patent/CN101491000B/en not_active Expired - Fee Related
- 2007-07-04 JP JP2009519028A patent/JP5113169B2/en not_active Expired - Fee Related
- 2007-07-04 EP EP07789879A patent/EP2044723A2/en not_active Withdrawn
- 2007-07-04 US US12/307,942 patent/US8700915B2/en active Active
- 2007-07-04 WO PCT/IB2007/052607 patent/WO2008007305A2/en active Application Filing
-
2014
- 2014-03-05 US US14/198,564 patent/US20140365783A1/en not_active Abandoned
-
2017
- 2017-06-05 US US15/613,309 patent/US20170286685A1/en not_active Abandoned
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060248353A1 (en) * | 1996-08-12 | 2006-11-02 | Shear Victor H | Systems and methods using cryptography to protect secure computing environments |
US7020772B2 (en) * | 1999-04-06 | 2006-03-28 | Microsoft Corporation | Secure execution of program code |
US20050278793A1 (en) * | 2000-08-28 | 2005-12-15 | Contentguard Holdings, Inc. | Method and apparatus for providing a specific user interface in a system for managing content |
US20020161996A1 (en) * | 2001-02-23 | 2002-10-31 | Lawrence Koved | System and method for supporting digital rights management in an enhanced javaTM2 runtime environment |
US20030191942A1 (en) * | 2002-04-03 | 2003-10-09 | Saurabh Sinha | Integrity ordainment and ascertainment of computer-executable instructions |
US20030194085A1 (en) * | 2002-04-12 | 2003-10-16 | Microsoft Corporation | Protection of application secrets |
US7152243B2 (en) * | 2002-06-27 | 2006-12-19 | Microsoft Corporation | Providing a secure hardware identifier (HWID) for use in connection with digital rights management (DRM) system |
US20050071653A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Non-linear execution of application program instructions for application program obfuscation |
US20070113079A1 (en) * | 2003-11-28 | 2007-05-17 | Takayuki Ito | Data processing apparatus |
US7337324B2 (en) * | 2003-12-01 | 2008-02-26 | Microsoft Corp. | System and method for non-interactive human answerable challenges |
US20080232582A1 (en) * | 2004-03-19 | 2008-09-25 | Gemplus | Method for Dynamically Authenticating Programmes with an Electronic Portable Object |
US20060005251A1 (en) * | 2004-06-12 | 2006-01-05 | Microsoft Corporation | Inhibiting software tampering |
US7891008B2 (en) * | 2004-06-12 | 2011-02-15 | Microsoft Corporation | Profile protection |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160246960A1 (en) * | 2015-02-25 | 2016-08-25 | International Business Machines Corporation | Programming code execution management |
US9940455B2 (en) * | 2015-02-25 | 2018-04-10 | International Business Machines Corporation | Programming code execution management |
US10565369B2 (en) | 2015-02-25 | 2020-02-18 | International Business Machines Corporation | Programming code execution management |
US11295006B2 (en) | 2015-02-25 | 2022-04-05 | International Business Machines Corporation | Programming code execution management |
Also Published As
Publication number | Publication date |
---|---|
CN101491000B (en) | 2011-12-28 |
EP2044723A2 (en) | 2009-04-08 |
WO2008007305A3 (en) | 2008-03-06 |
JP2009543244A (en) | 2009-12-03 |
US20090313480A1 (en) | 2009-12-17 |
US8700915B2 (en) | 2014-04-15 |
CN101491000A (en) | 2009-07-22 |
JP5113169B2 (en) | 2013-01-09 |
US20170286685A1 (en) | 2017-10-05 |
WO2008007305A2 (en) | 2008-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170286685A1 (en) | Method and system for verifying authenticity of at least part of an execution environment for executing a computer module | |
US8543835B2 (en) | Tamper resistance of a digital data processing unit | |
US8479016B2 (en) | Method and system for obfuscating a cryptographic function | |
JP5355554B2 (en) | Updating encryption key data | |
EP1807965B1 (en) | Method, server and computer readable medium for obfuscating a cryptographic function | |
US10015009B2 (en) | Protecting white-box feistel network implementation against fault attack | |
US9819486B2 (en) | S-box in cryptographic implementation | |
US20170310488A1 (en) | A challenge-response method and associated computing device | |
EP1712032B1 (en) | Block ciphering system, using permutations to hide the core ciphering function of each encryption round | |
US9025765B2 (en) | Data security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N. V., NETHERLANDS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MICHIELS, WILHELMUS PETRUS ADRIANUS JOHANNUS;GORISSEN, PAULUS MATHIAS HUBERTUS MECHTILDIS ANTONIUS;REEL/FRAME:034423/0631 Effective date: 20070709 |
|
AS | Assignment |
Owner name: IRDETO B.V., NETHERLANDS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KONINKLIJKE PHILIPS ELECTRONICS N. V.;REEL/FRAME:034454/0713 Effective date: 20100113 |
|
AS | Assignment |
Owner name: IRDETO CORPORATE B.V., NETHERLANDS Free format text: CHANGE OF NAME;ASSIGNOR:IRDETO B.V.;REEL/FRAME:034597/0626 Effective date: 20101006 |
|
AS | Assignment |
Owner name: IRDETO B.V., NETHERLANDS Free format text: MERGER;ASSIGNOR:IRDETO CORPORATE B.V.;REEL/FRAME:034512/0718 Effective date: 20140930 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |