Ginger Myles

Self-validating branch-based software watermarking

Software protection is an area of active research in which a variety of techniques have been developed to address the issue. Examples of such techniques are software watermarking, code obfuscation, and tamper detection. In this paper we present a novel dynamic software watermarking algorithm which incorporates ideas from code obfuscation and tamper detection. Our technique simultaneously provides proof of ownership and the capability to trace the source of the illegal redistribution. It additionally provides a solution for distributing pre-packaged, fingerprinted software which is linked to the consumer. Our technique is specific to programs compiled for the x86 Intel architecture, however, we have proposed an extension for use on Java bytecode.

Content protection for games

In this paper we review the state of the art in content protection for video games by describing the capabilities and shortcomings of currently deployed solutions. In an attempt to address some of the open issues, we present two novel approaches. The first approach uses branch-based software watermarking to discourage and detect piracy through a registration-based system. In the second approach, based on the parallels between games and premium audio and video content, we propose the use of current physical-media copy-protection technologies for gaming content. In particular, we focus on broadcast encryption technology. The use of an open, standard-based architecture enables the development of a more restrictive protection system for games. Finally, we demonstrate how the proposed protection mechanisms can be applied to video-game copy protection through five scenarios.

Towards better software tamper resistance

Software protection is an area of active research in which a variety of techniques have been developed to address the issue. Examples of such techniques include code obfuscation, software watermarking, and tamper detection. In this paper we propose a tamper resistance technique which provides both on and offline tamper detection. In our offline approach, the software dynamically detects tampering and causes the program to fail, protecting itself from malicious attacks. Additionally, during program execution an event log is maintained which is transmitted to a clearing house when the program is back online.

Key evolution-based tamper resistance: a subgroup extension

The number and magnitude of hostile attacks against software has drastically increased. One class of attacks of particular concern to the software industry is tampering to circumvent protection technologies such as license checks. A variety of hardware- and software-base techniques have been developed to address the issue. These include, but are not limited to, dongles, smartcards, and code obfuscation. In this paper we examine two previously proposed software-based tamper resistance techniques which are both based on the same key evolution mechanism: Event Log-Based and Branch-Based tamper resistance. As proposed the techniques offer many advantages over other software-based algorithms, however, they still suffer from a common limitation. Through our analysis we identify this limitation and propose an extension to the schemes which improves the overall strength.

A technique for self-certifying tamper resistant software

Until recently the use of software tamper resistance was rather limited. However, as the music and movie industries have increased their reliance on content protection systems, the importance placed on and the use of tamper resistance has also increased. Unfortunately, the nature of tamper resistance can make it difficult for developers to determine if a protection mechanism isactually robust and which attacks it can protect against. To address this issue we have designed a tool for self-certifying the strength of a tamper resistance implementation that is based on a hybrid attack-defense graph. This approachto tamper resistance evaluation is advantageous in that it enables certification without leaking confidential implementation details and it assists developers in designing more robust implementations.