CA2350029A1 - Sustainable digital watermarking via tamper-resistant software - Google Patents

Sustainable digital watermarking via tamper-resistant software Download PDF

Info

Publication number
CA2350029A1
CA2350029A1 CA002350029A CA2350029A CA2350029A1 CA 2350029 A1 CA2350029 A1 CA 2350029A1 CA 002350029 A CA002350029 A CA 002350029A CA 2350029 A CA2350029 A CA 2350029A CA 2350029 A1 CA2350029 A1 CA 2350029A1
Authority
CA
Canada
Prior art keywords
data
address
data value
virtual address
steps
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002350029A
Other languages
French (fr)
Inventor
Stanley T. Chow
Harold J. Johnson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloakware Corp
Original Assignee
Cloakware Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloakware Corp filed Critical Cloakware Corp
Priority to CA002350029A priority Critical patent/CA2350029A1/en
Priority to AU2002312670A priority patent/AU2002312670A1/en
Priority to US10/478,696 priority patent/US7395433B2/en
Priority to EP02737682A priority patent/EP1421457A2/en
Priority to CA002449595A priority patent/CA2449595A1/en
Priority to PCT/CA2002/000847 priority patent/WO2002101519A2/en
Publication of CA2350029A1 publication Critical patent/CA2350029A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking

Abstract

Mass data (the contents of arrays, large data structures, linked data structures and similar data structures stored in memory) are common targets for attack. The invention presents a method and system of protecting mass data by mapping virtual addresses onto randomly or pseudo-randomly selected actual addresses. This mapping distributes data values throughout the memory so an attacker cannot locate the data he is seeking, or identify patterns which might allow him to obtain information about his target (such as how the software operates, encryption keys, biometric data or passwords stored therein, or algorithms it uses). Additional layers of protection are described, as well as efficient techniques for generating the necessary transforms to perform the invention.

Claims (39)

1. A method of obscuring memory contents comprising the steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.
2. A method of memory storage which is tamper-resistant and obscure, comprising the steps of:
responding to a request to store a data value at a virtual address by:
calculating a hash of said virtual address to generate an actual address; and storing said data value in a memory location indexed by said actual address.
3. A method of reducing the amount of information which can be derived from a memory comprising the steps of:
mapping virtual data addresses onto actual data addresses;
said mapping altering the pattern of memory accesses during execution of a program.
4. A method of obscuring mass data comprising the steps of:
responding to a request to store a data value at a virtual address by:
storing said data value at an actual memory location indexed by a hash of said virtual address.
5. A method of obscuring mass data comprising the steps of:
storing data in pseudo-random addresses;
thereby distributing data sets throughout a memory space.
6. A method of obscuring mass data comprising the steps of:
responding to a request to store a data value by:
storing said data in a pseudo-randomly selected memory location.
7. The method of claim 1, wherein said step of mapping comprises the prior step of selecting one of a plurality of different mappings.
8. The method of claim 1, further comprising the steps of:

varying said address mappings over time;
whereby any information obtained by an attacker will have a very short useful life.
9. The method of claim 1, further comprising the prior step of encrypting said data value being stored.
10. The method of claim 1, further comprising the prior step of:
encoding said input data with a data flow encoding technique;
whereby only encoded data is processed and unprotected data is not exposed.
11. The method of claim 1, wherein all steps are cloaked using tamper-resistant secret-hiding software; thereby rendering the corresponding computer code enormously complex and resistant to reverse engineering.
12. The method of claim 8, wherein said step of varying said address mappings comprises the step of:
varying said address mappings randomly or pseudo-randomly, on the basis of other addresses and data.
13. The method of claim 12, wherein said step of varying said address mappings comprises the step of:
varying said address mappings randomly or pseudo-randomly, each time a store or fetch is performed.
14. The method of claim 13, further comprising the steps of:
executing a separate, background routine which atomically changes the locations and data encoding while said application program is running.
15. The method of claim 14, wherein said step of executing a separate, background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of said data by changing a tag which indexes an encryption key stored in an associated recoding vector; and allows execution of the main program to resume.
16. The method of claim 14, wherein said step of executing a separate, background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of said data by changing the actual read/write R/W
encryption pairs within recoding vectors, with associated changes to the data affected, so that there is no stable association between particular tags and particular cell encodings in a software actual memory array (SAMA); and allows execution of the main program to resume.
17. The method of claim 14, wherein said step of executing a separate, background routine comprises the steps of:
executing a separate, background routine which:
suspends execution of the main program;
changes the encoding of data within cells of a SAMA by changing the hash function encoding said data, so that no given piece of data has a fixed address within said SAMA for a long period of time; and allows execution of the main program to resume.
18. The method of claim 9, further comprising the step of:
varying the encoding of said data in said mass storage device over time.
19. The method of claim 10, further comprising the prior step of:
performing "maze" encoding transformations on data being input.
20. The method of claim 10, further comprising the step of:
performing "maze" encoding transformations on data being output.
21. The method of claim 11, wherein said tamper-resistant secret-hiding software comprises data flow encoding.
22. The method of claim 11, wherein said tamper-resistant secret-hiding software comprises control flow encoding.
23. The method of claim 7 wherein said actual address is pseudo-randomly selected.
24. The method of claim 7 wherein said mapping comprises a composition of composable hash functions.
25. The method of claim 7 wherein said step of mapping comprises the steps of:
determining necessary number of cell data encodings, based on degree of security required;
generating tags to index said cell data encodings;
generating recoding vectors containing read/write (R/W) data encryption pairs, said R/W pairs indexed by values of said tags;
storing said tag values in a tag array, at a location indexed by said hash of said virtual address;
encrypting input data value using said write data encryption key; and storing said encrypted data value in a SAMA array indexed by said hash of said virtual address.
26. The method of claim 7, further comprising the step of:
converting said virtual address to an actual address using a Pointwise Linear Partitioned Bijection (PLPB) transform.
27. The method of claim 7, wherein multiple SAMAs mapping onto multiple SVMAs.
28. The method of claim 7, wherein said mapping comprises a concealed hash.
29. The method of claim 28, wherein said hash is concealed because the hash function itself is never computed, rather it comprises two functions:
a concealed data coding as a "half-way point" in the computation; and a "hasher" function applied to the output of the concealed data coding to produce the hashed value.
30. The method of claim 7, wherein said step of mapping further comprises the step of:

composing transforms which perform both data encoding and hash functions (Pointwise Linear Partitioned Bijections, or PLPBs);
said PLPBs:
composing seamlessly with linear data encoding transformations; and being table-driven, making them highly suited to incremental changes over time as may be required to generate a flexibly sized address space (extensible hashing) or to change the address mapping incrementally over time by a "scrambler" process.
31. A method of retrieving data from a tamper-resistant memory storage system comprising the steps of:
responding to a request to retrieve a data value at a virtual address by:
calculating a hash of said virtual address to generate an actual address; and fetching said data value at said actual address.
32. A method of obscuring memory contents comprising the steps of:
responding to a request to fetch a data value from a virtual address by:
mapping said virtual address onto a predetermined, pseudo-randomly selected actual address; and fetching said data value from a memory location indexed by said actual address.
33. A method of memory retrieval which is tamper-resistant and obscure comprising the steps of:
responding to a request to fetch a data value from a virtual address by:
calculating a hash of said virtual address to generate an actual address; and fetching said data value from a memory location indexed by said actual address.
34. A method of obscuring mass data comprising the steps of:
responding to a request to fetch a data value at a virtual address by:
fetching said data value from an actual memory location indexed by a hash of said virtual address.
35. A method of obscuring mass data comprising the steps of:

responding to a request to fetch a data value by:
fetching said data from a pseudo-randomly selected memory location.
36. A system for obscuring memory contents comprising:
a computer;
said computer being operable to:
respond to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.
37. An apparatus for obscuring memory contents comprising:
means for responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.
38. A computer readable memory medium for storing software code executable to perform the method steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.
39. A carrier signal incorporating software code executable to perform the method steps of:
responding to a request to store a data value at a virtual address by:
mapping said virtual address onto a randomly selected actual address; and storing said data value in a memory location indexed by said actual address.
CA002350029A 2001-06-08 2001-06-08 Sustainable digital watermarking via tamper-resistant software Abandoned CA2350029A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
CA002350029A CA2350029A1 (en) 2001-06-08 2001-06-08 Sustainable digital watermarking via tamper-resistant software
AU2002312670A AU2002312670A1 (en) 2001-06-08 2002-06-10 Method and system for generating sustainable digital watermarks
US10/478,696 US7395433B2 (en) 2001-06-08 2002-06-10 Method and system for sustainable digital watermarking
EP02737682A EP1421457A2 (en) 2001-06-08 2002-06-10 Method and system for generating sustainable digital watermarks
CA002449595A CA2449595A1 (en) 2001-06-08 2002-06-10 Method and system for sustainable digital watermarking
PCT/CA2002/000847 WO2002101519A2 (en) 2001-06-08 2002-06-10 Method and system for generating sustainable digital watermarks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA002350029A CA2350029A1 (en) 2001-06-08 2001-06-08 Sustainable digital watermarking via tamper-resistant software

Publications (1)

Publication Number Publication Date
CA2350029A1 true CA2350029A1 (en) 2002-12-08

Family

ID=4169233

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002350029A Abandoned CA2350029A1 (en) 2001-06-08 2001-06-08 Sustainable digital watermarking via tamper-resistant software

Country Status (5)

Country Link
US (1) US7395433B2 (en)
EP (1) EP1421457A2 (en)
AU (1) AU2002312670A1 (en)
CA (1) CA2350029A1 (en)
WO (1) WO2002101519A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010055171A1 (en) * 2008-11-17 2010-05-20 Intrinsic-Id B.V. Distributed puf

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7770016B2 (en) * 1999-07-29 2010-08-03 Intertrust Technologies Corporation Systems and methods for watermarking software and other media
JP2004362532A (en) * 2002-10-25 2004-12-24 Matsushita Electric Ind Co Ltd Watermark insertion device and watermark extraction device
US8510571B1 (en) 2003-03-24 2013-08-13 Hoi Chang System and method for inserting security mechanisms into a software program
US8661559B2 (en) 2003-08-18 2014-02-25 Riverside Research Institute Software control flow watermarking
CN100428107C (en) * 2004-02-11 2008-10-22 北京邮电大学 Digital watermarking infrastructure
WO2005122114A1 (en) * 2004-06-10 2005-12-22 Protection Technology Limited Water marks injector
CN1322433C (en) * 2004-08-12 2007-06-20 西南交通大学 Positioning vulnerable water print generating and recognizing method capable of distigushing image and watermark distortion
KR100611989B1 (en) * 2004-08-31 2006-08-11 삼성전자주식회사 Method and apparatus for generating fingerprint codes
US8887287B2 (en) * 2004-10-27 2014-11-11 Alcatel Lucent Method and apparatus for software integrity protection using timed executable agents
EP1715436A3 (en) * 2005-04-21 2007-03-28 St Microelectronics S.A. Protection of program execution performed by an integrated circuit or the data stored in this circuit
US20060259903A1 (en) * 2005-05-12 2006-11-16 Xerox Corporation Method for creating unique identification for copies of executable code and management thereof
US20060259900A1 (en) * 2005-05-12 2006-11-16 Xerox Corporation Method for creating unique identification for copies of executable code and management thereof
US7760903B2 (en) * 2005-08-30 2010-07-20 Microsoft Corporation Tamper-resistant text stream watermarking
EP1934877A2 (en) 2005-09-30 2008-06-25 Nxp B.V. Watermarking of a processing module
FR2903508B1 (en) * 2006-07-10 2008-10-17 Sagem Defense Securite PROTECTION OF A PROGRAM INTERPRETED BY A VIRTUAL MACHINE
CN101690233A (en) * 2007-07-06 2010-03-31 皇家飞利浦电子股份有限公司 Use additional huffman table that the data of entropy coding are added watermark and encryption
JP5346024B2 (en) * 2007-09-13 2013-11-20 イルデト・コーポレート・ビー・ヴイ Content encryption
EP2240849B1 (en) 2008-02-06 2016-01-27 Nxp B.V. Data processing device and method for executing obfuscated programs
WO2009101562A2 (en) 2008-02-11 2009-08-20 Nxp B.V. Method of program obfuscation and processing device for executing obfuscated programs
US20100095376A1 (en) * 2008-03-07 2010-04-15 Rodriguez Tony F Software watermarking
KR101597251B1 (en) * 2008-05-23 2016-02-24 이르데토 비.브이. System and method for generating whitebox implementations of software applications
CN102598017B (en) 2009-11-13 2016-03-09 爱迪德技术有限公司 Improve the system and method for its tamper-proof capabilities of Java bytecode
EP2828782A1 (en) 2012-03-23 2015-01-28 Irdeto B.V. Software fingerprinting
WO2015149826A1 (en) 2014-03-31 2015-10-08 Irdeto B.V. Protecting an item of software
GB201405755D0 (en) 2014-03-31 2014-05-14 Irdeto Bv Optimizing and protecting software
WO2016118216A2 (en) 2014-11-06 2016-07-28 Intertrust Technologies Corporation Secure application distribution systems and methods
GB201505553D0 (en) 2015-03-31 2015-05-13 Irdeto Bv Online advertisements
US10223511B2 (en) * 2016-03-30 2019-03-05 Nxp B.V. Watermarking input and output of a white-box implementation
CA3047009A1 (en) 2016-12-15 2018-06-21 Irdeto B.V. Software integrity verification
GB201703864D0 (en) 2017-03-10 2017-04-26 Irdeto Bv Secured system operation
CN111316315B (en) 2017-09-12 2023-03-28 爱迪德有限公司 Watermarking equipment and method based on GPU
CN108491698B (en) * 2018-03-22 2020-03-10 维沃移动通信有限公司 Watermark generation method and mobile terminal
US10797868B2 (en) 2018-05-31 2020-10-06 Irdeto B.V. Shared secret establishment
US10706746B2 (en) * 2018-06-01 2020-07-07 Polyverse Corporation Pure binary scrambling
US11263316B2 (en) 2019-08-20 2022-03-01 Irdeto B.V. Securing software routines
US11481678B2 (en) * 2019-11-14 2022-10-25 Baidu Usa Llc Systems and methods for learning new watermark algorithms for a data processing accelerator
US11574032B2 (en) 2019-11-14 2023-02-07 Baidu Usa Llc Systems and methods for signing an AI model with a watermark for a data processing accelerator
US11582260B2 (en) 2019-11-14 2023-02-14 Baidu Usa Llc Systems and methods for verifying a watermark of an AI model for a data processing accelerator
US11579928B2 (en) 2019-11-14 2023-02-14 Baidu Usa Llc Systems and methods for configuring a watermark unit with watermark algorithms for a data processing accelerator
EP4339835A1 (en) 2022-09-16 2024-03-20 Irdeto B.V. Machine learning model protection

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5123045A (en) * 1989-08-18 1992-06-16 Massachusetts Institute Of Technology Comprehensive software protection system
DE69636084T2 (en) * 1995-09-28 2006-09-14 Nec Corp. Method and apparatus for inserting a spread spectrum watermark into multimedia data
US5892899A (en) * 1996-06-13 1999-04-06 Intel Corporation Tamper resistant methods and apparatus
US5889868A (en) * 1996-07-02 1999-03-30 The Dice Company Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data
US5875249A (en) * 1997-01-08 1999-02-23 International Business Machines Corporation Invisible image watermark for image verification
US5991519A (en) * 1997-10-03 1999-11-23 Atmel Corporation Secure memory having multiple security levels
US6330672B1 (en) * 1997-12-03 2001-12-11 At&T Corp. Method and apparatus for watermarking digital bitstreams
JP3654077B2 (en) * 1999-09-07 2005-06-02 日本電気株式会社 Online digital watermark detection system, online digital watermark detection method, and recording medium on which online digital watermark detection program is recorded

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010055171A1 (en) * 2008-11-17 2010-05-20 Intrinsic-Id B.V. Distributed puf
US8699714B2 (en) 2008-11-17 2014-04-15 Intrinsic Id B.V. Distributed PUF

Also Published As

Publication number Publication date
WO2002101519A3 (en) 2004-02-05
AU2002312670A1 (en) 2002-12-23
WO2002101519A2 (en) 2002-12-19
EP1421457A2 (en) 2004-05-26
US20050021966A1 (en) 2005-01-27
US7395433B2 (en) 2008-07-01

Similar Documents

Publication Publication Date Title
CA2350029A1 (en) Sustainable digital watermarking via tamper-resistant software
CN101512525B (en) Encrypted data search
US7350085B2 (en) Tamper resistant software-mass data encoding
US7975149B2 (en) Software protection using data structures
Anderson et al. The steganographic file system
US11303626B2 (en) Secure token passing via hash chains
CN110945509B (en) Apparatus and method for controlling access to data in a protected memory region
CN105993018B (en) Content item encryption in mobile device
US20120246489A1 (en) Encrypting and storing confidential data
JPH09510305A (en) Data storage device and method
JP2006244496A (en) Method and system for encoding metadata
CN110457945A (en) Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry
CN112084519B (en) GBDT model training method and device based on access mode protection
CN1322431C (en) Encryption retention and data retrieve based on symmetric cipher key
US11281434B2 (en) Apparatus and method for maintaining a counter value
CA2351868A1 (en) Secure method and system for biometric verification
Mayberry et al. Multi-client Oblivious RAM secure against malicious servers
CN114117506B (en) ORAM access method suitable for TEE confusion calculation
CN111898157B (en) Unintentional storage access method for machine learning multisource training set
CN111291388A (en) Cloud platform privacy protection method based on cuckoo filter
Reddy et al. A schematic technique using data type preserving encryption to boost data warehouse security
Wang et al. A query verification scheme for dynamic outsourced databases.
US20240080193A1 (en) Counter integrity tree
Sumongkayothin M-oram revisited: security and construction updates
CN117220897A (en) Traceable and revocable attribute-based encryption method with complete policy hiding

Legal Events

Date Code Title Description
FZDE Discontinued