Presentation - RE
Transcription
Presentation - RE
Tools and Methodologies for Layered, Diverse, and Renewable Security in Tethered Systems Clifford Liem Cloakware, an Irdeto Company Classification: Unrestricted 2009 ©IRDETO | This document contains information that is privileged or confidential Outline Who is Cloakware? Applications & Security Risk - Cloakware Build Tools - Traditional Build Flow Cloakware Security Suite - Source and Binary Level Tools Threat Analysis Diversity - Example Application: Digital Rights Management Security Risk What are the Threats? What is Diversity? How Does Diversity Address the Security Lifecycle - Renewability, Revocation Conclusions & Future Work 2009 ©IRDETO | This document contains information that is privileged or confidential 2 Who is Cloakware ? (Caution: a few marketing slides ahead) 2009 ©IRDETO | This document contains information that is privileged or confidential 3 Advancing Software Protection for Digital Assets Technology Partners 1997 Company founded 2003 Intel licenses Tamper Resistance Software to Cloakware 2007 Acquired by Irdeto Access 450+ person-years of development in core software protection technology Ottawa, Beijing, Washington, California, UK, Switzerland Sample Customers 4 of the top 5 semiconductor manufacturers 3 of the top 5 mobile handset manufacturers 3 of the leading smart phone manufacturers 4 leading mobile telecom service providers 3 of the world’s largest software companies 2 of the top 3 video card manufacturers 3 leading conditional access vendors 4 Cloakware Lines of Business Consumer Product Solutions Enterprise Software security toolkit Privileged & application password protection DRM client solutions Identity & access management Software Protection Technology 5 Cloakware in the Digital Home Digital TVs Mobile Phones Home NAS Content Providers Internet Cable Home Home Network Network IPTV Digital Media Adapters Mobile/Sat PCs Set Top Boxes One billion+ protected applications deployed worldwide. Portable Media Players 6 Example Application Digital Rights for High Value Content 2009 ©IRDETO | This document contains information that is privileged or confidential 7 Example Application: Digital Rights Management (DRM) Content and License distribution model License Server Digital Content Portable Device DRM Core Management Protected Media DRM Core Management Media Server Desktop storage 8 What is Security Risk? Multi-Factored Relationship Threats Vulnerabilities Assets How do your protection techniques address these? 9 What are the Threats? Colluding Attack Direct WhiteBox Attack IDA Pro HexRays OllyDbg LordPE GDB HIEW HexEdit VMware QEMU Differential Attack version1 version2 time 10 Exploit can Lead to Widespread Damage Attacker Attacker Automatic Exploit keys key sharing server 11 Cloakware Build Tools Source & Binary Level 2009 ©IRDETO | This document contains information that is privileged or confidential 12 Cloakware is Multi-Layered Protection Compiler Transformation Technology Intel Binary Tamper Resistance Technology WhiteBox Cryptography Flexible & Modular - Choose the Right Combination of Defenses Binary Level Interlocking Source Level 13 Cloakware Security Suite - The Transcoder - Key Hiding Key2Code Integrity Verification Anti-Debug Dynamic Code Decryption Symbol Renaming White-Box Cryptography Libraries Utilities - Librarian - Linker Application Code Suite Include Files wbcodegen Configuration File Binary-Level Tools - White-Box Param File Key Traditional Build Tools + Source-Level Tools Transcoder wbdatagen Compiler Xlink wbdatagen Xlib Xprov xcrename Linker White-Box Tables Suite XLibraries Data Xforms String Xforms Branch Protect WhiteBox Crypto xcbincrypt Executable / DLL / Shared Library Suite Native XLibs Secure Application Secure Host 14 Data-Flow Encoding Principle Mapping Mathematical Mapping of Data Values Data Locations → Mapped Data Operations → Mapped Many Function Families Randomly Chosen Constants Original Data Flow Graph x Transformed Data Flow Graph y Data Transformations z op1 op2 a 15 Data Transforms: Dynamic Concealment Data Values are Transformed in Memory Operations are Transformed Net Effect: Modified values at all intermediate stages Illustration b[ ] = {1,.. r[ ] = {3,.. load load load + 7 4 7 + 11 store g[ ] = {0,.. b’[ ] = {-1187,.. Morpher load Load Load -13 Morpher 4783 -1187Morpher 765 7837 * 1 3 Data Location Data Location r’[ ] = Morpher {4783,.. Add -62179 + -54342 ^ 1630 Morpher 11472 9842 Constant Morpher + Add Morpher -66475 * + Store -623411424 Morpher store Data Location g’[ ] = {-9981,.. Morpher 16 Control Flow Flattening – Basic Start Start Conditional jump Switch ( key ) Conditional jump Loop 1 2 3 key=3 key=7 7 … key=6 key=2 Exit Exit Original Program Flow Control Flow Flattened Program 17 Use Dominance Property to build History Chains int function() { int i; for(i=0;i<10;i++) { if(a[i] < b[i]) { a[i] = b[i] + 7; } else { a[i] = 0; } } a[0] = 6; } B0 B0 B1 B1 B2 B2 B3 B4 B8 B3 B4 B6 B5 B8 B5 B6 B7 Control-Flow Graph B7 Dominator Tree With Sample History Chains 18 Control-Flow Flattening: HistoryDependencies Switch ( case ) 1 2 HD(a) 3 a = 99 7 a = E(a) c = E(c) b = D(b) case = b case = D(d) =3 =1 d = E(d) b = E(b) … case = D(a) case = D(c) =7 =2 HD (c) HD (b) HD (d) 19 Control-Flow Flattening Advanced Features Dummy Branches - Insertion of non-obvious False Conditions that jump to wrong areas of the code Constant Hiding - Constants are hidden in Opaque Predicates key = 3 X is a user value from the program like a global or a parameter. switch( key ) key=(23 | X) - ((23 | X) & -4) 1 2 3 9 … key evaluates to 3 switch( key ) 20 WhiteBox Cryptography Ensures that keys are hidden - White-box cryptography ensures the input data, keys and resulting output data are protected at all times WB-AES, WB-RSA, WB-ECC, WB-3DES Data Key Transformed data Transformed key Transformed & encrypted output White-box cryptography 21 Binary Technology Example: Integrity Verification Header Run-Time Verification of BuildTime Integrity Performance Trade-offs - Code Segment is partitioned for integrity checks Uses White Box Crypto Failure Modes - Hard Failures Code Segment Regions Build-Time Signing Tool Hash Signature Encrypted Voucher - Soft Failures Encrypt White-Box Crypto Other Binary Technologies Anti-Debug: Exception-Based, Signal-Based, Timing-Based Dynamic Code Decryption Secure Loader (Packer) 22 Threat Analysis: Attack Tree 1. 2. 3. 4. 5. Identify and Prioritize Assets Identify Possible Paths to Each Asset Establish a Strategy for Layered Mitigation Techiques Insert Protection Tools into a Flexible Build Environment Explore Trade-offs (Security Tuning Cycle) Attack Goals Lift Content Unlimited Playback one device Play Anywhere High Impact Medium Impact Multiple Playback one device Low Impact Low Impact wwwwwwww yyyyyyyyyyy …………. ……….. ……….. rrrrrrrrr ccccccccccc nnnnnnnnnnn mmmmmmmm sssssssssss qqqqqqqq bbbbbbbb wwwwwwwww wwwwww wwwwwwww KKKKKK SSSSSSSSSS SSSSSSS OOOOOOOO BBBBBPPPP DDDDDDD DDDDDDD SSSSLLLLLL IIIIII YYYYYYYY sssssssssss JJJJJJJ ………. FFFFFFF DDDDDD …….. ………. MMMMM …….. ……… KKKKK RRRRRRR JJJJJ ……… Mitigation Techniques 23 Diversity Built into Cloakware Tools 2009 ©IRDETO | This document contains information that is privileged or confidential 24 Diversity: Differing Construction Randomly Chosen: - Constants Order & Layout Function Families Constants Seeded Build - Function Families Reproducibility Seed_1 Seed_2 Diverse Instances - Functionally Equivalent - Similar Performance - Structurally Differing Needle-in-a-Haystack Property Program Instance 1 Program Instance 2 25 Diversity Properties Uniformity - Showing a single form - Always the same - At regular intervals Koch Curve Diffusion - Statistical dissipation of information. Confusion - Complex dependencies. Self-Similarity Mandelbrot Set - An object that is exactly or approximately similar to a part of itself - The whole has the same shape as one or more of the parts - e.g. shorelines, fractals 26 Software Diversity Application Software Diversity Generation – built into Cloakware Tools Each instance - must be attacked separately Seeds for Random Number Generator Cloakware Development Tools Dramatically increases the work to create an automated attack tool #1 1836392838382… #2 9478437688574… #3 4761054329489… … #1 #2 Diverse Program Instances #3 Break the hacker business model 27 Diversity used across Client Base • Instance Generation • Individualization • Personalization • Customer-Specific Instances er _N to m Cu s Cu s to m er _3 er _2 to m Cu s Cu s to m er _1 ... • Spatial Diversity • Customer-Specific Instances • Anti-Collusion 28 Diversity used across Software Versions • Common Scenario New Protection Obvious Differential Attack 2.2 ion vis e R 2.3 ion vis e R • Using Diversity ? Attack Point ? New Protection • Temporal Diversity • Renewability ion vis Re 2.2 ion vis Re 2.3 29 Attack Mitigation and Recovery Deploying Software Hacker Business Model Strong attack response reduces duration of attack $ Tamper resistance Diverse production Raises cost of attack Reduces scope of attack Resulting Hacker Business Model Investment Reward Time Software Diversity Benefits Minimize scope of attack -- Prevent automated attacks Provide rapid recovery in the event of an attack Make the business unattractive to the hacker 30 Data Interface Diversity Extending Data Transformations to Interfaces Client Write Server Data Interface Read Data Transform Boundary Data Interface 2 Data Interface 3 • Data API Diversity Data Interface 4 31 Revocation Head End Server Diverse Interface A Bob Client2 B C D 1 Diverse Interface 2 Alice Chris Client1 Client2 Release 2C new Re e vok Customer Bob (Client2) Instance A Release 1B Re Release 1A A Customer Chris (Client2) Instance A Customer Alice (Client1) Instance 1 Customer Chris (Client2) Instance B Customer Chris (Client2) Instance C Customer Alice (Client1) Instance 2 • Data Diversity enables Revocation and Renewability 32 Conclusions Threats on Distributed Systems Cloakware Build Tools - Direct Attacks, Collusion, Differential Attacks Source and Binary Level Tools Data & Control-Flow Transformations White-Box Crypto Integrity Verification, Anti-Debug, Dynamic Code Decryption Diversity - Properties: Uniformity, Diffusion, Confusion, Self-Similarity Across Client-Base (Spatial) From Version to Version (Temporal) Renewability Revocation 33 Future Areas of Study Diversity Metrics and Measurement Active Monitoring and Breach Detection - Built-In Updatable Security Emulation Attacks - Examples: VMware, Virtual PC, QEMU, Bochs Code Lifting Attacks Hardware Anchoring - Node-Locking - Machine Fingerprinting Security Patterns 34 Tools and Methodologies for Layered, Diverse, and Renewable Security in Tethered Systems Clifford Liem Cloakware, an Irdeto company [email protected] WWW.IRDETO.COM ALL CONTENTS COPYRIGHT 2009 IRDETO ACCESS B.V. 2009 ©IRDETO | This document contains information that is privileged or confidential 35