Presentation - RE

Transcription

Presentation - RE
Tools and Methodologies for
Layered, Diverse, and Renewable Security in
Tethered Systems
Clifford Liem
Cloakware, an Irdeto Company
Classification: Unrestricted
2009 ©IRDETO | This document contains information that is privileged or confidential
Outline
Who is Cloakware?
Applications & Security Risk
-
Cloakware Build Tools
-
Traditional Build Flow
Cloakware Security Suite
- Source and Binary Level Tools
Threat Analysis
Diversity
-
Example Application: Digital Rights Management
Security Risk
What are the Threats?
What is Diversity?
How Does Diversity Address the Security Lifecycle
- Renewability, Revocation
Conclusions & Future Work
2009 ©IRDETO | This document contains information that is privileged or confidential
2
Who is Cloakware ?
(Caution: a few marketing slides ahead)
2009 ©IRDETO | This document contains information that is privileged or confidential
3
Advancing Software Protection for
Digital Assets
Technology Partners
1997 Company founded
2003 Intel licenses Tamper Resistance
Software to Cloakware
2007 Acquired by Irdeto Access
450+ person-years of development in core
software protection technology
Ottawa, Beijing, Washington, California,
UK, Switzerland
Sample Customers
4 of the top 5 semiconductor manufacturers
3 of the top 5 mobile handset manufacturers
3 of the leading smart phone manufacturers
4 leading mobile telecom service providers
3 of the world’s largest software companies
2 of the top 3 video card manufacturers
3 leading conditional access vendors
4
Cloakware Lines of Business
Consumer Product
Solutions
Enterprise
Software security toolkit
Privileged & application
password protection
DRM client solutions
Identity & access
management
Software Protection Technology
5
Cloakware in the Digital Home
Digital TVs
Mobile
Phones
Home
NAS
Content Providers
Internet
Cable
Home
Home
Network
Network
IPTV
Digital Media
Adapters
Mobile/Sat
PCs
Set Top Boxes
One billion+ protected applications deployed worldwide.
Portable Media
Players
6
Example Application
Digital Rights for High Value Content
2009 ©IRDETO | This document contains information that is privileged or confidential
7
Example Application:
Digital Rights Management (DRM)
Content and License distribution model
License
Server
Digital
Content
Portable
Device
DRM Core
Management
Protected
Media
DRM Core
Management
Media
Server
Desktop
storage
8
What is Security Risk?
Multi-Factored Relationship
Threats
Vulnerabilities
Assets
How do your protection
techniques address these?
9
What are the Threats?
Colluding Attack
Direct WhiteBox Attack
IDA Pro
HexRays
OllyDbg
LordPE
GDB
HIEW
HexEdit
VMware
QEMU
Differential Attack
version1
version2
time
10
Exploit can Lead to Widespread Damage
Attacker
Attacker
Automatic
Exploit
keys
key sharing server
11
Cloakware Build Tools
Source & Binary Level
2009 ©IRDETO | This document contains information that is privileged or confidential
12
Cloakware is Multi-Layered Protection
Compiler Transformation
Technology
Intel Binary Tamper
Resistance Technology
WhiteBox Cryptography
Flexible & Modular
-
Choose the Right
Combination of Defenses
Binary Level
Interlocking
Source Level
13
Cloakware Security Suite
- The Transcoder
- Key Hiding
Key2Code
Integrity Verification
Anti-Debug
Dynamic Code Decryption
Symbol Renaming
White-Box Cryptography
Libraries
Utilities
- Librarian
- Linker
Application Code
Suite Include
Files
wbcodegen
Configuration
File
Binary-Level Tools
-
White-Box
Param File
Key
Traditional Build Tools
+
Source-Level Tools
Transcoder
wbdatagen
Compiler
Xlink
wbdatagen
Xlib
Xprov
xcrename
Linker
White-Box Tables
Suite XLibraries
Data Xforms
String Xforms
Branch Protect
WhiteBox
Crypto
xcbincrypt
Executable / DLL /
Shared Library
Suite
Native
XLibs
Secure Application
Secure Host
14
Data-Flow Encoding Principle
Mapping
Mathematical Mapping
of Data Values
Data Locations → Mapped
Data Operations → Mapped
Many Function Families
Randomly Chosen Constants
Original Data Flow Graph
x
Transformed Data Flow Graph
y
Data Transformations
z
op1
op2
a
15
Data Transforms: Dynamic Concealment
Data Values are Transformed in Memory
Operations are Transformed
Net Effect: Modified values at all intermediate stages
Illustration
b[ ] = {1,..
r[ ] = {3,..
load
load
load
+
7
4
7
+
11
store
g[ ] = {0,..
b’[ ] = {-1187,..
Morpher
load
Load
Load
-13
Morpher
4783
-1187Morpher
765
7837
*
1
3
Data Location
Data Location
r’[ ] = Morpher
{4783,..
Add
-62179
+
-54342
^
1630
Morpher
11472
9842
Constant
Morpher
+
Add
Morpher -66475
*
+
Store
-623411424
Morpher
store
Data Location
g’[
] = {-9981,..
Morpher
16
Control Flow Flattening – Basic
Start
Start
Conditional jump
Switch ( key )
Conditional jump
Loop
1
2
3
key=3
key=7
7
…
key=6
key=2
Exit
Exit
Original Program Flow
Control Flow Flattened Program
17
Use Dominance Property to build
History Chains
int function() {
int i;
for(i=0;i<10;i++) {
if(a[i] < b[i]) {
a[i] = b[i] + 7;
}
else {
a[i] = 0;
}
}
a[0] = 6;
}
B0
B0
B1
B1
B2
B2
B3
B4
B8
B3
B4
B6
B5
B8
B5
B6
B7
Control-Flow Graph
B7
Dominator Tree
With Sample History Chains
18
Control-Flow Flattening: HistoryDependencies
Switch ( case )
1
2
HD(a)
3
a = 99
7
a = E(a)
c = E(c)
b = D(b)
case = b
case = D(d)
=3
=1
d = E(d)
b = E(b)
…
case = D(a)
case = D(c)
=7
=2
HD (c)
HD (b)
HD (d)
19
Control-Flow Flattening Advanced
Features
Dummy Branches
- Insertion of non-obvious False Conditions that jump to
wrong areas of the code
Constant Hiding
- Constants are hidden in Opaque Predicates
key = 3
X is a user value from the program
like a global or a parameter.
switch( key )
key=(23 | X) - ((23 | X) & -4)
1
2
3
9
…
key evaluates to 3
switch( key )
20
WhiteBox Cryptography
Ensures that keys are hidden
-
White-box cryptography ensures the input data, keys and resulting output data
are protected at all times
WB-AES, WB-RSA, WB-ECC, WB-3DES
Data
Key
Transformed data
Transformed key
Transformed
& encrypted
output
White-box
cryptography
21
Binary Technology
Example: Integrity Verification
Header
Run-Time Verification of BuildTime Integrity
Performance Trade-offs
- Code Segment is partitioned for
integrity checks
Uses White Box Crypto
Failure Modes
- Hard Failures
Code
Segment
Regions
Build-Time
Signing Tool
Hash
Signature
Encrypted
Voucher
- Soft Failures
Encrypt
White-Box
Crypto
Other Binary Technologies
Anti-Debug: Exception-Based, Signal-Based, Timing-Based
Dynamic Code Decryption
Secure Loader (Packer)
22
Threat Analysis: Attack Tree
1.
2.
3.
4.
5.
Identify and Prioritize Assets
Identify Possible Paths to Each Asset
Establish a Strategy for Layered
Mitigation Techiques
Insert Protection Tools into a Flexible
Build Environment
Explore Trade-offs
(Security Tuning Cycle)
Attack Goals
Lift Content
Unlimited Playback
one device
Play Anywhere
High Impact
Medium Impact
Multiple Playback
one device
Low Impact
Low Impact
wwwwwwww
yyyyyyyyyyy
………….
………..
………..
rrrrrrrrr
ccccccccccc
nnnnnnnnnnn
mmmmmmmm
sssssssssss
qqqqqqqq
bbbbbbbb
wwwwwwwww
wwwwww
wwwwwwww
KKKKKK
SSSSSSSSSS
SSSSSSS
OOOOOOOO
BBBBBPPPP
DDDDDDD
DDDDDDD
SSSSLLLLLL
IIIIII
YYYYYYYY
sssssssssss
JJJJJJJ
……….
FFFFFFF
DDDDDD
……..
……….
MMMMM
……..
………
KKKKK
RRRRRRR
JJJJJ
………
Mitigation Techniques
23
Diversity
Built into Cloakware Tools
2009 ©IRDETO | This document contains information that is privileged or confidential
24
Diversity: Differing Construction
Randomly Chosen:
-
Constants
Order & Layout
Function Families
Constants
Seeded Build
-
Function Families
Reproducibility
Seed_1
Seed_2
Diverse Instances
-
Functionally Equivalent
-
Similar Performance
-
Structurally Differing
Needle-in-a-Haystack Property
Program Instance 1
Program Instance 2
25
Diversity Properties
Uniformity
- Showing a single form
- Always the same
- At regular intervals
Koch Curve
Diffusion
- Statistical dissipation of information.
Confusion
- Complex dependencies.
Self-Similarity
Mandelbrot Set
- An object that is exactly or approximately
similar to a part of itself
- The whole has the same shape as one or
more of the parts
- e.g. shorelines, fractals
26
Software Diversity
Application
Software
Diversity Generation – built into
Cloakware Tools
Each instance - must be attacked
separately
Seeds
for Random
Number
Generator
Cloakware
Development
Tools
Dramatically increases the work to
create an automated attack tool
#1 1836392838382…
#2 9478437688574…
#3 4761054329489…
…
#1
#2
Diverse Program
Instances
#3
Break the hacker business model
27
Diversity used across Client Base
• Instance Generation
• Individualization
• Personalization
• Customer-Specific Instances
er
_N
to
m
Cu
s
Cu
s
to
m
er
_3
er
_2
to
m
Cu
s
Cu
s
to
m
er
_1
...
• Spatial Diversity
• Customer-Specific Instances
• Anti-Collusion
28
Diversity used across Software Versions
• Common Scenario
New
Protection
Obvious Differential Attack
2.2
ion
vis
e
R
2.3
ion
vis
e
R
• Using Diversity
? Attack Point ?
New
Protection
• Temporal Diversity
• Renewability
ion
vis
Re
2.2
ion
vis
Re
2.3
29
Attack Mitigation and Recovery
Deploying Software
Hacker Business Model
Strong attack response
reduces duration of attack
$
Tamper
resistance
Diverse
production
Raises cost of attack
Reduces scope of attack
Resulting Hacker
Business Model
Investment
Reward
Time
Software Diversity Benefits
Minimize scope of attack -- Prevent automated attacks
Provide rapid recovery in the event of an attack
Make the business unattractive to the hacker
30
Data Interface Diversity
Extending Data Transformations to Interfaces
Client
Write
Server
Data
Interface
Read
Data Transform Boundary
Data
Interface 2
Data
Interface 3
• Data API
Diversity
Data
Interface 4
31
Revocation
Head End
Server
Diverse
Interface
A
Bob
Client2
B
C
D
1
Diverse
Interface
2
Alice
Chris
Client1
Client2
Release 2C
new
Re
e
vok
Customer Bob (Client2)
Instance A
Release 1B
Re
Release 1A
A
Customer Chris (Client2)
Instance A
Customer Alice (Client1)
Instance 1
Customer Chris (Client2)
Instance B
Customer Chris (Client2)
Instance C
Customer Alice (Client1)
Instance 2
• Data Diversity enables Revocation
and Renewability
32
Conclusions
Threats on Distributed Systems
Cloakware Build Tools
-
Direct Attacks, Collusion, Differential Attacks
Source and Binary Level Tools
Data & Control-Flow Transformations
White-Box Crypto
Integrity Verification, Anti-Debug, Dynamic Code Decryption
Diversity
-
Properties: Uniformity, Diffusion, Confusion, Self-Similarity
Across Client-Base (Spatial)
From Version to Version (Temporal)
Renewability
Revocation
33
Future Areas of Study
Diversity Metrics and Measurement
Active Monitoring and Breach Detection
- Built-In Updatable Security
Emulation Attacks
- Examples: VMware, Virtual PC, QEMU, Bochs
Code Lifting Attacks
Hardware Anchoring
- Node-Locking
- Machine Fingerprinting
Security Patterns
34
Tools and Methodologies
for Layered, Diverse, and Renewable Security
in Tethered Systems
Clifford Liem
Cloakware, an Irdeto company
[email protected]
WWW.IRDETO.COM
ALL CONTENTS COPYRIGHT 2009 IRDETO ACCESS B.V.
2009 ©IRDETO | This document contains information that is privileged or confidential
35