software piracy prevention through diversity bertrand anckaert, bjorn de sutter and koen de...

Software Piracy Prevention through Diversity

Bertrand Anckaert, Bjorn De Sutter and Koen De Bosschere

Parallel Information Systems Group,Electronics and Information Systems Department,

Ghent University, Belgium

October 25, 2004 ACM DRM'04: Software Piracy Prevention through Diversity

2

Problem

o Software Piracy: 29 billion $ in 2003o Technical protection mechanisms:

• hardware token: cd, dongle, smart card• software token: license key, activation code• watermarks and fingerprints• …

o In practice: piracy still exists


3

Reasons for Failure (1)

o Digital data copy prevention is impossible• near-zero marginal cost

o All copies are identical• attack on copyright mechanism of one copy

works on all copies

o Physical objects:• each copy is unique, non-zero marginal cost• Mimicry: hardware token, unique software

token, fingerprint, …• Problem: weak link ⇒ easily circumvented


4

Reasons for Failure (2)

o Static nature of defense:• defense built into the software• once broken, copyright can no longer be

enforced

o Unfortunately:• software can be inspected and modified at will• not whether but when will it be broken• any (future) software protection can be broken⇔ benign host and malicious software⇒ more severe attack model


5

Overview

o Diversity overcomes• identical nature of software• near-zero marginal cost

o Tailored updates overcome• static nature of defense

o Countered forms of software piracyo Piracy discriminationo Practical issueso Future work


6

database

diversification

activation

Protection through Diversity: Installation

originaldiversifier

diversification

101101011100101101

010010100110100011

software provider


7

Unique instances

o Each installed copy (instance) is unique • Uniqueness extended to the program as a

whole ⇒ strong link• attacks on copyright protection mechanism

cannot be generalized• identification and tracking of instances

o An instance is machine-dependant• we cannot prevent the copying of digital data• we can prevent a copy from having value


8

Protection through Diversity: Update

tailor

databasesoftware provider

101010

update

101101011100101101

010110

010110


9

Tailored Updates

o Update works for one instance and one instance only

o Updates only for legitimate instanceso Illegitimate users cannot keep their

software sound and up to date unless: a new line of defense is broken with every critical update

o static nature of defense ⇒ dynamic nature of defense


10

Overview





11

Cracks and Serials

o Example: undo protection of an evaluation version

o Solution: diversity• crack for one instance does not necessarily

work against another instance• serial code can be made instance-dependant


12

Softlifting

o Softlifting: sharing software and updates within a small group of collaborating users

o Solution: Activation, machine dependanto Problem: can be circumventedo However: Diversity ⇒ each copy need to

be cracked separatelyo Small groups

Few pirates⇒ little effect on revenues


13

Internet Piracy

o Static defenses need to be brokeno Large scale, detection as a result of

• many requests from different locations• search the internet

o When an instance is considered to be corrupt:• Migrate instance of legitimate user to a new

instance• Stop updates for the corrupt instance


14

Overview





15

Piracy Discrimination

o What?• tolerate a certain level of piracy

o Why?• illegitimate users = increase of the user base

⇒ exchangeability and complimentary goods• lock-in customers in an earlier phase

o How?• Fine-grained control over distributed software

o e.g.: multiple installations of a private license

tolerate piracy of a region-specific version


16

Overview





17

Reliance on Updates

o Tailored updates enable dynamic natureo Updates are necessary:

• to fix bugs• to add security patches• to support new hardware and new file formats• to keep a program compatible with other

programs• to add new functionality

o Artificially increase need for updateso buy software ⇒ rent software


18

Diverse Instances and Tailored Updates

o Program: a large number of fileso Two approaches to updating:

• Full-file updatesdiversify interfaces between filesencryption and decryption of data, arguments andreturn values

• Incremental updatesdiversify within code files


19

Example

Machine code original

Assembly original

1

2

29 c2

83 c2 ff

19 c9

83 c1 01

29 c9

29 c2

83 fa 01

83 d1 00

Binary update

00 00

00 00 00

00 00

42 28 1e

00 00

00 00

00 38 f1

00 00 00

sub %eax,%edx

add $-1,%edx

sbb %ecx,%ecx

add $1,%ecx

sub %ecx,%ecx

sub %eax,%edx

cmp $1,%edx

adc $0,%ecx

a = (b == c)

Machine code updated

Assembly updated

29 c2

83 c2 ff

19 c9

c1 e9 1f

29 c9

29 c2

83 c2 ff

83 d1 00

sub %eax,%edx

add $-1,%edx

sbb %ecx,%ecx

shr $31,%ecx

sub %ecx,%ecx

sub %eax,%edx

add $-1,%edx

adc $0,%ecx

a = (b != c)

An update should check if it is applied to the correct instance


20

Repentant Users

o Contact the software providero Identify his instanceo Migrate his instance to a legitimate

instanceo Add entry to the database


21

Costs

o Only useful ifadditional profit ≥ additional cost

o Costs include:• additional distribution costs of software and

updates• computational costs• increased complexity of software maintenance


22

Future Work

o Thorough economic analysis of the expected costs and benefits

o Metric for diversityo Development of additional diversification

techniqueso …


23

Conclusions

o Promising schemeo Considerable cost

• Severe attack model ⇒ no (other) silver bullet

o Many practical issues need to be addressed

Questions?

software piracy prevention through diversity bertrand anckaert, bjorn de sutter and koen de...

Documents

software piracy prevention

malicious software

software sound

software provider slide

identical nature of

unique software token

future software protection

acm drm04