obfuscation
play

Obfuscation Source: www.constructionknowledge.net Stealthy Opaque - PowerPoint PPT Presentation

Apr 26, 2023 •472 likes •1.02k views

Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Grtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018 Obfuscation

  1. Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Görtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018

  2. Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 2

  3. Why Obfuscation? “easy” High-level Finished Description Product “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 3

  4. Why Obfuscation? “easy” aes.c High-level Finished Description Product aes.vhd “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 4

  5. Why Obfuscation? 01010100101 “easy” 01000100101 aes.c 01110101010 01101010010 High-level Finished Description Product aes.vhd “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 5

  6. Why Obfuscation? Obfuscation “easy” High-level Finished Description Product “insanely difficult” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 6

  7. Software Obfuscation • One target in software is control flow obfuscation. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 7

  8. Software Obfuscation • One target in software is control flow obfuscation. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 8

  9. Software Obfuscation • Opaque Predicates are used as a basic building block. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 9

  10. Software Obfuscation • Opaque Predicates are used as a basic building block. • An opaque predicate: – is an expression Example: – looks like having a dynamic value (x * (x + 1)) % 2 == 0 – evaluates to a constant, known value Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 10

  11. Software Obfuscation • Opaque Predicates are used as a basic building block. • An opaque predicate: – is an expression Example: – looks like having a dynamic value (x * (x + 1)) % 2 == 0 – evaluates to a constant, known value • Meant to harden against static analysis. Static Analysis : analysis performed solely on a static data, e.g., a binary. • Dynamic Analysis : analysis performed during operation, e.g., while • executing a binary. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 11

  12. Example: Software Opaque Predicates if ((x * (x + 1)) % 2 == 0): foo() else bar() “True” control flow graph: • • Control flow graph of a static analyzer: … … check (x*(x+1))%2 =0 ≠0 foo() foo() bar() Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 12

  13. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 13

  14. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. • Reverse engineers rarely analyze an entire design. • Mostly: small parts of a design. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 14

  15. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. • Reverse engineers rarely analyze an entire design. • Mostly: small parts of a design. • Goal : hide as much information as possible.  reduces starting points for reverse engineers.  makes understanding of any component harder. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 15

  16. Example: Hardware Reversing if a = "0110" then if a = b then vs. output <= ‘1’; output <= ‘1’; end if; end if; Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 16

  17. Example: Hardware Reversing if a = "0110" then if a = b then vs. output <= ‘1’; output <= ‘1’; end if; end if;  Use OPs to hide information introduced by constant signals. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 17

  18. P REVIOUS W ORK Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 18

  19. Translation to Hardware • Only one prior work on opaque predicates. • Sergeichik et al. presented LFSR-based OPs in 2014 [1]. <feedback logic> 1 0 1 1 0 1 0 … OR 1 [1] Sergeichik and Ivaniuk. "Implementation of opaque predicates for fpga designs hardware obfuscation." (JICMS, 2014). Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 19

  20. Stealthiness • Problem : Easy to detect, uncommon structure <feedback logic> • Removal via static analysis demonstrated in [1] . 1 0 1 1 0 1 0 … OR 1 [1] Wallat, Fyrbiak, Schlögel, and Paar . “A Look at the Dark Side of Hardware Reverse Engineering – A Case Study” ( IVSW , 2017) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 20

  21. Stealthiness • Problem : Easy to detect, uncommon structure <feedback logic> • Removal via static analysis demonstrated in [1] . 1 0 1 1 0 1 0 … OR 1 • Desired Metric : “ Stealthiness “ – Impossible (?) to measure – Human factor plays a role – Different in hardware and software [1] Wallat, Fyrbiak, Schlögel, and Paar . “A Look at the Dark Side of Hardware Reverse Engineering – A Case Study” ( IVSW , 2017) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 21

  22. O PAQUE P REDICATES IN H ARDWARE Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 22

  23. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 23

  24. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. • Observation : – Signals are changing constantly. – A signal’s value is only important while evaluated. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 24

  25. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. • Observation : – Signals are changing constantly. – A signal’s value is only important while evaluated. → Use an existing signal which 1. has the required state whenever we need it 2. switches “randomly” when not needed. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 25

  26. Example: Hardware OPs Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 26

  27. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 27

  28. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 28

  29. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 29

  30. Hardware OPs • Example: – Constant 1101000 2 to be obfuscated. – 5-bit FSM passes 3 states during the processing period. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 30

  31. Hardware OPs • 1 st State: 1 0 1 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 31

  32. Hardware OPs • 2 nd State: 1 1 0 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 32

  33. Hardware OPs • 3 rd State: 1 1 1 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 33

  34. Hardware OPs • 4 th State: 0 1 1 0 0 0 0 0 0 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 34

  35. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 35

  36. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) • Applicable to nearly all designs. • Considerably increases reversing effort: Reversing of control- and data-path required for identification of constants. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 36

  37. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) • Applicable to nearly all designs. • Considerably increases reversing effort: Reversing of control- and data-path required for identification of constants. • Applicable to ASICs and FPGAs. • Forces a reverse engineer to apply dynamic analysis. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 37

  38. Hardware OPs • If no suitable FSM available, add a new FSM-like module. – Make it reset outside of the processing period. – Make it stabilize in a known state after some cycles. – Generate OP value from stable state. • Still stealthy (FSMs are common). • Stabilizing FSMs are also common (DONE state). Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 38

  39. C ASE S TUDIES Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 39

  40. Scenario Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon 2014 Introduction First layer: Code flattening pTra Algorithm reconstruction : RSA-OAEP Rebuilding a cipher function whiteboxed : AES-CBC

1.43k views • 103 slides
Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a product, understand how it works Usually limited to certain aspects, not full systems Need to know a little bit about a lot of topics to gain

636 views • 11 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me

SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me

SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me Carl Svensson, 25 MSc in Computer Science, KTH IT Security consultant, Bitsec AB CTF-player, HackingForSoju

487 views • 24 slides
Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki

Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki

Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki Generative Software Development Lab University of Waterloo . . International Conference on Software Engineering, Honolulu, Hawaii, USA.

330 views • 31 slides
Reverse engineering: obfuscation Srdjan Matic &lt; srdjan@security.di.unimi.it &gt; Aristide

Reverse engineering: obfuscation Srdjan Matic &lt; srdjan@security.di.unimi.it &gt; Aristide

Universit` a degli Studi di Milano Facolt` a di Scienze e Tecnologie Dipartimento di Informatica Reverse engineering: obfuscation Srdjan Matic &lt; srdjan@security.di.unimi.it &gt; Aristide Fattori &lt; joystick@security.di.unimi.it &gt; A.A.

413 views • 9 slides
Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics

Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics

Deep Learning and Physics 2018, Osaka Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics Phys. Rev. B 97 , 075114 (2018) 1 Yuya. O. Nakagawa (PhD @ ISSP -&gt; Fintech company) S. Sugiura (PD @

272 views • 26 slides
Software Protection Research ISSISP 2017Introduction Christian Collberg Department of

Software Protection Research ISSISP 2017Introduction Christian Collberg Department of

Software Protection Research ISSISP 2017Introduction Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the private

1.07k views • 52 slides
INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

Chapter #1 INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by Marco Brambilla, Jordi Cabot, Manuel Wimmer. Morgan &amp; Claypool, USA, 2012. Marco Brambilla, Jordi Cabot, Manuel Wimmer.

486 views • 45 slides

More recommend