In my previous article I was discussing how a “non expert” security engineer should think about choosing the right security protocol for his system. I have tried to present that complicated task in an easier manner.

However it’s important to also understand that when we integrate a secret based protocol in our system, we will get another, more serious problem – how to securely hide the secret that is used in the protocol for authentication?

For example, suppose you have two components which are establishing an SSL protocol. As SSL is based on public key cryptography they both need to possess private keys (if the authentication is mutual). So how are they going to protect their private keys locally in their systems?

Of course the problem of hiding cryptographic keys or other secret information doesn’t only apply to systems which are implementing security protocols. Encryption is the most popular and convenient way to protect the confidentiality of information. However when the system encrypts something there should be a way to protect the encryption key (or the decryption key) and this, believe me, is a much, much harder problem.

In this article we will discuss the ways how one can hide secret information in:

• Windows environment
• Inside a software
• Inside a hardware

I have been doing research on this topic more than a year now and would like to share my knowledge and experience with you.

All the mentioned topics are heavy and one cannot describe all of them in a single article. I’m planning to have several articles describing different aspects of these themes (such as obfuscation and tamper-proofing in software, tamper resistance in hardware, etc).

So in this article we will discuss the “theoretical” part of the topic and then will go through an example and try to apply this knowledge in real life.

Read the rest of this entry »

There are several reasons why a software company would decide to implement heavy protection schemes in their applications by spending lot of development resources, time and money. These reasons are mainly related to the business models of the applications. License based applications (IDE, compilers, etc), applications with valuable IP inside (EDA applications, etc) and applications which have access to confidential information (DRM, authentication software, etc), in addition to their main logic, also require difficult protection schemes implemented inside which will ensure that the integrity, confidentiality and availability of the assets, inside these applications, will not be damaged.

It has always been a mystery for me how crackers try to break software. What techniques they are starting with when they have the executable in hand, or what tools they are using for doing the crack.

In general the motivation of crackers is obvious and is the same as what the abovementioned applications want to prevent from:

• They are trying to use software without paying money (break)
• They are trying to steal intellectual property of applications to create a copy of it
• They are trying to steal confidential information (such as cryptographic keys) from applications to have access to other valuable information, such as user credentials, high-definition video content, etc, which is accessible in this application

In this article we will try to outline the techniques and tools that crackers are using while trying to break protections that exist in applications.

Read the rest of this entry »