obfuscation
play

Obfuscation Source: www.constructionknowledge.net Stealthy Opaque - PowerPoint PPT Presentation

Apr 26, 2023 •472 likes •1.02k views

Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Grtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018 Obfuscation

  1. Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Görtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018

  2. Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 2

  3. Why Obfuscation? “easy” High-level Finished Description Product “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 3

  4. Why Obfuscation? “easy” aes.c High-level Finished Description Product aes.vhd “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 4

  5. Why Obfuscation? 01010100101 “easy” 01000100101 aes.c 01110101010 01101010010 High-level Finished Description Product aes.vhd “not that easy” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 5

  6. Why Obfuscation? Obfuscation “easy” High-level Finished Description Product “insanely difficult” Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 6

  7. Software Obfuscation • One target in software is control flow obfuscation. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 7

  8. Software Obfuscation • One target in software is control flow obfuscation. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 8

  9. Software Obfuscation • Opaque Predicates are used as a basic building block. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 9

  10. Software Obfuscation • Opaque Predicates are used as a basic building block. • An opaque predicate: – is an expression Example: – looks like having a dynamic value (x * (x + 1)) % 2 == 0 – evaluates to a constant, known value Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 10

  11. Software Obfuscation • Opaque Predicates are used as a basic building block. • An opaque predicate: – is an expression Example: – looks like having a dynamic value (x * (x + 1)) % 2 == 0 – evaluates to a constant, known value • Meant to harden against static analysis. Static Analysis : analysis performed solely on a static data, e.g., a binary. • Dynamic Analysis : analysis performed during operation, e.g., while • executing a binary. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 11

  12. Example: Software Opaque Predicates if ((x * (x + 1)) % 2 == 0): foo() else bar() “True” control flow graph: • • Control flow graph of a static analyzer: … … check (x*(x+1))%2 =0 ≠0 foo() foo() bar() Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 12

  13. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 13

  14. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. • Reverse engineers rarely analyze an entire design. • Mostly: small parts of a design. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 14

  15. A Software Obfuscation Technique in Hardware? • How can a software obfuscation technique help in hardware? • Obfuscation should harden against reverse engineering. • Reverse engineers rarely analyze an entire design. • Mostly: small parts of a design. • Goal : hide as much information as possible.  reduces starting points for reverse engineers.  makes understanding of any component harder. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 15

  16. Example: Hardware Reversing if a = "0110" then if a = b then vs. output <= ‘1’; output <= ‘1’; end if; end if; Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 16

  17. Example: Hardware Reversing if a = "0110" then if a = b then vs. output <= ‘1’; output <= ‘1’; end if; end if;  Use OPs to hide information introduced by constant signals. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 17

  18. P REVIOUS W ORK Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 18

  19. Translation to Hardware • Only one prior work on opaque predicates. • Sergeichik et al. presented LFSR-based OPs in 2014 [1]. <feedback logic> 1 0 1 1 0 1 0 … OR 1 [1] Sergeichik and Ivaniuk. "Implementation of opaque predicates for fpga designs hardware obfuscation." (JICMS, 2014). Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 19

  20. Stealthiness • Problem : Easy to detect, uncommon structure <feedback logic> • Removal via static analysis demonstrated in [1] . 1 0 1 1 0 1 0 … OR 1 [1] Wallat, Fyrbiak, Schlögel, and Paar . “A Look at the Dark Side of Hardware Reverse Engineering – A Case Study” ( IVSW , 2017) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 20

  21. Stealthiness • Problem : Easy to detect, uncommon structure <feedback logic> • Removal via static analysis demonstrated in [1] . 1 0 1 1 0 1 0 … OR 1 • Desired Metric : “ Stealthiness “ – Impossible (?) to measure – Human factor plays a role – Different in hardware and software [1] Wallat, Fyrbiak, Schlögel, and Paar . “A Look at the Dark Side of Hardware Reverse Engineering – A Case Study” ( IVSW , 2017) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 21

  22. O PAQUE P REDICATES IN H ARDWARE Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 22

  23. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 23

  24. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. • Observation : – Signals are changing constantly. – A signal’s value is only important while evaluated. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 24

  25. Hardware OPs – Idea • Stealthiness: use common structures. • Try to use existing circuitry. • Observation : – Signals are changing constantly. – A signal’s value is only important while evaluated. → Use an existing signal which 1. has the required state whenever we need it 2. switches “randomly” when not needed. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 25

  26. Example: Hardware OPs Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 26

  27. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 27

  28. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 28

  29. Example: Hardware OPs • Constant value required in Work1 , Work2 , and Work3 . • Multiple options to use the state of an FSM as an OP. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 29

  30. Hardware OPs • Example: – Constant 1101000 2 to be obfuscated. – 5-bit FSM passes 3 states during the processing period. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 30

  31. Hardware OPs • 1 st State: 1 0 1 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 31

  32. Hardware OPs • 2 nd State: 1 1 0 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 32

  33. Hardware OPs • 3 rd State: 1 1 1 0 0 1 1 0 1 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 33

  34. Hardware OPs • 4 th State: 0 1 1 0 0 0 0 0 0 0 0 0 Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 34

  35. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 35

  36. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) • Applicable to nearly all designs. • Considerably increases reversing effort: Reversing of control- and data-path required for identification of constants. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 36

  37. Hardware OPs • Very stealthy: existing FSMs are used. • Zero additional gates (in theory…) • Applicable to nearly all designs. • Considerably increases reversing effort: Reversing of control- and data-path required for identification of constants. • Applicable to ASICs and FPGAs. • Forces a reverse engineer to apply dynamic analysis. Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 37

  38. Hardware OPs • If no suitable FSM available, add a new FSM-like module. – Make it reset outside of the processing period. – Make it stabilize in a known state after some cycles. – Generate OP value from stable state. • Still stealthy (FSMs are common). • Stabilizing FSMs are also common (DONE state). Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 38

  39. C ASE S TUDIES Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 39

  40. Scenario Stealthy Opaque Predicates in Hardware | CHES 2018 | 10.09.2018 40

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from &quot;Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS &amp; ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon 2014 Introduction First layer: Code flattening pTra Algorithm reconstruction : RSA-OAEP Rebuilding a cipher function whiteboxed : AES-CBC

1.43k views • 103 slides
Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai

Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai

Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai Stanford University Princeton University Princeton University EUROCRYPT '04 Obfuscation Hide the internals of

721 views • 28 slides
Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton University Joint work with Saikrishna Badrinarayanan , Sanjam Garg, Eric Miles, Pratyay Mukherjee, Amit Sahai,

762 views • 49 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques)%00 Roberto

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques)%00 Roberto

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques)%00 Roberto Salgado Co-founder of Websec Provide informa4on security solu4ons Pen-tes4ng, training and

1.27k views • 109 slides
Post-Zeroizing Obfuscation New Mathematical Tools and the Case of

Post-Zeroizing Obfuscation New Mathematical Tools and the Case of

Post-Zeroizing Obfuscation New Mathematical Tools and the Case of Evasive Circuits SaikrishnaBadrinarayanan UCLA Eric Miles UCLA Amit Sahai UCLA Mark Zhandry MIT &amp;

659 views • 25 slides
Software Obfuscation with LLVM (Ab)using the compiler to protect code Bio Carl

Software Obfuscation with LLVM (Ab)using the compiler to protect code Bio Carl

Software Obfuscation with LLVM (Ab)using the compiler to protect code Bio Carl Svensson Head of Security, KRY/LIVI CTF: HackingForSoju Twitter: @zetatwo Email: calle.svensson@zeta-two.com Website:

266 views • 13 slides
Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir Bellare Igors Stepanovs Brent

Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir Bellare Igors Stepanovs Brent

New Negative Results on Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir Bellare Igors Stepanovs Brent Waters 1 Our Main Result at a Glance Bellare, Stepanovs, Waters - EUROCRYPT 2016 Differing-inputs obfuscation (Barak et

403 views • 37 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 51 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.2k views • 104 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 55 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.29k views • 116 slides

More recommend