Building Sustainable IP Protection against Hacking
Reverse engineering is rampant. Given that reverse engineering is a
tool to understand competitors' technologies, improving one's products, and defeating the competition, the leap to
counterfeiting is not a large one. Dedicated departments of reverse engineering in markets like China routinely
develop counterfeits of cutting-edge software powered products. Software hacking and piracy by professional hackers
is growing and increasingly sophisticated, and the latest BSA/IDC global piracy report estimates worldwide losses
in 2007 alone at $48 billion.
Protecting software-based intellectual property is critical to maintaining competitive positioning, protecting
R&D investments, and preserving product line profitability. Whether you build software, consumer electronic devices,
digital media applications, communications equipment, machine tools, automotive telematics or signal processing
platforms, hardening applications to tampering, piracy and reverse-engineering is indispensable to maximizing
software-powered businesses.
How to effectively harden applications? Many consider encryption the silver bullet to solving all security
needs. Unfortunately, while encryption works perfectly for securing internet-based data transfer, it is utterly
inadequate to protect software IP. Attackers will have administrative privilege over your application when they are
hacking it, and discovery of the encryption key is simply a forced crash-and-memory-dump analysis away. Defense-in-depth
is required, with multiple defense measures in addition to obfuscation and encryption, in order to increase the
difficulty of hacking an application.
The key to successfully deploying and building a software protection solution is to ensure that it is
sustainable. Sustainability combines three characteristics: durability, resilience and low impact. Durability refers
to strength of a protection solution out of the gate, in terms of robustness against static and dynamic
attacks. Resilience refers to the speed and security with which a breach can be patched. When a hack emerges, you must
have a plan to manage it quickly, efficiently and securely. For applications where your product gates access to other
assets - such as media DRM, conditional access, document control, and data security - you also need a channel to
reliably and transparently patch all existing installations. Impact of your protection solution on your software
development life cycle, from development through quality assurance to maintenance, must be minimal. Unless your
security solution is easy to design and scale, fast to implement, friendly to quality assurance and transparent to
honest users, it will die a quick death.
What are strategies to successfully achieve sustainability? Here are some key considerations in developing a
sustainable IP protection solution:
Entrenched Defense. Elimination of single points of failure is a fundamental requirement for durable
protection. If your solution at some point comes down to a single yes-no branch or an isolated cryptographic
calculation, rest assured that a hacker will find and exploit this vulnerability. Security must be built using a range
of state of the art anti-reverse engineering, anti-tamper, encryption and self-healing measures. These must be layered
to protect the application and each other. Base layers should protect sensitive functions, while deeper layers should
be closely intertwined with your internal system logic and functionality. They should be programmed to initiate either
defensive or aggressive reactions, as appropriate to your application, if failure of lower layers is detected. The
more unpredictable and unstable your application is in the face of attempted attacks, the more durable your defense
will be.
Diversity.For a system to be widely hacked, it must be possible to create a scripted exploit that runs
reliably on a large percentage of installed clients - this is called a class hack. Otherwise, it does not receive
the popularity and sharing level it needs to become truly catastrophic.
Diversity implies creating functionally equivalent but structurally different application binaries, such that
security-critical code and data does not definitively exist at a specific address or execute at a specific point
of time. In turn, this ensures that a class hack cannot be created.
Diversity also implies that your underlying protection solution and specific protection scheme is unique to your
application. This protects your IP from compromise by one-size-fits-all attack kits that exist for most
one-size-fits-all security technologies.
Effective diversity significantly magnifies the durability of your solution.
Communication.You'd never toss a soldier into enemy territory without a phone link to base. Why would you
do that to your software? The ability for deployed products to communicate with a home server provides an attractive
channel to push new features and upgrades, and is generally accepted by end users. This also provides a crucial
security hook - it allows you to reliably push renewal patches to clients, and (if you have the luxury of a two-way
channel) allows early warning and traitor tracing forensic information to be relayed back to you.
Communication significantly ease the achievement of resilience. As a simple strategy, you can require that a
device successfully communicate with your central server at least every N days, at every significant event such as
new content purchase, or shortly after any suspicious system state is detected.
Rapid Reconfiguration.Hacking technology advances every day. Once an exploit is known, it is imperative to
quickly restructure your protection to close the exploited vulnerabilities. Further, it is imperative to restructure
significant portions of the protection strategy and execution logic to ensure that differential attacks cannot be
used to reverse engineer your patch and quickly release another hack. Secure breach management is necessary to avoid
a death spiral of ever shortening breach-patch-breach races between your development team and your attackers.
Breaches never come with a warning, and they seldom occur at a convenient time. To be sustainable, your security
must be renewable without impacting ongoing development of new features and releases. It must also be renewable
quickly, to contain the spread of the breach and minimize losses. In order for you to achieve resilient protection,
your protection platform must provide binary-based, point-click breach management.
Leverage Hardware, Rely on Software.Hardware beats software hands down for securely storing data and
executing cryptographic calculations. However, at some point data and logic is transferred back to software, and
becomes vulnerable. Moreover, once deployed, hardware is static while software can be renewed and reconfigured. You
should fully leverage hardware to maximize your durability, but plan to use software-based techniques to realize
renewability. Otherwise, as Echostar experienced, your only option to deal with a break may be to replace every old
smart card with a new one. This is not only expensive, but is disruptive to customers and can result in brand
devaluation as well as competitive disadvantage.
With the prevalence of tampering, piracy and reverse engineering today, from both competitors and hackers,
preservation of your intellectual property depends entirely on the sustainability of your protection
solution. Durability is certainly an important factor, but renewability and low impact are key considerations as
well. Ensuring that your solution is sustainable will in turn optimize your development resource utilization, maximize
your revenue protection and minimize your total cost of ownership. On the flip side, your legal department may need
to downsize.
Amena Ali is Chief Marketing Officer for Arxan Technologies, Inc., a leading provider of application hardening solutions designed to
protect software intellectual property (IP) from piracy, tampering, reverse engineering and any manner of theft.
