A Framework for Secure Execution of Software
Nowadays, piracy is considered one of the major problems of software industry. We can find in the literature many research initiatives that have tried to solve this problem, and most of them are based on the use of tamperproof hardware tokens. This type of solutions depends on two basic premises: (i) to increase the physical security by using tamperproof devices, and (ii) to increase the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user can not modify the software to bypass an operation that is crucial: checking the presence of the token. However, the experience shows that the second premise is not realistic because the analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.
In this paper, we review the most relevant works related to software protection, present a taxonomy of those works and, most important, we introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of previous premises; that is, Smartprot has been designed to avoid code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of Smartprot as well as the protocols developed to manage licenses. Finally, we provide an exhaustive analysis of its implementation details.
Maña, A.; López, J.; Ortega, J.; Pimentel, E.; Troya, J.M. A Framework for Secure Execution of Software. International Journal of Information Security, Vol. 3, Issue 2, Springer-Verlag, 2004.