|
Posted by on August 3, 2005, 6:09 am
If you were Registered and logged in, you could reply and use other advanced thread options
Validy Technology (VT) is a program protection method. It uses a
secure coprocessor and manipulates variables mandatory for the
correct execution of the program inside this coprocessor.
The secure coprocessor uses a silicon chip which can take several
different form factors: USB key, SIM Module, MMC Card, Smart
card, SMD device...
VT is effective against software piracy as well as against
software and data tampering: it not only prevents illicit
program execution but can also ensure that program execution
is not altered and that program data is not copied or modified,
even when execution is taking place in an hostile environment.
VT is based on a "subtractive" protection method, hiding
"critical portions" of the program in the coprocessor, but
instead of securely executing "Remote Procedure Calls", it
secures part of the program state. In other words, it permanently
keeps some of the program variables into the coprocessor and
during execution of the program the values of the variables
residing into the coprocessor are modified. VT ensures secure
execution of the modifications by sending encrypted instructions
to the coprocessor. (instructions are encrypted at compile time)
Only when absolutely necessary, the value of one of the variables
residing inside the coprocessor, or even better, information
derived from one or several of those variables, is transmitted
back to the main part of the program. VT security is based on the
extreme difficulty for an attacker to regenerate correct values
during those transmissions.
For added security, the coprocessor continuously monitors the
instruction flow conformance to what was planned at program
compile time. To this means, the coprocessor architecture and
instruction set are designed with the addition of special fields
allowing automatic real-time monitoring of the chaining of the
instructions.
This security mechanism is simple to implement yet extremely
powerful. If the coprocessor detects an anomaly, it can take
retaliation measures forcing the program to stop: if the
coprocessor stops working, part of the program state is suddenly
missing and the program cannot continue working.
With the execution of a few coprocessor "Xor" instructions or
with the execution of a specially designed coprocessor
"MutualCheck" instruction, this security mechanism is simply
extended to mutually protect several different computations
executed inside the coprocessor. I.e. if one computation is
modified or suppressed, another-one will fail.
Mutual protection, in turn, greatly enhance VT protection
abilities:
Mutual protection prevents an attacker to use a "divide and
conquer" approach to gradually remove protections.
Mutual protection allows the coprocessor to verify program
integrity during execution by executing integrity checks that
cannot be removed. One very effective such check is to verify
that the calling graph of the program is not modified.
Mutual protection allows a background thread to protect real time
threads.
Mutual protection allows protected programs to mutually protect
the others. For instance, to attack a client program, one must
also attack the server program.
Mutual protection allows data protection by permitting effective
generation/check of data authentication information or by
permitting effective encryption/decryption of data.
VT rests on well-known computer science principles. Its
implementation doesn't present major stumbling blocks and doesn't
require secret know-how. VT doesn't require a secure machine to
execute but just a secure coprocessor. It can work with any
operating system or even with embedded systems.
Protection of a program must be done be the software publisher
creating or maintaining the program. During the protection of a
program, most of the protection work is automatic because moving
variables to the coprocessor and modifying them here is a
classical compilation problem similar to the use of an arithmetic
coprocessor. Also most of the program integrity verifications
(for instance verifying the chaining of the instructions or
protecting the calling graph) can be automated with a compiler.
Several manufacturers already build secure microcontrollers that
can be used for VT. Those components are generally designed for
banking cards applications; they have a low price tag and a high
security level. With an appropriate program runtime and
microcontroller firmware, the microcontroller can be seen by the
program as a "loosely coupled" coprocessor, plugged for instance
on the USB bus, without requiring any hardware change to the
machine.
Despite the lose coupling between the main processor and the
coprocessor, the execution inside the coprocessor takes place
concurrently with the execution of the main part of the program
and the program slowdown is minimal.
We have gone all the path from inventing the concepts, protecting
the intellectual property, implementing a USB coprocessor and the
associated runtime for Windows, implementing 2 compilers (one for
Java and one for .NET) to finally demonstrating that protected
programs are running with acceptable performance. We now intend
to grant licenses to interested parties.
Jean-Christophe Cuenod
jcc@validy.com
www.validy.com
|
| Similar Threads | Posted | | LayerOne Technology Conference | April 29, 2004, 5:26 pm |
| What security technology should I support? | November 24, 2006, 7:41 pm |
| Norton System Works 2006 use able for more than 1 year? | January 30, 2007, 10:59 am |
| Management of Innovation and Technology Conf (21-23 June 2006, Singapore) | July 23, 2005, 2:32 am |
| Motorola Biometrics Solution Will Help Protect Delaware Citizens with Improved Identity Technology | April 11, 2006, 2:22 am |
| EARN CASH BY READING EMAILS. THIS REALLY WORKS I ALLREADY HAVE10€ IN 1 MONTH AND ITS GROWING FASTER ANDFASTER!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | March 27, 2005, 9:38 am |
| Kerberos Decrypted - Interesting URLs on how kerberos works | July 4, 2006, 1:45 am |
| Viewing/opening file sent by secure method | February 27, 2007, 2:31 pm |
| Patent buster for a method that increases password security | December 4, 2006, 11:46 am |
| CD copy protection | November 15, 2005, 2:10 pm |
|
XML site map