The Research Of Software Tamper Resistance Base On White-Box Cryptography

With the wide use of computer technologies, software security issues become increasingly prominent and raised more and more attention. Especially, how to design a practical protection scheme in white box attack context has become a major challenge in the field of the software protection, so the research has important practical significance. Such software tamper proofing technique aims at preventing the critical program information from the unauthorized modifications and uses and also at generating the responses once the tampering is detected. Encryption algorithm as the core of software tamper proofing technique, its own security will directly affect the reliability of making software tamper resistant. But in white box attack context, the attacker can obtain information of key by simply observing the process of software running. The white-box cryptography is presented in order to protect the key information from the attacker in the white-box attack environment. It hides the key in cipher algorithm, and then uses the obfuscation technique to diffuse the key in the all look-up tables.Now, there are two main design ideas to design a White-Box cipher: Chow etc. present white-box implementations for AES by using the look-up tables. By hiding key information in look-up tables and using coding technique to protect the look-up tables, attacker cannot extract the key from the white-box implementations. Bringer etc. provided another way to construct white-box cipher. Bringer adds perturbation to original algorithm in order to prevent attacker to analysis the algebra structure. Unfortunately, both designs have its own deficiencies, so the two design examples of white box are broken.In this paper, first we design a new software tamper proofing technique which based on white-box cryptography. We skillfully embedded the integrity information of software into the implementations of white-box cryptography under the premise of not change its function. Secondly, design a software guard base on the improved white-box cryptography and use of software guards network to prevent the software tampering. If the software has been illegally tampered, the white-box cipher will be unable to correctly implement the encryption and decryption operations, and the program will quit expectedly. At last, we proof and analysis the effectiveness and efficiency of the software tamper proofing technique.