The Use of Software-Based Integrity Checks in Software Tamper Resistance Techniques

Transcription

1 The Use of Software-Based Integrity Checks in Software Tamper Resistance Techniques Ginger Myles IBM Almaden Research Center [1]

2 Talk Overview Integrity check overview Use of integrity checks in tamper resistance techniques Attack on integrity checks [2]

3 Attack Model Software executing on a potentially hostile host. Adversary has full control over the software s execution. Adversary can use any program analysis tools to detect and circumvent the checks. The Hackers Toolbox Benign Executable [3]

4 Software Tamper Resistance Detect that the program has been altered. Cause the program to fail when tampering has been detected. [4]

5 Integrity Check Overview What are they? A mechanism used to identify the integrity of the program and/or the environment in which it is executing. Executable Checker [5]

6 Integrity Check Overview What are they? Static - integrity is checked only once during start-up Dynamic - integrity is checked repeatedly as the program executes Executable Checker [6]

7 Integrity Check Overview How are they used? Generally used as part of a larger tamper resistance scheme. Assertion Check Based (BAD!) ic = performcheck(); if(ic!= PREDICTED VALUE) {fail;} Use Based (Better) ic = performcheck(); decryptsegment(ic, k); [7]

8 Integrity Check Overview Why are they used? Program integrity verification Prevent license check removal Protect a watermark from damage or removal Executable Code Obfuscator Executable? Watermark Extractor [8]

9 Integrity Check Overview Why are they used? Environmental integrity verification Detect the use of debuggers or emulators Protect the keys embedded in DRM systems Sensitive code that it is only decrypted for execution DRM Protected Executable Debugger Debugger Disabled Executable k k [9]

10 Program Integrity Verification Code Checksum Probably the oldest method Straight forward implementation Quite efficient Execution Executable ic ic [10]

11 Program Integrity Verification Code Checksum The Negatives Reading the code segment is generally atypical. Execution Executable ic ic ic ic [11]

12 Program Integrity Verification Code Checksum The Negatives Hackers pinpoint checks through breakpoints or code inspection. Only verifies static properties. May not detect temporary instruction patches or other run-time attacks. [12]

13 Program Integrity Verification Oblivious Hashing [Chen et al., 2002] Dynamic - based on execution trace. Monitor both instructions and memory references. Compute hash value from execution trace. Instruction Sequence Memory I 1 M 1 I 2. I n M 2. M n Trace [13]

14 Program Integrity Verification Oblivious Hashing Hashing locations must be extensive and spread throughout program. To protect a function all functions on the calling-hierarchy must be protected. Trace should include memory references made by each instruction and the instruction itself. Instruction Sequence Memory I 1 M 1 h 1 I 2 h 2. M 2. I n M n h n [14]

15 Environment Integrity Verification Detection of debuggers and other similar simulation tools Use a checksum to detect a breakpoint. Measure elapsed time to execute a sequence of instructions. Look for tool specific hooks. [15]

16 Environment Integrity Verification The Negatives Level of checksum granularity will effect success of detecting a breakpoint. Detection is tool specific. [16]

17 Real Uses of Integrity Checks Check and Guard System [Chang and Atallah, 2001] Network of guards. Each guard responsible for performing some type of integrity check. Protect each other and the program in an interlocking fashion. Some guards can repair altered code. C [17]

18 Real Uses of Integrity Checks Check and Guard System Repairing guard inserted prior to code. Checksumming guard inserted at a point when code will be present in program image. Strongly connected guard graph increases the efforts required by the attacker. C [18]

19 Real Uses of Integrity Checks Testers and Correctors [Horne et al., 2002] Collection of testers which each hash a single contiguous section of code. Testers are sprinkled throughout code and triggered by normal program execution. Execution Executable tester tester tester tester tester tester tester [19]

20 Real Uses of Integrity Checks Testers and Correctors [Horne et al., 2002] Compares hash value with correct value. Incorrect value triggers response mechanism via simple function call. [20]

21 Real Uses of Integrity Checks Testers and Correctors Each hash interval contains a corrector. Corrector set to a value such that the interval hashes to a fixed value. Execution Executable tester tester tester tester tester tester tester [21]

22 Real Uses of Integrity Checks Branch-Based Tamper Resistance [Myles, Jin, 2005] Based on Branch Function obfuscation [Linn and Debray, 2003]: Designed to disrupt static disassembly. Exploits assumption that a function call returns to the instruction immediately following the call instruction. Execution is rerouted through the branch function. The correct target is identified based on the call location. T[h(j i )] = t i j i Return address on the stack is overwritten. [22]

23 Real Uses of Integrity Checks Branch-Based Tamper Resistance Key Storage k 0 Program Execution. k 1 Branch Function. k 2 Branch Function. Key: Link proper program execution and the key evolution. [23]

24 Real Uses of Integrity Checks Branch-Based Tamper Resistance Integrity Check Branch Functions 1. Perform an integrity check of the program or environment producing the value v i. 2. Generate the next key using a secure one-way hash function, the previous key, and the integrity check value. k i+1 = SHA1(v i,k i ) 3. Use k i+1 to identify the instruction where execution will resume. [24]

25 Real Uses of Integrity Checks Branch-Based Tamper Resistance Integrity Check Branch Function Construction Integrity Check Branch Function integrity check Original Application k i v i f 1 (v i, k i, AM) key generation f 2 + k k i+1 i+1 f 3 d i+1 = T[h(k i+1 )] retnew = ret old +d i+1 Modified Application f 1 f 2 f 3 ICBF [25]

26 Real Uses of Integrity Checks Branch-Based Tamper Resistance Branch Instruction Replacement Modified Application f 1 f 2 f 3 ICBF_1 ICBF_2 1 mov add mov jmp push mov cmp jge mov push push call add pop ret d 1 k 1 2 mov sub mov d 2 k push mov cmp call mov add mov jmp mov sub mov mov push push call add pop ret Protected Application f 1 f. 2.. ICBF_1 ICBF_2 ICBF_1( ). ICBF_2( ). f 3... ICBF_1( ). [26]

27 Real Uses of Integrity Checks Branch-Based Tamper Resistance Able to construct an intertwined network of ICBF s C [27]

28 Attacks on Integrity Checks Circumvention of self-hashing has been accomplished on UltraSparc, x86, PowerPC, AMD64, and ARM architectures [van Oorschot et al., 2005]. Implicit assumption that a data read from memory address x is the same as an instruction fetch from x. I(x) D(x) will verify code that is never executed and the executed is never checked. Manipulate virtual to physical address mappings such that each virtual address refers to two different physical addresses code references and data references Done through segmentation and translation lookaside buffers. [28]

29 Wrap-up We looked at a common type of integrity checking how it is used in real tamper resistance techniques and how it can be circumvented. [29]

30 Wrap-up Questions I m considering: Is there hope for strictly software-based techniques? Is there a way we can determine the level of protection provided by the different types of integrity checks? [30]

31 Wrap-up Questions I m considering: Is there hope for strictly software-based techniques? Is there a way we can determine the level of protection provided by the different types of integrity checks? Begin building an incremental strength evaluation scheme for software tamper resistance techniques. [30]

32 Wrap-up Questions I m considering: Is there hope for strictly software-based techniques? Is there a way we can determine the level of protection provided by the different types of integrity checks? Begin building an incremental strength evaluation scheme for software tamper resistance techniques. With the Check and Guard system or the Branch-Based technique strength can be customized or checks can be replaced once discovered they are breakable. [30]

33 References Protecting Software Code by Guards, Chang and Atallah, Proc. of 1st ACM Workshop on Security and Privacy in Digital Rights Management, Oblivious Hashing: A Stealthy Software Integrity Verification Primitive, Chen, Venkatesan, Cary, Pang, Sinha, and Jakubowski, Proc. of 5th International Workshop on Information Hiding, Towards Better Software Tamper Resistance, Jin and Myles, Proc. of Information Security: 8th International Conference, Self-Validating Branch-Based Software Watermarking, Myles and Jin, Proc. of 7th International Workshop on Information Hiding, Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance, van Oorschot, Somayaji, and Wurster, IEEE Transactions on Dependeble and Secure Computing, [31]