Novel Obfuscation Algorithms for Software Security

Over the years, several software protection techniques have been developed to avoid global software piracy, which has increased over 40% and has caused $11 billion loss. Code Obfuscation is one of these techniques and it is very promising one. Code obfuscation is a form of software protection against unauthorized reverse-engineering. In this paper, we give information about available software obfuscation tool kits in the market, along with JHide and their comparison. We propose three new obfuscation techniques, based on composite functions, which are Array Index Transformation, Method Argument Transformation and Hiding Constants. In addition to that, we also propose a new obfuscation algorithm based on Discrete Logs to Pack the Words and another one, based on Affine Ciphers, to Encode String Literals. Finally, we conclude our paper identifying the need for reviewing the performance of the algorithms as the future scope of our work.

[1]  O. Roeva,et al.  Information Hiding: Techniques for Steganography and Digital Watermarking , 2000 .

[2]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[3]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[4]  James A. Whittaker Why Secure Applications are Difficult to Write , 2003, IEEE Secur. Priv..

[5]  Gregory Wroblewski,et al.  General Method of Program Code Obfuscation , 2002 .

[6]  Douglas Low,et al.  Java Control Flow Obfuscation , 1998 .

[7]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Levent Ertaul,et al.  JHide - A tool kit for code obfuscation , 2004, IASTED Conf. on Software Engineering and Applications.

[9]  Douglas M. Blough,et al.  Data obfuscation: anonymity and desensitization of usable data sets , 2004, IEEE Security & Privacy Magazine.

[10]  Christian S. Collberg,et al.  Sandmark--A Tool for Software Protection Research , 2003, IEEE Secur. Priv..

[11]  Martin R. Stytz Considering defense in depth for software applications , 2004, IEEE Security & Privacy Magazine.

[12]  Douglas Low,et al.  Protecting Java code via code obfuscation , 1998, CROS.

[13]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[14]  Witold A. J. Kosmala,et al.  Advanced Calculus: A Friendly Approach , 1998 .

[15]  Paul B. Garrett Making, Breaking Codes : Introduction to Cryptology , 2001 .

[16]  CRISPIN COWAN,et al.  Software Security for Open-Source Systems , 2003, IEEE Secur. Priv..

[17]  J. A. Whittaker,et al.  Software Protection: Security's Last Stand? , 2003, IEEE Secur. Priv..