Entrusting Remote Software Executed in an Untrusted Computation Helper

How to trust an application executed in a remote untrusted client? Indeed, in an untrusted environment, an attacker may tamper with the application code or the execution environment to alter the application behavior for its own purposes. This problem is traditionally addressed by checking the integrity of the application code at loading and during runtime. However, this line of protection is not sufficient when the client is used as a computation helper and is expected to return the result to a trusted server. An attacker may execute the application without altering its code but returns an invalid result. This paper proposes a new approach to deal with remote software execution in an untrusted client used as a computation helper. The proposed solution provides the integrity of the computation result returned to a secure server.

[1]  Paolo Falcarin,et al.  Integrity Checking in Remote Computation , 2005 .

[2]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[3]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[4]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[5]  Stephen A. Jarvis,et al.  Trusting agents for grid computing , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[6]  Vladimir Shpilrain Hashing with Polynomials , 2006, ICISC.

[7]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[8]  Mariano Ceccato,et al.  Remote Entrusting by Run-Time Software Authentication , 2008, SOFSEM.

[9]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[10]  Samuel S. Wagstaff,et al.  Dynamic Cryptographic Hash Functions , 2006, IACR Cryptol. ePrint Arch..

[11]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[12]  Gilles Zémor,et al.  Hashing with SL_2 , 1994, CRYPTO.

[13]  Koen De Bosschere,et al.  Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.

[14]  Asadullah Shah,et al.  A Study of Software Protection Techniques , 2007 .

[15]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .