Detecting Software Theft in Embedded Systems: A Side-Channel Approach

Source code plagiarism has become a serious problem for the industry. Although there exist many software solutions for comparing source codes, they are often not practical in the embedded environment. Today's microcontrollers have frequently implemented a memory read protection that prevents a verifier from reading out the necessary source code. In this paper, we present three verification methods to detect software plagiarism in embedded software without knowing the implemented source code. All three approaches make use of side-channel information that is obtained during the execution of the suspicious code. The first method is passive, i.e., no previous modification of the original code is required. It determines the Hamming weights of the executed instructions of the suspicious device and uses string matching algorithms for comparisons with a reference implementation. In contrast, the second method inserts additional code fragments as a watermark that can be identified in the power consumption of the executed source code. As a third method, we present how this watermark can be extended by using a signature that serves as a proof-of-ownership. We show that particularly the last two approaches are very robust against code-transformation attacks.

[1]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[2]  Christof Paar,et al.  Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World , 2011, CHES.

[3]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[4]  Christof Paar,et al.  On the Portability of Side-Channel Attacks - An Analysis of the Xilinx Virtex 4 and Virtex 5 Bitstream Encryption Mechanism , 2011, IACR Cryptol. ePrint Arch..

[5]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[6]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[7]  Michael Stepp,et al.  More on graph theoretic software watermarks: Implementation, analysis, and attacks , 2009, Inf. Softw. Technol..

[8]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[9]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[10]  Fei-Yue Wang,et al.  A Survey of Software Watermarking , 2005, ISI.

[11]  Christof Paar,et al.  Side-channel based watermarks for integrated circuits , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[12]  Esko Ukkonen,et al.  Approximate Boyer-Moore String Matching , 1993, SIAM J. Comput..

[13]  A. Gibbs,et al.  The Diagram, a Method for Comparing Sequences , 1970 .

[14]  Christof Paar,et al.  An Efficient Method for Eliminating Random Delays in Power Traces of Embedded Software , 2011, ICISC.

[15]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[16]  Eamonn J. Keogh,et al.  Dot plots for time series analysis , 2005, 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'05).

[17]  Sebastian Danicic,et al.  An Evaluation of Static Java Bytecode Watermarking [ Draft Version ] , 2010 .

[18]  Jasper G. J. van Woudenberg,et al.  RAM: Rapid Alignment Method , 2011, CARDIS.

[19]  Christof Paar,et al.  Side-channel watermarks for embedded software , 2011, 2011 IEEE 9th International New Circuits and systems conference.

[20]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[21]  William Zhu,et al.  Algorithms to Watermark Software Through Register Allocation , 2005, DRMTICS.

[22]  A. Gibbs,et al.  The diagram, a method for comparing sequences. Its use with amino acid and nucleotide sequences. , 1970, European journal of biochemistry.