Patent Grant
11574046
This application claims priority to European Application No. 19157739.4, filed Feb. 18, 2019, the disclosure of which is incorporated by reference herein in its entirety.
The present disclosure relates generally to the field of program security and to techniques for increasing the resistance of a software program to tampering. In particular, the present disclosure relates to methods and devices for protecting software programs against attacks that use reverse engineering or similar mechanisms to access and/or modify program code.
In releasing a software application for execution on end users' hardware, a program developer is effectively providing users a complete access to the program code of that application. Unfortunately, some users will attempt to compromise the software application in order for example, to obtain illegal copies, gain unlicensed access to certain features, steal intellectual property from the application, or inject malicious code. Indeed, free access to executable code by unauthorized users can often result in loss of intellectual property, and provide the user with an easy means for probing the application for security vulnerabilities. Also, application code may be modified after being reversed-engineered to remove metering or usage controls before being recompiled, resulting in a loss of revenue for the application publisher. Thus, the environment into which application publishers release their applications can be considered to be hostile. There is therefore a need to protect software programs from tampering or misuse, which may involve unauthorized modification or copy of the software program.
A number of anti-tamper techniques have been previously proposed for protecting software applications from being modified and/or copied. For example, it is known for software applications to utilize copy protection techniques or to insert encoded limitations into them, which, for example, require password or serial number access, prevent copying, or restrict the use of the application in some way.
Techniques for obfuscating software program code have also been proposed. Obfuscated code is a type of executable code, which is intentionally made very difficult to read and understand. Although obfuscated code can deter reverse engineering, there is still a possibility that the code could be read and understood, and therefore modified. As such, obfuscated code provides only low-level security means, and it is often necessary to use it in conjunction with additional security means, such as encryption. Additionally, common software reverse engineering attacks target copy protection schemes. These schemes generally rely on existing operating system procedure calls, making basic code obfuscation easily bypassed using the same tools used with unobfuscated code. Furthermore, obfuscated code is not only a problem for hackers but also for the software developers of the software applications themselves, as obfuscated code is inherently very difficult to debug. As a result, it is often necessary to maintain two versions of the same program code: an unobfuscated code version for debugging and an obfuscated code version for distribution. Due to the low level of security provided, this additional constraint is often considered to outweigh the benefits of obfuscation and therefore alternative methods are required.
Other known anti-tamper techniques are called “integrity checks”. These techniques verify during runtime that the application code has not been tampered with, where tampering includes code and/or data modification, changes of the execution environment, or any other measure which changes the behavior of the application. For example, during its normal running, the application checks the integrity of its own code by computing one or more checksums (or hash or signature) of a part (target code) or all the application executable code. The results of these checksum computations are compared with expected values that are embedded within the application code. Such checking approach can be extrapolated by constructing an interconnected web of checks, such that any modification to the application code can be detected. These code integrity checks can be inserted into any existing program code. If a modification is detected by such an integrity check, a defensive action can be taken, such as calling a response function which exits the application or goes into an infinite loop. More generally the response function can be destructive when it prevents the application from being normally executed, or non-destructive when it leaves control back to the application.
However, some applications can be recompiled a trusted party other than the application providers, which changes the final form or executable code of the application. Generally the third party is not aware of the presence of integrity checks in the application or does not have a dedicated tool that can update the integrity check expected results in the application executable code. Therefore, such a recompilation of an application invalidates the integrity checks, as the checksum computed by one or more of the integrity checks can no more correspond to the expected results in the application code. Thus the application appears as being tampered with. More generally other authorized processes can alter a final or published form of an application without the consent or awareness of the application provider. For example, the application could be resigned or a manifest file could be embedded or modified in the application code.
Therefore, there is a need for a method of detecting a modification of an executable program code, which can distinguish between authorized and unauthorized modifications.
A method is described for generating random numbers. The method may include method of protecting a software program against tampering, the method comprising: executing, by a processor of a user device, an executable code of the software program, the executable code comprising integrity check code sections; during execution of one of the integrity check code sections of the executable code, computing by the processor an integrity check result applied to a code segment of the executable code; transmitting by the processor to a server a message containing the integrity check result and an identifier of the code segment; and when the integrity check result does not correspond to a reference result for the code segment of a genuine version of the software program, receiving by the processor from the server a signal that prevents an operation of the software program from being executed by the processor.
According to an embodiment, the method further comprises comparing, by the processor, the integrity check result with a reference result stored for the code segment, the message being transmitted to the server only when the integrity check result does not correspond to the reference result stored for the code segment.
According to an embodiment, the method further comprises preventing by the processor an operation of the software program from being executed when the integrity check result does not correspond to the reference result stored for the code segment.
According to an embodiment, the reference result is received by the user device and inserted by the processor into the executable code when the executable code is executed by the processor at a first time.
According to an embodiment, the reference result is computed and inserted into the executable code when the executable code of the software program is generated.
According to an embodiment, the executable code of the software program is divided into code segments grouped together into sequences of code segments, each sequence comprising links between code segments, a root code segment and a last code segment, each link linking an originating code segment to a target code segment of the sequence, each link corresponding to an integrity check code section in the originating code segment of the link, which verifies integrity of the target code segment of the link.
According to an embodiment, the method further comprises determining by the server if the integrity check result computed for the code segment received from the user device corresponds to a reference result for a corresponding code segment of a genuine version of the software program.
According to an embodiment, the method further comprises: receiving by the server from other user devices, messages containing an integrity check result associated with an identifier of a code segment of the software program and an identifier of the user device; forming, by the server, result sets of integrity check results of instances of the software program, by grouping messages received from a same user device, each user device being considered as executing a single instance of the software program; counting, by the server, occurrence numbers of identified different results sets among the result sets, each identified different result set corresponding to a respective version of the software program; and deciding that one of the versions of the software program executed by a user device is genuine when the identified different result set corresponding to the version of the software program has an occurrence number exceeding a given threshold value after a given time from a first reception by the server of the identified different result set.
Some embodiments may relate to a device comprising a processor, a memory and communication circuits for connecting the processor to a remote server, the processor being configured to: execute an executable code of the software program, the executable code comprising integrity check code sections; during execution of one of the integrity check code sections of the executable code, compute an integrity check result applied to a code segment of the executable code; transmit to a server a message containing the integrity check result and an identifier of the code segment; and when the integrity check result does not correspond to a reference result for the code segment in a genuine version of the software program, receive from the server a signal that prevents an operation of the software program from being executed by the processor.
According to an embodiment, the processor is further configured to implement the method as above disclosed.
According to an embodiment, the device further comprises a protected memory area configured to receive the message when the device is not connected to the server.
According to an embodiment, the device further comprises a secure element configured to: establish secure links with the processor and with the remote server; receive and store the message from the processor; and transmit the message to the server upon request thereof.
According to an embodiment, the device further comprises a secure element configured to: establish secure links with the processor and with the remote server receive and store the reference results of the software program from the server; receive comparison requests from the processor; subsequent to receiving a comparison request, compare an integrity check result of a code segment, received in the comparison request, with one of the reference results stored by the secure element and corresponding to the code segment, and transmit to the processor a comparison result of the comparison; or transmit to the processor the reference result requested in the comparison request; generate and store a message containing the integrity check result; and receive requests from the remote server, and subsequent to receiving a request from the remote server, transmit the message to the server.
Some embodiments may relate to a computer program product loadable into a computer memory and comprising code portions which, when carried out by a computer, configure the computer to carry out the method as above disclosed.
The methods and/or devices described herein may be better understood with reference to the following drawings and description. Non-limiting and non-exhaustive descriptions are provided with the following drawings. In the figures, like reference signs may refer to like parts throughout the different figures, unless otherwise specified.
In the example of
Generally, the reference results of the code sections of an application are computed during compilation of the source code of the application, when the executable code of the application is generated. For example, the reference result for root code segment C is obtained by performing the checking procedure of code segment S2 applied to its target code segment, namely root code segment C. This involves carrying out for example a cyclic redundancy check, hash or signature computation, on a predetermined portion of memory where root code segment C is stored. The implementation checking procedure is carried out on a predefined area of memory where is stored root code segment C, the code segment S2 receiving the reference result of root code segment C or an attribute specifying where is stored this reference result. At runtime, the integrity checking code section of code segment S2 is operable to carry out a runtime checking procedure on part of memory storing root code segment C to compute a runtime result, and is then further operable to compare this runtime result with the reference result stored by code segment S2. The integrity of root code segment C is verified according to this comparison, which may require the runtime result to be equal to the reference result or related thereto by some predetermined relationship.
Similarly, the reference result for code segment S2 is obtained by performing the checking procedure of code segment S1, which is applied to the target code segment S2. The code segment S1 receives the reference result of code segment S2 or an attribute specifying where is stored this reference result. Thus, the reference result for the code segment S2 is dependent upon the reference result for root code segment C. At runtime, the integrity checking code section of code segment S1 will be operable to perform a checking procedure on the defined part of the memory of code segment S2 in order to obtain a runtime check result, and will be further operable to compare this runtime check result with the reference result associated therewith. The reference result computation process is performed from each root code segment to a last segment of each code segment sequence of the executable code, until the reference result for each of the code segments is derived and stored.
In step S6 which is carried out when the user device UD is connected to the server SRV, the checking procedure transmits the error message EMG containing the computed runtime check result CKV, the identifier CID of the target code segment and the user (or user device) identifier UID, to the server SRV. In step S7, the server SRV receives and processes the error message EMG. Processing the error message may include storing the data contained in the message in a user database, and determining from the data in the user database if the runtime check result can correspond to a reference result of a genuine version of the application. For example, this process can consider that a reception of an isolated error is due to tamper detection, whereas extensive error reporting (from multiple users of the application) containing the same runtime check results reveals release of a new genuine version of the application executable code. In step S8, if the received error message EMG contains a runtime check result corresponding to a genuine version of the application, the procedure ends, otherwise the server SRV transmits to the user device UD a command KCMD to stop execution of the application by the user device or to prevent the application executed by the user device from performing sensitive operations provided by the application (step S9). The transmission of this command may be delayed for a predetermined time to wait for reception of other related error messages from other users containing the same runtime check results. The command KCMD can be sent by the server SRV to the user device UD at the expiration of this predetermined time when no similar error messages are received from other user devices and when the user device UD is online and/or connects to the server. It should be observed that many applications require access to back-end services provided by a server. Thus the execution of some operations of the application requiring such back-end services can be stopped if the server SRV determines that the application has been tampered with.
The implementation of a server receiving integrity check errors from users of an application, enables a distinction to be made between an attack on the application which is necessarily isolated, and a recompilation of the application by a trusted third party, the recompiled application being generally provided to all users of the application by means of an official updating channel. In the case of an authorized recompilation, the server SRV receives from many different users many integrity check error messages containing the same runtime check results. In the case of an attack, the runtime check results received by the server SRV are transmitted by a single user or a very small number of users. In this manner, the integrity checking procedure of
In step S26, performed when the received reference results EV do not correspond to those of a genuine version of the application, the server SRV transmits a kill command KCMD to the user device to stop the execution of the application by the user device UD, and/or transmits reference results EV of a genuine version of the application associated with the corresponding identifiers CID of the code segments of the application. In step S27, the user device UD receives the message from the server SRV. If the received message is a kill command the application stops. If reference results EV are transmitted, the application injects the received reference results into the corresponding code segments of the application executable code. In this manner, if the application instance executed by the user device UD is a tampered version, at least some of the injected reference values do not correspond to the runtime check results computed by the integrity checking code sections of the application, and at least some of the operations performed by the application are prevented from being carried out. When the application includes the initialization procedure performing steps S21 to S27, the integrity check code sections of the application can implement steps S1 to S5 of
According to another embodiment, the reference results EV computed in step S23 can alternately be requested by the user device UD to the server SRV and transmitted by the latter. In this case, the reference results do not need to be transmitted to the server in step S24. In addition, steps S25 and S26 do not need to be executed, provided that if the application executed by the user device UD has been tampered with, some of the integrity checks performed by the application would provide a runtime result that does not correspond to the corresponding reference result supplied by the server SRV.
According to an embodiment, steps S7 and S14 are implemented by the server SRV by grouping the data in the messages EMG, CMG received from the user devices executing an instance of the application, to form result sets of integrity check results for each user device, and hence for each instance of the application. Here, each user device is considered as executing a single instance of the application. Then, the server SRV compares the result sets to identify all different result sets and determine an occurrence number for each identified different result set. Each identified different result set corresponds to a respective version of the application that may have instances installed on different user devices. A threshold value is fixed to decide whether an application version is genuine. If the occurrence number of one identified different result set exceeds the threshold value, after a given time from the first reception of the identified different result set, the server SRV decides that the application version corresponding to this identified different result set is genuine. It should be observed that a genuine version of an application is supposed to be deployed on many user devices rapidly, as being supplied by a widely used transmission channel, whereas a fake version of the application can only be deployed slowly on a very small number of user devices.
Sensitive code sections of the application can be implemented using white-box cryptography to make those sections very difficult to be analyzed and modified by hackers, thereby preventing sensitive code section and data of an application from being easily retrieved, analyzed and modified. These code sections can include the initialization procedure (
The user devices P1, P2, P3 can be for instance a mobile phone, a smartphone, a personal computer, a digital tablet or any equipment including or associated with communication and possibly display functionalities, that can execute a program application. The communications networks NT may include Internet Protocol networks, such as the Internet, mobile or cellular networks, wireless networks, and any kind of network that can be used to establish a communication link between a user device and a remote server.
The user device UD can further comprise a secure element SE, such as a secure processor that can be standalone or embedded into a smartcard UICC. The secure processor SE can be for example a SIM (“Subscriber Identity Module”) card, or a USIM (“Universal Subscriber Identity Module”), providing an access to a cellular network. The secure processor SE can include an NFC (“Near Field Communication”) circuit to communicate with a contactless reader. The NFC circuit can be embedded into a SIM card (SIM-NFC) or a UICC card, or into a SoC (“System on Chip”) circuit, or in an external memory card, for example a SD (“Secure Digital”) card. The circuits NIT can include a mobile telecommunication circuit giving access to a mobile cellular network and/or to the Internet network, through the cellular network, and/or a wireless communication circuit (Wi-Fi, Bluetooth™, or any other radio frequency or wireless communication methodology), and/or any other wired or wireless connection circuit that can be linked to a data transmission network such as Internet.
In all embodiments previously disclosed, the user device UD can comprise an embedded protected memory to be used to store the runtime check results CKV, and/or the expected reference results EV received from the server SRV, to be used offline. The protected enclave can also be used to store the error messages EMG in view of being queried later by the server SRV when the user device is online. The communication link between the user device and the protected enclaved can be secured using e.g. encryption based on a secret key only known by a protected (e.g. white-box) part of the application.
According to embodiments, steps S6, S12 and S13 are partially performed by the secure element SE connected to and/or embedded in the user device UD. The secure element SE comprises communication circuits for establishing a secure (encrypted) link with the application AP executed by the processor HP and with a trusted server such as the server SRV.
According to an embodiment, the error message EMG generated in step S6 is first transmitted by the processor HP to the secure element SE through the secure link to be stored in a protected memory of the secure element. When the user device UD and in particular the secure element is online, the secure element SE establishes with the server SRV a secure (encrypted) communication link, and transmits all messages EMG that could have been previously received and stored. After successful transmission of the messages EMG to the server SRV, the secure element SE deletes the stored messages.
According to another embodiment, the secure element SE is configured to receive through a secure link established with the server SRV all the reference results EV that are needed by the application APP to perform the runtime integrity checks injected into the application. For example, in step S12, when the user device is offline, the control messages CMG are transmitted to the secure element SE, for example through a secure link established with the processor HP. The comparison performed in step S13 is carried out by the secure element SE which generate an error message when a received runtime integrity check result CKV[CID] for an integrity check CID does not correspond to the corresponding reference result EV[CID], the error message being later transmitted to the server SRV when the user device UD is online.
The illustrations described herein are intended to provide a general understanding of the structure of various embodiments. These illustrations are not intended to serve as a complete description of all of the elements and features of apparatus, processors and systems that utilizes the structures or methods described therein. Many other embodiments or combinations thereof may be apparent to those of ordinary skills in the art upon reviewing the disclosure by combining the disclosed embodiments. Other embodiments may be utilized and derived from the disclosure, such that structural and logical substitutions and changes may be made without departing from the scope of the disclosure.
| Number | Date | Country | Kind |
|---|---|---|---|
| 19157739 | Feb 2019 | EP | regional |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5991399 | Graunke | Nov 1999 | A |
| 6233687 | White | May 2001 | B1 |
| 6253324 | Field | Jun 2001 | B1 |
| 6681329 | Fetkovich | Jan 2004 | B1 |
| 7080249 | Jakubowski | Jul 2006 | B1 |
| 7587763 | Yodaiken | Sep 2009 | B2 |
| 7739514 | Bangui | Jun 2010 | B2 |
| 7873955 | Sebes | Jan 2011 | B1 |
| 7953391 | Lee | May 2011 | B2 |
| 8239686 | Hodzic | Aug 2012 | B1 |
| 8271803 | Goldsmid | Sep 2012 | B2 |
| 8285999 | Ghose | Oct 2012 | B1 |
| 8364973 | Khosravi | Jan 2013 | B2 |
| 8402520 | Painter | Mar 2013 | B1 |
| 8429469 | Korkishko | Apr 2013 | B2 |
| 8479186 | Jogand-Coulomb | Jul 2013 | B2 |
| 8667555 | Erickson | Mar 2014 | B1 |
| 8782435 | Ghose | Jul 2014 | B1 |
| 8909931 | Noda | Dec 2014 | B2 |
| 9106426 | Schneider | Aug 2015 | B2 |
| 9111099 | Paris | Aug 2015 | B2 |
| 9177153 | Perrig | Nov 2015 | B1 |
| 9536088 | Igotti | Jan 2017 | B1 |
| 9680824 | Rodgers | Jun 2017 | B1 |
| 9703950 | Vandergeest | Jul 2017 | B2 |
| 9710293 | Sahita | Jul 2017 | B2 |
| 9946878 | Djabarov | Apr 2018 | B2 |
| 9953159 | Horne | Apr 2018 | B2 |
| 11245523 | Vilmos | Feb 2022 | B2 |
| 11334664 | Eells | May 2022 | B2 |
| 20020194580 | Ramasamy | Dec 2002 | A1 |
| 20030135740 | Talmor | Jul 2003 | A1 |
| 20030191942 | Sinha | Oct 2003 | A1 |
| 20030204769 | Coughlin | Oct 2003 | A1 |
| 20030226033 | Zinda | Dec 2003 | A1 |
| 20040260980 | Ito | Dec 2004 | A1 |
| 20050210287 | Paatero | Sep 2005 | A1 |
| 20060085645 | Bangui | Apr 2006 | A1 |
| 20060236122 | Field | Oct 2006 | A1 |
| 20070005992 | Schluessler | Jan 2007 | A1 |
| 20070143629 | Hardjono | Jun 2007 | A1 |
| 20070150857 | Korkishko | Jun 2007 | A1 |
| 20070192761 | Sahita | Aug 2007 | A1 |
| 20070285271 | Erlingsson | Dec 2007 | A1 |
| 20080076547 | Bigelow | Mar 2008 | A1 |
| 20080148061 | Jin | Jun 2008 | A1 |
| 20080177998 | Apsangi | Jul 2008 | A1 |
| 20080250502 | Sole | Oct 2008 | A1 |
| 20090138708 | Miyazaki | May 2009 | A1 |
| 20090172814 | Khosravi | Jul 2009 | A1 |
| 20090276857 | Harkness | Nov 2009 | A1 |
| 20090327711 | Goldsmid | Dec 2009 | A1 |
| 20090328164 | Sunder | Dec 2009 | A1 |
| 20100042824 | Lee | Feb 2010 | A1 |
| 20110041003 | Pattar | Feb 2011 | A1 |
| 20110167261 | Fanton | Jul 2011 | A1 |
| 20120151206 | Paris | Jun 2012 | A1 |
| 20120260353 | Raley | Oct 2012 | A1 |
| 20120266209 | Gooding | Oct 2012 | A1 |
| 20120266252 | Spiers | Oct 2012 | A1 |
| 20130086643 | Morgan | Apr 2013 | A1 |
| 20130326215 | Leggette | Dec 2013 | A1 |
| 20140024341 | Johan | Jan 2014 | A1 |
| 20150040224 | Litva | Feb 2015 | A1 |
| 20150052603 | Morgan | Feb 2015 | A1 |
| 20150156024 | De Los Santos | Jun 2015 | A1 |
| 20150205949 | Iskin | Jul 2015 | A1 |
| 20150358334 | Lantz | Dec 2015 | A1 |
| 20160028549 | Yuji | Jan 2016 | A1 |
| 20160055331 | Szczeszynski | Feb 2016 | A1 |
| 20160119344 | Freitas Fortuna dos Santos | Apr 2016 | A1 |
| 20160162669 | Mikhailov | Jun 2016 | A1 |
| 20160239364 | Nam | Aug 2016 | A1 |
| 20160321656 | Rabinovich | Nov 2016 | A1 |
| 20160371496 | Sell | Dec 2016 | A1 |
| 20170085578 | Ha | Mar 2017 | A1 |
| 20170116410 | Wajs | Apr 2017 | A1 |
| 20170255779 | Caklovic | Sep 2017 | A1 |
| 20170256951 | Crespo-Dubie | Sep 2017 | A1 |
| 20170323120 | Anderson | Nov 2017 | A1 |
| 20180150338 | Markello | May 2018 | A1 |
| 20180349575 | Somsikov | Dec 2018 | A1 |
| 20190074962 | Ateniese | Mar 2019 | A1 |
| 20190094371 | Biacs | Mar 2019 | A1 |
| 20190272162 | Couillard | Sep 2019 | A1 |
| 20190296961 | Kang | Sep 2019 | A1 |
| 20190340379 | Beecham | Nov 2019 | A1 |
| 20190349426 | Smith | Nov 2019 | A1 |
| 20200004952 | Rolin | Jan 2020 | A1 |
| 20200007342 | Liem | Jan 2020 | A1 |
| 20200019288 | D'Amore | Jan 2020 | A1 |
| 20200065480 | Gu | Feb 2020 | A1 |
| 20200219096 | Falk | Jul 2020 | A1 |
| 20210385090 | Prasad | Dec 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 2004055634 | Jul 2004 | WO |
| 2009044129 | Apr 2009 | WO |
| Entry |
|---|
| European Search Report for Application No. 19157739.4. dated Aug. 13, 2019, 7 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20200265135 A1 | Aug 2020 | US |
