July 30, 2013
UCLA Researchers Design Software Hackers’ Kryptonite
Lee Rannals for redOrbit.com - Your Universe Online
Researchers from the University of California, Los Angeles (UCLA) have designed a "software obfuscation" system for the very first time.
According to UCLA computer science professor Amit Sahai, the new system puts up an "iron wall," making it impossible for someone to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on a computer. Previous methods for obfuscation created a "speed bump" in which an attacker only needed a few days to reverse-engineer the software.
"The real challenge and the great mystery in the field was: Can you actually take a piece of software and encrypt it but still have it be runnable, executable and fully functional," Sahai said. "It's a question that a lot of companies have been interested in for a long time."
The team said their mathematical obfuscation mechanism can be used to protect intellectual property by preventing the theft of new algorithms and hiding the vulnerability a software patch is designed to repair when the patch is distributed.
"You write your software in a nice, reasonable, human-understandable way and then feed that software to our system," Sahai said. "It will output this mathematically transformed piece of software that would be equivalent in functionality, but when you look at it, you would have no idea what it's doing."
A new type of "multilinear jigsaw puzzle" ensures that attempts to determine why and how the software works will be thwarted with a nonsensical jumble of numbers.
"The real innovation that we have here is a way of transforming software into a kind of mathematical jigsaw puzzle," Sahai said. "What we're giving you is just math, just numbers, or a sequence of numbers. But it lives in this mathematical structure so that these individual pieces, these sequences of numbers, can only be combined with other numbers in very specified ways.
He said no matter how a hacker may look at it, they will not have any idea what it is doing. The only thing someone could do is put it together the way it was meant to interlock.
"If you tried to do anything else -- like if you tried to bash this piece and put it in some other way -- you'd just end up with garbage," Sahai added.
The team will be presenting their paper formally at the 54th annual IEEE Symposium on Foundations of Computer Science.