HardObfuscation - Hardware-assisted software obfuscation for ERM
By weippl - Posted on October 11th, 2010
In order to provide security for sensitive business data (e.g. corporate secrets or individual-related information), strong protection techniques are of growing importance for enterprises. The data-centric approach of Enterprise Rights Management (ERM) makes it the prime candidate for the protection of sensitive information in open system environments where data has to be exchanged between organizations frequently. However, the critical challenge and main market barrier of ERM systems is the implementation of the client. The software has to hide cryptographic keys that allow access to protected documents. Today, ERM clients usually implement software obfuscation techniques, which are susceptible to attacks and cannot be considered secure. Trusted Computing technologies can improve security, but lack compatibility with modern industry standard operating systems. Thus, no satisfactory solution for the implementation of secure ERM clients is known to date.Within this project we plan to develop a novel way of protecting cryptographic keys in software. It relies on software obfuscation that is combined with lightweight hardware. The hardware device neither protects the key directly nor performs any cryptographic functions; we still use software obfuscation to protect keys, but parameterize the obfuscation through data provided by hardware components. This approach can make reverse engineering more difficult and thus prevents the extraction of the cryptographic key. In particular, the aims of this project are (a) to identify software obfuscation techniques that can be assisted by hardware components, (b) to utilize lightweight Physically Unclonable Functions (PUFs) to improve obfuscation and (c) to demonstrate our approach by developing a prototype of an ERM client that is based on our solution of hardware-assisted software obfuscation.