ERIC: An Efficient and Practical Software Obfuscation Framework

Alperen Bolat, Seyyid Hikmet Celik, Ataberk Olgun, Oguz Ergin, Marco Ottavi

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)
78 Downloads (Pure)

Abstract

Modern cloud computing systems distribute software executables over a network to keep the software sources, which are typically compiled in a security-critical cluster, secret. However, these executables are still vulnerable to reverse engineering techniques that can extract secret information from programs (e.g., an algorithm, cryptographic keys), violating the IP rights and potentially exposing the trade secrets of the software developer. Malicious parties can (i) statically analyze the disassembly of the executable (static analysis) or (ii) dynamically analyze the software by executing it on a controlled device and observe performance counter values or exploit side-channels to reverse engineer software (dynamic analysis).We develop ERIC, a new, efficient, and general software obfuscation framework. ERIC protects software against (i) static analysis, by making only an encrypted version of software executables available to the human eye, no matter how the software is distributed, and (ii) dynamic analysis, by guaranteeing that an encrypted executable can only be correctly decrypted and executed by a single authenticated device. ERIC comprises key hardware and software components to provide efficient software obfuscation support: (i) a hardware decryption engine (HDE) enables efficient decryption of encrypted hardware in the target device, (ii) the compiler can seamlessly encrypt software executables given only a unique device identifier. Both the hardware and software components are ISA-independent, making ERIC general. The key idea of ERIC is to use physical unclonable functions (PUFs), unique device identifiers, as secret keys in encrypting software executables. Malicious parties that cannot access the PUF in the target device cannot perform static or dynamic analyses on the encrypted binary.We develop ERIC's prototype on an FPGA to evaluate it end-to-end. Our prototype extends RISC-V Rocket Chip with the hardware decryption engine (HDE) to minimize the overheads of software decryption. We augment the custom LLVM-based compiler to enable partial/full encryption of RISC-V executables. The HDE incurs minor FPGA resource overheads, it requires 2.63% more LUTs and 3.83% more flip-flops compared to the Rocket Chip baseline. LLVM-based software encryption increases compile time by 15.22% and the executable size by 1.59%. ERIC is publicly available and can be downloaded from https://github.com/kasirgalabs/ERIC.

Original languageEnglish
Title of host publicationProceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
Place of PublicationPiscataway, NJ
PublisherIEEE
Pages466-474
Number of pages9
ISBN (Electronic)978-1-6654-1693-1
ISBN (Print)978-1-6654-1694-8
DOIs
Publication statusPublished - 2022
Event52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 - Baltimore, United States
Duration: 27 Jun 202230 Jun 2022
Conference number: 52

Publication series

NameProceedings - Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
PublisherIEEE
Volume2022
ISSN (Print)1530-0889
ISSN (Electronic)2158-3927

Conference

Conference52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
Abbreviated titleDSN 2022
Country/TerritoryUnited States
CityBaltimore
Period27/06/2230/06/22

Keywords

  • Hardware authentication
  • Software obfuscation
  • Trusted execution
  • 22/3 OA procedure

Fingerprint

Dive into the research topics of 'ERIC: An Efficient and Practical Software Obfuscation Framework'. Together they form a unique fingerprint.

Cite this