Attacking an obfuscated cipher by injecting faults
Authors: M. Jacob, D. Boneh, and E. Felten
Abstract:
We study the strength of certain obfuscation techniques used to
protect software from reverse engineering and tampering. We show that
some common obfuscation methods can be defeated using a fault
injection attack, namely an attack where during program execution an
attacker injects errors into the program environment. By observing how
the program fails under certain errors the attacker can deduce the
obfuscated information in the program code without having to unravel
the obfuscation mechanism. We apply this technique to extract a secret
key from a block cipher obfuscated using a commercial obfuscation tool
and draw conclusions on preventing this weakness.
Reference:
In proceedings of the 2002 ACM Workshop on Digital Rights Management
Full paper: PDF [first posted 12/2002 ]