Attacking an obfuscated cipher by injecting faultsAuthors: M. Jacob, D. Boneh, and E. Felten
We study the strength of certain obfuscation techniques used to protect software from reverse engineering and tampering. We show that some common obfuscation methods can be defeated using a fault injection attack, namely an attack where during program execution an attacker injects errors into the program environment. By observing how the program fails under certain errors the attacker can deduce the obfuscated information in the program code without having to unravel the obfuscation mechanism. We apply this technique to extract a secret key from a block cipher obfuscated using a commercial obfuscation tool and draw conclusions on preventing this weakness.
In proceedings of the 2002 ACM Workshop on Digital Rights Management
Full paper: PDF [first posted 12/2002 ]