=Paper=
{{Paper
|id=Vol-3200/paper32
|storemode=property
|title=Possibilities of Using Watermarks to Protect Software Code
|pdfUrl=https://ceur-ws.org/Vol-3200/paper32.pdf
|volume=Vol-3200
|authors=Vadym Poddubnyi,Roman Gvozdev,Oleksandr Sievierinov,Oleksandr Fediushyn
}}
==Possibilities of Using Watermarks to Protect Software Code ==
https://ceur-ws.org/Vol-3200/paper32.pdf
Possibilities of Using Watermarks to Protect Software Code
Vadym Poddubnyi1, Roman Gvozdev2, Oleksandr Sievierinov3, Oleksandr Fediushyn4
1,2,3,4
Kharkiv National University of Radio Electronics, 14 Nauky Ave, Kharkiv, 61166, Ukraine.
Abstract
This paper considers methods for software code protection from modifying and illegal
distribution. Including methods based on digital watermarks, and zero digital signs. One of
the promising methods of program code protection is the KeySplitWatermark method. The
paper considers it and the possibility of modernization.
Keywords
Watermarks, software, zero watermarks, KeySplitWatermark.
Copy
software
1. Introduction Software
User
Copy
Developer
software
Malefactor
The problem of software protection from User
Software Software
attackers appeared with the advent of the first Malicious
commercial program. Despite the modernization Developer Malefactor
code
User
of software development, delivery, and integrity
А В D E
facilities, the annual cost of distributing C B
unlicensed software is approximately $46.3 Developer Malefactor User
billion. Although in recent years the percentage of Figure 1. Possible software attacks
unlicensed software in the world has decreased
from 39% to 37%, the problem of protecting
software code and programs in general will 2. Methods of program code
remain relevant. This problem is especially protection
important for the post-Soviet space, so in Ukraine
the percentage of unlicensed software is 82%, in To reduce the loss from unlicensed distribution
Russia 62% and in Belarus 82%, which is similar and embedding malicious elements in the program
to the indicators of developing countries in Africa code, software developers are forced to use a
(Nigeria 80%, Kenya 74%, Zambia 80% ) [1]. variety of protections.
It should be noted that not only unlicensed Some of the most common methods of
distribution can cause damage, attackers can software removal are:
embed malicious elements in the program, use 1. Adding program code to prevent intrusions;
separate modules of the program, etc. (Figure 1). 2. Obfuscation of the program code;
1
3. Digital watermarks [2].
Obfuscation - is the process of code
reorganization, primarily aimed at complicating
III International Scientific And Practical Conference “Information
Security And Information Technologies”, September 13–19, 2021,
Odesa, Ukraine
EMAIL: vadym.poddubnyi@nure.ua (A. 1);
roman.hvozdov@nure.ua (A. 2); oleksandr.sievierinov@nure.ua
(A. 3), oleksandr.fediushyn@nure.ua (А. 4)
ORCID: 0000-0002-4380-491X (A.1); 0000-0002-5408-943X
(A.2); 0000-0002-6327-6405 (A.3); 0000-0002-3600-405X (A.4)
©️ 2021 Copyright for this paper by its authors. Use permitted under Creative
Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
�the disassembly of software code by an attacker. Digital watermarks are special secret messages
It involves modifying a program, or adding code that are embedded in the program code or program
to a program to increase its complexity. data, they serve to confirm the authorship and
The main methods of obfuscation: preserve the integrity of the data.
• Formatting transformations that change only Since its inception, digital watermarks have
the appearance of the program. This group been commonly used for multimedia data
includes conversions that delete comments, embedded in various signal characteristics
indents in program text, or rename IDs. (frequency, brightness, color, etc.). However,
• Transform data structures that change the over time, digital watermarks began to be used to
data structures that the program works with. protect software.
This group includes, for example,
transformations that change the hierarchy of 3. Watermark type
class inheritance in a program, or
transformations that combine scalar variables
According to the methods of embedding in the
of the same type into an array.
program code, digital watermarks are divided into
• Convert a program's control flow to change static and dynamic. Static watermarks are
the structure of its control flow graph, such as embedded in program code or data as opposed to
sweeping loops, selecting code snippets into dynamic ones, which store the watermark during
procedures, and more. program execution. [4]
• Preventive transformations that target certain According to their characteristics, digital
decompilation methods or use bugs in certain watermarks are divided into:
decompilation tools. • Fragile. Digital watermarks that are
The downside of obusfuscation is the impossible to detect, with the slightest
complexity of the development process and modification. Used to control integrity;
modernization of software, and the software after
• Semi-fragile. Digital watermarks that can
obusfuscation may be more complex and slower
withstand some changes in the carrier digital
[3].
watermark. Is used to detect an attack;
To ensure the integrity of the software,
• Reliable. Watermarks are resistant to all
developers add to the programs special modules
types of attacks. Used for authentication and
that to check software integrity. Such code blocks
authentication.
check the hash values of the program and its
There are various types of embedding digital
components, encrypt and decrypt the program
watermark in the program, the most common of
code, or monitor the status of the program
which are:
(respond to incorrect data or commands, etc.).
1. Replacement of the code;
To protect the program from hacking, you need
2. Replacement of code logic;
to make sure that it "works as intended" even if
3. QP algorithm;
attacker tries to interrupt, control or change the
4. QPS algorithm;
execution of the program code.
5. Digital watermark on the basis of graphs.
It should be noted that this is different from
The downside of digital signs is that the digital
obfuscation, where the goal is to make it more
watermark increases the size of the program.
difficult for an attacker to understand and read the
Static watermarks cannot fully protect data and
program.
require additional protection methods [4].
The disadvantages of this method are the
Watermarks and protection against
increase in the number of resources for the
unauthorized access are also related. In fact, if
operation of the program, as it requires additional
perfect protection against unauthorized access
resources of the protection module. Such modules
were available, it would be easy to add
may also conflict with other software. Also, such
watermarks, watermarks should be combined with
modules can interfere with the operation of parts
any trivial algorithm to protect against
of the program or other programs.
unauthorized access, and an attacker would not be
In practice, the line between protection against
able to find or destroy the tag. Precisely because
unauthorized access and obfuscation is blurred: a
there is no perfect protection against unauthorized
program that is more difficult to understand
access, you need to worry about masking
because it has been confusing will also be more
watermarks.
difficult to modify and attack.
� It is assumed that an attacker who can find a Developer User
watermark will also be able to change the program Software
Key
Embedded
software
to destroy the sign [5]. A graphical representation Key
of the digital watermark is shown in Figure 2.
51 24 44 87 51 24 44 87
Developer User
43 52 7 12 43 52 7 12
Bit File
Bind
Key 69 43 1 75 69 43 1 75
52 24 33 14 52 24 33 14
Watermark Key Key Figure 3. Graphical representation of the zero
digital watermark
Key
Key Watermark
Zero digital watermarks are widely used in
medicine [6] [7] to protect patient data, but zero
Watermark Key digital signs can also be used to protect software.
One example of zero digital watermark
algorithms for program code protection is the
Software algorithm considered by KeySplitWatermark [8].
Figure 2. Graphic representation of a digital There are also algorithms for fragile digital
watermark watermarks to protect the database from
modifications [9].
4. Zero digital watermark These algorithms use statistical data and
asymmetric encryption using a certification
authority to generate digital watermarks. The
One of the methods of solving the problems of characteristics of this type of digital watermarks
digital watermarks is "zero watermarks". indicate the prospects for their use to protect
A traditional digital watermark hides software code from unauthorized changes or from
information about the owner or creator of an unlicensed distribution.
object or objects group of objects somewhere
inside that object. This hidden information can
later be used for many purposes: maintaining 5. KeySplitWatermark Algorithm
integrity, detecting intentional or accidental
interference, protecting data copyright, etc. KeySplitWatermark algorithm is presented by
Zero watermarks, unlike "normal" digital a group of developers from different universities
watermarks, are not embedded in program code. around the world such as China, Pakistan, India
Program, data, or code structure is used to and others. KeySplitWatermark is a new approach
generate a null character. based on a blind zero watermark to protect
Also, one of the advantages of zero digital software source code from cyberattacks.
characters is that they are resistant to compression KeySplitWatermark first analyzes the program
of the embedded object. code to determine the keywords, and then divides
Graphical representation of the zero digital the code into sections based on the selected
sign is shown in Fig. 3. keyword. The algorithm generates a unique key
using keywords and the program code itself. If
you have any copyright concerns in the future, you
can use this key to verify ownership. The
implementation algorithm does not make any
changes to the program code to create
watermarks, and the extraction algorithms do not
require the use of watermarks as input, which
makes it blind (zero digital sign).
The watermark algorithm consists of two
components; embedding and removing
�watermarks. Watermark embedding is performed Claimer Buyer
by the original owner of the software, and removal
is later performed by a trusted third party. Bind Inquiry
Cipher
In this algorithm, the program code is first pre- Algorithm Model
processed to identify the ten most common
characters and the five most common keywords.
It is then divided into sections based on the user- Parameter
Fail
Evaluation Valid File?
selected keyword KeySplitWatermark, in which
the implementation algorithm accepts the
following input:
• Source code: The source code of the software Watermark F
Key
to which the watermarks should be applied. Verification
• Cipher: a numeric value that will be used in
the key generation process.
• Watermark: ASCII character group.
The implementation algorithm generates the Pass Safe Software
owner key as the output. This key is written to the
Figure 4. Graphical representation of the
certificate authority and then used to remove the
KeySplitWatermark algorithm
watermark (if necessary). The extraction
algorithm accepts the following input data:
It is impossible to destroy a watermark without
• Attacked code file: A program code file that
a significant change in the code, and if any
has been modified or used illegally as a
changes occur in the code, the source code is
copyright infringement.
restored. The results of research conducted by the
• Owner key: It is obtained from the
authors prove that KeySplitWatermark is reliable,
certification authority to identify the original
secure and efficient with minimal computational
owner
requirements.
The certificate authority is a requirement of
The results of research conducted by the
this algorithm that registers content to the
authors prove that KeySplitWatermark is reliable,
copyright owner. When an attack is suspected, this
secure and efficient with minimal computational
trusted third party removes the watermarks and
requirements (Table 1)[8].
provides the original code of the recovery
To evaluate the reliability of
software if a counterfeit is detected. The fake code
KeySplitWatermark, developers of the algorithm
is replaced by the original code, which makes the
used ASProtect, Upx and Aspack to attack the
actions of the attacker invalid.
program with watermarks and check the
The graphical representation of the algorithm
correctness of the removed watermark. The results
is shown in Figure 2.
of the experiment are shown in Table 2.
The watermark can be properly removed after
encryption, shelling, and watermark compression
attacks. The initial semantics of the program are
preserved, although various attacks are carried
out.
The algorithm is promising, has potential and
requires detailed analysis and study [8]. Since the
algorithm is new, the following vectors of
research and modernization are offered as
improvements:
1. Use Unicode instead of ASCII to generate
keywords;
2. Parse program code with keyword pairs to
increase the number of code split
combinations;
3. National algorithms for certificate authority.
� Switching to Unicode is suggested to The use of national algorithms (such as DSTU
potentially increase the languages to use and 7624 [10], DSTU 4145[11], DSTU 7564[12]) can
increase the length of the keywords generated. improve the stability of the algorithm.
The use of keyword pairs should expand the A promising task is to create a certification
variability of the choice and potentially increase center for the use of the KeySplitWatermark
the stability of the algorithm. It is also proposed to algorithm and its testing.
increase the number of keywords for the same
purpose.
Table 1
Comparative Results for Increase in the size of the Watermarked Code and in Execution Time for
Crptoencryption With 31KB File
Watermark Increase in program Increase in program Execution Execution time
length (bit) (KB) KeySplitWatermark time(ms) KeySplitWatermark
128 18 0 23 18
256 34 0 40 32
512 67 0 45 39
1024 130 0 123 105
Table 2
Attacks and results 7. References
Tool Attack Extraction Extraction
Mode KeySplit [1] Business Software alliance, Software
Watermark Management: security imperative, business
ASProt Encrypts 100% 100% opportunity, 2018.
ect program [2] Christian S. Collberg, Clark Thomborson
UPX Conducts 100% 100% Watermarking, Temper-Proofing, and
code Obfuscation – Tools for Software Protection,
compressio 2000.
n [3] Чернов А. В., Анализ запутывающих
Aspack Used to 100% 100% преобразований программ, 2003, URL:
http://citforum.ru/security/articles/analysis/.
shell the
[4] James Hamilton, Sebastian Danicic
program
Department of Computing, Goldsmiths,
University of London United Kingdom, A
6. Conclusions Survey of Static Software Watermarking,
URL: https://www.researchgate.net
This paper provides a brief overview of /publication/224229798_A_survey_of_static
methods for protecting software code from _software_watermarking.
modification and distribution. One such method is [6] Aleš Roček, corresponding author Michal
digital watermarks. This method has many Javorník, Karel Slavíček, and Otto Dostál,
disadvantages, but they have been eliminated with Zero Watermarking: Critical Analysis of Its
the advent of a new type of digital watermarks - Role in Current Medical Imaging, URL:
zero digital watermarks. https://www.ncbi.nlm.nih.gov/pmc/articles/
One of the promising methods of zero digital PMC7886926/.
sign is KeySplitWatermark. To improve the [7] Zulfiqar Ali, Muhammad Imran, Mansour
characteristics, its modernization and further Alsulaiman, Tanveer Zia, Muhammad
research are proposed. It is also proposed to study Shoaib, A Zero-Watermarking Algorithm for
and use it together with national algorithms Privacy Protection in Biomedical Signals.
(DSTU 7624, DSTU 4145, DSTU 7564) and [8] Celestine Iwendi, Zunera Jalil,
certification authority. KeySplitWatermark: Zero Watermarking
Algorithm for Software Protection Against
Cyber-Attacks, 2020, URL:
� https://ieeexplore.ieee.org/document/906821
7/references#references.
[9] Aihab Khan, Syed Afaq Husain, A Fragile
Zero Watermarking Scheme to Detect and
Characterize Malicious Modifications in
Database Relations, 2013,
URL:https://hindawi.com/journals/tswj/201
3/796726/.
[10] National standard of Ukraine, Information
technologies. Cryptographic information
protection. Symmetric block transformation
algorithm DSTU 7624: 2014.
[11] National standard of Ukraine, Cryptographic
information protection, Based digital
signature on elliptical curves. formation and
verification DSTU 4144-2002.
[12] National standard of Ukraine, Cryptographic
information protection. Hashing function
DSTU 7564: 2014.
�