Publication Date

2010

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

Abstract

Software activation is an anti-piracy technology designed to verify that software products have been legitimately licensed [1]. It is supposed to be quick and simple while simultaneously protecting customer privacy. The most common form of software activation is through the entering of legitimate product serial numbers by users, which sometimes are also known as product keys. This technique is employed by various software, from small shareware programs to large commercial programs such as Microsoft Office. However, software activation based on a serial number appears to be weak, as various cracks for a majority of programs are available and can be found easily on the Internet. Users can use such cracks to bypass the software activation. Generally, the verification logic for checking a serial number executes sequentially in a single thread. Such an approach is weak because attackers can effectively trace this thread from the beginning to the end to understand how the verification logic works. In this paper, we develop a practical multi-threaded verification design. We breakdown the checking logic into smaller pieces and run each piece within a separate thread. Our results show that the amount of traceable code in a debugger is reduced to a low percentage of the code -- especially when junk threads with deadlocks are used -- and the traceable code in each run can differ as well. This makes it more difficult for an attacker to reverse engineer the code and bypass any security check. Finally, we attempt to quantify the increased effort necessary to break out verification logic.

Share

COinS