Sign in

Not a member? | Forgot your Password?

Search compdsp

Search tips

Free PDF Downloads

A Quadrature Signals Tutorial: Complex, But Not Complicated

Understanding the 'Phasing Method' of Single Sideband Demodulation

Complex Digital Signal Processing in Telecommunications

Introduction to Sound Processing

C++ Tutorial

Introduction of C Programming for DSP Applications

Fixed-Point Arithmetic: An Introduction

Cascaded Integrator-Comb (CIC) Filter Introduction

Discussion Groups

FFT Spectral Analysis Software

Free Online Books

See Also

Embedded SystemsFPGA

Discussion Groups | Comp.DSP | Protect commercial SW-based service?

There are 48 messages in this thread.

You are currently looking at messages 1 to .


Is this discussion worth a thumbs up?

0

Protect commercial SW-based service? - Rune Allnor - 2009-06-24 08:33:00

Hi folks.

Suppose you have developed an SW-based service that

1) Reduces processing time by >99%
2) Reduces manual interactions ( = personnel salaries,
    training and accomodations costs) by >99%
3) Reduces error rates and product flaws by >99%

compared to present standard procedures. The commercial
idea is to

a) Lease a dedicated computer+SW to customers.
b) Have the computer + SW do its thing as a LAN-based
    'black box'. Clients send data in and recieve end results
    by LAN protocol.
c) Have the clients subscribe to the service, paying annual
    fees, or the computer disables its LAN-based service.

How would you go about protecting the integrity of the
computer + SW?  If the computer is compromised and
the SW hacked, the commercial basis for the service
is gone.

Rune


Re: Protect commercial SW-based service? - Jason - 2009-06-24 12:58:00

On Jun 24, 8:33 am, Rune Allnor <all...@tele.ntnu.no> wrote:
> Hi folks.
>
> Suppose you have developed an SW-based service that
>
> 1) Reduces processing time by >99%
> 2) Reduces manual interactions ( = personnel salaries,
>     training and accomodations costs) by >99%
> 3) Reduces error rates and product flaws by >99%
>
> compared to present standard procedures. The commercial
> idea is to
>
> a) Lease a dedicated computer+SW to customers.
> b) Have the computer + SW do its thing as a LAN-based
>     'black box'. Clients send data in and recieve end results
>     by LAN protocol.
> c) Have the clients subscribe to the service, paying annual
>     fees, or the computer disables its LAN-based service.
>
> How would you go about protecting the integrity of the
> computer + SW?  If the computer is compromised and
> the SW hacked, the commercial basis for the service
> is gone.
>
> Rune

Option (c) would probably be most robust to reverse-engineering of
your software. Would this software be used in a context where users
would have Internet or other network access to a server under your
control? You could perform the actual processing (which I'm assuming
is the sensitive part of the system) on hardware that is entirely
under your control, then use a subscription-based usage model. This
requires you to maintain hardware, manage processing capacity to
accommodate your user load, etc., but it probably exposes the least
information that could be compromised. In my experience, anything that
can be broken/reverse-engineered (i.e. software copy protection, etc.)
will be, if there is enough of an incentive (money) out there to do
so.

Jason


Re: Protect commercial SW-based service? - Jerry Avins - 2009-06-24 13:09:00

Rune Allnor wrote:
> Hi folks.
> 
> Suppose you have developed an SW-based service that
> 
> 1) Reduces processing time by >99%
> 2) Reduces manual interactions ( = personnel salaries,
>     training and accomodations costs) by >99%
> 3) Reduces error rates and product flaws by >99%
> 
> compared to present standard procedures. The commercial
> idea is to
> 
> a) Lease a dedicated computer+SW to customers.
> b) Have the computer + SW do its thing as a LAN-based
>     'black box'. Clients send data in and recieve end results
>     by LAN protocol.
> c) Have the clients subscribe to the service, paying annual
>     fees, or the computer disables its LAN-based service.
> 
> How would you go about protecting the integrity of the
> computer + SW?  If the computer is compromised and
> the SW hacked, the commercial basis for the service
> is gone.

Prevent the customer from having physical access to the computer. (Put 
it inside a safe. The contract awards you adequate compensation for the 
loss of future income if the safe is breached.) Allow only data into and 
results out of the computer via a communication link that doesn't 
support program updates.

There is concern nowadays that terrorists of foreign powers could 
interrupt a nations power grid by hacking into control centers via the 
internet. I think it's criminal that the same network that comes into my 
home is connected to such places. If they are networked at all, it 
should be on separate wires.

Jerry
-- 
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Re: Protect commercial SW-based service? - Rune Allnor - 2009-06-24 13:14:00

On 24 Jun, 18:58, Jason <cincy...@gmail.com> wrote:
> On Jun 24, 8:33 am, Rune Allnor <all...@tele.ntnu.no> wrote:
>
>
>
>
>
> > Hi folks.
>
> > Suppose you have developed an SW-based service that
>
> > 1) Reduces processing time by >99%
> > 2) Reduces manual interactions ( = personnel salaries,
> >     training and accomodations costs) by >99%
> > 3) Reduces error rates and product flaws by >99%
>
> > compared to present standard procedures. The commercial
> > idea is to
>
> > a) Lease a dedicated computer+SW to customers.
> > b) Have the computer + SW do its thing as a LAN-based
> >     'black box'. Clients send data in and recieve end results
> >     by LAN protocol.
> > c) Have the clients subscribe to the service, paying annual
> >     fees, or the computer disables its LAN-based service.
>
> > How would you go about protecting the integrity of the
> > computer + SW?  If the computer is compromised and
> > the SW hacked, the commercial basis for the service
> > is gone.
>
> > Rune
>
> Option (c) would probably be most robust to reverse-engineering of
> your software. Would this software be used in a context where users
> would have Internet or other network access to a server under your
> control? You could perform the actual processing (which I'm assuming
> is the sensitive part of the system) on hardware that is entirely
> under your control, then use a subscription-based usage model.

The problem is that I need to have the HW at the user's site.
What I have in mind will be used offshore, on survey vessels,
and there is just not enough bandwidth off the vessels to
communicate data back and forth. Typical transfer rates are
12 - 24 hours per GByte.

So the question is if it is possible to come up with some
sort of tamper-resistant HW, where the SW is well protected
from network access, and any attempt to physically break the
thing open will leave visible traces.

Rune


Re: Protect commercial SW-based service? - Rune Allnor - 2009-06-24 13:27:00

On 24 Jun, 19:09, Jerry Avins <j...@ieee.org> wrote:
> Rune Allnor wrote:
> > Hi folks.
>
> > Suppose you have developed an SW-based service that
>
> > 1) Reduces processing time by >99%
> > 2) Reduces manual interactions ( = personnel salaries,
> >     training and accomodations costs) by >99%
> > 3) Reduces error rates and product flaws by >99%
>
> > compared to present standard procedures. The commercial
> > idea is to
>
> > a) Lease a dedicated computer+SW to customers.
> > b) Have the computer + SW do its thing as a LAN-based
> >     'black box'. Clients send data in and recieve end results
> >     by LAN protocol.
> > c) Have the clients subscribe to the service, paying annual
> >     fees, or the computer disables its LAN-based service.
>
> > How would you go about protecting the integrity of the
> > computer + SW?  If the computer is compromised and
> > the SW hacked, the commercial basis for the service
> > is gone.
>
> Prevent the customer from having physical access to the computer. (Put
> it inside a safe. The contract awards you adequate compensation for the
> loss of future income if the safe is breached.) Allow only data into and
> results out of the computer via a communication link that doesn't
> support program updates.

That's the general idea, yes. I'm wondering if there are
solutions available for these kinds of things or if I
have to design them from scratch.

> There is concern nowadays that terrorists of foreign powers could
> interrupt a nations power grid by hacking into control centers via the
> internet. I think it's criminal that the same network that comes into my
> home is connected to such places. If they are networked at all, it
> should be on separate wires.

I've seen places where the internal power grid was galvanically
separated from the outside grid: Power from the outside grid
ran an electric motor, which turned a generator, which at last
powered the safe power grid. All of it to protect sensitive
computers.

Rune


Re: Protect commercial SW-based service? - mblume - 2009-06-24 14:21:00

Am Wed, 24 Jun 2009 05:33:58 -0700 schrieb Rune Allnor:

> Hi folks.
> 
> Suppose you have developed an SW-based service that
> 
> 1) Reduces processing time by >99%
> 2) Reduces manual interactions ( = personnel salaries,
>     training and accomodations costs) by >99%
> 3) Reduces error rates and product flaws by >99%
> 
> compared to present standard procedures. The commercial idea is to
> 
> a) Lease a dedicated computer+SW to customers. b) Have the computer + SW
> do its thing as a LAN-based
>     'black box'. Clients send data in and recieve end results by LAN
>     protocol.
> c) Have the clients subscribe to the service, paying annual
>     fees, or the computer disables its LAN-based service.
> 
> How would you go about protecting the integrity of the computer + SW? 
> If the computer is compromised and the SW hacked, the commercial basis
> for the service is gone.
> 
> Rune

You could protect it with an USB dongle that must be present for 
the SW to run like e.g. http://wibu.de/start.php?lang=en 

Personally, I have to say that I don't like dongles. They tend to 
break, get lost and are nuisance to legitimate users, whereas 
illegitimate users will crack your SW and do without. 
Then there are also the cases where HW becomes obsolete (like parallel
port dongles) and legitmate users are out in the rain, because newer 
HW precludes the use of SW. 

But I see the point that a small company wants to protect its business 
by protecting its SW. 

HTH
Martin


Re: Protect commercial SW-based service? - glen herrmannsfeldt - 2009-06-24 14:22:00

Rune Allnor <a...@tele.ntnu.no> wrote:
 
> I've seen places where the internal power grid was galvanically
> separated from the outside grid: Power from the outside grid
> ran an electric motor, which turned a generator, which at last
> powered the safe power grid. All of it to protect sensitive
> computers.

That was usual for, at least, the large IBM S/360 systems,
and I believe also S/370.  A great surge protection system.

-- glen


Re: Protect commercial SW-based service? - glen herrmannsfeldt - 2009-06-24 14:31:00

Rune Allnor <a...@tele.ntnu.no> wrote:
 
< a) Lease a dedicated computer+SW to customers.
< b) Have the computer + SW do its thing as a LAN-based
<    'black box'. Clients send data in and recieve end results
<    by LAN protocol.
< c) Have the clients subscribe to the service, paying annual
<    fees, or the computer disables its LAN-based service.

The is pretty much the model used by Pay-TV systems, though
some times not quite successful.

Also, the cryptographic processors on ATMs and other
remote financial systems.

One system that I know of uses battery backed RAM in a
tamperproof container, such that opening it disconnects
the battery and the RAM loses its contents.  

The usual tradeoff is between cost of the protection system
and cost of that being protected.  (Don't buy expensive
door locks and leave the windows open.)  

It is also the model for "smart cards", which might, for
example, hold the remaining value of the card.  It is
much more difficult to protect against someone with millions
of dollars to spend breaking the card, including using acid
to get through the plastic and probing the silicon with the
system running.  

-- glen


Re: Protect commercial SW-based service? - Vladimir Vassilevsky - 2009-06-24 14:59:00

Rune Allnor wrote:

> Hi folks.
> 
> Suppose you have developed an SW-based service that
> 
> 1) Reduces processing time by >99%
> 2) Reduces manual interactions ( = personnel salaries,
>     training and accomodations costs) by >99%
> 3) Reduces error rates and product flaws by >99%

:)))))  Innovative diet snake oil with 99% less fat.

> compared to present standard procedures. The commercial
> idea is to
> 
> a) Lease a dedicated computer+SW to customers.
> b) Have the computer + SW do its thing as a LAN-based
>     'black box'. Clients send data in and recieve end results
>     by LAN protocol.
> c) Have the clients subscribe to the service, paying annual
>     fees, or the computer disables its LAN-based service.
> 
> How would you go about protecting the integrity of the
> computer + SW?  If the computer is compromised and
> the SW hacked, the commercial basis for the service
> is gone.

The only way is that you position yourself as some kind of authority 
which certifies the data. Unless you approve the transaction, the data 
should not be accepted as valid.


Vladimir Vassilevsky
DSP and Mixed Signal Design Consultant
http://www.abvolt.com


Re: Protect commercial SW-based service? - glen herrmannsfeldt - 2009-06-24 15:17:00

Rune Allnor <a...@tele.ntnu.no> wrote:
(big snip)
 
< How would you go about protecting the integrity of the
< computer + SW?  If the computer is compromised and
< the SW hacked, the commercial basis for the service
< is gone.

Google for cautionary "tamper resistance".  It is a little
old by now, but most of the ideas should still apply.

-- glen


| 1 | | 3 | 4 | 5 |