Protect commercial SW-based service?

Started by Rune Allnor June 24, 2009
Hi folks.

Suppose you have developed an SW-based service that

1) Reduces processing time by >99%
2) Reduces manual interactions ( = personnel salaries,
    training and accomodations costs) by >99%
3) Reduces error rates and product flaws by >99%

compared to present standard procedures. The commercial
idea is to

a) Lease a dedicated computer+SW to customers.
b) Have the computer + SW do its thing as a LAN-based
    'black box'. Clients send data in and recieve end results
    by LAN protocol.
c) Have the clients subscribe to the service, paying annual
    fees, or the computer disables its LAN-based service.

How would you go about protecting the integrity of the
computer + SW?  If the computer is compromised and
the SW hacked, the commercial basis for the service
is gone.

Rune
On Jun 24, 8:33=A0am, Rune Allnor <all...@tele.ntnu.no> wrote:
> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( =3D personnel salaries, > =A0 =A0 training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > =A0 =A0 'black box'. Clients send data in and recieve end results > =A0 =A0 by LAN protocol. > c) Have the clients subscribe to the service, paying annual > =A0 =A0 fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? =A0If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone. > > Rune
Option (c) would probably be most robust to reverse-engineering of your software. Would this software be used in a context where users would have Internet or other network access to a server under your control? You could perform the actual processing (which I'm assuming is the sensitive part of the system) on hardware that is entirely under your control, then use a subscription-based usage model. This requires you to maintain hardware, manage processing capacity to accommodate your user load, etc., but it probably exposes the least information that could be compromised. In my experience, anything that can be broken/reverse-engineered (i.e. software copy protection, etc.) will be, if there is enough of an incentive (money) out there to do so. Jason
Rune Allnor wrote:
> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results > by LAN protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone.
Prevent the customer from having physical access to the computer. (Put it inside a safe. The contract awards you adequate compensation for the loss of future income if the safe is breached.) Allow only data into and results out of the computer via a communication link that doesn't support program updates. There is concern nowadays that terrorists of foreign powers could interrupt a nations power grid by hacking into control centers via the internet. I think it's criminal that the same network that comes into my home is connected to such places. If they are networked at all, it should be on separate wires. Jerry -- Engineering is the art of making what you want from things you can get. &#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;&#2013266095;
On 24 Jun, 18:58, Jason <cincy...@gmail.com> wrote:
> On Jun 24, 8:33=A0am, Rune Allnor <all...@tele.ntnu.no> wrote: > > > > > > > Hi folks. > > > Suppose you have developed an SW-based service that > > > 1) Reduces processing time by >99% > > 2) Reduces manual interactions ( =3D personnel salaries, > > =A0 =A0 training and accomodations costs) by >99% > > 3) Reduces error rates and product flaws by >99% > > > compared to present standard procedures. The commercial > > idea is to > > > a) Lease a dedicated computer+SW to customers. > > b) Have the computer + SW do its thing as a LAN-based > > =A0 =A0 'black box'. Clients send data in and recieve end results > > =A0 =A0 by LAN protocol. > > c) Have the clients subscribe to the service, paying annual > > =A0 =A0 fees, or the computer disables its LAN-based service. > > > How would you go about protecting the integrity of the > > computer + SW? =A0If the computer is compromised and > > the SW hacked, the commercial basis for the service > > is gone. > > > Rune > > Option (c) would probably be most robust to reverse-engineering of > your software. Would this software be used in a context where users > would have Internet or other network access to a server under your > control? You could perform the actual processing (which I'm assuming > is the sensitive part of the system) on hardware that is entirely > under your control, then use a subscription-based usage model.
The problem is that I need to have the HW at the user's site. What I have in mind will be used offshore, on survey vessels, and there is just not enough bandwidth off the vessels to communicate data back and forth. Typical transfer rates are 12 - 24 hours per GByte. So the question is if it is possible to come up with some sort of tamper-resistant HW, where the SW is well protected from network access, and any attempt to physically break the thing open will leave visible traces. Rune
On 24 Jun, 19:09, Jerry Avins <j...@ieee.org> wrote:
> Rune Allnor wrote: > > Hi folks. > > > Suppose you have developed an SW-based service that > > > 1) Reduces processing time by >99% > > 2) Reduces manual interactions ( =3D personnel salaries, > > =A0 =A0 training and accomodations costs) by >99% > > 3) Reduces error rates and product flaws by >99% > > > compared to present standard procedures. The commercial > > idea is to > > > a) Lease a dedicated computer+SW to customers. > > b) Have the computer + SW do its thing as a LAN-based > > =A0 =A0 'black box'. Clients send data in and recieve end results > > =A0 =A0 by LAN protocol. > > c) Have the clients subscribe to the service, paying annual > > =A0 =A0 fees, or the computer disables its LAN-based service. > > > How would you go about protecting the integrity of the > > computer + SW? =A0If the computer is compromised and > > the SW hacked, the commercial basis for the service > > is gone. > > Prevent the customer from having physical access to the computer. (Put > it inside a safe. The contract awards you adequate compensation for the > loss of future income if the safe is breached.) Allow only data into and > results out of the computer via a communication link that doesn't > support program updates.
That's the general idea, yes. I'm wondering if there are solutions available for these kinds of things or if I have to design them from scratch.
> There is concern nowadays that terrorists of foreign powers could > interrupt a nations power grid by hacking into control centers via the > internet. I think it's criminal that the same network that comes into my > home is connected to such places. If they are networked at all, it > should be on separate wires.
I've seen places where the internal power grid was galvanically separated from the outside grid: Power from the outside grid ran an electric motor, which turned a generator, which at last powered the safe power grid. All of it to protect sensitive computers. Rune
Am Wed, 24 Jun 2009 05:33:58 -0700 schrieb Rune Allnor:

> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial idea is to > > a) Lease a dedicated computer+SW to customers. b) Have the computer + SW > do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results by LAN > protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the computer + SW? > If the computer is compromised and the SW hacked, the commercial basis > for the service is gone. > > Rune
You could protect it with an USB dongle that must be present for the SW to run like e.g. http://wibu.de/start.php?lang=en Personally, I have to say that I don't like dongles. They tend to break, get lost and are nuisance to legitimate users, whereas illegitimate users will crack your SW and do without. Then there are also the cases where HW becomes obsolete (like parallel port dongles) and legitmate users are out in the rain, because newer HW precludes the use of SW. But I see the point that a small company wants to protect its business by protecting its SW. HTH Martin
Rune Allnor <allnor@tele.ntnu.no> wrote:
 
> I've seen places where the internal power grid was galvanically > separated from the outside grid: Power from the outside grid > ran an electric motor, which turned a generator, which at last > powered the safe power grid. All of it to protect sensitive > computers.
That was usual for, at least, the large IBM S/360 systems, and I believe also S/370. A great surge protection system. -- glen
Rune Allnor <allnor@tele.ntnu.no> wrote:
 
< a) Lease a dedicated computer+SW to customers.
< b) Have the computer + SW do its thing as a LAN-based
<    'black box'. Clients send data in and recieve end results
<    by LAN protocol.
< c) Have the clients subscribe to the service, paying annual
<    fees, or the computer disables its LAN-based service.

The is pretty much the model used by Pay-TV systems, though
some times not quite successful.

Also, the cryptographic processors on ATMs and other
remote financial systems.

One system that I know of uses battery backed RAM in a
tamperproof container, such that opening it disconnects
the battery and the RAM loses its contents.  

The usual tradeoff is between cost of the protection system
and cost of that being protected.  (Don't buy expensive
door locks and leave the windows open.)  

It is also the model for "smart cards", which might, for
example, hold the remaining value of the card.  It is
much more difficult to protect against someone with millions
of dollars to spend breaking the card, including using acid
to get through the plastic and probing the silicon with the
system running.  

-- glen 

Rune Allnor wrote:

> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99%
:))))) Innovative diet snake oil with 99% less fat.
> compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results > by LAN protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone.
The only way is that you position yourself as some kind of authority which certifies the data. Unless you approve the transaction, the data should not be accepted as valid. Vladimir Vassilevsky DSP and Mixed Signal Design Consultant http://www.abvolt.com
Rune Allnor <allnor@tele.ntnu.no> wrote:
(big snip)
 
< How would you go about protecting the integrity of the
< computer + SW?  If the computer is compromised and
< the SW hacked, the commercial basis for the service
< is gone.

Google for cautionary "tamper resistance".  It is a little
old by now, but most of the ideas should still apply.

-- glen