On 27 Jun, 00:07, Jerry Avins <j...@ieee.org> wrote:> mblume wrote: > > Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins: > >>>> [dongles to protect SW] > > >> I was an inconvenienced legitimate customer. The dongle broke, and they > >> wouldn't sell me a replacement, even with a trade-in. "Against policy." > > > That's the problem with dongles. Ultimately honest customer are p***d off > > and come close to an undesirable encounter with lawyers. > > Nevertheless, Rune's problem remains: He, a small company, probably the > > only guy in the shop (garage?) against a big company with a lot of vessels > > (and probably more lawyers). They buy one copy, install it on 17 vessels. > > How to prevent that? > > Put it into a pressurized box (without revealing any details) and have > the program in volatile RAM that gets powered down if the pressure > drops. Make it clear that replacement is at the option of the supplier. > If, in the opinion of the supplier, the failure seems due to tampering, > the lease is terminated.I like the idea somebody came up with, about using FPGAs for key computations. Are FPGAs available as standard-format PC cards? I never remeber the acronym - PCIB or something like that. Rune
Protect commercial SW-based service?
Started by ●June 24, 2009
Reply by ●June 26, 20092009-06-26
Reply by ●June 26, 20092009-06-26
Fred Marshall wrote:> Jerry Avins wrote: >> mblume wrote: >>> Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins: >>>>>> [dongles to protect SW] >>>>>> >>>> I was an inconvenienced legitimate customer. The dongle broke, and >>>> they wouldn't sell me a replacement, even with a trade-in. "Against >>>> policy." >>> That's the problem with dongles. Ultimately honest customer are >>> p***d off and come close to an undesirable encounter with lawyers. >>> Nevertheless, Rune's problem remains: He, a small company, probably >>> the only guy in the shop (garage?) against a big company with a lot >>> of vessels (and probably more lawyers). They buy one copy, install >>> it on 17 vessels. How to prevent that? >> Put it into a pressurized box (without revealing any details) and have >> the program in volatile RAM that gets powered down if the pressure >> drops. Make it clear that replacement is at the option of the >> supplier. If, in the opinion of the supplier, the failure seems due >> to tampering, the lease is terminated. >> >> Jerry > > That may be a small price to pay.....Who pays for what? With the program gone, reverse engineering isn't possible. If the program can be recreated from its actions, protection isn't possible. Jerry -- Engineering is the art of making what you want from things you can get. �����������������������������������������������������������������������
Reply by ●June 26, 20092009-06-26
Jerry Avins <jya@ieee.org> wrote:> Put it into a pressurized box (without revealing any details) and have > the program in volatile RAM that gets powered down if the pressure > drops. Make it clear that replacement is at the option of the supplier. > If, in the opinion of the supplier, the failure seems due to tampering, > the lease is terminated.User destroys the first one, but finds the pressure switch. Determines the activation pressure of the switch. Assuming he can't buy another one, arranges with a friend such that the friend buys one. Put box in a pressurized room and open it. Make sure the room pressure is sufficiently high compared to the tolerance on the pressure switch. Countermeasure: Put in both low and high pressure switch, and erase RAM if the pressure is too high or low. Use different pressure levels for different boxes. Counter-Countermeasure. Assume that the box volume is sufficiently large, arrange a small volume box sealed on the outside with a differential pressure meter and the ability to drill a small hole. Once the hole is through, the pressure will equalize, but the additional volume is small enough not to trigger the switch. Raise the room pressure until the differential pressure meter says zero. Open the box. Does anyone remember James Bond's car "theft protection" system in the movie "Live and let Die"? -- glen
Reply by ●June 26, 20092009-06-26
Rune Allnor <allnor@tele.ntnu.no> wrote:> I like the idea somebody came up with, about using FPGAs for > key computations. Are FPGAs available as standard-format PC > cards? I never remeber the acronym - PCIB or something like that.Not from the factory, but there are people who build and sell them in a variety of PC form factors. I have seen them in PCMCIA cards, and also ones that fit into an Opteron socket on a multi-way Opteron box. I presume also PCI and such. -- glen
Reply by ●June 27, 20092009-06-27
On 6/26/2009 3:14 PM, Rune Allnor wrote:> On 27 Jun, 00:07, Jerry Avins<j...@ieee.org> wrote: >> mblume wrote: >>> Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins: >>>>>> [dongles to protect SW] >>>> I was an inconvenienced legitimate customer. The dongle broke, and they >>>> wouldn't sell me a replacement, even with a trade-in. "Against policy." >>> That's the problem with dongles. Ultimately honest customer are p***d off >>> and come close to an undesirable encounter with lawyers. >>> Nevertheless, Rune's problem remains: He, a small company, probably the >>> only guy in the shop (garage?) against a big company with a lot of vessels >>> (and probably more lawyers). They buy one copy, install it on 17 vessels. >>> How to prevent that? >> Put it into a pressurized box (without revealing any details) and have >> the program in volatile RAM that gets powered down if the pressure >> drops. Make it clear that replacement is at the option of the supplier. >> If, in the opinion of the supplier, the failure seems due to tampering, >> the lease is terminated. > > I like the idea somebody came up with, about using FPGAs for > key computations. Are FPGAs available as standard-format PC > cards? I never remeber the acronym - PCIB or something like that. > > RuneFPGAs can be reverse-engineered, too, so all you've done is raise the bar a bit. That's good, since every bit helps, but it's still not going to be completely secure, just harder to crack. And there are ways of "securing" FPGAs, too, it's all just how much pain do you want to deal with to raise the pain level of somebody trying to crack your system. I don't know that adding an FPGA, with associated security, is any better than the usual means of securing software. Are you worried about somebody disassembling and reverse engineering compiled code? I'd think that'd be pretty tough these days. I think the whole lease-maintenance-upgrades agreement thing is a good way to do it. You keep the customer by providing support, maintenance, and upgrade service as part of the contract, and you price that appropriately so that it's more in their interest to pay you than it is to try to reverse engineer it and do something themselves. If the relationship is good they'll also be motivated to help protect your IP as being yours.
Reply by ●June 27, 20092009-06-27
Eric Jacobsen <eric.jacobsen@ieee.org> wrote: (snip) < FPGAs can be reverse-engineered, too, so all you've done is raise the < bar a bit. That's good, since every bit helps, but it's still not < going to be completely secure, just harder to crack. They can be, but it should be somewhat harder than other solutions. Well, you need one with encrypted configuration stream. I believe that a key is built into the chip, such that the configuration data is individually encrypted. I don't know how well the key is protected against probing the silicon, though. Even when you have the unencrypted bit stream, converting back to a logic diagram is pretty difficult. < And there are ways of "securing" FPGAs, too, it's all just how much pain < do you want to deal with to raise the pain level of somebody trying to < crack your system. I don't know that adding an FPGA, with associated < security, is any better than the usual means of securing software. Well, it would help to put part of the actual algorithm into the FPGA, not just use it as a new form of dongle. Though the usual reason for FPGA implementations of algorithms is speed, security could be another. < Are you worried about somebody disassembling and reverse engineering < compiled code? I'd think that'd be pretty tough these days. In general, yes. But there is little protection against just cloning the device. Also, disassembling just to find the details of the algorithm may be somewhat easier than complete reverse engineering. (Assuming one is going for trade secret and not patent protection.) One could, for example, run the software on an emulation system and find where it spends most of its time. That would make it easier to find the important parts to disassemble. (Not that I have done that, but it makes some sense.) -- glen
Reply by ●June 28, 20092009-06-28
On 27 Jun, 20:11, Eric Jacobsen <eric.jacob...@ieee.org> wrote:> > I like the idea somebody came up with, about using FPGAs for > > key computations. Are FPGAs available as standard-format PC > > cards? I never remeber the acronym - PCIB or something like that. > > > Rune > > FPGAs can be reverse-engineered, too, so all you've done is raise the > bar a bit. � That's good, since every bit helps, but it's still not > going to be completely secure, just harder to crack.Not just harder. There are a couple of addede benefits, from the SW's owner's point of view, compared to 'pure' software: - A cracker needs access to a physical device - A cracker must leave physical traces of his actions Which means that the owner has a totally different way to keep track of the integrity of the SW: Only a limited set of people have access to the physical device. The lease means that the physical devices are replaced by the owner every now and then, and penalty clauses are activated if traces of tampering can be found on the devices. Sure, it's not perfect, but there are enough practical limitations to the procedure that arbitrary users are put off. Rune
Reply by ●June 28, 20092009-06-28
Rune Allnor wrote: Rune, The standard way is getting a patent and licensing it to some fat company.> There are a couple of addede benefits, > from the SW's owner's point of view, compared to 'pure' > software:So the business is about selling the custom made hardware "accelerator"; something that they can't just buy of the shelf. That might work for some time. BTW, long while ago I tried to protect the software by doing not very obvious calculations essential for the program operation in the external 8051. There was also some obfuscation. It was hacked off not within a year. Hacked conceptually; not by reading the protected chip. Funny thing I met the hacker in person many years after; here in US. One more trick: keeping a part of the code in a battery powered RAM. If they connect a JTAG or something, it is likely to corrupt the code. Also, you can size the battery so it will discharge by itself within a year; so the customer will have to go to you for the "service renewal".> > - A cracker needs access to a physical device > - A cracker must leave physical traces of his actionsWhat prevents your competition from doing the same functional thing as yours from the scratch? If they know the working concept, implementing the same thing shouldn't be the very big problem.> Which means that the owner has a totally different way > to keep track of the integrity of the SW: Only a limited > set of people have access to the physical device. The > lease means that the physical devices are replaced by > the owner every now and then, and penalty clauses are > activated if traces of tampering can be found on the > devices. > > Sure, it's not perfect, but there are enough practical > limitations to the procedure that arbitrary users are > put off.Non technical problems can't be helped by any technical means. Vladimir Vassilevsky DSP and Mixed Signal Design Consultant http://www.abvolt.com
