Hi folks. Suppose you have developed an SW-based service that 1) Reduces processing time by >99% 2) Reduces manual interactions ( = personnel salaries, training and accomodations costs) by >99% 3) Reduces error rates and product flaws by >99% compared to present standard procedures. The commercial idea is to a) Lease a dedicated computer+SW to customers. b) Have the computer + SW do its thing as a LAN-based 'black box'. Clients send data in and recieve end results by LAN protocol. c) Have the clients subscribe to the service, paying annual fees, or the computer disables its LAN-based service. How would you go about protecting the integrity of the computer + SW? If the computer is compromised and the SW hacked, the commercial basis for the service is gone. Rune
Protect commercial SW-based service?
Started by ●June 24, 2009
Reply by ●June 24, 20092009-06-24
On Jun 24, 8:33=A0am, Rune Allnor <all...@tele.ntnu.no> wrote:> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( =3D personnel salaries, > =A0 =A0 training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > =A0 =A0 'black box'. Clients send data in and recieve end results > =A0 =A0 by LAN protocol. > c) Have the clients subscribe to the service, paying annual > =A0 =A0 fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? =A0If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone. > > RuneOption (c) would probably be most robust to reverse-engineering of your software. Would this software be used in a context where users would have Internet or other network access to a server under your control? You could perform the actual processing (which I'm assuming is the sensitive part of the system) on hardware that is entirely under your control, then use a subscription-based usage model. This requires you to maintain hardware, manage processing capacity to accommodate your user load, etc., but it probably exposes the least information that could be compromised. In my experience, anything that can be broken/reverse-engineered (i.e. software copy protection, etc.) will be, if there is enough of an incentive (money) out there to do so. Jason
Reply by ●June 24, 20092009-06-24
Rune Allnor wrote:> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results > by LAN protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone.Prevent the customer from having physical access to the computer. (Put it inside a safe. The contract awards you adequate compensation for the loss of future income if the safe is breached.) Allow only data into and results out of the computer via a communication link that doesn't support program updates. There is concern nowadays that terrorists of foreign powers could interrupt a nations power grid by hacking into control centers via the internet. I think it's criminal that the same network that comes into my home is connected to such places. If they are networked at all, it should be on separate wires. Jerry -- Engineering is the art of making what you want from things you can get. �����������������������������������������������������������������������
Reply by ●June 24, 20092009-06-24
On 24 Jun, 18:58, Jason <cincy...@gmail.com> wrote:> On Jun 24, 8:33=A0am, Rune Allnor <all...@tele.ntnu.no> wrote: > > > > > > > Hi folks. > > > Suppose you have developed an SW-based service that > > > 1) Reduces processing time by >99% > > 2) Reduces manual interactions ( =3D personnel salaries, > > =A0 =A0 training and accomodations costs) by >99% > > 3) Reduces error rates and product flaws by >99% > > > compared to present standard procedures. The commercial > > idea is to > > > a) Lease a dedicated computer+SW to customers. > > b) Have the computer + SW do its thing as a LAN-based > > =A0 =A0 'black box'. Clients send data in and recieve end results > > =A0 =A0 by LAN protocol. > > c) Have the clients subscribe to the service, paying annual > > =A0 =A0 fees, or the computer disables its LAN-based service. > > > How would you go about protecting the integrity of the > > computer + SW? =A0If the computer is compromised and > > the SW hacked, the commercial basis for the service > > is gone. > > > Rune > > Option (c) would probably be most robust to reverse-engineering of > your software. Would this software be used in a context where users > would have Internet or other network access to a server under your > control? You could perform the actual processing (which I'm assuming > is the sensitive part of the system) on hardware that is entirely > under your control, then use a subscription-based usage model.The problem is that I need to have the HW at the user's site. What I have in mind will be used offshore, on survey vessels, and there is just not enough bandwidth off the vessels to communicate data back and forth. Typical transfer rates are 12 - 24 hours per GByte. So the question is if it is possible to come up with some sort of tamper-resistant HW, where the SW is well protected from network access, and any attempt to physically break the thing open will leave visible traces. Rune
Reply by ●June 24, 20092009-06-24
On 24 Jun, 19:09, Jerry Avins <j...@ieee.org> wrote:> Rune Allnor wrote: > > Hi folks. > > > Suppose you have developed an SW-based service that > > > 1) Reduces processing time by >99% > > 2) Reduces manual interactions ( =3D personnel salaries, > > =A0 =A0 training and accomodations costs) by >99% > > 3) Reduces error rates and product flaws by >99% > > > compared to present standard procedures. The commercial > > idea is to > > > a) Lease a dedicated computer+SW to customers. > > b) Have the computer + SW do its thing as a LAN-based > > =A0 =A0 'black box'. Clients send data in and recieve end results > > =A0 =A0 by LAN protocol. > > c) Have the clients subscribe to the service, paying annual > > =A0 =A0 fees, or the computer disables its LAN-based service. > > > How would you go about protecting the integrity of the > > computer + SW? =A0If the computer is compromised and > > the SW hacked, the commercial basis for the service > > is gone. > > Prevent the customer from having physical access to the computer. (Put > it inside a safe. The contract awards you adequate compensation for the > loss of future income if the safe is breached.) Allow only data into and > results out of the computer via a communication link that doesn't > support program updates.That's the general idea, yes. I'm wondering if there are solutions available for these kinds of things or if I have to design them from scratch.> There is concern nowadays that terrorists of foreign powers could > interrupt a nations power grid by hacking into control centers via the > internet. I think it's criminal that the same network that comes into my > home is connected to such places. If they are networked at all, it > should be on separate wires.I've seen places where the internal power grid was galvanically separated from the outside grid: Power from the outside grid ran an electric motor, which turned a generator, which at last powered the safe power grid. All of it to protect sensitive computers. Rune
Reply by ●June 24, 20092009-06-24
Am Wed, 24 Jun 2009 05:33:58 -0700 schrieb Rune Allnor:> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99% > > compared to present standard procedures. The commercial idea is to > > a) Lease a dedicated computer+SW to customers. b) Have the computer + SW > do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results by LAN > protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the computer + SW? > If the computer is compromised and the SW hacked, the commercial basis > for the service is gone. > > RuneYou could protect it with an USB dongle that must be present for the SW to run like e.g. http://wibu.de/start.php?lang=en Personally, I have to say that I don't like dongles. They tend to break, get lost and are nuisance to legitimate users, whereas illegitimate users will crack your SW and do without. Then there are also the cases where HW becomes obsolete (like parallel port dongles) and legitmate users are out in the rain, because newer HW precludes the use of SW. But I see the point that a small company wants to protect its business by protecting its SW. HTH Martin
Reply by ●June 24, 20092009-06-24
Rune Allnor <allnor@tele.ntnu.no> wrote:> I've seen places where the internal power grid was galvanically > separated from the outside grid: Power from the outside grid > ran an electric motor, which turned a generator, which at last > powered the safe power grid. All of it to protect sensitive > computers.That was usual for, at least, the large IBM S/360 systems, and I believe also S/370. A great surge protection system. -- glen
Reply by ●June 24, 20092009-06-24
Rune Allnor <allnor@tele.ntnu.no> wrote: < a) Lease a dedicated computer+SW to customers. < b) Have the computer + SW do its thing as a LAN-based < 'black box'. Clients send data in and recieve end results < by LAN protocol. < c) Have the clients subscribe to the service, paying annual < fees, or the computer disables its LAN-based service. The is pretty much the model used by Pay-TV systems, though some times not quite successful. Also, the cryptographic processors on ATMs and other remote financial systems. One system that I know of uses battery backed RAM in a tamperproof container, such that opening it disconnects the battery and the RAM loses its contents. The usual tradeoff is between cost of the protection system and cost of that being protected. (Don't buy expensive door locks and leave the windows open.) It is also the model for "smart cards", which might, for example, hold the remaining value of the card. It is much more difficult to protect against someone with millions of dollars to spend breaking the card, including using acid to get through the plastic and probing the silicon with the system running. -- glen
Reply by ●June 24, 20092009-06-24
Rune Allnor wrote:> Hi folks. > > Suppose you have developed an SW-based service that > > 1) Reduces processing time by >99% > 2) Reduces manual interactions ( = personnel salaries, > training and accomodations costs) by >99% > 3) Reduces error rates and product flaws by >99%:))))) Innovative diet snake oil with 99% less fat.> compared to present standard procedures. The commercial > idea is to > > a) Lease a dedicated computer+SW to customers. > b) Have the computer + SW do its thing as a LAN-based > 'black box'. Clients send data in and recieve end results > by LAN protocol. > c) Have the clients subscribe to the service, paying annual > fees, or the computer disables its LAN-based service. > > How would you go about protecting the integrity of the > computer + SW? If the computer is compromised and > the SW hacked, the commercial basis for the service > is gone.The only way is that you position yourself as some kind of authority which certifies the data. Unless you approve the transaction, the data should not be accepted as valid. Vladimir Vassilevsky DSP and Mixed Signal Design Consultant http://www.abvolt.com
Reply by ●June 24, 20092009-06-24
Rune Allnor <allnor@tele.ntnu.no> wrote: (big snip) < How would you go about protecting the integrity of the < computer + SW? If the computer is compromised and < the SW hacked, the commercial basis for the service < is gone. Google for cautionary "tamper resistance". It is a little old by now, but most of the ideas should still apply. -- glen