Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F15/00—Digital computers in general; Data processing equipment in general
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/60—Protecting data
  • G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/44—Program or device authentication
  • G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs

Definitions

• the invention relates to so tware tamper resistance . More particularly, the invention provides a method and apparatus for establishing a Secure Authenticated Channel between two software modules on a system.
• SDMI Secure Digital Music Initiative
• one manufacturer might produce an electronic music distribution system that allows the secure downloading of music over the Internet, like the IBM Electronic Media Management System TM.
• a second manufacturer might produce software supporting a secure flash memory music player, like the Sony Memory Stick Walkman TM. The consumer would like the music he has purchased and downloaded to be placed on his flash memory music player.
• FIG. 1 illustrates a Secure Authenticated Channel (100) which comprises at least two modules (102, 104) loaded into memory on the same machine (106) .
• modules are created by different vendors and communicate which each other using their public APIs.
• SDMI requires a mechanism of authentication and a mechanism to secure the communication between these two modules - the Secure Authenticated Channel .
• FIG. 2 illustrates the security contents (200) of a prior art software architecture that have been designed in response to SDMI requirements .
• the software module contains a public key certificate (202) , a public key (204) and a private key (206) .
• the SAC is implemented as follows:
• Each module is responsible for its own integrity.
• Each module has a standard public-key certificate (202) that certifies its public key (204) .
• Each module has a private key (206) which it must keep secret.
• a standard public-key protocol is used to establish a session key between the modules .
• Subsequent data and control passed between the modules is encrypted with a session key (not shown in FIG. 2) to prevent illegal tampering with the data, or eavesdropping.
• the invention provides a method for peer to peer authentication of a software module on a single machine, the method comprising the steps of; determining a protected range of addresses that a software module occupies; verifying the integrity of code in said protected range; and verifying that all function calls performed by that module originate from and return to that range.
• An improved system and method for controlling distribution of software is preferably provided that enables the modules to distinguish between authorized and unauthorized modules .
• the invention preferably provides a new Secure Authenticated Channel or SAC.
• the strength of this protocol is that each module, rather than being responsible for its integrity, is responsible for the integrity of other modules.
• the fundamental weakness of a software communication protocol is that both implementations of the SAC are visible to each other and to an attacker. Therefore, the invention preferably converts what would be a weakness into a strength.
• the invention is implemented in accordance with a preferred embodiment firstly by each software manufacturer examining their module and determining the range of addresses in memory which the module occupies. A decision is made about which ranges of addresses in memory should not be allowed to be patched by hackers. Such a range is called a protected area. Typically, the protected area contains all the program code of the module, and some of the data necessary to accomplish the functions of the program code.
• the other manufacturers preferably do the same with their own modules.
• the modules In order to effect a secure communication channel between two modules, the modules, according to one preferred embodiment of the present invention, first pass each other the signatures previously produced. This can happen when the modules are actually run in the field, because the signatures are not secret .
• each module contains copies of the signatures of the other modules that it expects to communicate with during actual run in the field.
• each module checks that the other module has not been patched by verifying the digital signature, such as with respect to the address range of the other module .
• each module when it is called preferably verifies that it was called from within the protected area of the other module.
• a module makes sure that the function it intends to call is in fact within the protected area of the target module.
• the invention provides a computer readable medium comprising instructions for peer to peer authentication of a software module on a single machine, the computer readable medium comprising instructions for: determining a protected range of addresses that a software module occupies ; verifying the integrity of code in said protected range; and verifying that all function calls performed by that module originate from and return to that range.
• the invention provides a system for peer to peer authentication of a software module on a single machine, the system comprising: a determination unit for determining a protected range of addresses that a software module occupies; a verification unit for verifying the integrity of code in said protected range; and a second verification unit for verifying that all function calls performed by that module originate from and return to that range .
• FIG. 1 illustrates a Secure Authenticated Channel (100) implemented on a single machine as found in the prior art .
• FIG. 2 illustrates the security contents (200) of a software module as described in the prior art SDMI specification.
• FIG. 3 is a flow diagram (300) for generation of module signatures in accordance with a preferred embodiment of the present invention.
• FIG. 4 is a flow diagram (400) showing the improved software module peer to peer integrity checking in accordance with a preferred embodiment of the present invention.
• FIG. 5 illustrates the memory space (500) of a computer system including the space occupied by a software module including a protected area.
• the embodiment comprises a method of verifying the integrity of a computer program code module within a computer to detect tampering or substitution of the module, and thus to prevent hacking of the program module.
• each program module is responsible for the verification of the integrity of the other program code modules.
• independent peer modules check each other without a master-slave relationship .
• the embodiment of the present invention provides a new Secure Authenticated Channel or SAC.
• SAC Secure Authenticated Channel
• the strength of this protocol is that each module, rather than being responsible for its integrity, is responsible for the integrity of other modules.
• a traditionally fundamental weakness of a software communication protocol is now turned into a strength in that both sides of the SAC are visible to each other and to other parties, including even an attacker.
• FIG. 3 comprises a flow diagram (300) illustrating a preferred embodiment of the present invention for generation of module signatures .
• each software manufacturer either manually or automatically examines their module and determines the range of addresses (302) in memory which the module occupies .
• a determination is made about which ranges of addresses in memory should be kept intact (304) because of the potential for damaging attacks by hackers.
• a determination is made about which ranges of addresses in memory comprises the main functionality of the module.
• This range includes all outgoing calls to other modules which make use of the SAC.
• Such a range is called a protected area.
• the protected area contains all the program code of the module, and some of the data necessary to accomplish the functions of the program code .
• each manufacturer delivers the range of addresses describing the protected area and a known good version of their module (306) to every other manufacturer they want to interoperate with.
• the other manufacturers return digital signatures (308) on the protected area.
• the signatures are preferably generated by hashing the entire protected area and using that hash for a digital signature .
• these digital signatures are stored in the first manufacturer's module (310) as supplied by the other manufacturers of the other modules and the amended software module is forwarded back to the manufacturer of the software module.
• the range of addresses is stored in the first manufacturer's module. This is so that it is possible to correctly verify the signature, and determine the entry points of the calling and called routines.
• the SAC preferably directs a module to reveal its exported entry points and its signed area. All of the preceding steps preferably occur at manufacturing time and before the modules have been deployed in the field.
• the other manufacturers do the same with their own other modules .
• FIG. 4 illustrates the invention according to a preferred embodiment in a flow diagram (400) showing improved software module peer to peer integrity checking.
• a description of the basic operation of the integrity checking will be described.
• each module checks (404) that the other module has not been patched.
• the signature is based on the hash of the code in the specified address ranges.
• the signature, the address ranges and the available APIs are permanently stored in each module and are retrieved for signature verification. During verification, the hash on the specified address range is recalculated.
• the modules each further verify that, all the entry points in the other module they intend to call are in fact within the protected area of the other module. In order to accomplish this, every module retrieves the other module's protected area - for example by having that information built in or by dynamically querying the other module. If they are not verified as being authentic modules then the process terminates. Otherwise, in the event that both modules are verified (406) as being trustworthy, the modules now can call each other freely (408) .
• each module when it is called preferably verifies that it was called from within the protected area of the other module (410) . If the calling module is not calling from its protected area then the process terminates. Otherwise, if called from the protected area of the other module, then communication continues (412) between the modules to accomplish a task. Therefore, any attempt to attack the software modules is defeated.
• a called module determines that a ' calling module is calling from the protected area address space by the following process. Every function call depends on a return address being left on a stack. This is how a function returns to a caller. As a consequence, that return address is used to make sure that the caller is within the specified protected area. In other words, module B can make sure that it is called by module A only from within the address range that module B verified during the initial signature verification piocess. This is shown in FIG. 5.
• FIG. 5 illustrates the memory space (500) of a computer system including the space occupied by a software module including a protected area in accordance with a preferred embodiment of the present invention.
• the software module comprises a code space defined by (504) and (506) for example.
• the module contains a protected area (506) that defines an address range that must be protected against being patched by hackers.
• a function call (508) is shown with a return address being left on a stack (510) .
• digital signature should be interpreted most broadly. Each manufacturer may decide for themselves what constitutes a digital signature. It could be a standard RSA or DSA digital signature, in other words, the data in the range of addresses are hashed with a cryptographic hash such as SHA-1, and the hash would then-bs signed. Because digital signatures generally produce only a single bit output indicating the validity of the suspect data, the code protection they provide tends to be defeated fairly easily by attackers. Hence, the invention preferably provides for an alternative use of what is called a digital signet.
• a signet may be used instead of signatures, because signets are stronger in code integrity applications as they provide a string of bits as output, rather than the typical single bit of the signature.
• signets may be part of the code itself which furthers the code protection function. Signet technology is taught in US Patents 6,038,316 and 5,978,482, the teachings of which are incorporated herein by reference . All such solutions are within the scope of thirf invention.
• the invention preferably includes a tool to convert old computer program code modules to new verified program code modules via a new signature .
• the verification can be performed on a one-way basis. In other words, some modules may be used without verification, while others must be verified.
• the protocol described herein allows for a sensible solution for modules like compression modules, that need no security for themselves, but need it only when connected to another module .
• One problem related to digital signatures on address ranges in virtual memory is the fact that the operating system loader might relocate a module to a different base address in case of a collision. During this relocation, the loader performs fix-ups on certain instructions in the code which reference absolute addresses. As a consequence, a special hashing technique is preferably required which temporarily reverts these changes to a canonical form so that a hash of an address range always returns the same value, no matter what the absolute base address of the module .
• each module is responsible for the integrity of the other, that is not to say that there is no self-integrity logic for other reasons. Modules also having self-integrity are certainly within the scope of the present invention.
• the software secure authentication process comprises a process wherein each manufacturer has to communicate with every other manufacturer to enable the protocol .
• a certifying agency is provided that performs the generation and storage of signatures in the modules on behalf of all manufacturers. Of course, this requires that manufacturers agree on the technology used for the digital signatures .
• An alternate implementation comprises a distributed signature generation process.
• a distributed process provides for a plurality of certifying agencies and individual manufacturers signing modules for themselves with their own signing technologies.
• the protocol As described. Therefore, this possibility is anticipated and by providing a tool that can transform a non-compliant module into one that performs the necessary steps in the protocol.
• the tool adds an additional entry point to the module to perform the cross module signature swapping, and also transforms all the other entry points in the module into entry points that check to make sure their caller is coming from the other module's protected area.
• the transformed module would be the one that would be signed.
• the protocol is used in a one-way mode.
• music compression modules that are unconcerned with the nature of the calling entity, such as a calling module.
• music compression modules performing their function, i.e., compressing music for anyone.
• an electronic music distribution system which has been entrusted with music and typically wants to enforce limited copying, is concerned that the compression module it is about to send a song to is, in fact, a good compression module and not some hacked program that will additionally steal the song by illicitly writing the song on the user's disk.
• the electronic music distribution module needs a signature from the compression module, but the reverse is not necessarily true.
• a signature check may be performed to detect newly inserted patches. This may be done based on elapsed time, or based on the number of actual call/returns across the protected interface. Since many digital signatures are relatively expensive, one embodiment of the invention further allows that the subsequent digital signaturing checking may be done with less expensive means, for example, by_simply recording the first hash and detecting whether or not a new hash is ever, different. Note, that in broad definition of digital signature as contemplated herein, simply checking the hash in the first place would be a type of "digital signature check", although not a particularly strong one .
• the present invention could be produced in ' hardware or software, or in a combination of hardware and software.
• the system, or method, according to the preferred embodiment may be produced in a single computer system having separate elements or means for performing the individual functions or steps described or claimed or one or more elements or means combining the performance of any of the functions or steps disclosed or claimed, or may be arranged in a distributed computer system, interconnected by any suitable means as would be known by one of ordinary skill in art .
• the invention is not limited to any particular kind of computer system but may be used with any general purpose computer, as would be known to one of ordinary skill in the art, arranged to perform the functions described and the method steps described.
• the operations of such a computer, as described above, may be according to a computer program contained on a medium for use in the operation or control of the computer, as would be known to one of ordinary skill in the art.
• the computer readable medium which may be used to hold or contain or deliver the computer program product, may be a fixture of the computer such as an embedded memory or may be on a transportable medium such as- a disk, as would be known to one of ordinary skill in the art .
• any such computing system can include, inter alia, at least a computer readable medium allowing a computer to read data, instructions, messages or message packets, and other computer readable information from the computer readable medium.
• the computer readable medium may include nonvolatile memory, such as ROM, Flash memory, floppy disk, Disk drive memory, CD-ROM, and other permanent storage. Additionally, a computer readable medium may include, for example, volatile storage such as RAM, buffers, cache memory, and network circuits.
• the computer readable medium may include computer readable information in a transitory state medium such as a network link and/or a network interface, including a wired network or a wireless network, that allow a computer to read such computer readable information.
• a transitory state medium such as a network link and/or a network interface, including a wired network or a wireless network, that allow a computer to read such computer readable information.
• each module checks that the other module has not been patched. They each further verify that all the entry points in the other module they intend to call are in fact within the protected area. In the event that both modules are verified as being trustworthy, the modules now call each other freely. However, each module, when it is called first verifies that it was called from within the protected area of the other module .

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• General Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Software Systems (AREA)
• Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• General Health & Medical Sciences (AREA)
• Bioethics (AREA)
• Health & Medical Sciences (AREA)
• Storage Device Security (AREA)
• Stereophonic System (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
• Circuits Of Receivers In General (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=24640397

Family Applications (1)

Country Status (6)

Families Citing this family (17)

Family Cites Families (2)

• 2001
  • 2001-09-05 JP JP2002524793A patent/JP2004509392A/ja active Pending
  • 2001-09-05 CN CNA018154034A patent/CN1516836A/zh active Pending
  • 2001-09-05 AU AU2001284259A patent/AU2001284259A1/en not_active Abandoned
  • 2001-09-05 KR KR1020037003480A patent/KR100561497B1/ko not_active IP Right Cessation
  • 2001-09-05 WO PCT/GB2001/003962 patent/WO2002021243A2/en not_active Application Discontinuation
  • 2001-09-05 EP EP01963228A patent/EP1368737A2/de not_active Ceased

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events