EP2193471A1 - Method and system for the protection against access to a machine code of a device - Google Patents
Method and system for the protection against access to a machine code of a deviceInfo
- Publication number
- EP2193471A1 EP2193471A1 EP08803305A EP08803305A EP2193471A1 EP 2193471 A1 EP2193471 A1 EP 2193471A1 EP 08803305 A EP08803305 A EP 08803305A EP 08803305 A EP08803305 A EP 08803305A EP 2193471 A1 EP2193471 A1 EP 2193471A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- machine code
- specific key
- tpm module
- memory
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Definitions
- the invention relates to a method and a system for protecting a machine code, for example a Java byte code, against unauthorized access by a third party.
- Java is an object-oriented programming language first developed by Sun Microsystems for the Internet domain. Java is now used as a universal programming language. All program objects are defined in Java in so-called classes. A feature of Java is that executable Java programs are completely portable. This is achieved by the fact that the Java compiler does not generate a machine architecture-specific machine code, but rather an architecture-neutral so-called Java byte code. This Java byte code is interpreted during execution of the Java program or translated during execution into the architecture-specific machine code of the respective CPU by a JIT (Just In Time) compiler. A dependence on the respective operating system or the respective window surface is largely avoided in Java by using program libraries.
- JIT Just In Time
- the Java source code or uni code is compiled by a compiler and stored in a memory of the device, which is for example a control computer.
- the Java object files (.class files) stored in the memory can be read out relatively easily by unauthorized third parties after delivery or dissemination of the device and can be decompiled for reverse engineering purposes. It is therefore an object of the present invention to provide a method and system for protection against unauthorized access to a machine code of a device.
- the invention provides a method of protection against access to a machine code of a device comprising the steps of:
- the machine code is formed by a Java byte code.
- the device-specific key is formed by an AIK (Attestation Identity Key) key of the TPM module.
- AIK Attestation Identity Key
- a class-loader of a Java Virtual Machine decrypts the machine code stored and encrypted in the memory of the device by means of the device-specific key read from the TPM module and makes the decrypted machine code available to an execution unit of the device.
- the device-specific key is transferred from the TPM module transmit a network to an encryption unit that encrypts the machine code using the device-specific key.
- This encryption unit can also be located in the device.
- the decrypted machine code is executed or interpreted by the execution unit of the device.
- the machine code is formed by MP3 data.
- encrypted MP3 data is decrypted by means of a device-specific key read from the TPM module and provided to an MP3 decoder of the device.
- the invention further provides a system for protection against access to a machine code of a device, wherein the machine code by means of a device-specific
- TPM module which is provided by a TPM module contained in the device, is encrypted and stored in a memory of the device, the device-specific key after a manipulation performed on the device is no longer read out of the TPM module.
- the invention further provides a device with access-protected machine code comprising:
- Machine codes MC (b) a class loader for decrypting the encrypted
- Machine codes by means of a device-specific key read from a TPM module; and with (c) an execution unit for executing the decrypted
- the memory is a non-volatile memory.
- the non-volatile memory has a hard disk.
- the execution unit is provided in a JVM (Java Virtual Machine).
- JVM Java Virtual Machine
- the execution unit is a decoder.
- the invention also provides a program
- Program instructions for carrying out a method of protection against access to a machine code of a device comprising the steps of:
- the invention further provides a data carrier for storing a program with program instructions for carrying out a method for protecting against access to a machine code of a device, comprising the steps:
- TPM Trusted Platform Module
- FIG. 1 shows a flow chart for illustrating an embodiment of the method according to the invention
- FIG. 2 shows a block diagram for illustrating an encryption process in an embodiment of the method according to the invention
- FIG. 3 shows a block diagram of a possible embodiment of an access-protected machine code device according to the invention.
- the inventive method is provided for protection against access to a machine code of a device, in particular to prevent read-out of files and their decompilation for reverse engineering purposes.
- the machine code may be, for example, a Java byte code. Java programs are after their Creation initially compiled. The so-called byte code is created.
- Java Virtual Machine consists of computer programs and data structures that implement a specific virtual machine model.
- This virtual machine model accepts Java intermediate code or Java bytecode generated by the Java compiler.
- the Java Virtual Machine is a software that is developed separately for each platform and is available for almost every conceivable combination of operating system and hardware.
- the JVM virtual machine provides an interface between the platform-independent Java bytecode and the system running this Java bytecode.
- the Java source code of a Java program is first compiled and then the generated bytecode is compiled. Code on a target computer interpreted by the JVM Virtual Machine. This offers the advantage of portability and platform independence of the Java source code.
- Other systems also use intermediate codes, which are subsequently interpreted.
- Java byte code or MSIL Microsoft Intermediate Language
- a machine code MC for example a Java byte code
- Encryption is by means of a device-specific key provided by a TPM module included in the device.
- the TPM module (Trust Platform Module) is, for example, a chip that is installed in the device.
- the TPM module is active and checks the boot code prior to its execution. Before running the operating system, the boot code provides the TPM module with the operating system code for review. Likewise, before running the JVM, the operating system provides the JVM code to the TPM module for review. This will detect any manipulation, especially changes to the code.
- the TPM module has a unique identifier and is used, for example. a. to identify the device.
- the TPM module has several keys, namely a so-called endorsement key (EK), which is uniquely assigned to the TPM module and Attestation Identity Keys (AIK).
- EK endorsement key
- AIK Attestation Identity Keys
- the TPM module has a so-called Storage Root Key (SRK), which is used to encrypt other used keys, such as private keys, and thus represents the root of a TPM key tree dar.
- SRK Storage Root Key
- Endorsement Key never leave the TPM module, so that a back-up of the endorsement key (EK) is also excluded.
- the generation of the endorsement key (EK) can be done externally.
- the reading of the endorsement key can be blocked with a command, whereby this blocking is final and can not be canceled.
- the Attestation Identity Keys can be used for attestation.
- the AIK keys are, for example, RSA keys with a fixed length of 2048 bits.
- the AIK keys are not migratable and are used by the TPM module to sign or authenticate data.
- the attestation identity keys (AIK) are provided by the TPM module because the endorsement key (EK) of a TPM module is used to authenticate a TPM module
- AIK keys and the TPM module are used for authentication processes and can be generated or generated in any number.
- these keys may be issued by a trusted third party, which may also be referred to as Privacy CA, beeing confirmed. This confirmation takes the form of an AIK certificate (Credential).
- the keys are generated, used and securely stored within the TPM module to protect them from software attacks.
- the TPM module is designed so that physical manipulation results in the inevitable destruction of the data, in particular the cryptographic keys contained therein.
- step S1 of the method illustrated in FIG. 1 the machine code MC, for example the Java byte code, is encrypted in one embodiment by means of an AIK key provided by a TPM module present in the device.
- the encrypted machine code is then stored in step S2 in a memory of the device.
- the stored encrypted machine code can only be decrypted if you have the associated AIK key. However, this AIK key can only be read as long as the TPM module containing the AIK key is not tampered with.
- step S3 If it is determined in step S3 that a manipulation has taken place on the TPM module, in one possible embodiment the keys contained in the TPM module are irreversibly destroyed and can no longer be read out, that is to say they are not readable. H. the key, in particular the AIK key, is blocked in step S4.
- FIG. 2 shows a block diagram to clarify a possible embodiment of the method according to the invention.
- a compiler 2 compiles a Java source code 1 for
- An encryption unit 3 reads a device-specific key K from a device 4.
- the device-specific key is, for example, an AIK (Attestation Identity Key) key.
- the device 4 in the embodiment shown in Figure 2 comprises a Java virtual machine 4A, a memory 4B and a TPM module 4C.
- the memory 4B is, for example, a nonvolatile memory formed by a hard disk.
- the device 4 may be, for example, a control computer for a system.
- the encryption unit 3 reads a device-specific AIK key (K A i ⁇ ) from the TPM module 4C of the device 4 and uses this key to encrypt the machine code or the Java byte code.
- the machine code MC does not necessarily have to be a Java byte code. In alternative embodiments, it may be in the
- Machine code to any machine code MC of any processor, even act on MP3 data The machine code encrypted by the encryption unit 3 is written by the encryption unit 3 into the memory 4B of the device 4.
- the encrypted machine code written in the memory 4B is not yet executable in this form, but it is safe against decompilation for reverse engineering purposes. After writing the encrypted machine code in the memory 4B of the device 4, the device can be delivered to customers.
- FIG. 3 shows a block diagram of the delivered device 4 to illustrate the decryption of the machine code MC at an authorized customer of the device 4.
- the JVM machine 4A has a so-called. Class Loader 4A-1 and an execution unit 4A-2.
- the JVM 4A allows you to create and deploy a custom class loader. By default, the JVM 4A creates a copy of a class called the System Class Loader. This system class loader can take classes. Load class files into a local data system.
- An application-defined class loader is concatenated with the system class loader, either directly or indirectly through other class loaders.
- a class loader is prompted to load a specific class by calling a load class () method.
- the class loader first forwards the request to a higher-level class loader. Only if the class does not find the class will the class loader itself attempt to load the class.
- the class loader 4A-1 is a user-defined or application-defined class loader, which may also be referred to as a trusted class loader.
- the trusted-class loader 4A-1 loads a class, it first obtains an encrypted form of a file from the memory 4B and then decrypts data of the loaded file using the AIK key read from the TPM module 4C.
- the class loader 4A-1 of the JVM decrypts the machine code stored in the memory 4B of the device 4, for example the encrypted Java byte code, by means of the device-specific key read from the TPM module 4C and provides the decrypted machine code MC Execution Unit 4A-2 of JVM available. If the device shown in FIG.
- the TPM module 4C first checks whether a Manipulation has taken place or not. Only if no manipulation has been made, the device-specific key (K A i ⁇ ) is provided. The user-defined class loader performs the decryption using the device-specific key that has been read out.
- the Define Class () method provided by the class loader is called to produce a class object from the byte code.
- the bytecode is then registered as a class by the Java Virtual Machine JVM.
- the execution unit 4A-2 is formed by an execution unit provided outside the JVM machine, for example by a CPU.
- the execution unit 4A-2 is formed by a decoder, in particular an MP3 data decoder.
- the device-specific key is transmitted from the TPM module 4C via a network to the encryption unit 3, which encrypts the machine code MC by means of the device-specific key.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE200710045743 DE102007045743A1 (en) | 2007-09-25 | 2007-09-25 | Method and system for protection against access to a machine code of a device |
PCT/EP2008/061279 WO2009040207A1 (en) | 2007-09-25 | 2008-08-28 | Method and system for the protection against access to a machine code of a device |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2193471A1 true EP2193471A1 (en) | 2010-06-09 |
Family
ID=40345035
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08803305A Withdrawn EP2193471A1 (en) | 2007-09-25 | 2008-08-28 | Method and system for the protection against access to a machine code of a device |
Country Status (4)
Country | Link |
---|---|
US (1) | US8843766B2 (en) |
EP (1) | EP2193471A1 (en) |
DE (1) | DE102007045743A1 (en) |
WO (1) | WO2009040207A1 (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8402448B2 (en) * | 2008-09-18 | 2013-03-19 | Infineon Technologies Ag | Compiler system and a method of compiling a source code into an encrypted machine language code |
CN102598017B (en) * | 2009-11-13 | 2016-03-09 | 爱迪德技术有限公司 | Improve the system and method for its tamper-proof capabilities of Java bytecode |
US8417965B1 (en) * | 2010-04-07 | 2013-04-09 | Xilinx, Inc. | Method and circuit for secure definition and integration of cores |
US9087196B2 (en) * | 2010-12-24 | 2015-07-21 | Intel Corporation | Secure application attestation using dynamic measurement kernels |
CN102360412B (en) * | 2011-09-26 | 2014-07-02 | 飞天诚信科技股份有限公司 | Method and system for protecting Java source code |
US9021271B1 (en) * | 2011-12-27 | 2015-04-28 | Emc Corporation | Injecting code decrypted by a hardware decryption module into Java applications |
CN104573425B (en) * | 2014-12-31 | 2018-01-30 | 上海格尔软件股份有限公司 | A kind of Python program module encryption methods based on symmetry algorithm and special load-on module |
EP3516573A1 (en) * | 2016-09-22 | 2019-07-31 | Telefonaktiebolaget LM Ericsson (PUBL) | Version control for trusted computing |
CN111159661B (en) * | 2018-11-08 | 2022-07-12 | 迈普通信技术股份有限公司 | Decompilation prevention method and device, electronic equipment and storage medium |
EP4208798A1 (en) * | 2020-09-05 | 2023-07-12 | ICU Medical, Inc. | Identity-based secure medical device communications |
US11550883B2 (en) * | 2020-09-08 | 2023-01-10 | Assured Information Security, Inc. | Code protection |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10301772A (en) | 1997-04-30 | 1998-11-13 | Sony Corp | Information processor and method therefor and recording medium |
JPH10301773A (en) * | 1997-04-30 | 1998-11-13 | Sony Corp | Information processor and method therefor and recording medium |
GB2341461B (en) | 1998-09-10 | 2003-03-12 | Ibm | Program component distribution |
US6477540B1 (en) * | 1999-12-22 | 2002-11-05 | Ncr Corporation | Method and apparatus for using Java as a stored procedure language and as an embedded language on a client |
US7516331B2 (en) * | 2003-11-26 | 2009-04-07 | International Business Machines Corporation | Tamper-resistant trusted java virtual machine and method of using the same |
JP2005227995A (en) * | 2004-02-12 | 2005-08-25 | Sony Corp | Information processor, information processing method and computer program |
FR2887097A1 (en) * | 2005-06-14 | 2006-12-15 | France Telecom | METHOD FOR PROTECTING A SOURCE CODE IN SEMI-INTERPRETED LANGUAGE |
US9171161B2 (en) * | 2006-11-09 | 2015-10-27 | International Business Machines Corporation | Trusted device having virtualized registers |
-
2007
- 2007-09-25 DE DE200710045743 patent/DE102007045743A1/en not_active Ceased
-
2008
- 2008-08-28 EP EP08803305A patent/EP2193471A1/en not_active Withdrawn
- 2008-08-28 US US12/679,758 patent/US8843766B2/en active Active
- 2008-08-28 WO PCT/EP2008/061279 patent/WO2009040207A1/en active Application Filing
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2009040207A1 * |
Also Published As
Publication number | Publication date |
---|---|
DE102007045743A1 (en) | 2009-04-02 |
US20100205459A1 (en) | 2010-08-12 |
WO2009040207A1 (en) | 2009-04-02 |
US8843766B2 (en) | 2014-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009040207A1 (en) | Method and system for the protection against access to a machine code of a device | |
EP3259698B1 (en) | Autonomously booting system with a security module | |
DE102008021567B4 (en) | Computer system with secure boot mechanism based on symmetric key encryption | |
DE102009013384B4 (en) | System and method for providing a secure application fragmentation environment | |
DE60303476T2 (en) | PROCESS AND SERVER FOR PROGRAM UPGRADE | |
DE102007057900B4 (en) | Authenticate suspicious data using keytables | |
DE102008006759B4 (en) | Processor assembly and method of operating the processor assembly without reducing overall security | |
DE60302844T2 (en) | Semiconductor device with encryption, semiconductor device with external interface, and content reproduction method | |
DE102009041176B4 (en) | A compiler system and method for compiling a source code into an encrypted machine language code | |
EP2006792A2 (en) | Encryption and decryption methods and a PLC system using said methods | |
DE10392528T5 (en) | Microcode patch authentication | |
DE112010004580T5 (en) | Secure pin management of a user-trusted unit | |
DE102015113468A1 (en) | DATA PROCESSING DEVICE AND METHOD FOR SECURING A DATA PROCESSING AGAINST ATTACKS | |
EP3403214B1 (en) | Method and apparatus for providing a cryptographic security function for the operation of a device | |
EP2434424B1 (en) | Method for increasing the security of security-relevant online services | |
DE102005046696B4 (en) | A method for generating protected program code and method for executing program code of a protected computer program and computer program product | |
DE102009048756B4 (en) | A method and key device for enhancing the security of an encrypted data store from which a computer boots | |
DE102010006432A1 (en) | Method and system for providing EDRM-protected data objects | |
DE102014113441A1 (en) | Protection against software components by means of encryption | |
EP3251281B1 (en) | Intrinsic authentication of program code | |
EP2569726B1 (en) | Method for checking whether program instructions have been executed by a portable terminal | |
DE102021126509B4 (en) | Portable chip device and method for performing a software module update in a portable chip device | |
EP3441898B1 (en) | Method and device for protecting software against unauthorised use | |
EP1904980A1 (en) | Method for operating a portable data carrier | |
EP4288886A1 (en) | Providing data to be protected in a secured execution environment of a data processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20100209 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
17Q | First examination report despatched |
Effective date: 20101105 |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: SIEMENS AKTIENGESELLSCHAFT |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: SIEMENS AKTIENGESELLSCHAFT |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20190301 |