Mathematical Obfuscation Aainst Hackers Is Focus of New Cybersecurity Center

lotuseclat79 · Aug 20, 2014

Mathematical Obfuscation Aainst Hackers Is Focus of New Cybersecurity Center

Turning computer code into a kind of math puzzle may hold the key to protecting software from hackers. A consortium of universities developing the idea, called mathematical obfuscation, recently received a $5 million grant from the U.S. government as part of a broader cybersecurity initiative.

Researchers involved in the program, which received the obfuscated name of Center for Encrypted Functionalities, will work on encryption methods capable of masking or "obfuscating" the inner workings of computer programs. The goal is preventing any unwanted tampering with software by hackers looking for security flaws or trying to reverse engineer the program's capabilities.

Conventional programs require compilers that translate source code (which humans can understand) into machine code (which computers can execute). The obfuscation method adds extra steps to that translation process. It requires a special "obfuscating compiler" that breaks up the source code into encrypted chunks.
Click to expand...

-- Tom

Gullible Jones · Aug 20, 2014

This is sort of a logical extension of things like ASLR, but it sounds like an absolute nightmare for debugging. And optimizing compilers already introduce "Heisenbugs"; I can scarcely imagine what an obfuscating compiler would do to large modern programs. I'm not really in a position to comment, certainly not as an expert; but it looks half-baked.

lotuseclat79 · Aug 20, 2014

Hi Gullible,

I'm sure that the focus is more along the line of making the code less probable to be hacked by increasing the probabilities against it being cracked which is not so half-baked.

-- Tom

Gullible Jones · Aug 20, 2014

... Wait, this is not something that works at runtime?

Answer: no, apparently it is not:

http://spectrum.ieee.org/computing/software/scrambled-code-keeps-software-safe

... This isn't security, it's runtime encryption on steroids. The IEEE calling it "security" is rather offensive IMO, and really raises my hackles.

In the researchers’ obfuscation scheme, the compiler first translates code into an intermediate form; then an obfuscating compiler translates this form into pieces of what UCLA computer science professor Amit Sahai calls a “mathematical jigsaw puzzle.” A special jigsaw verifier program, written in machine code, takes these puzzle pieces—essentially sequences of random numbers—and all the inputs and tries to assemble them. If the pieces “fit,” then the completed “puzzle” will tell the CPU how to produce the correct output.
Click to expand...

This wouldn't discourage fuzzing or black-box debugging at all, it would discourage reverse engineering. Exploiting the software would be possible, knowing how it works not so much. It's about protecting trade secrets, not protecting consumers, IMO.

MrBrian · Aug 20, 2014

Cryptography Breakthrough Could Make Software Unhackable

Log in or Sign up

Mathematical Obfuscation Aainst Hackers Is Focus of New Cybersecurity Center

lotuseclat79 Registered Member

Gullible Jones Registered Member

lotuseclat79 Registered Member

Gullible Jones Registered Member

MrBrian Registered Member

Log in or Sign up

Mathematical Obfuscation Aainst Hackers Is Focus of New Cybersecurity Center

lotuseclat79 Registered Member

Gullible Jones Registered Member

lotuseclat79 Registered Member

Gullible Jones Registered Member

MrBrian Registered Member

Useful Searches