CURBING SOFTWARE PIRACY IN DEVELOPMENT ENVIRONMENT USING CODE SPLITTING, OBFUSCATION AND FINGERPRINTING TECHNIQUES

CURBING SOFTWARE PIRACY IN DEVELOPMENT ENVIRONMENT USING CODE SPLITTING, OBFUSCATION AND FINGERPRINTING TECHNIQUES

Abstract

Software Piracy has become a major problem for businesses and its widespread in many parts of the world leads to financial losses and harm to consumers. These problems caused the deployment of many security techniques to control piracy. A lot of researches have been done on software security techniques but unfortunately protecting software source code in development environment has been a challenge for software companies as software source codes are not yet transformed to unreadable codes. Therefore, software piracy emanating from development environments, mostly by insiders, has been a big problem to tackle because the prevalent software protection techniques were primarily developed for use at production stage. Based on the literature review, no research was found on piracy reduction in development environment. In this research work an architecture has been proposed and implemented based on design obfuscation that enables tracking pirated standalone software at development stage using the hardware and software aspects, online or offline, and tracing vulnerable PCs within a company. Code Splitting, obfuscation and fingerprinting techniques were used to design the proposed architecture. Two examination results processing software: ExamsLOGIC 2.0 and ELogicPLUS were used to test the proposed architecture for existing and new applications respectively. The result was compared with the result of the reviewed work and found to be improved. For both the two applications, it was found that the proposed architecture is feasible and effective

Background of the Study

Software Piracy is the unauthorized use, distribution or copying of software illegally. It has become a major problem for businesses and it’s widespread in many parts of the world leads to financial losses and harm to consumers (Rouse, 2005). The Business Software Alliance (BSA) and the Software Publishers Association (SPA) are organizations meant for reducing piracy worldwide. The Business Software Alliance (BSA) is the leading advocate for the global software industry before governments and in the international marketplace. It is an association of nearly 100 world-class companies that invest billions of dollars annually to create software solutions that spark the economy and improve modern life (BSA, 2011) . These organizations estimated that there are two-third illegal copies of software available for every legal copy of software sold and had piracy rates of 62 percent or higher (BSA, 2011). The 2010 BSA/IDC study demonstrates that even a modest reduction in software theft would have significant multiplier effects on the economic contribution of the packaged software industry. This makes software piracy a major problem for the software industries and to the world economy in general.

Software industries always strongly depend on copyrights and other Intellectual Property (IP) to drive innovation and ensure a return on investment in R&D. Hence, protecting their products from being pirated is one of the major tasks they consider in order to keep the company up and running. With the improvement in technology over decades, software vulnerabilities such as Reverse Engineering increase at almost the same pace with technology. For almost every software protection technique there is an equivalent hacking technique for it.

In the case of packaged software, it is common to find counterfeit copies of CDs incorporating the software programs, as well as related packaging, manuals, license agreements, labels, registration cards and security features. Counterfeiting is a serious problem for the software industry, as advances in technology have enabled a growing number and variety of commercial enterprises to manufacture and distribute counterfeit software on a massive scale. This is because the risks of being caught are relatively low and penalties are far less than for engaging in other illegal activities (BSA, 2011).

Besides, Software Piracy also serves as one of the major ways of distributing worms by hackers. Although some consumers may think they are getting a great deal when they obtain pirated software, it is more likely they will receive a substandard product with hidden cyber security threats. The fact is that using illegal software puts consumers’ personal information, financial security, and even reputation at risk. At the very least, it can lead to software incompatibility and viruses, drive up maintenance costs, and leave consumers without technical support or security updates.

It is common for sites that offer access to pirated software and piracy‐related tools to distribute malicious code that damage IT security and performance. Indeed, a significant percentage of counterfeit software or key generators downloaded from P2P sites contains malicious or unwanted code. In an IDC study, research revealed that one in four websites that offered pirated software or counterfeit activation keys attempt to install infectious computer code, like Trojan horses and key loggers, on test computers. The study found that 59% of counterfeit software or key generators downloaded from P2P sites contained malicious or unwanted code. A subsequent study by Harrison Group Inc. found that companies using unlicensed or counterfeit software were over 70% more likely to have critical computer failures lasting 24 hours or more and/or experience the loss or damage of sensitive data (BSA, 2011).

These are some of the problems that urge companies to devise and improve ways of protecting their products from reverse engineering, counterfeiting, and intellectual theft. Some of the adopted standard methods for protecting software are Code Obfuscation, Software Tamper-proofing, Software Birth-marking, Software fingerprinting and watermarking (Collberg and Thomborson, 2002).

In this research, controlling software piracy in the development environment is the major task to be accomplished.

1.2 Problem Statement

Source codes of a software company are available on the developers’ computer whereby maintenances and updates are done. At this level, software and developers’ PCs are vulnerable to attacks and piracy to claim ownership or use as worm distributors. Hence, preventing the source codes at this stage is a challenge to companies. Also, tracing the code owner’s pirated copy within the firm becomes a hectic task.

1.3 Research Motivation

In a company where the source codes of their software product are available on their developers’ system, what are the protective measures to be taken to protect the source codes from being pirated? How can a software company trace and validate its pirated software code that is in use without totally obfuscating the source code?

To answer the research questions, there is a need to identify the program’s high level code and explore the existing security techniques.

1.4 Aim and Objectives

This research aims at designing and implementing an architecture to enable tracking and disabling pirated software instances via online or offline and also tracing its source in a development environment.

The objectives of the research to be achieved are to:

1. Design an architecture that allows tracking pirated standalone software at development stage using the hardware and software aspects via online or offline

2. Implement the proposed architecture using existing and new application scenarios

3. Evaluate the system to demonstrate the architecture piracy tracking capability in both scenarios using testing software

1.5 Research Methodology

The following procedures were adopted in the execution of this research:

1. Review previous works on software piracy, software protection techniques and related works

2. Design the architecture by applying the code-splitting technique on an arbitrary program Ƥ

3. Choose an obfuscation with multi-level code hiding

4. Obfuscate a segment of the program, called Chip (Partial program obfuscation)

5. Configure the online Tracking Server

6. Implement the Tracking Server database using mysql as DBMS and PHP as the programming language

7. Evaluate the system’s capability to detect pirated copy of a software on different systems or PCs, online or offline by choosing some applications for testing

1.6 Scope and Limitation

a. The quality of the transformer(s) T() used is not put into consideration

b. If the tracking mode is set to “Online”, the pirated application is tracked by the server only if the System is online

c. The obfuscatory used are for countering only static reverse engineering attacks

d. Security on system MAC address was not put into consideration

1.7 Organization of the Dissertation

This dissertation consists of five chapters, of which Chapter Two consists of reviewed work on Software Piracy, Software development stages, Code Obfuscation with related works, summary of their limitations of the reviewed works and how they differ from our research. Chapter Three consists of the architectural design, equation derivations, obfuscation software used, scenarios considered and applications used for testing the feasibility of the proposed architecture. Chapter Four encompasses the implementation of the proposed approach, evaluation of the proposed system in comparison with previous researches. Summary of the work done, recommendations for future research and conclusions were reflected in Chapter Five.

References

AliMunassar, N. M., and Govardhan, A. (2010). A Comparison Between Five Models Of Software Engineering. International Journal of Computer Science Issues, IJCSI, Vol. 7, P. 94-101.

Aravalli, S. (2006). Some Novice methods for Software Protection with Obfuscation. University of New Orleans Theses and Dissertations.

Asongu, S. A., and Andrés, A. R. (2012). Fighting software piracy: which governance tools matter in Africa? African Governance and Development Institute.

Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., and Yang, K. (2001). On the (Im)possibility of Obfuscating Programs. Technical report, Electronic Colloquium on Computational Complexity.

BSA. (2007). Fifth Annual BSA and IDC Global Software. Business Software Alliance retrieved on May 27,2014 from .