I am very excited to announce that, together with my colleagues Johan Wehrli and Julien Rinaldini , we are launching a company, strong.codes, which will be active in the domain of software protection. The main goal of strong.codes is to commercialize strong.protect, an evolution of our long-time research project Obfuscator-LLVM, and offer services around its use.
strong.protect integrates innovative software protection methods, such as code obfuscation and tamper-proofing, code watermarking, anti-debugging tricks insertion, jailbreak and emulation detection, etc., in one of the most powerful compilation frameworks of the moment. The goal of strong.protect is to help its users to fight software piracy by making it much more expensive and complicated.
Note that we will continue to maintain the free and open-source version Obfuscator-LLVM, which will have to be considered as a light version of strong.protect.
On May 19th, 2015, we have presented our paper Obfuscator-LLVM: Software Protection for the Masses, co-written with Julien Rinaldini, Johan Wehrli and Julie Michielin at the IEEE-SPRO’15 workshop, colocated with ICSE, in Firenze (Italy). The talk slides are also available and the open-source version of our tool can be downloaded here.
Here is the paper’s abstract:
Software security with respect to reverse-engineering is a challenging discipline that has been researched for several years and which is still active. At the same time, this field is inherently practical, and thus of industrial relevance: indeed, protecting a piece of software against tampering, malicious modifications or reverse-engineering is a very difficult task. In this paper, we present and discuss a software obfuscation prototype tool based on the LLVM compilation suite. Our tool is built as different passes, where some of them have been open-sourced and are freely available, that work on the LLVM Intermediate Representation (IR) code. This approach brings several advantages, including the fact that it is language-agnostic and mostly independent of the target architecture. Our current prototype supports basic instruction substitutions, insertion of bogus control-flow constructs mixed with opaque predicates, control-flow flattening, procedures merging as well as a code tamper-proofing algorithm embedding code and data checksums directly in the control-flow flattening mechanism.
The QCrypt project, funded by the Nano-Tera program, is gently terminating. QCrypt involves ID Quantique SA in Geneva, the University of Geneva through its Applied Physics Group, the EPFL, through the Telecommunications Circuits Laboratory, the ETH Zürich, through the Integrated Systems Laboratory, and the HES-SO, through two institutes of the HEIG-VD (REDS and IICT) as well as the hepia.
The QCrypt project purpose consisted mainly in building a next-generation quantum key distribution system integrated with a 100 Gb/s layer-2 encryptor relying on classical cryptography.
A first paper has been uploaded to arXiv recently, which discusses the technical aspects of the QKD engine. Co-written with 20 (!) authors, it describes for the first time, to the best of our knowledge, the throughput achievable in practice of (distilled) key bits for a pre-defined security level when taking into account finite-key effects, authentication costs and the composability of keys. Here is the paper’s abstract:
We present a 625 MHz clocked coherent one-way quantum key distribution (QKD) system which continuously distributes secret keys over an optical fibre link. To support high secret key rates, we implemented a fast hardware key distillation engine which allows for key distillation rates up to 4 Mbps in real time. The system employs wavelength multiplexing in order to run over only a single optical fibre and is compactly integrated in 19-inch 2U racks. We optimized the system considering a security analysis that respects finite-key-size effects, authentication costs, and system errors. Using fast gated InGaAs single photon detectors, we reliably distribute secret keys with rates up to 140 kbps and over 25 km of optical fibre, for a security parameter of 4E-9.