About Obfuscator-LLVM, Dual-Use Tools and Academic Ethics

On November 25th, my team has announced the release for Christmas of Obfuscator-LLVM, an open-source obfuscation tool based on the LLVM compilation suite. Why Christmas? Because version 3.4 of LLVM was planned to be released on the 23rd of December, and we wished to port our code to the latest version of the compiler before publishing it.

On December 18th, I have been privately contacted by pod2g, a French security researcher active in the Apple jailbreaking scene, kindly asking me whether his team, the evad3rs, could get an early access to our tool. Without thinking too much about the possible consequences, and naively seeing it as an easy way to get some publicity  for our research project, my collaborators and I have accepted to send them the source code of Obfuscator-LLVM one week earlier than the planned release. In exchange, we only asked to be credited on their website; I would like to clearly state that we never spoke about financial compensation, or about any other kind of reward.

The evasi0n jailbreak was released on December 23rd, taking the jailbreak community by surprise, and instantly generating a controversy. Indeed, the jailbreaking software arrived bundled with a Chinese app store apparently delivering pirated apps and/or malware.

Providing a version of Obfuscator-LLVM to the evad3rs one week in advance on our planned release was a mistake, and we regret this turn of events, as our academic research project is now somehow linked to the murkier side of ITsec.

But more importantly, this controversy raises deep questions about the release of “dual-use” academic tools. Obfuscation techniques, i.e. software techniques aiming at increasing the cost of reverse-engineering, have in practice been so far used by malware writers as well as in the domain of Digital Right Management. Although there has been academic research on the subject  for more than a decade, only a handful of tools are freely available as open-source software, and few of them are able to obfuscate C/C++/Objective-C code in an effective way (Kryptonite being an example). Moreover, I am aware of only a handful of vendors selling commercial tools of this kind; those include Arxan, Whitecryption or Morpher, and their products are expensive.

With that said, is it ethical to release a tool like Obfuscator-LLVM?

Our feeling is that publishing an open-source C/C++ obfuscating tool makes sense for several reasons:

  • While it is a “dual-use” tool, I see no reason why obfuscation and software protection tools should be in a different position than, say, encryption tools, fuzzers, network scanners, exploitation frameworks or butcher knives. All of them can be used with ethical goals in mind, or with malicious intents. Even jailbreaking software can be used as much to install pirated software on an device, as by authorities for forensic purposes or pen-testers for auditing goals.
  • The fact that Obfuscator-LLVM will be open-source will make it easier to audit its code base, ensuring that it is backdoor-insertion free.
  • With an available open-source obfuscating tool, academic security researchers will  have access to a free tool when studying and designing new automated de-obfuscation engines and reverse-engineering processes aiming at helping malware analysts.
  • Code obfuscation can also bring  lesser-known security benefits for our digital ecosystem as a by-product. For instance, obfuscation brings software diversity, since an obfuscation process can typically be heavily randomized. This can be considered as a first defense against mass software attacks.

Those considerations are only preliminary. My team still plans to release Obfuscator-LLVM in the coming days. I hope that this blog post will contribute in clarifying our intentions with regard to the goals of Obfuscator-LLVM.

In the meanwhile, Merry Christmas to everybody!

Credits: thunderstorm picture from http://darkwoman.d.a.pic.centerblog.net

On Time Scaling of Semivariance in a Jump-Diffusion Process

What are the common points between finance and information security? One is maybe risk management. I have just uploaded a new paper, co-written with a dear friend, that explores how the semivariance of a jump-diffusion process can be time-scaled more accurately than just applying the square-root-of-time rule.

The paper is available on arXiv; here its abstract:

The aim of this paper is to examine the time scaling of the semivariance when returns are modeled by various types of jump-diffusion processes, including stochastic volatility models with jumps in returns and in volatility. In particular, we derive an exact formula for the semivariance when the volatility is kept constant, explaining how it should be scaled when considering a lower frequency. We also provide and justify the use of a generalization of the Ball-Torous approximation of a jump-diffusion process, this new model appearing to deliver a more accurate estimation of the downside risk. We use Markov Chain Monte Carlo (MCMC) methods to fit our stochastic volatility model. For the tests, we apply our methodology to a highly skewed set of returns based on the Barclays US High Yield Index, where we compare different time scalings for the semivariance. Our work shows that the square root of the time horizon seems to be a poor approximation in the context of semivariance and that our methodology based on jump-diffusion processes gives much better results.

A Fast and Versatile QKD System with Hardware Key Distillation and Wavelength Multiplexing

The QCrypt project, funded by the Nano-Tera program, is gently terminating. QCrypt involves ID Quantique SA in Geneva, the University of Geneva through its Applied Physics Group, the EPFL, through the Telecommunications Circuits Laboratory, the ETH Zürich, through the Integrated Systems Laboratory, and the HES-SO, through two institutes of the HEIG-VD (REDS and IICT) as well as the hepia.

The QCrypt project purpose consisted mainly in building a next-generation quantum key distribution system integrated with a 100 Gb/s layer-2 encryptor relying on classical cryptography.

A first paper has been uploaded to arXiv recently, which discusses the technical aspects of the QKD engine. Co-written with 20 (!) authors, it describes for the first time, to the best of our knowledge, the throughput achievable in practice of (distilled) key bits for a pre-defined security level when taking into account finite-key effects, authentication costs and the composability of keys. Here is the paper’s abstract:

We present a 625 MHz clocked coherent one-way quantum key distribution (QKD) system which continuously distributes secret keys over an optical fibre link. To support high secret key rates, we implemented a fast hardware key distillation engine which allows for key distillation rates up to 4 Mbps in real time. The system employs wavelength multiplexing in order to run over only a single optical fibre and is compactly integrated in 19-inch 2U racks. We optimized the system considering a security analysis that respects finite-key-size effects, authentication costs, and system errors. Using fast gated InGaAs single photon detectors, we reliably distribute secret keys with rates up to 140 kbps and over 25 km of optical fibre, for a security parameter of 4E-9.