WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

Is Your Software Security Scalable?

MarketingWIBU-SYSTEMS AG on June 16, 2021 at 4:17 PM

The ability to scale IT infrastructure and systems to quickly adjust to variable workloads and changing market demands is critical for any size business. Just look at the radical changes companies needed to accommodate the transformative shift of the workforce from the office to the home in the past year. Certainly, those who were able to quickly scale their remote networking infrastructure to support the unexpected rise in demand were the winners.

And while a scalable infrastructure makes good sense, should we expect security to be scalable as well?

To answer that question, let’s look at security from a software developer’s point of view. In this case, we are talking about security in terms of protecting software from malicious hackers. But first, it is a good idea to understand who might be attacking the software. Essentially there are 4 types of hackers – script kiddies, leisure-time hackers, professional hackers, and the all-stars. The first two groups might know how to google and find either hacking instructions or ready-made hacks while the professionals and the all-stars are the ones doing the real damage and earning an illicit living by selling their hacks. They are motivated in most cases by simple profit. Which hacks can I sell most often, at the highest price, and with the least effort?

This is where scalable security comes into play. The level of protections needs only to be scaled to the approximate value and appeal of the software. At the lowest level are the developers who feel it is not worth the effort to enable any copy protection mechanisms or licensing for their software. Obviously, in this case, software monetization is not a priority.

The next level of protection is geared toward making it as hard as possible to hack the software. This is where software developers can benefit from the complexity of the software. Hackers might be able to analyze anything executed on a CPU, but first they need to be able to execute. With typical business applications, users will only ever use between 10 and 20% of the functions. Only a fraction of the code is executed. This makes it harder for hackers to monitor the code in action. They need to find a strategy to execute the entire code completely. Whoever manages to complete that task would become the king of testing suites and would not have to continue to earn a meager living by hacking software.

The next level of software protection is for the developer to use sophisticated encryption and anti-hacking tools like AxProtector and IxProtector, found in Wibu-Systems CodeMeter Protection Suite. CodeMeter Protection Suite offers various high-caliber software protection functions, including state-of-the-art anti-debugging and anti-reverse engineering technologies, encryption of the executable code, decryption, encryption of any number of parts of the software, and signing of the encrypted application to ensure code integrity and authenticity.

At the top of the security scale is use of a unique technique called code moving. The optimum in protection is achieved by moving the code into a hardware secure device (CmDongle) and executing it in that safe environment. This makes it completely impossible for hackers to know what is going on.

One important consideration is the right choice of code: If it is too trivial, its inner workings can be guessed at by looking at its output. If it is too complex, the operation becomes too cumbersome, or it exceeds the code size limit.

The best thing about code moving is that it allows you to create as many code fragments as you want for execution in the CmDongle. To move the code, the application is encrypted with AxProtector; all functions to be moved are compiled by AxProtector and encrypted within the application. During runtime, the block in question is moved into the CmDongle, decrypted, and executed with the right input parameters. The output parameters are then returned to the application.

Cryptographic functions like AES and SHA can be used directly with CmDongles. Data can be saved temporarily and used again when the next function is called up. Hidden data can also be accessed, although security dictates that this can only be done within the Product Item that the code fragment is encrypted with.

With the use of the sophisticated licensing and protection technologies inherent in CodeMeter, developers can decide on the level of security for the application, whether it be a simple license check to prevent the intentional or inadvertent misuse of licenses or the secure execution of code in the CmDongle.

If you are interested in learning more about the code moving technique, register for our webinar on June 23, 2021, Maximum Protection with Code Moving, to see a live demo or watch the recorded masterclass on-demand.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.