545,564 active members*
7,051 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Is Your Software Security Scalable?

June 2021
16
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Is Your Software Security Scalable?

The ability to scale IT infrastructure and systems to quickly adjust to variable workloads and changing market demands is critical for any size business. Just look at the radical changes companies needed to accommodate the transformative shift of the workforce from the office to the home in the past year. Certainly, those who were able to quickly scale their remote networking infrastructure to support the unexpected rise in demand were the winners.

And while a scalable infrastructure makes good sense, should we expect security to be scalable as well?

To answer that question, let’s look at security from a software developer’s point of view. In this case, we are talking about security in terms of protecting software from malicious hackers. But first, it is a good idea to understand who might be attacking the software. Essentially there are 4 types of hackers – script kiddies, leisure-time hackers, professional hackers, and the all-stars. The first two groups might know how to google and find either hacking instructions or ready-made hacks while the professionals and the all-stars are the ones doing the real damage and earning an illicit living by selling their hacks. They are motivated in most cases by simple profit. Which hacks can I sell most often, at the highest price, and with the least effort?

This is where scalable security comes into play. The level of protections needs only to be scaled to the approximate value and appeal of the software. At the lowest level are the developers who feel it is not worth the effort to enable any copy protection mechanisms or licensing for their software. Obviously, in this case, software monetization is not a priority.

The next level of protection is geared toward making it as hard as possible to hack the software. This is where software developers can benefit from the complexity of the software. Hackers might be able to analyze anything executed on a CPU, but first they need to be able to execute. With typical business applications, users will only ever use between 10 and 20% of the functions. Only a fraction of the code is executed. This makes it harder for hackers to monitor the code in action. They need to find a strategy to execute the entire code completely. Whoever manages to complete that task would become the king of testing suites and would not have to continue to earn a meager living by hacking software.

The next level of software protection is for the developer to use sophisticated encryption and anti-hacking tools like AxProtector and IxProtector, found in Wibu-Systems CodeMeter Protection Suite. CodeMeter Protection Suite offers various high-caliber software protection functions, including state-of-the-art anti-debugging and anti-reverse engineering technologies, encryption of the executable code, decryption, encryption of any number of parts of the software, and signing of the encrypted application to ensure code integrity and authenticity.

At the top of the security scale is use of a unique technique called code moving. The optimum in protection is achieved by moving the code into a hardware secure device (CmDongle) and executing it in that safe environment. This makes it completely impossible for hackers to know what is going on.

One important consideration is the right choice of code: If it is too trivial, its inner workings can be guessed at by looking at its output. If it is too complex, the operation becomes too cumbersome, or it exceeds the code size limit.

The best thing about code moving is that it allows you to create as many code fragments as you want for execution in the CmDongle. To move the code, the application is encrypted with AxProtector; all functions to be moved are compiled by AxProtector and encrypted within the application. During runtime, the block in question is moved into the CmDongle, decrypted, and executed with the right input parameters. The output parameters are then returned to the application.

Cryptographic functions like AES and SHA can be used directly with CmDongles. Data can be saved temporarily and used again when the next function is called up. Hidden data can also be accessed, although security dictates that this can only be done within the Product Item that the code fragment is encrypted with.

With the use of the sophisticated licensing and protection technologies inherent in CodeMeter, developers can decide on the level of security for the application, whether it be a simple license check to prevent the intentional or inadvertent misuse of licenses or the secure execution of code in the CmDongle.

If you are interested in learning more about the code moving technique, register for our webinar on June 23, 2021, Maximum Protection with Code Moving, to see a live demo or watch the recorded masterclass on-demand.

0 comments

Blog Archiv

July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016