Thursday, February 13, 2014

Making software reverse engineering harder - for a time

I have worked for several software companies, and my employers have obviously been concerned about people ripping off the software - or, alternatively, for someone to figure out what the software does and rip us off that way. So there's obvious interest in making reverse engineering harder:

UCLA computer science professor Amit Sahai and a team of researchers have designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as "software obfuscation," and it is the first time it has been accomplished....

According to Sahai, previously developed techniques for obfuscation presented only a "speed bump," forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system, he said, puts up an "iron wall," making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today's computers — a game-change in the field of cryptography.

Perhaps this is a game change, but based upon the wording of UCLA's article, it's not a permanent game change. Author Matthew Chin carefully noted that the reverse-engineering effort would take hundreds of years "on today's computers." Twenty years from now, you might be able to perform the reverse-engineering in minutes.
blog comments powered by Disqus