A Low-Cost Attack on Branch-Based Software Watermarking Schemes
Gaurav Gupta
Macquarie University
In 2005, Ginger Myles and Hongxia Jin proposed a software watermarking scheme based on converting jump instructions or
unconditional branch statements (UBSs) by calls to a fingerprint branch function (FBF) that computes the correct target address of the
UBS as a function of the generated fingerprint and integrity check. If the program is tampered with, the fingerprint and integrity checks
change and the target address will not be computed correctly. In this paper, we present an attack based on
tracking stack pointer modifications to break the scheme and provide implementation details.
The key element
of the attack is to remove the fingerprint and integrity check generating code from the program after
disassociating the target address from the fingerprint and integrity value. Using the debugging tools that
give vast control to the attacker to track stack pointer operations, we perform both subtractive and watermark
replacement attacks. The major steps in the attack are automated resulting in a fast and low-cost attack.
This is joint work with Josef Pieprzyk.