Enhancing obfuscation technique for protecting source code against software reverse engineering
Obfuscation (Obfu) is a practice to make the programming code complicated to protect the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE). Obfuscation involves transforming potentially revealing data, renaming useful classes and variables (identifiers) names to...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/90724/1/FSKTM%202020%206%20IR.pdf http://psasir.upm.edu.my/id/eprint/90724/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Obfuscation (Obfu) is a practice to make the programming code complicated to protect
the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE).
Obfuscation involves transforming potentially revealing data, renaming useful classes
and variables (identifiers) names to meaningless labels or adding unused or meaningless
code to an application binary. Obfuscation is used to convert source code into a program
that works the same way but is much harder to read and understand. Obfuscation
techniques allow the programmer to customize which part of the code to be obfuscated.
Recently, obfuscation techniques were mostly used to secure the source code; however,
none of the current obfuscation techniques satisfy all obfuscation effectiveness criteria
to resist the attack of Reverse Engineering. Therefore, IT industry loses tens of billions
of dollars annually due to security attacks such as reverse engineering. The obvious
amount of lost money of victims has led to many court cases where victim and theft
claims the ownership of the program and the winner is who has a good lawyer. Many
programming languages are used for programming; Java programming language is
known to be most common due to its features, the use of this popular language increases
an attacker's ability to steal intellectual property (IP), as the source program is translated
to an intermediate format retaining most of the information such as meaningful variables
names present in source code. An attacker can easily reconstruct source code from such
intermediate formats to extract sensitive information such as proprietary algorithms
present in the software. Hence, there is a need for development of techniques and
schemes to obfuscate sensitive parts of software to protect it from reverse engineering
attacks.
In this research, we have proposed a new Hybrid Obfuscation Technique to prevent
prohibited Reverse Engineering. The proposed technique contains three approaches; first
approach is string encryption. The string encryption is about adding a mathematical equation with arrays and loops to the strings in the code to hide the meaning. Second
approach is renaming system keywords to Unicode to increase difficulty and complexity
of the code. Third approach is transforming identifiers to junk code to hide the meaning
and increase the complexity of the code.
Empirical evaluation was conducted to evaluate the proposed Hybrid Obfuscation
Technique. It consists of experiment and interview. The experiment contains two phases;
first phase was conducted against java applications that do not use any protection to
determine the ability of reversing tools to read the compiled code. Second phase was
conducted against the proposed technique to evaluate the effectiveness of it. Interview
was conducted to get an overview of programming experts towards using Hybrid
Obfuscation Technique to prevent prohibited Reverse Engineering. The experiment of
the hybrid obfuscation technique was to test output correctness, syntax, reversed code
errors, flow test, identifiers names test, methods and classes correctness test. With these
parameters it was possible to determine the ability of the proposed technique to defend
the attack.
The proposed technique can be enhanced in the future to protect games applications and
mobile applications that are developed by java; it can improve the software development
industry. The proposed technique can be used to support many languages such as Arabic,
English, Chinese and so on. There is also a need to develop a tool that contains the three
approaches where the developer can customize the protection of the source code. |
|---|