The present invention relates generally to decryption apparatus, and more particularly, to in-line decryption apparatus that is used to protect embedded software.
The most common forms of software protection are copyrights and patents. While such protection is necessary if the option to prosecute alleged infringements in a court of law is desired, legal techniques do not prevent unauthorized access to software; they only act as a psychological deterrent. They are also difficult to enforce internationally.
The present invention uses technical protection mechanisms to actually deny a copyist or reverse-engineer access to the sensitive software. The effort required to defeat the present invention therefore represents a much more significant deterrent since technical obstacles must now be overcome.
The two most common forms of technical software protection are based on physical techniques and cryptographic techniques. One physical technique stores sensitive software in nonvolatile memory within a microprocessor (e.g., a ROM integrated directly in the microprocessor die) that can be programmed during manufacture but that cannot be easily read back out. The amount of on-chip ROM that can be provided limits the amount of software that can be protected.
Another physical technique stores sensitive software in volatile memory (e.g., a battery-backed RAM) external to the microprocessor but within a system enclosure that is erased when electronic tamper detection circuits detect attempted intrusion or disassembly of the enclosure. The disadvantages of this approach are accidental activation of tamper sensors, issues related to battery lifetime and reliability, complicated maintenance procedures, sensor reliability and false alarm resistance, and the difficulty of incorporating sensors and associated wiring into a host system such that they cannot be bypassed or defeated.
One method of cryptographic protection for software uses the memory address and cryptographically weak algorithms to unscramble data contained at that address prior to execution. Such techniques are not robust and can be easily defeated. Another method uses strong cryptographic algorithms to decrypt an entire segment of encrypted software during system initialization, which is then stored in a cache memory and executed normally. Again, the amount of cache memory that is provided limits the amount of software that can be protected, and the time required to initially decrypt the software may be unacceptable in some time-critical applications.
The increased performance and reduced costs of modem microprocessors allows sensitive system functions previously implemented in hardware to be implemented in software. Since complex software programs are easier to reverse-engineer than complex hardware devices, there is a rapidly growing need to protect the software embedded in critical or high-value systems. Such protection is desired to prevent the unauthorized modification and/or use of the software, to prevent the disclosure and/or transfer of the technology contained within the software program to unauthorized parties, to protect the significant investments represented by software-intensive systems and to enhance competitiveness.
Although cryptography has been used in the past to protect software during distribution and storage, such software has remained vulnerable in system memory after it had been decrypted and during actual execution. Previous attempts at decrypting software with strong algorithms on an instruction-by-instruction basis has been hampered by the unacceptable time delay required to decrypt each instruction and by the loss of crypto-synchronization that can occur when a program branches during execution. To avoid these obstacles, scrambling algorithms based on simple non-cryptographic techniques have been used that do not increase execution time and that are not susceptible to loss of synchronization. However, they are easy to defeat and therefore not capable of providing the levels of protection desired for high-value software and software used in sensitive applications.
Accordingly, it is an objective of the present invention to provide for in-line decryption apparatus that is used to protect embedded software.
To accomplish the above and other objectives, the present invention provides for an in-line decryptor that is used to protect software embedded in a system. Unauthorized access to software embedded in the system is prevented by way of in-line decryption of the encrypted software. Using a combination of cryptographic techniques, encrypted software can be safely stored within the system in nonvolatile memory or magnetic media, or retrieved via network access, without risk of modification, replacement, disassembly, or understanding by unauthorized parties. In addition, although copies can be made, they are useless without the present decryptor.
The present invention overcomes the limitations of conventional approaches since decryption occurs on an instruction-by-instruction basis, thus avoiding the physical limitations of ROM and cache capacity and the need for complex tamper detection functions. The present invention also allows the use of conventional cryptographic algorithms while avoiding the loss of crypto-synchronization problems that typically occur with previous cryptographic solutions when a program branches during execution.
A preferred embodiment of the decryptor uses a conventional cryptographic algorithm to initialize a variation of a one time pad cryptosystem. Using a number of relatively short pseudorandom sequences and a simple combining function, a much longer address-dependent pseudorandom sequence is created. This sequence is then used to decrypt the encrypted software in real time on an instruction-by-instruction basis.
In a second embodiment, random sequences are generated using a random physical process and stored permanently in nonvolatile memory. The cryptographic algorithm in the preferred embodiment is not used. The second embodiment is not as secure as the preferred embodiment, but it is simpler to implement and provides a better level of security than the techniques used in the past.
In either embodiment, the encrypted software is not vulnerable to traditional forms of cryptanalysis since a copyist or reverse-engineer is denied physical and electronic access to the decryption function and its outputs.
The present invention overcomes the limitations of conventional systems while allowing the use of existing cryptographic algorithms with proven strength. It can protect sensitive software during distribution, storage, and use. Furthermore, the execution time of instructions is not affected, program branches are handled with ease, and complex physical protection techniques are not necessary.
The present invention may be used with any system that implements sensitive functions in embedded software, such as software embedded in cellular telephones, computer and network products, and air traffic control systems, for example.
The present invention may also be with technologically advanced software-intensive systems that require off-shore maintenance since off-shore access to the software in its encrypted form will not place that software at risk.