A sensitive program, that is, one that is subject to attack/tampering, has certain data that's used during its operation that's considered sensitive. For example, after completion of a set of calculations within the software, a subroutine, out of a large set of subroutines in the program, needs to be activated. However, revealing which subroutine is to be activated may aid the attacker in subverting the operation of the software. In this case, the address of the subroutine is a valuable asset that needs to be protected. In another example, a video stream may need to be decrypted with a key. The key, therefore, constitutes a valuable asset that needs to be protected.
Existing software implementations lend themselves to varying degrees of static analysis. That is, once the attacker is able to extract the entire software load, they are able to prioritize and reverse engineer targeted components based on the functionality they wish to exploit. Because all of the important data variables are static, the attacker can simply read them from the reverse engineered code. Secrets that are embedded directly in the program like a function address and/or a decryption key are easily retrieved by an attacker.
The basic solution to this problem is to hide the sensitive data. A well-known way of doing this is via a “split secret” model, whereby the data is decomposed into two parts, each of which is useless on its own, but when combined, restore the original data.
Systems and methods disclosed herein provide method and system of hashing data for providing protection to sensitive data to obviate or mitigate at least some of the aforementioned disadvantages.