1 / 10

Methods for Preventing Unauthorized Software Distribution

Methods for Preventing Unauthorized Software Distribution. Source: Computers & Security, Vol. 22, No. 4, pp316-321, 2003. Author: Mohammad Peyravian, Allen Roginsky and Nevenko Zunic Speaker: Chi-Nan Lin Date: 12/15/2004. Outline. Introduction The algorithm An alternate solution

cberlin
Download Presentation

Methods for Preventing Unauthorized Software Distribution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Methods for Preventing Unauthorized Software Distribution • Source: Computers & Security, Vol. 22, No. 4, pp316-321, 2003. • Author: Mohammad Peyravian, Allen Roginsky and Nevenko Zunic • Speaker: Chi-Nan Lin • Date: 12/15/2004

  2. Outline • Introduction • The algorithm • An alternate solution • A posibble solution • Crush recovery • Can privacy be guaranteed • Advantages of the proposed scheme

  3. Introduction • How the software vendor prevents unauthorized software installation? • Two kinds of offenders: • The average user • The sophisticated hacker

  4. The algorithm(1/2) Assume software P is sold on a disk or downloaded from the Internet. 1.Let P consists of two parts, P1 and P2. P1 can be run (unencrypted) while P2 is encrypted. 2.To do software installation, the buyer must have an Internet connection. Buyer runs P1 first: Vendor P1 P_id, S_no P_id: Product id S_no: Serial no K = A_new = H(S_no,A) P2' = DK(P2) check-> P_id, S_no : A A_new = H(S_no, A) store-> P_id, S_no : A_new A

  5. The algorithm(2/2) 3.P1 then runs P2' to finish the software installation. P2' then re-encrypt itself into P2_new with key K_new. K_new = H(S_no, K). P2_new = EK_new(P2') At no time will P2' be stored in the client's machine. 4.Now, the software P is ready for another round of installation. The vendor can decide how many installations are allowed for each (P_id, S_no). Note: Only P1 can decrypt and start execution of P2'. A session key could be generated first between P1 and vendor to secure the transmission of value A.

  6. An alternate solution • What happened if the software is sold on a read-only medium (ex., a CD-ROM)? • The buyer will have to store the software onto a read-write medium first. • The installation algorithm can then begin from the read-write medium.

  7. A possible solution • How to prevent the re-encryption of P2' be interrupted and hence the user get a copy of P2'? • P2 --> P2_1 + P2_2+ ... + P2_n • For P2_1: • DK(P2_1) -> P2_1' • Run P2_1' • EK_new(P2_1') -> P2_1_new • DK_new(P2_1_new) ?= P2_1' • Only if step 4 is true then proceeds to process P2_2, otherwise abort the installation. • The method continues until P2_n has finished.

  8. Crush recovery • What happened if a buyer's machine had crushed after software installation? • The buyer will have to keep the original software P (maybe in a CD). • The vendor will have to keep the original value A. • The buyer will have to report to the vendor to get approval to re-install the software from the original copy P. • The synchronization is then re-established. • How many crushes are allowed?

  9. Can privacy be guaranteed? • Yes or no. It depends on vendor's policy. • During the installation process, P1 could ask the buyer to enter personal information or collect the buyer's machine identification data. • Even nothing is collected the vendor can still control the total number of installations allowed for each copy of the software sold.

  10. Advantages of the proposed scheme • Client and server don't need any prior setup shared or public keys. • Simple, first and scalable. • No specialized hardware is required. • Relies on cryptographic hash function. • The secret keys used to encrypt/decrypt only distributed between software vendor and the recipient of a given software copy. • Use different key for every round of software installation.

More Related