Advanced cryptography for software protection
Professor Steven Galbraith, The University of Auckland
Posted: Thu, 3 Nov 2016
Cryptography is the art of hiding information without interrupting the flow of communication. Once the domain of spies and armies, cryptography is now fundamentally important to all of us – for internet banking and shopping or app downloads, for example.
Modern-day cyberlife requires that software developers constantly try to keep ahead of the hackers. In seeking to protect their code against piracy, software developers ‘obfuscate’ their code to make it difficult for someone to see how it works. However, obfuscated code is the perfect place to hide malicious software (malware) – so how can we be sure that there are no demons lurking?
Professor Steven Galbraith and Associate Professor Giovanni Russello from the University of Auckland’s Mathematics Department have received a Marsden Fund grant to address the dilemma of being able to obfuscate code while providing assurance that it isn’t malware. They aim to develop mathematical and cryptographical tools that can satisfy both requirements simultaneously.
One challenge will be to develop practical obfuscation tools for mobile and web apps. Most reputable app stores inspect each app before it’s published, but the check can’t be used on obfuscated code. Also, code obfuscation hampers anti-virus software, meaning legitimate code can be wrongly flagged as malware.
The ultimate goals of this project are to develop obfuscation techniques to protect code in critical systems (like transport, banking, healthcare) from being tampered with, and to develop ‘verifiable’ obfuscation. This would allow an authorised party to verify that a code is safe, without having to view the original source code.
Total Funding: $590,000 (excl. GST) over 3 years
Researchers: Professor Steven Galbraith, Department of Mathematics, The University of Auckland, Private Bag 92019, Victoria Street West, Auckland 1142