Software diversification is one of the principal protection schemes behind whiteCryption SKB.
Software diversification is a method of altering an executable binary so that various instances of the same software, while providing identical functionality, to an attacker appear different and operate differently on the binary level. Software diversification confounds an attacker’s attempts to exploit information gained from one deployment to compromise other deployments. It is much harder to develop a universal cracking scheme for software instances that are diversified. Instead, each software instance must be cracked individually.
There are two levels of software diversification:
Data diversification. With this method, certain embedded data values referenced by the program code vary among different instances of the same application. For example, this data value could be a key that encrypts a database stored on a device, or that encrypts other keys imported into the application. If a hacker manages to extract the key from a particular application instance, he would not be able to use that key to decrypt the secrets of other application instances. To use data diversification, unique and “personalized” data values are injected into the binary image during code compilation or deployment.
Code diversification. Code diversification is a much more sophisticated and robust protection against class breaks (sometimes called “Break Once Run Everywhere (BORE) attacks”) than data diversification. By using this method, the binary instructions are different in separate instances, or in separate sets of instances. Code diversification is typically a result of applying in-house or vendor-supplied tamper-resistance techniques. This may include code obfuscation, instruction set randomization, integrity protection, anti-debug and anti-dumping techniques, code signing, or virtualization. In most cases, for the sake of performance and simplicity, it is enough to diversify just the sensitive parts of the program code (like the cryptographic routines), but in other cases, the protection can benefit from diversifying the entire executable.
The software diversification implemented in whiteCryption solutions provides both data and code diversity. Data diversity is achieved by means of an export key, which is a protected key embedded inside the code of every whiteCryption SKB package. The export key protects data exported out of the whiteCryption SKB environment. Only instances with the same export key can exchange secret data directly. Code diversity is provided such that each whiteCryption SKB instance or set of instances has a unique binary implementation, which makes it very difficult to develop a universal cracking scheme.
