Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Creating transformations for matrix obfuscation
Creating transformations for matrix obfuscation
Stephen Drape and Irina Voiculescu
Oxford University Computing Laboratory
August 2009
1 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
What is Obfuscation?
An obfuscation is:
a program transformation
used to make programs `harder to understand'
a technique for protecting intellectual property
not encryption
The area of obfuscation needs more research
2 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Two Important Papers
Christian Collberg, Clark Thomborson, and Douglas Low.
A taxonomy of obfuscating transformations.
Technical Report 148, Department of Computer Science, University of
Auckland, July 1997.
Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven
Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang.
On the (im)possibility of obfuscating programs.
In Proceedings of the 21st Annual International Cryptology Conference on
Advances in Cryptology, pages 1�18. Springer-Verlag, 2001.
3 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Attack models and static analysis
It is impossible to create obfuscations that could withstand all
possible attacks (such as static analyses).
Should aim to produce obfuscations designed to withstand
certain attacks � this is the attack model.
For example, restricting the usefulness of program slicing.
Our attack model assumes that the attacker is trying to prove
various program assertions.
4 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Obfuscation as data re�nement
Localised obfuscation:
obfuscate certain parts of the program, such as particularmethods or variables.
Data re�nement obfuscation:
obfuscate an abstract data-type(implicitly) obfuscate all the operations of the data-typespecify a set of assertions that the data-type operations satisfy(as part of the attack model)obfuscation makes these assertions `harder to prove'
5 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Obfuscation Equations
To obfuscate a data-type D into E using an obfuscation O, weneed an abstraction function af . For x :: D and y :: E:
x y ⇐⇒ (x = af (y)) ∧ dti(y)
An obfuscated function fO is correct with respect to f if it satis�es:
(∀x :: D; y :: E) x y ⇒ f(x) fO(y)
We can rewrite this as
f · af = af · fO
6 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Obfuscating matrices
Matrices are essential in solving systems of equations, wavelets,
graph theory, graphics.
The focus of this work is on obfuscating matrices through
changing the matrix elements
changing the pattern of the elements
Our work
studies one established obfuscation
develops a new obfuscation
shows how matrices can be used to obfuscate numbers
7 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Matrix Data-Type
∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣
Matrix (α)scale :: α→Matrix α→Matrix αadd :: Matrix α×Matrix α→Matrix α
transpose :: Matrix α→Matrix αmult :: Matrix α×Matrix α→Matrix α
transpose · transpose = idtranspose · (scale λ) = (scale λ) · transpose
transpose (mult(M,N)) = mult (transpose N, transpose M)add(M,N) = add(N,M)
We will take Matrix (α) to be Qr×c
8 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Splitting Matrices
Suppose that we want to split a matrix Mr×c into n matrices,
called the split components,
M 〈M0, . . . ,Mn−1〉sp
where Mi has size ri×ci for i : [0..n).
We can characterise a split sp by de�ning:
a choice function ch
a family F of injective functions where F = {ft}t:[0..n)
9 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
De�ning the splitting relationship
We de�ne the relationship between M and the split components
element-wise:
Mt(ft(i, j)) = M(i, j) where t = ch(i, j)
The abstraction function for some split component Mt is
af (Mt(i, j)) = M(ft−1(i, j))
where ft−1 · ft = id (which is valid as ft is injective).
10 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Example Split
We can de�ne a split, called the (k×k)-square split (denoted
by sk) by ensuring that the �rst component is a k × k matrix.
a(0,0) . . . a(0,k−1) a(0,k) . . . a(0,n−1)...
. . ....
.... . .
...
a(k−1,0) . . . a(k−1,k−1) a(k−1,k) . . . a(k−1,n−1)
a(k,0) . . . a(k,k−1) a(k,k) . . . a(k,n−1)...
. . ....
.... . .
...
a(n−1,0) . . . a(n−1,k−1) a(n−1,k) . . . a(n−1,n−1)
We will show the de�nitions of our matrix operations for this split.
11 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Operations for split matrices
If M 〈M0, . . . ,M3〉skand N 〈N0, . . . ,N3〉sk
then
scale λ M 〈scale λ M0, . . . , scale λ M3〉sk
add (M,N) 〈add (M0,N0), . . . , add (M3,N3)〉sk
MT 〈M0T ,M2
T ,M1T ,M3
T 〉sk
M ×N 〈(M0 ×N0) + (M1 ×N2),(M0 ×N1) + (M1 ×N3),(M2 ×N0) + (M3 ×N2),(M2 ×N1) + (M3 ×N3)〉sk
12 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Review of Splitting
The obfuscated operations have a similar complexity to the
original versions.
We can use matrix splitting as an array obfuscation.
It is hard to de�ne determinants and inverses for split
matrices.
The obfuscation changes the shape of the matrices but not the
actual matrix values.
13 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Polynomial bases
Matrix A1 y y2
1 1 0 2x 0 1 3x2 0 0 1
stores p(x, y) = x2y2 + 3xy2 + 2y2 + xy + 1
p(x, y) =(1 x x2
) 1 0 20 1 30 0 1
1yy2
= XAY
14 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Bernstein bases
Can change the basis of the linear transformation using Bernstein
polynomials Bnk (x) =
(nk
)xk(1− x)n−k, ∀x ∈ [0, 1], k = 0, . . . , n.
pB(x, y) =(B2
0(x) B21(x) B2
2(x))
C
B20(y)
B21(y)
B22(y)
=(1 x x2
) 1 0 0−2 2 01 −2 1
C
1 −2 10 2 −20 0 1
1yy2
= X U2 C V2 Y
15 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Bernstein obfuscation of matrices
Since
XAY = p(x, y) = pB(x, y) = XU2CV2Y
the Bernstein-form matrix corresponding to A =
1 0 2
0 1 3
0 0 1
is
C = U2−1AV2
−1 =
1 1 3
1 54 5
1 32 8
and can be used as an obfuscation of A.
16 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Operations for the Bernstein Obfuscation
For a matrix S with dim(S) = (a+ 1, b+ 1), and a matrix T,
it can be proved that
scaleB λ S = scale λ S
addB(S,T) = S + T
transposeB(S) = Ub−1 Vb
T ST UaT Va
−1
multB(S,T) = SVb Ub T
inverseB(S) = Ua−1 Va
−1 S−1 Ua− 1 Va
−1
detB(S) = det(Ua)× det(S)× det(Vb)
17 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Review of the Bernstein obfuscation
The obfuscated matrices have di�erent structure.
Determinants and inverses of matrices can be computed easily.
The scaling and addition operations are not obfuscated.
Any change of basis transformation would be suitable.
We can generalise to more than two dimensions, or to arrays.
There is an extra cost in computational complexity.
18 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Using matrices to obfuscate numbers
We can use matrices to obfuscate other data-types.
To obfuscate a rational number data-type which contains the
operations of addition, multiplication and reciprocal.
We need matrix operations plus, times and recip such that, for
rational numbers n and p, if n A and p C then
n + p plus(A,C) n × p times(A,C) n−1 recip(A)
19 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Using determinants
There are many ways in which to use matrices for the
obfuscation of rational numbers.
We show an obfuscation whose abstraction function is the
determinant.
We choose to obfuscate a number n by a 2× 2 matrix which
has 1 and n as eigenvalues.
Here is one possible transformation (where a ∈ Q):
n
(a b
(a−1)(n−a)b n+ 1− a
)where b 6= 0
20 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Obfuscated number operations
plus(
(a b
c d
),
(e f
g h
)) =
(a+ e− 1 bf
(a+e−2)(d+h−1)bf d+ h
)
times(
(a b
c d
),
(e f
g h
)) =
(a+ d)(e+ h) + 1 bf
−(a+d)(e+h)(a+d+e+h)bf 1− a− d− e− h
recip(
(a b
c d
)) =
d
a+d−1 b
(a−1)(d−1)
b(a+d−1)2a
a+d−1
21 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Evaluation of techniques
We have considered obfuscations at an appropriate level of
abstraction: we are not concerned with implementation details.
Our obfuscations can be evaluated against the assertion attack
model: our obfuscations make the assertions harder to prove.
To understand our matrix obfuscations, a human attacker
needs, e.g., familiarity with the Bernstein basis and with the
relationship between bi-variate polynomials and matrices.
We can combine obfuscations to create more complicated
obfuscations.
22 / 23
Creating transformations for matrix obfuscation
IntroductionSplittingBernstein BasesObfuscating numbersConclusions
Conclusions
The Bernstein obfuscation allows us to devise obfuscations for
a wider variety of matrix operations than matrix splitting did.
However the Bernstein obfuscation can adversely a�ect the
complexity of the matrix operations.
There is usually a trade-o� between the quality of the
obfuscations and their complexity.
Considering obfuscations at an abstract level creates the
opportunity to devise more general obfuscations.
23 / 23