Semi-fragile digital watermarks based on Fourier spectrum

Digital watermarks are used for detection unauthorized edition of executable files by malicious programs. A property called “fragile” provides its distortion after minor changes in a program. The watermark presence and correctness controlled by endpoint user, which is obviously interested in software integrity. Semi-fragile DWM distorts when changing the program more than the set threshold. According to proposed method a program is considered as a container with digital signal that can be recovered from its samples (program commands). Any changes in the program code inevitably change the signal spectrum. During the analysis of modified program it was founded some distortion of the original signal: changing phases and amplitudes of some harmonics. The proposed approach allows to reveal not only the fact of modification, but also an amount of added code.

1. Dyer J. G., et al. Building the IBM 4758 secure coprocessor // IEEE Computer. 2001. V. 34, № 10. P. 57–66.

2. Smith S. W., Weingart S. Building a high-performance, programmable secure coprocessor // Computer Networks. 1999. V. 31, № 8. P. 831–860.

3. Rajan H., Hosamani M. Tisa: Toward trustworthy services in a service-oriented architecture // IEEE Transactions on Services Computing. 2008. V. 1, № 4. P. 201–213.

4. Qiu J., et al. Identifying and Understanding Self-Checksumming // Defenses in Software. 2015. P. 207–218.

5. Junod P., et al. Obfuscator-LLVM software protection for the masses // 2015 IEEE/ACM 1st International Workshop on Software Protection. 2015. P. 3–9.

6. Gautam P., Saini H. A Novel Software Protection Approach for Code Obfuscation to Enhance Software Security // International Journal of Mobile Computing and Multimedia Communications (IJMCMC). 2017. V. 8, № 1. С. 34–47.

7. Schrittwieser S. et al. Protecting software through obfuscation: Can it keep pace with progress in code analysis? // ACM Computing Surveys (CSUR). 2016. V. 49, № 1. P. 4.

8. Официальный сайт программы UPX [Электронный ресурс]. URL: https://upx.github.io/ (дата обращения: 24.03.2019).

9. Touili T., Ye X. Reachability Analysis of Self Modifying Code // 2017 22nd International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE. 2017. P. 120–127.

10. Chen Z., Wang Z., Jia C. Semantic-integrated software watermarking with tamper-proofing // Multimedia Tools and Applications. 2018. V. 77, № 9. P. 11159–11178.

11. Balachandran V., Emmanuel S. Potent and Stealthy Control Flow Obfuscation by Stack Based Self-Modifying Code // IEEE Transactions on Information Forensics and Security. 2013. V. 8, № 4. P. 669–681.

12. Chen Y., et al. Oblivious hashing: A stealthy software integrity verification primitive // International Workshop on Information Hiding. Springer. 2002. P. 400–414.

13. Jacob M., Jakubowski M. H., Venkatesan R. Towards integral binary execution: Implementing oblivious hashing using overlapped instruction encodings // Proceedings of the 9th Workshop on Multimedia & security. ACM. 2007. P. 129–140.

14. Официальный сайт программы IDA Pro Free [Электронный ресурс]. URL: https://www.hex-rays.com/products/ida/index.shtml (дата обращения: 24.03.2019).

15. Benedicks M. On Fourier transforms of functions supported on a set of finite Lebesgue measure // Journal of Mathematical Analysis and Applications. V. 106. 1985. P. 180–183.

16. X86 Opcode and Instruction Reference [Электронный ресурс]. URL: http://ref.x86asm.net/coder32.html(дата обращения: 06.05.2019).

17. Vijayvargiya A. Writing Windows Debugger – Part 2 [Электронный ресурс]. URL: https://www.codeproject.com/Articles/132742/Writing-Windows-DebuggerPart-3 (дата обращения: 06.05.2019).