The signature myth
“I use standard certificates so I’m safe.” The only safe thing to say about this statement is that one cannot safely say if it’s true as it fails to look at threat scenarios such as “safe for whom” and “safe from what.” The use of standard signatures and certificates with emails, for example, can be regarded as safe if the verifier is trustworthy. In the case of software protection, however, signatures and certificates often give a false sense of safety. And this is where CodeMeter proves to be invaluable. In addition to the above mechanisms, it also uses concealment and disguise to deal with the unsafe environment in which verification takes place.
A signature verifies that the software hasn‘t been modified and guarantees the identity of the publisher.
What is a signature?
A signature is a person‘s name written in a distinctive form to identify that person. Another person uses suitable methods to verify the name. Signatures are implemented using asymmetrical cryptography.
Asymmetric cryptography is based on two keys: a private key and a public key. As the names imply, the private key should be kept secret, while the public key can be accessed by anybody.
Let‘s look at how to send emails safely. Both the sender and recipient have their own pair of keys. Each knows the other‘s public key. If I want to be sure nobody other than the intended recipient can read my message, I encrypt it with the recipient‘s public key. The message can then only be decrypted by the recipient using his private key. If the recipient wants to be sure the message really is from me and that it hasn‘t been tampered with, I sign it with my private key. Any recipient who has my public key can verify that I sent the message.
Of course, it is also possible to combine the two methods (i.e., to both sign and encrypt the message). The above description greatly simplifies the process as, in practice, a hash value must be generated prior to signing the email and a hybrid scheme comprising symmetric and asymmetric encryption is used for the encryption. The basic concepts still apply though.
A matter of trust
As explained above, the public key is not secret. It can be passed on to and used by anyone, for example, to secretly send me something or to verify my signature. But how does my email partner know for certain my public key is really mine and not somebody else‘s?
This is the central issue with asymmetric cryptography. Now we need to look at certificates. Someone who knows me or to whom I can prove my identity issues me a certificate. This certificate contains my name, public key and period of validity. My email partner is now able to verify my public key. But wait, how does he know my certificate is genuine? He can only be sure if he has the public key of the person who issued me the certificate. And so you see, we start going round in circles: for who certifies the certifier?
No matter how long the certificate chain is, at the end of the day I have to trust someone or something, for example, a root certificate. Computer operating systems usually contain one or two root certificates from certification authorities. For a closed system such as the iPhone or a games console, the root certificate is the equipment manufacturer‘s certificate.
Who verifies the signature?
Just because signatures and certificates exist, it doesn‘t mean they protect you. If you think you can leave protection to the operating system (Windows, Mac OS), you‘re mistaken. Signature and certificate verification in operating systems has only been designed to keep you safe from malware such as viruses and worms. It doesn‘t stop you running software with an invalid signature or a missing signature, if you decide to ignore the warnings. Although a signature exists, it won‘t protect your software from being tampered with or illegally copied.
Windows provides you with an API to verify the signature of an application (exe or dll). You verify the existence of a signature, its validity and whether you issued it yourself. At first, this sounds good but it has two drawbacks. First, signature verification is implemented as a yes/no decision in your software which can be manipulated by a hacker. Second, you are asking the operating system to verify the signature and it is precisely this operating system which is controlled by the hacker, who can decide how to respond to your request. This is a generic hack of the signature API. Verification of a standard signature and certificate using operating system tools might be relatively simple for beginners to implement but it doesn‘t effectively protect your software from tampering and piracy.
CodeMeter is the solution
CodeMeter also uses signatures according to the book (i.e., as a software vendor), you safely store your private key in your FSB (Firm Security Box or master dongle). When you protect your software using AxProtector, it automatically signs your software with your key. The verification methods and your public key are hidden at various locations in your software.
The signature is verified every time your application starts. Verification takes place at several locations in your software. This renders it impossible to externally simulate the software and tamper with even a single byte of it. CodeMeter provides full protection of your software by integrating signature verification into its general anti-piracy mechanism.
From a safety point of view, an approved standard method is always better than an individual proprietary one. The validity of this statement remains unquestionable as long as the standard method is deployed within the scope of its defined configuration. And this is precisely the problem with using signatures to protect software: one of the fundamental parameters cannot be fulfilled (i.e. a desktop PC is unable to verify whether the certifier can be trusted).
As a consequence, CodeMeter relies on a healthy mix of standard methods and proprietary technologies to safely protect your software from every threat scenario, not only in the areas of integrity protection and anti-piracy protection but also in the PC world of your customer.
CodeMeter and VxWorks
CodeMeter protection methods are already safely integrated into the VxWorks operating system. CodeMeter fully protects the whole operating system so that software can only be downloaded from approved partners of the equipment manufacturer.
KEYnote 24 – Edition Fall 2012