JP5407585B2 - Program code encryption apparatus and program - Google Patents

Description

  The present invention relates to a program code encryption apparatus and a program.

  To conceal the secrets contained in the program code or prevent the program code from being tampered with, a part of the program code stored in a hard disk or ROM (read-only memory) is encrypted. Has been done. In this system, a method is adopted in which the portion is decrypted between the time when the program code is activated and the encrypted portion is executed, and the decrypted portion is executed.

JP 58-116571 A JP 61-94146 A JP-A 61-278934 JP 62-66328 A JP-A-63-240629 JP-A-5-333776 JP-A-8-305558 JP 2000-148939 A JP 2000-347852 A

  An object of the present invention is to prevent a program code to be encrypted from being restored by an attack that destroys and executes a part of an encrypted program code.

According to the first aspect of the present invention, there is provided a first encryption method in which each unit of a program code to be encrypted causes a decryption error to occur in all units after that unit when a decryption error occurs in a certain unit in the encryption result. The first encryption means for encrypting in the first direction and each unit of the encryption result of the program code by the first encryption means into a unit in the encryption result Second encryption means for encrypting in a second direction opposite to the first direction, using a second encryption method in which a decryption error occurs in all units after the unit when an error occurs; The second encryption means encrypts the encryption parameter used for encryption of the first encryption means together with the encryption result of the program code by the first encryption means. , dark program code, characterized in that It is an apparatus.

The invention according to claim 2, wherein the first encryption method and the second encryption method is a program code encryption device according to claim 1, characterized in that the same encryption method.

According to a third aspect of the present invention, when a decryption error occurs in each unit of the program code to be encrypted in a certain unit in the encryption result, the decryption error occurs in all the units after that unit. The first encryption means for encrypting in the first direction by using the encryption method, and each unit of the encryption result of the program code by the first encryption means is a unit in the encryption result Second encryption that encrypts in a second direction opposite to the first direction, using a second encryption method in which a decryption error occurs in all units after that unit when a decryption error occurs means, I program der to function as, the second encryption means, said program according to claim 1, wherein the encryption parameter used to encrypt the encryption means of the first encryption means Along with the code encryption result To-coding, a program, characterized in that.

In the configuration of the reference example, when a decryption error occurs in a certain unit in the encryption result, encryption is performed in the first direction using the first encryption method in which the decryption error occurs in all the units after that unit. The first direction is determined by using the second encryption method in which when a decryption error occurs in a certain unit in the encryption result with respect to the encryption result, a decryption error occurs in all the units after the unit. A process for decrypting the encrypted program code encrypted in the second direction in the reverse direction and the encrypted program code in the second direction using the second encryption method; A first decryption program code to be executed by the computer, and a decryption result of the encrypted program code obtained by causing the computer to execute the first decryption program code, And a second decoding program code for causing the computer to execute a process for decoding in the first direction using a signal method, and causing the computer to execute the second decoding program code The decrypted result of the encrypted program code obtained is executed by the computer.

The configuration of the reference example is an encryption means for encrypting plaintext in order by a predetermined unit using an encryption method in which when a decryption error occurs in a unit in the ciphertext, a decryption error occurs in all the units after that unit. And encryption control means for controlling the encryption means to encrypt the program code so that each unit of the program code to be encrypted is encrypted at least once in the forward direction and in the reverse direction. And a program code encryption device.

The configuration of the reference example encrypts the plaintext in order by a predetermined unit using an encryption method in which when a decryption error occurs in a unit in the ciphertext, a decryption error occurs in all the units after that unit. Encryption means, encryption for controlling the encryption means to encrypt the program code so that each unit of the program code to be encrypted is encrypted at least once in the forward direction and in the reverse direction. It is a program for functioning as control means.

The invention according to claim 1 or 3 provides an encryption device capable of preventing the program code to be encrypted from being restored by an attack that destroys and executes a part of the encrypted program code. Can do.

Further , without providing a special step of encrypting the encryption parameter, it is possible to improve the confidentiality as compared with the case where the encryption parameter used for encryption of the first encryption unit is kept in plain text.

According to the second aspect of the present invention, the device mounting size (for example, the number of circuits or the number of program codes) is smaller than when the first encryption unit and the second encryption unit use different encryption methods. can do.

According to the configuration of the reference example, it is possible to prevent the program code to be encrypted from being restored by an attack in which a part of the encrypted program code is destroyed and executed.

According to the configuration of the reference example, it is possible to prevent the program code to be encrypted from being restored by an attack that destroys and executes a part of the encrypted program code.

It is a figure for demonstrating that a plaintext program code may be deciphered in the conventional block cipher or stream cipher. It is a figure which shows an example of schematic structure of the encryption apparatus of embodiment. It is a figure for demonstrating the concept of the encryption of embodiment. It is a figure for demonstrating the mechanism by which the whole code | cord | chord is destroyed when the program code by which encryption of embodiment was performed is decoded. It is a figure for demonstrating the encryption process of PCBC mode. It is a figure for demonstrating the decoding process of PCBC mode. It is a figure which shows the example of the data structure of the program file containing the program code encrypted by the encryption apparatus of embodiment, and the code for decoding it. It is a figure for demonstrating the example which conceals the parameter of the encryption about one direction by the encryption about another direction. It is a figure which shows another example of schematic structure of the encryption apparatus of embodiment.

  In general, since encryption algorithms target data of various sizes, block ciphers and stream ciphers are often used because of their ease of design and implementation. However, even if the code is encrypted and protected, if part of the encrypted and protected program code is destroyed and executed, only the broken block is decrypted with the block cipher and only the broken bit is decrypted with the stream cipher. Will fail, but the other parts will be successfully decoded.

  For example, in the block cipher CBC (Cipher Block Chaining) mode, when a part of the encrypted code 10 is intentionally destroyed (FIG. 1 (a)), the destroyed block 12 and then decrypted The block to be decoded cannot be correctly decoded, but the correct plaintext is decoded in the block group 14 before and the block group 16 after the destroyed block in the direction in which decoding proceeds ((b) in FIG. 1). This is because, in the CBC mode, as is well known, the ciphertext block to be decrypted affects only the block and the next block.

  Thus, when the code of the decoding result in which decoding has partially failed is executed, after the correctly decoded block group 14 is correctly executed, the program runs away at the destroyed portion 12 and temporarily stops. When the memory is viewed at the time of the suspension, the decoded code can be read except for the broken portion 12 ((c) of FIG. 1). If such a process is performed a plurality of times while changing the destruction location, it is also possible to obtain all the correct plaintext codes.

  The program runaway and suspension in the above flow are due to the function of the operating system. Therefore, an attack using the above-described property cannot be prevented even if a configuration for preventing program execution on the debugger using the debugger detection technique is adopted.

  In response to such an attack, in this embodiment, when a decryption error occurs in a certain unit in the encryption result, a plaintext program code is generated by an encryption method (encryption algorithm) in which a decryption error occurs in all the units after that unit. Is addressed by encrypting in both forward and reverse directions. The “unit” here is a block when the block encryption method is used, and is a bit or a byte when the stream encryption method is used.

  An example of the encryption apparatus according to the embodiment is shown in FIG. In this example, the encryption device includes a reverse encryption unit 20 and a forward encryption unit 22. The reverse encryption unit 20 encrypts the program to be encrypted in the reverse order of the code sequence in the program, that is, from the end to the top of the program (hereinafter, the direction of encryption). Is called the reverse direction). On the other hand, the forward encryption unit 22 encrypts the program to be encrypted in the same order as the code sequence in the program (hereinafter referred to as the forward direction). Here, both the reverse encryption unit 20 and the forward encryption unit 22 are encryptions in which when a decryption error occurs in a certain unit in the encryption result, a decryption error occurs in all the units after that unit. Encrypt using the method.

  The flow of encryption processing by this encryption apparatus will be described with reference to FIG. In this embodiment, as an example, first, (a) a plaintext program code (hereinafter abbreviated as plaintext code) 30 to be encrypted is converted into (b) a reverse encryption unit 20 and the code 30 is reversed. Encrypt. Next, (c) the code 32 encrypted in the reverse direction obtained as a result of the reverse encryption process is encrypted in the forward direction by (d) the forward encryption unit 22. By such processing, (e) the code 34 encrypted in both the forward and reverse directions is obtained.

  Note that the encryption method used by the reverse encryption unit 20 and the encryption method used by the forward encryption unit 22 are decrypted in all units after the unit when a decryption error occurs in a unit in the encryption result. As long as they have the property of causing errors, the same method or different methods may be used. When the reverse encryption unit 20 and the forward encryption unit 22 use the same encryption method, parameters such as a key (or key seed) or initial vector used for encryption are The same thing may be used and a different thing may be used.

  When the code 34 encrypted in both directions created by the encryption apparatus as described above is to be executed on the computer, it may be decrypted by a process reverse to the encryption process. That is, the encrypted code 34 is first decrypted in the forward direction by the encryption method of the forward encryption unit 22 (more precisely, by the decryption process procedure corresponding to the encryption process procedure of the forward encryption unit 22). After that, the decryption result may be decrypted in the reverse direction by the encryption method of the reverse encryption unit 20.

  With reference to FIG. 4, it will be described that the entire program code cannot be correctly decrypted if a part of the code 34 encrypted in both directions is broken.

  (A) When part of the code 34 encrypted in both directions is destroyed and decrypted in the forward direction by the encryption method of the forward encryption unit 22, the part 36 from the beginning of the code 34 to the destroyed part is correctly decrypted. However, (b) the portion 38 after the portion destroyed in the forward direction is not correctly decoded and is in a destroyed state. This is because the encryption method used for forward encryption is a method in which a decoding error occurs in all units after the unit in which the decoding error has occurred. Then, when such a forward decryption result is decrypted in the reverse direction by the encryption method of the reverse encryption unit 20, the part 36 correctly decrypted by the forward decryption is compared with that part by the reverse decryption. It is destroyed due to the influence of the destroyed part 39 located in front (that is, an erroneous decoding result is obtained). Thus, the decryption result of the entire program code 39 is destroyed.

  In the above example, encryption is performed first in the reverse direction and then in the forward direction, but this is only an example. Alternatively, it may be encrypted first in the forward direction and then in the reverse direction. In this case, on the decoding side, the decoding may be performed first in the reverse direction and then in the forward direction.

  In the above example, when a decryption error occurs in a unit in the encryption result, a decryption error occurs in all the units after that unit. For example, a block cipher PCBC (Propagating CBC) mode is used. Use it. In the PCBC mode, as shown in FIG. 5, the exclusive OR (XOR) of the plaintext first block PB1 to be encrypted and the initial vector IV is calculated, and an encryption operation E using the key K is performed on the calculation result. Apply. As a result, a ciphertext block CB1 which is an encryption result of the head plaintext block PB1 is obtained. Next, an exclusive OR of the ciphertext block CB1 and the original plaintext block PB1 and an exclusive OR of the next plaintext block PB2 are obtained, and an encryption operation E using the key K is performed on the result. Thus, the encryption result CB2 for the second plaintext block PB2 is obtained. Thereafter, as in the case of the block PB2, the process of performing the encryption operation after reflecting the plaintext of one block and the encryption result in the plaintext of the next block is repeated.

  The decryption process in the PCBC mode is the reverse process of the above encryption. That is, as shown in FIG. 6, a decryption operation D that is an inverse operation of the encryption operation E is performed on the first block CB1 of the ciphertext using the key K, and the result of the decryption operation and the initial vector IV The plaintext block PB1 is obtained by taking the exclusive OR. Next, the exclusive plain OR of the ciphertext block CB1 and the plaintext block PB1 of the decryption result is exclusive ORed with the decryption result of the second ciphertext block CB2, thereby restoring the second plaintext block PB2. To do. Thereafter, the same processing is performed to sequentially obtain the decoding results of each block.

  As can be seen from the above description, when the PCBC mode is used, when a block having a ciphertext is destroyed, the plaintext of the decryption result of that block becomes incorrect, and the error is transferred to the decryption result of each subsequent block. It will propagate one after another. Therefore, in the PCBC mode, if there is an error in a block having a ciphertext block, all the decryption results after that block are erroneous in principle.

  The PCBC mode is merely an example of an encryption method in which when a decryption error occurs in a certain unit in the encryption result, the decryption error occurs in all the units after that unit. In the PCBC mode, the plaintext block of the decryption result of a ciphertext block is applied to the result of the decryption operation D of the next block. Instead, the plaintext block of the decryption result is converted to the ciphertext block of the next block in decryption. You may use the encryption system which makes an effect | action (for example, taking the exclusive OR of both). In this encryption method, at the time of encryption, cryptographic operation is performed on the operation result (for example, exclusive OR) of the target plaintext block and the encryption result of the previous block, and the operation result and the plaintext of the previous block are A ciphertext block is obtained by performing an operation (for example, an exclusive OR operation).

  Further, as the encryption method of this embodiment, an encryption method in which the encryption key used for a certain block is affected by the plaintext block of the immediately preceding block may be used. In this method, the key used when decrypting a certain block is affected by the plaintext of the decryption result of the previous block. Therefore, if the ciphertext of the previous block is destroyed, the plaintext of the decryption result also has an incorrect value, and the key of the current block affected by the incorrect plaintext also has an incorrect value. Therefore, the decoding result of the current block becomes an error. In this way, if any block of ciphertext is destroyed, both the decryption result and the key of the subsequent block will be wrong, so the ciphertext of the subsequent block is not destroyed. However, the decoding result of those blocks becomes an error.

  What has been exemplified above as an encryption method used in the encryption device of the embodiment is an encryption method in which plaintext is chained so that block encryption and decryption are affected by the plaintext of the previous block. . However, the encryption method used in this embodiment is not limited to such a plaintext chain method. In addition to this, for example, an encryption method may be used in which a key used for encryption and decryption of a certain block is obtained as a calculation result of a key for the previous block and the ciphertext or plaintext of the previous block. Even in this method, if there is an error in the ciphertext of a certain block, the key for decoding the next block becomes an incorrect value, and the error propagates to the key for each subsequent block. The decoding result of each block is erroneous in principle.

  Next, an example of the program file 100 including the program code to be encrypted will be described with reference to FIG. When this program file 100 is executed, it first decrypts the encrypted program contained therein and executes the decrypted program.

  The program file 100 is an object file format file, for example, and includes an object header 110, a code section 120, and a data section 130.

  The object header 110 is a section describing header information of the program file 100. The code section 120 is a section including program code executed by the computer. This section can be written, read and executed. The program code 126 to be encrypted is also included in the code section 120. The data section 130 is a section including data used in the execution of the program code.

  In this example, the code section 120 includes a decryption range acquisition code 121, a forward decryption key generation code 122, a forward decryption code 123, a reverse decryption key generation code 124, a reverse decryption code 125, and a program code to be encrypted. 126 is included. The decoding range acquisition code 121 acquires information specifying a range to be decoded in the code section 120. The forward decryption key generation code 122 generates a key used for forward decryption. The forward decryption code 123 decrypts the encrypted program code in the forward direction by the encryption method used for forward encryption in the above-described encryption apparatus. The backward decryption key generation code 124 generates a key used for backward decryption. The reverse direction decryption code 125 decrypts the decryption result of the forward direction decryption code 123 in the reverse direction by the encryption method used for the reverse direction encryption in the above-described encryption apparatus.

  Further, the data section 130 includes encryption range information indicating a range in which the program code 126 to be encrypted is included in the code section 120, and parameters (for example, an initial vector IV and a key seed (seed) used for the encryption operation. )), And padding information added to make the data size of the program code 126 to be encrypted an integral multiple of the block size. These values may be obtained when the program code 126 to be encrypted is encrypted by the encryption apparatus of this embodiment.

  The program creator creates the program file 100 having the structure illustrated in FIG. 7, and encrypts the portion of the program code 126 to be encrypted in both the forward and reverse directions using the encryption apparatus of this embodiment. To do. Then, the program file 100 including the encrypted program code 126 is provided to the user.

  When the program file 100 is called on the user's computer, the computer executes the codes 121 to 126 included in the code section 120 in order from the top in accordance with the arrangement order. That is, the computer first executes the decryption range acquisition code 121 and specifies the range to be decrypted in the code section 120 based on the encryption range information of the data section 130. Next, the forward decryption key generation code 122 is executed to generate a forward decryption key using the key seed of the data section 130. Next, the computer executes the forward decryption code 123 to decrypt the encrypted program code 126 in the forward direction in order from the top using the decryption key. The result of this decryption is overwritten on the encrypted program code 126 in the code section 120. Next, the computer executes the reverse decryption key generation code 124, generates a reverse decryption key using the key seed of the data section 130, and further executes the reverse decryption code 125, thereby decrypting the decryption key. Using the key, the forward decryption result is decrypted in the reverse direction from the tail to the head. As a result of this decryption, that is, the plain text program code is overwritten in the area of the encrypted program code 126 in the code section 120.

  When the execution of the reverse-direction decryption code 125 is completed in this way, the computer executes the plaintext program code in the area of the next program code 126 to be encrypted. As a result, the process described in the program code 126 to be encrypted is executed.

  Note that the program file 100 may include a code for instructing processing for deleting the plaintext program code from the memory after the execution of the plaintext program code as the decryption result is completed.

  In the example described with reference to FIG. 7, the same parameters (for example, key seed and initial vector) are used for backward and forward encryption, but these parameters may be different values for each direction. In this case, the parameter used for the encryption in the direction to be executed first out of the encryption in the forward direction and the reverse direction may be encrypted by the encryption process in the direction to be executed later. In this case, as illustrated in FIG. 8, the parameter 40 for reverse encryption is arranged in the code section 120, for example, next to the program code 126 to be encrypted (that is, the plaintext code 30). Then, when performing encryption in the reverse direction, the encryption device refers to the parameter 40 and executes encryption. In the data section 130, a forward encryption parameter 45 is placed. When the encryption device encrypts the code 32 encrypted in the reverse direction in the forward direction, the encryption device also encrypts the range of the reverse encryption parameter 40 that follows the code 32. The code 36 thus encrypted in both directions includes a reverse encryption parameter 40. Thus, in this embodiment, the range to be encrypted may be different for each direction.

  The encryption device exemplified above includes the reverse encryption unit 20 and the forward encryption unit 22 as shown in FIG. 1, but the same encryption method is used in the reverse direction and the forward direction. May share both encryption calculation parts. An example of the configuration of the encryption apparatus in this case is shown in FIG. In this example, the encryption device includes an encryption unit 24 and an encryption control unit 26. The encryption unit 24 causes a decryption error to occur in all units after the unit when a decryption error occurs in a certain unit in the encryption result of the data to be encrypted input from the encryption control unit 26. Encrypt by encryption method. The encryption control unit 26 supplies each block of the plaintext program code to be encrypted to the encryption unit 24 in order along one of the forward and reverse directions (referred to as the first direction). And make it encrypt. Next, the encryption control unit 26 supplies each block of the encryption result in the first direction to the encryption unit 24 in order along the second direction opposite to the first direction, and performs encryption. Let Even with such a configuration, encryption results in both directions similar to the example of FIG. 1 are generated.

  In the above, the encryption is performed once in each of the forward and reverse directions, but it is not limited to once. In order to realize the destruction of the decryption result as described with reference to FIG. 4, it is only necessary that the encryption target block is encrypted at least once in each forward and reverse direction.

  In the above description, the block cipher method is taken as an example, but a similar method may be applied to the stream cipher method. In the block encryption method, the encryption unit is a block, but in the stream encryption method, the encryption unit is bits or bytes.

  In one example, the encryption apparatus exemplified above is realized by causing a general-purpose computer to execute a program representing the above-described processing. Here, for example, the computer passes through a microprocessor such as a CPU, a memory (primary storage) such as a random access memory (RAM) and a read only memory (ROM), and an HDD (hard disk drive) controller as hardware. The connected HDDs, various I / O (input / output) interfaces, and the like have a circuit configuration connected via a bus. A network interface for connecting to a network such as a local area network may be connected to the bus. Also, portable non-volatile recording of various standards such as a disk drive and a flash memory for reading and / or writing to a portable disk recording medium such as a CD or a DVD via the I / O interface, for example. A memory reader / writer or the like for reading from and / or writing to a medium may be connected. A program in which the processing contents of each functional module exemplified above are described is stored in a fixed storage device such as a hard disk drive via a recording medium such as a CD or DVD, or via a communication means such as a network, and stored in a computer. Installed. The installed program is read into the RAM and executed by a microprocessor such as a CPU, thereby realizing the functions of the apparatus exemplified above.

  20 Reverse encryption part, 22 Forward encryption part, 30 Plain text code, 32 Code encrypted in reverse direction, 34 Code encrypted in both directions.

Claims (3)

Using the first encryption method in which each unit of the program code to be encrypted has a decryption error in all units after the unit when a decryption error occurs in a certain unit in the encryption result, the first direction A first encryption means for encrypting,
A second cipher in which each unit of the encryption result of the program code by the first encryption means causes a decryption error in all units after the unit when a decryption error occurs in a certain unit in the encryption result Second encryption means for encrypting in a second direction opposite to the first direction using a method;
Equipped with a,
The second encryption means encrypts an encryption parameter used for encryption of the first encryption means together with an encryption result of the program code by the first encryption means. A program code encryption device. The program code encryption apparatus according to claim 1 , wherein the first encryption method and the second encryption method are the same encryption method. Computer
Using the first encryption method in which each unit of the program code to be encrypted has a decryption error in all units after the unit when a decryption error occurs in a certain unit in the encryption result, the first direction A first encryption means for encrypting,
A second cipher in which each unit of the encryption result of the program code by the first encryption means causes a decryption error in all units after the unit when a decryption error occurs in a certain unit in the encryption result Second encryption means for encrypting in a second direction opposite to the first direction, using a scheme;
A program for functioning as,
The second encryption means encrypts an encryption parameter used for encryption of the first encryption means together with an encryption result of the program code by the first encryption means. Program .

Images