1994-07-08 - Re: Request: tamper-proofing executables

Header Data

From: Patrick G. Bridges <patrick@CS.MsState.Edu>
To: cypherpunks@toad.com
Message Hash: 5e731afc912779b0a041dbfc4a779696d2d93347f1d3f3cb3784ac0f1995b687
Message ID: <9407081849.AA02710@Walt.CS.MsState.Edu>
Reply To: <9407081655.AA29629@mis.nu.edu>
UTC Datetime: 1994-07-08 18:49:53 UTC
Raw Date: Fri, 8 Jul 94 11:49:53 PDT

Raw message

From: Patrick G. Bridges <patrick@CS.MsState.Edu>
Date: Fri, 8 Jul 94 11:49:53 PDT
To: cypherpunks@toad.com
Subject: Re: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <9407081849.AA02710@Walt.CS.MsState.Edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "MH" == Michael Handler <grendel@netaxs.com> writes:

    MH> On Fri, 8 Jul 1994, Dan Marner wrote:
    >> I would appreciate any pointers to documents, source code or
    >> programs that deal with using cryptographic techniques to
    >> detect or prevent modification of executable code. I am looking
    >> for something that uses either a signature or a one-way hash to
    >> detect modifications at run time.  Of particular interest is
    >> information on signing a file that includes the signature as
    >> part of the file. Is this possible with any of the common
    >> algorithms?

I wrote some code about six months ago to embed digital signatures
of each section of an executable in to the data section of a program
(a.out format executables). 

The program had several limitations that I know how to get around, 
but never did:
1. I only got as far signing the text section of the program
2. The signature didn't contain several important pieces of information
3. It used LUC for its algorithm, and I'd prefer to use PGP and RSAREF

Anyway, it some provides minimal security:
 If the signature is intact and verifies, you know exactly as much as
with a signed e-mail message: the author of the program (assuming you have
his public key) and that certain portions of the program haven't been 
tampered with. This is, of course useful information. I never got around
to writing the code that did verification at runtime, although it shouldn't 
be to bad: I embedded a symbol in the symbol table pointing to the signature.
I plan to try to clean it up this fall and make many changes...

    MH> I have yet to devise
    MH> or find a foolproof [ ;) ] or unbreakable protection
    MH> scheme. I'mm starting to think there's no such animal. What
    MH> you CAN do is protect your executables against file
    MH> corruption, viruses, and lame-0 hacker dudez.  

Well, it depends on what kind of protection you want. I think
foolproof runtime verification would be quite difficult, although I
still need to think about it... Any reasonable hacker would just
change most programs to jump around the verification routines. On the
other hand, I think that pre-runtime verification would be doable by a
separate program. Of course, then you have to trust that program, and
how do you verify that it hasn't been tampered with? A chicken and the egg 
problem, clearly... Let me think about it some more...

- -- 
*** Patrick G. Bridges  		patrick@CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLh2ffEoL7Aaetl5pAQEmgwP+LD90HEpuSJm2meXT1p1oTw4Y+7B4kyrj
+huFWDnnPycLmcAf8viLjP8TE5akZKydf+ZRT3Mh+YieoiVRlDgNNydPcN7me9FQ
745PLWsv9KbcvB2AbZrQLzjlCxSToCzJP2O5Vk2QAhYnuiEODc50ACF3Ek5tIDSU
k5ev1lpXUzY=
=nSUY
-----END PGP SIGNATURE-----





Thread