WMW
  NEWS     ABOUT     PARTNERS     CONTACT  
  HELP
WATERMARKING
  • Biography
  • FAQ
MAILINGLIST
  • Management
  • Archive
CONFERENCES
  • Calls
BENCHMARKING
  • Stirmark
  • CheckMark
  • Optimark
BOOKS
LINKS
  • Companies
  • Research
  • Others
WEBRING
DISCLAIMER
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WM]: software watermarking

> Interstingly it is also possible for a program to print its own MD5 hash.
> ftp://quatramaran.ens.fr/pub/madore/misc/selfmd5.c
> Such a program cannot be altered without changing its functional program behaviour. This places limits on the power of software
> watermarking, tamperproofing and obfuscation as it shows they cannot be used on all programs.

Whether quines (and their variants such as selfmd5) place a limit on
what can be watermarked, tamper-proofed and obfuscated depends on how
you define "functional program behaviour".  In obfuscation/watermarking
literature, functional program behaviour is usually defined as the
observable behaviour or I/O relationship.  If we obfuscate/watermark the
binary of a quine (or selfmd5) - the IO relationship *is* maintained.
The program still takes no input and still prints out the same output it
did before obfuscation/watermarking. What may not be maintained is
intent - the program should print out its own source code or md5. (In
fact, in the particular case of selfmd5.c which prints out the checksum
of its source and not its binary, one could argue that intent was also
maintained.)

On the other hand, if we define this *intent* to be the functional
program behaviour - then selfmd5.c can still be transformed during
watermarking/obfuscation provided any additions are made both in the
body of the program and in data[] array that contains a copy of itself.

Whether this can be automated or not I cannot say - however the mere
existence of quines does NOT show that
obfuscation/watermarking/tamper-proofing is impossible for all programs
- under either definition of functional program behaviour.

Programs which query for their actual own source code or running image
are, I believe, a different matter.  But this is usually expressly
forbidden to quines.

Regards
Jasvir Nagra


> On Wed, 2004-12-08 at 11:08 +0000, Gonzo wrote:
> > embedding the hash into the software itself can be a solution, while 
> >keeping ping the hash unchanged after embedding.
> From reading the piece I don't believe it is possible to keep the hash of a file unchanged after adding to the file the value of the
> hash. It seems only possible to add a value to two files that hash to the same value and still have them hash to the same value.
> 	It is possible for a program to contain its hash, by fixed point reasoning.
> Interstingly it is also possible for a program to print its own MD5 hash.
> ftp://quatramaran.ens.fr/pub/madore/misc/selfmd5.c
> Such a program cannot be altered without changing its functional program behaviour. This places limits on the power of software
> watermarking, tamperproofing and obfuscation as it shows they cannot be used on all programs.
> 	Regards
> 	David Curran
> 
>  On Wed, 8 Dec 2004, Ersin Esen
> wrote:
> 
> >
> > regarding hashing, the following discussion can be interesting:
> >
> > http://developers.slashdot.org/developers/04/12/07/2019244.shtml?tid=9
> > 3&tid=172&tid=8
> >
> > embedding the hash into the software itself can be a solution, while keeping the hash unchanged after embedding.
> >
> > -ersin esen
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "mahdavi" <mahdavi@ec.iut.ac.ir>
> > To: <watermarking@watermarkingworld.org>
> > Cc: <watermarking-owner@watermarkingworld.org>
> > Sent: Monday, December 06, 2004 1:35 PM
> > Subject: Re: [WM]: software watermarking
> >
> >
> > > there must be a hash on your software on server. (eg an md5 hash).
> > whenever you want to verify file integrity you should calculate
> > > hash of your software and compare it to the hash on server.
> > >
> > > On Fri, 03 Dec 2004 16:51:58 +0100 (MET), 2630370 wrote
> > > > hello,
> > > >
> > > > i'm looking for techniques to produce software watermarking, i.e., 
> > > > a way any user can verify if an application or update downloaded 
> > > > from the internet really has been released by the right producer 
> > > > and has not been alterated.
> > > >
> > > > i would really appreciate any hint,
> > > >
> > > > thanks,
> > > > mh
> 

-- 
Jasvir Nagra
http://www.cs.auckland.ac.nz/~jas



______________________________________________________________________________

Watermarking Mailing List - http://www.watermarkingworld.org/ml.html
To unsubscribe send email to "majordomo@watermarkingworld.org" with
"unsubscribe watermarking YOURMAIL" in the body.
______________________________________________________________________________
© 2000-2002 by WatermarkingWorld
Design and Concept by Martin Kutter