DARPA, Galois Launch Benchmark Challenges To Prevent Software ‘Reverse Engineering’
Galois today announced two benchmark challenges – sponsored by DARPA – that invite competitive submissions able to break the security of program obfuscation technology designed to prevent software ‘reverse engineering.’ The challenges are part of DARPA’s SafeWare program that funds research aimed to make software less susceptible to being hacked or compromised. The challenges are part of a recently awarded $5.6 million SafeWare contract to analyze the performance and security of program obfuscation techniques.
Today, it is relatively easy to reverse engineer software – requiring no more than a basic static analysis tool, a compiler and modest effort to de-obfuscate code that has been obfuscated with the best current (non-cryptographic) methods. The DARPA SafeWare Program aims to develop obfuscation technology that uses cryptographic methods to render the intellectual property in software incomprehensible to a reverse engineer, yet allow the code to otherwise compile and run normally.
Galois invites submissions for these two benchmarks. One implements order-revealing encryption (ORE). The other implements point-function obfuscation. Each benchmark uses cryptographic multi-linear maps for security. The open-source 5Gen framework, described in a paper this year at the 2016 CCS conference, was used to create these benchmarks.
Submissions will use existing theory or novel approaches to demonstrate breaks in the security of one or more of the benchmarks. Competitive entries will achieve a certain degree of demonstrable security compromise with the good computational efficiency. Both the team that submits the first competitive entry for each benchmark, and the team that submits the most computationally efficient competitive entry, will be declared winners for that benchmark.
Those interested in participating in the benchmark should email email@example.com to request the ciphertexts to be cryptanalyzed. You may also email us with the required submission information once you have developed a break. For additional information on the challenge, visit the challenges’ site here.
The SafeWare benchmark is a component of the award from DARPA to the SafeWare Test, Assessment, Research Prototype, Infrastructure, and Literature Overview Team (STARPILOT) led by Galois that also includes the University of Bristol, UCLA, and Invincea. In addition to developing benchmarks and applications of cryptographic program obfuscation, STARPILOT is tasked to evaluate progress in program obfuscation research by other performers in SafeWare, and keep those performers informed about progress in Program Obfuscation beyond SafeWare.
“Research developments in advanced cryptography areas such as program obfuscation are seldom partnered with practical analysis of performance and security of those advances,” said Dr. Dave Archer, Principal Researcher at Galois, Inc. and leader of the STARPILOT effort. “We are thrilled to play the role of characterizing that performance and security, and providing platforms on which to demonstrate practical implementations of program obfuscation. These benchmark challenges and the STARPILOT project will support efforts to provide provably-secure protection of sensitive intellectual property and algorithmic information in software that is vulnerable to theft or malicious alteration.”
For additional information on this project, visit https://galois.com/project/STARPILOT.
Galois has been performing computer science research and development since 1999. With many of the world’s foremost experts in computer science and mathematics and a world-class team of programmers and engineers, Galois is uniquely positioned to take on the world’s most difficult challenges in computer science. Galois is a trusted partner in the defense and intelligence industries, proving the feasibility of cutting edge research as it applies to critical systems. Technology companies turn to Galois to build reliability, safety and security into their product development efforts from day one. For additional information, visit http://www.galois.com.