Obfuscation using Encryption

TL;DR

This paper introduces a source code obfuscation method that uses encryption and misleading statements to enhance confidentiality, balancing security and performance, and validated through programmer testing and code analysis.

Contribution

It presents a novel obfuscation technique combining encrypted selector variables with misleading code statements, improving source code confidentiality beyond traditional methods.

Findings

Effective preservation of source code confidentiality

Successful evaluation with programmers and code pattern analysis

Adjustable security-performance trade-offs achieved

Abstract

Protecting source code against reverse engineering and theft is an important problem. The goal is to carry out computations using confidential algorithms on an untrusted party while ensuring confidentiality of algorithms. This problem has been addressed for Boolean circuits known as `circuit privacy'. Circuits corresponding to real-world programs are impractical. Well-known obfuscation techniques are highly practicable, but provide only limited security, e.g., no piracy protection. In this work, we modify source code yielding programs with adjustable performance and security guarantees ranging from indistinguishability obfuscators to (non-secure) ordinary obfuscation. The idea is to artificially generate `misleading' statements. Their results are combined with the outcome of a confidential statement using encrypted \emph{selector variables}. Thus, an attacker must `guess' the encrypted selector variables to disguise the confidential source code. We evaluated our method using more than ten programmers as well as pattern mining across open source code repositories to gain insights of (micro-)coding patterns that are relevant for generating misleading statements. The evaluation reveals that our approach is effective in that it successfully preserves source code confidentiality.