Software-Hardware Binding for Protection of Sensitive Data in Embedded Software

TL;DR

This paper introduces a novel software protection method that combines hardware fingerprints with Boolean logic, making unauthorized copying difficult to bypass without complex analysis, and does not require extra hardware.

Contribution

It presents a new protection mechanism using hardware fingerprints and Boolean logic that enhances security without additional hardware, specifically applied to embedded systems.

Findings

Protection mechanism effectively binds data to hardware using PUFs.

Unauthorized copies run suboptimally, increasing security.

Method does not require extra hardware, only software updates.

Abstract

Embedded software used in industrial systems frequently relies on data that ensures the correct and efficient operation of these systems. Thus, companies invest considerable resources in fine-tuning this data, making it their valuable intellectual property (IP). We present a novel protection mechanism for this IP that combines hardware fingerprints with Boolean logic. Unlike usual copy-protection approaches, unauthorised copies of the software still run on cloned devices but suboptimally. According to our security evaluation, only a complex dynamic analysis of the protected software running on the genuine target device can reveal the secret data. This makes the protection offered by our method more difficult to bypass. Notably, our approach does not require additional hardware, relying only on relatively simple updates to the software. We evaluate our protection mechanism by binding the parameters of a PID controller to a microcontroller unit (MCU) by using a physically unclonable function (PUF) based on its SRAM.